| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
* Rename do_external_bind to external_bind
* Remove user_name argument in external_bind() and always set it
to effective user name
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Use LDAPClient.simple_bind instead of extra call to IPAdmin.do_simple_bind
* Rename binddn to bind_dn
* Rename bindpw to bind_password
* Explicitly specify bind_dn in all calls
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Testing whether it is possible to connect to directory server is already done
in RedHatDirectoryService.restart().
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Require 389-ds-base >= 1.3.5.14 for:
https://fedorahosted.org/389/ticket/48992
https://fedorahosted.org/freeipa/ticket/6369
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
With FreeIPA 4.4 we moved child domains behind the 'trustdomain' topic.
Update 'ipa trustdomain-del' command to properly calculate DN to the
actual child domain and handle the case when it is missing correctly.
Fixes https://fedorahosted.org/freeipa/ticket/6445
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Replica installation on DL1 would fail to create a httpd instance
due to missing '/etc/httpd/alias/cacert.asc'. Create this file
in the setup_ssl step to avoid the error.
https://fedorahosted.org/freeipa/ticket/6393
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is a change introduced in 4.4 that new services have canonical name. The old ones
didn't have it, therefore these services were not correctly displayed in WebUI.
This patch adds support for this type of services. Service name is taken from
'krbprincipalname' attribute in case that 'krbcanonicalname' attribute is not present
in server response.
https://fedorahosted.org/freeipa/ticket/6397
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
to enable debugging of such errors.
E.g.: https://fedorahosted.org/freeipa/ticket/5741
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
cert-show no longer shows validity dates without `--all', but this
is important information that should be shown by default. Make it
so.
Fixes: https://fedorahosted.org/freeipa/ticket/6419
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The Object Signing certificate created during server installation
was used only for signing the (recently removed) Firefox extension,
so there's no need to create that certificate any more.
Fixes: https://fedorahosted.org/freeipa/ticket/6399
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
httpd did not publish its certificate on DL1 which could
cause issues during client installation in a rare corner
case where there would be no way of getting the certificate
but from a HTTP instance.
https://fedorahosted.org/freeipa/ticket/6393
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Verify that command cert-find, cert-show and cert-request show CA even without
--all.
https://fedorahosted.org/freeipa/ticket/6410
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When master is without KRA installed, on domain level0 we cannot install
KRA replicas, thus this tests must be skipped on DL0
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Currently tests were not testing one-step installation of KRA together
with replica. Adding --setup-kra to replica installation instead of
calling ipa-kra-install after.
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
KRA should be tested with warious replication topologies as well, mainly
in domain level 0
https://fedorahosted.org/freeipa/ticket/6088
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
| |
This reverts commit d650c54fe4e327f95ffcb834418a5b6af59b212c. The proposed fix
is incorrect since the Configurable class has no knowledge about used debug
options. These are used only in upper layers when configuring loggers.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In tracker, 'self.attrs' variable is created and filled in track_create method.
Some objects are not created but still require access to this variable.
Created 'self.attrs' variable in init
https://fedorahosted.org/freeipa/ticket/6125
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
|
|
|
|
| |
- Make sure to pass down the debug flag to ipa-client-install when
the server install is run in debug mode
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
- Use the correct unicode string for an error message, otherwise an
exception will generate another exception about incorrect type,
masking the original error.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On pwpolicy module import, "klist -V" is run to determine if the installed
krb5 version supports account lockout (>= 1.8).
Remove the check, as we require a krb5 version which does support account
lockout (1.12).
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The configure script checks for libcurl, but it is never actually used
anywhere.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add import hook to makeapi and makeaci which makes them ignore import
errors in modules in our source tree and instead print a warning.
This makes it possible to build IPA without having to have most of our
runtime dependencies installed.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of importing ipalib to get IPA version string, create setup.py from
a template and have the version string automatically filled in.
This makes it possible to build the ipaserver package without having to
have ipalib dependencies installed.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Check for import errors with pylint to make sure new python package
dependencies are not overlooked.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Lint is never executed from rpmbuild, so the BuildRequires for lint are
purely informational.
Include them only if %with_lint RPM macro is specified.
Update .travis.yml accordingly.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing cyrus-sasl-devel, python-cffi, python-custodia,
python-dateutil, python-nose, python-paste, python-sss-murmur,
python-sssdconfig and systemd-python BuildRequires.
Remove unused custodia, java-headless, m4, policycoreutils,
python-kdcproxy, python-rhsm, pyOpenSSL and systemd-units BuildRequires.
Correct versioned BuildRequires and provide explanatory comments.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Apparently, the docs were not updated when ipapython/platform was moved
to ipaplatform module and internals have changed.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original approach with __path__ implemented
by 8f98fa1bd5f1da207fab6f89b75e0cdc19d00797 broke Pylint:
We decided to resort back to symlinks as it is easiest solution
which does not break pylint in weird ways.
This commit introduces configure --with-ipaplatform option.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is temporary workaround necessary until we throw away the hand-made
Makefile. ipaplatform is going to be managed by configure, but configure
right now depends on version-update target in Makefile.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is temporary workaround. makeapi/makeaci transitively import
ipaplatform, which will not exist before configure is executed.
On the other hand, configure requires version.m4,
which is generated by current Makefile.
This change works around this chicked-egg problem. It will disappear
when we start using top-level configure to generate top-level Makefile.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
It turns out that default error handling prints very useful messages
which are way better than hand-made error handling without any hints.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Explicit check for symbols is unncecessary because libini_config >= 1.2.0
contains all the symbols we need.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use package config instead of checking headers.
Package config is faster because it does not invoke compiler
and guarantees proper linking flags because these are provided
by package maintainer instead of hardcoded into build system.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
FreeIPA moved to Zanata a while ago. References to Transifex were just
leftovers.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Translations are need for client as well. This move is done to remove
dependency between client and install subdirectories.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
At the same time, I removed unnecessary checks for mkdir etc. and added
missing check for gzip.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This broke ONLY_CLIENT option in SPEC file. It will be fixed later on.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is autoconf way of doing things. It should allow us to enable
subdir-objects automake option and stay compatible with future versions
of automake.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Top-level Makefile is still not managed by Automake (e.g. hand-made).
This is preparatory work. Other configure.ac files will be gradually
merged into the top-level one. After that we will be able to throw-away
the hand-made top-level Makefile and use Automake for everything.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix include paths to prevent breakage when we move configure.ac from
daemons to the top-level.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously the value was sometimes lost. This was causing problems in
later stages of refactoring.
https://fedorahosted.org/freeipa/ticket/6418
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The file ipapython/ipa.conf is no longer used and not installed.
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
