summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Extend installers with --forward-policy optionPetr Spacek2016-04-285-1/+13
| | | | | | | | | This option specified forward policy for global forwarders. The value is put inside /etc/named.conf. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove function ipapython.ipautil.host_exists()Petr Spacek2016-04-281-4/+8
| | | | | | | The function duplicated ipalib.util.verify_host_resolvable() in slightly incompatible way because it used NSS while rest of IPA is using only DNS. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Moved password check from clean_dangling_ruvStanislav Laznicka2016-04-281-10/+2
| | | | | | | | The proper password check is now done elsewhere https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* abort-clean/list/clean-ruv now work for both suffixesStanislav Laznicka2016-04-282-29/+100
| | | | | | | | | | The rid passed to abort-clean-ruv and clean-ruv is now searched for in both ipaca and domain trees as well as list-ruv now displays both RUVs and CS-RUVs https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-replica-manage refactoringStanislav Laznicka2016-04-281-28/+38
| | | | | | | | | | | get_ruv does not call sys.exit anymore, instead it raises RuntimeError for better error handling Also removed duplicit code from abort_clean_ruv https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* replica-manage: fail nicely when DM psswd requiredStanislav Laznicka2016-04-281-1/+5
| | | | | | | | | Some commands do not allow anonymous bind and would fail with misleading message. https://fedorahosted.org/freeipa/ticket/4987 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added fix for notifying user about locked user account in WebUIAbhijeet Kasurde2016-04-282-1/+7
| | | | | | | | | | | | User in now notified about "Locked User account" message instead of "The password or username you entered is incorrect" or any generic error message Fixes : https://fedorahosted.org/freeipa/ticket/5076 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* Added warning to user for Internet ExplorerAbhijeet Kasurde2016-04-281-0/+1
| | | | | | | | | | | As Internet Explorer is not a supported browser anymore, browser Kerberos configuration page shows warning to user about the same. Fixes : https://fedorahosted.org/freeipa/ticket/5656 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Configure httpd service from installer instead of directly from RPMMartin Basti2016-04-222-0/+8
| | | | | | | | | | | | | | File httpd.service was created by RPM, what causes that httpd service may fail due IPA specific configuration even if IPA wasn't installed or was uninstalled (without erasing RPMs). With this patch httpd service is configured by httpd.d/ipa.conf during IPA installation and this config is removed by uninstaller, so no residual http configuration related to IPA should stay there. https://fedorahosted.org/freeipa/ticket/5681 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add 'skip overlap check' checkbox to the add dns forward zone dialogPavel Vomacka2016-04-221-0/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/5773 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add 'skip overlap check' checkbox into add zone dialogPavel Vomacka2016-04-222-0/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/5773 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Added description related to 'status' in ipactl man pageAbhijeet Kasurde2016-04-201-0/+3
| | | | | | | Fixes : https://fedorahosted.org/freeipa/ticket/5768 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Added fix for notifying user about Kerberos principal expiration in WebUIAbhijeet Kasurde2016-04-152-4/+16
| | | | | | | | | | | | - User is now notified about "Kerberos Principal expiration" message instead of "Wrong username or password" message. - User is also notified about "Invalid password" message instead of generic error message. https://fedorahosted.org/freeipa/ticket/5077 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add activate option to stage user details pagePavel Vomacka2016-04-152-1/+30
| | | | | | | | Add activate option to the action menu on stage user details page. https://fedorahosted.org/freeipa/ticket/5369 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add X-Frame-Options and frame-ancestors optionsPavel Vomacka2016-04-151-1/+3
| | | | | | | | | | These two options allow preventing clickjacking attacks. They don't allow open FreeIPA in frame, iframe or object element. https://fedorahosted.org/freeipa/ticket/4631 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* differentiate between limit types when LDAP search exceeds configured limitsMartin Babinsky2016-04-132-8/+4
| | | | | | | | | | | When LDAP search fails on exceeded limits, we should raise an specific exception for the type of limit raised (size, time, administrative) so that the consumer can distinguish between e.g. searches returning too many entries and those timing out. https://fedorahosted.org/freeipa/ticket/5677 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Look up HTTPD_USER's UID and GID during installation.David Kupka2016-03-231-2/+2
| | | | | | | | | Those values differ among distributions and there is no guarantee that they're reserved. It's better to look them up based on HTTPD_USER's name. https://fedorahosted.org/freeipa/ticket/5712 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix kdc.conf.template to use ipaplatform.paths.Timo Aaltonen2016-03-231-5/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com>
* Use ODS_USER/ODS_GROUP in opendnssec_conf.templateTimo Aaltonen2016-03-231-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com>
* ipaplatform: Move remaining user/group constants to ipaplatform.constants.Timo Aaltonen2016-03-231-1/+2
| | | | | | | | | Use ipaplatform.constants in every corner instead of importing other bits or calling some platform specific things, and remove most of the remaining hardcoded uid's. https://fedorahosted.org/freeipa/ticket/5343 Reviewed-By: David Kupka <dkupka@redhat.com>
* Resize topology graph canvas according to window sizePavel Vomacka2016-03-222-4/+57
| | | | | | | | | | The size of svg element is calculated when the topology graph facet is load and then every time when the window is resized. The resize event listener is removed after the topology graph facet emits hide event. https://fedorahosted.org/freeipa/ticket/5647 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* ipa-replica-manage: print traceback on unexpected error when in verbose modeMartin Babinsky2016-03-221-5/+13
| | | | | | | | Print the traceback to stdout to maintain backwards compatibility. https://fedorahosted.org/freeipa/ticket/5380 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Move user/group constants for PKI and DS into ipaplatformChristian Heimes2016-03-221-4/+4
| | | | | | | https://fedorahosted.org/freeipa/ticket/5619 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* Pylint: import max one module per lineMartin Basti2016-03-221-1/+2
| | | | | Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* Pylint: fix definition of global variablesMartin Basti2016-03-221-1/+0
| | | | | | | | | | Global variables should be defined in the outer space, not just marked as global inside functions. Removes unused global variables Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* pylint: remove bare exceptMartin Basti2016-03-222-6/+6
| | | | | | | Bare except should not be used. Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* DS deadlock when memberof scopes topology plugin updatesThierry Bordaz2016-03-181-0/+2
| | | | | | | | | | | | | | | | | Topology plugin may merge (aka DEL) segments that would trigger internal search for groups owning that segment. The problem is that it is searching those groups into the full suffix and so need the schema compat map lock. If any other operation holding schema compat map lock need to access the page involved in the DEL, there is a deadlock. This fix is to prevent useless group searching if the target entry is a segment or is in compat tree. https://fedorahosted.org/freeipa/ticket/5637 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add field for group id in user add dialogPavel Vomacka2016-03-102-2/+14
| | | | | | | | | | Add new field in user add dialog. This combo box lists all posix groups so user can choose one. It is also possible to fill a GID number which is not in the list. https://fedorahosted.org/freeipa/ticket/5505 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Nodes stay fixed after initial animation.Pavel Vomacka2016-03-101-0/+16
| | | | | | | | | | There is an animation of nodes layout after first load of graph or adding new node. Then all nodes of the graph are set to the fixed state. The node is set to fixed even after manual turn off of fixed state. https://fedorahosted.org/freeipa/ticket/5649 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add pan and zoom functionality to the topology graphPavel Vomacka2016-03-101-8/+109
| | | | | | | | | | Add zooming and panning functionality to the topology graph. Also the page rememberes the old setting of the graph position and size. So, after refreshing the graph has the same position and size as it had before. https://fedorahosted.org/freeipa/ticket/5502 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* krb5conf: use 'true' instead of 'yes' for forwardable optionMartin Basti2016-03-092-2/+2
| | | | | | | | | 'yes' is also valid value in krb5.conf but we should be consistent and use only 'true' as we do for other options. https://fedorahosted.org/freeipa/ticket/5518 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Allow to specify Kerberos authz data type per userSimo Sorce2016-03-091-1/+1
| | | | | | | | | | | | Like for services setting the ipaKrbAuthzData attribute on a user object will allow us to control exactly what authz data is allowed for that user. Setting NONE would allow no authz data, while setting MS-PAC would allow only Active Directory compatible data. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/2579 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Configure 389ds with "default" cipher suiteMartin Basti2016-03-091-3/+3
| | | | | | | | | nsSSLCiphers: "default" provides only secure ciphers that should be used when connecting to DS https://fedorahosted.org/freeipa/ticket/5684 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* CONFIGURE: Replace obsolete macrosLukas Slebodnik2016-03-081-1/+0
| | | | | | | | | The AC_PROG_LIBTOOL macro is obsoleted by since libtool-2.0 which is already in rhel6+ https://fedorahosted.org/FedoraReview/wiki/AutoTools Reviewed-By: Martin Basti <mbasti@redhat.com>
* webui: fail nicely if cookies are disabledPetr Vobornik2016-03-031-6/+20
| | | | | | | | | | | Reworks also sessionStorage test because disablement of cookies might be connected with sessionStorage and localStorage. E.g. Chrome raises exception when *Storage is accessed with "Block sites from setting any data" settings set in "Content Settings/Cookies" section. https://fedorahosted.org/freeipa/ticket/4338 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* pylint: supress false positive no-member errorsMartin Basti2016-03-021-2/+2
| | | | | | | | | pylint 1.5 prints many false positive no-member errors which are supressed by this commit. https://fedorahosted.org/freeipa/ticket/5615 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix URL for reporting bugs in stringsPetr Spacek2016-03-011-1/+2
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* slapi-nis: update configuration to allow external members of IPA groupsAlexander Bokovoy2016-03-012-0/+4
| | | | | | | | | | | | | | Currently in an environment with trust to AD the compat tree does not show AD users as members of IPA groups. The reason is that IPA groups are read directly from the IPA DS tree and external groups are not handled. slapi-nis project has added support for it in 0.55, make sure we update configuration for the group map if it exists and depend on 0.55 version. https://fedorahosted.org/freeipa/ticket/4403 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-adtrust-install: Allow dash in the NETBIOS nameTomas Babej2016-02-291-2/+4
| | | | Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Move freeipa certmonger helpers to libexecdir.Timo Aaltonen2016-02-261-1/+1
| | | | | | | | | | | The scripts in this directory are simple python scripts, nothing arch-specific in them. Having them under libexec would simplify the code a bit too, since there would be no need to worry about lib vs lib64 (which also cause trouble on Debian). https://fedorahosted.org/freeipa/ticket/5586 Reviewed-By: David Kupka <dkupka@redhat.com>
* fix permission: Read Replication AgreementsMartin Basti2016-02-254-1/+18
| | | | | | | | | | | | | | This permission cannot be MANAGED permission because it is located in nonreplicating part of the LDAP tree. As side effect, the particular ACI has not been created on all replicas. This commit makes Read Replication Agreements non managed permission and also fix missing ACI on replicas. https://fedorahosted.org/freeipa/ticket/5631 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* upgrade: fix config of sidgen and extdom pluginsMartin Basti2016-02-231-0/+2
| | | | | | | | | | | | | | | During upgrade to IPA 4.2, literally "$SUFFIX" value was added to configuration of sidgen and extdom plugins. This cause that SID are not properly configured. Upgrade must fix "$SUFFIX" to reals suffix DN, and run sidgen task against IPA domain (if exists). All trusts added when plugins configuration was broken must be re-added. https://fedorahosted.org/freeipa/ticket/5665 Reviewed-By: Tomas Babej <tbabej@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* webui: fixed showing of success message after password change on loginPetr Vobornik2016-02-231-1/+1
| | | | | | | | | | similar issue and cause as in https://fedorahosted.org/freeipa/ticket/5567 root cause is that binding triggers validation which clears messages in validation summary. Maybe it could be refactored in a future to not use the same validation summary field for API calls and fields. Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* webui: use API call ca_is_enabled instead of enable_ra env variable.Petr Vobornik2016-02-233-1/+15
| | | | | | | | To be consistent with backend code. https://fedorahosted.org/freeipa/ticket/5622 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
* replica promotion: fix AVC denials in remote connection checkJan Cholasta2016-02-111-1/+1
| | | | | | | | Also move com.redhat.idm.trust-fetch-domains to /usr/libexec/ipa/oddjob. https://fedorahosted.org/freeipa/ticket/5550 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Add validation to Issue new certificate dialogPavel Vomacka2016-02-022-20/+45
| | | | | | | | | 'Issue new certificate' dialog now validates whether user fills 'principal' and 'csr' field. In case that one of these fields is empty then it does not allow to submit the dialog. https://fedorahosted.org/freeipa/ticket/5432 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Automatically detect and remove dangling RUVsStanislav Laznicka2016-02-022-0/+163
| | | | | | https://fedorahosted.org/freeipa/ticket/5411 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Listing and cleaning RUV extended for CA suffixStanislav Laznicka2016-02-021-15/+29
| | | | | | https://fedorahosted.org/freeipa/ticket/5411 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Convert ipa-sam to use the new getkeytab controlSimo Sorce2016-02-011-0/+1
| | | | | | | Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/5495 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* fix standalone installation of externally signed CA on IPA masterMartin Babinsky2016-01-281-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5636 Reviewed-By: Martin Basti <mbasti@redhat.com>
generated by cgit (git 2.34.1) at 2024-10-01 07:23:24 +0000