summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
...
* webui: hide (un)apply buttons for Default Trust ViewPetr Vobornik2014-10-201-1/+12
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: hide applied to hosts tab for Default Trust ViewPetr Vobornik2014-10-202-2/+29
| | | | | | | | because applying Default Trust view on hosts is not allowed https://fedorahosted.org/freeipa/ticket/4615 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: change order of idview's facet groupsPetr Vobornik2014-10-201-4/+4
| | | | | | Applied to hosts facet should not be default because, e.g., for Default Trust View it shouldn't be even visible(o use). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: make Evented a part of base IPA.objectPetr Vobornik2014-10-207-22/+15
| | | | | | | 1. All framework objects to use event interface 2. Framework objects can be part of specification objects but they are not deep-cloned as the rest of specification objects - usually it would cause infinite loop. This make easier to add context as a $pre-op object without a need for $pre-op function. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow --force in dnszone-mod and dnsrecord-addPetr Vobornik2014-10-202-5/+68
| | | | | | | | | | Allow to use --force when changing authoritative nameserver address in DNS zone. Same for dnsrecord-add for NS record. https://fedorahosted.org/freeipa/ticket/4573 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Configure IPA OTP Last Token plugin on upgradeNathaniel McCallum2014-10-201-0/+15
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: management of keytab permissionsPetr Vobornik2014-10-204-3/+185
| | | | | | https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Create ipa-otp-counter 389DS pluginNathaniel McCallum2014-10-201-0/+15
| | | | | | | | | | | | | | | This plugin ensures that all counter/watermark operations are atomic and never decrement. Also, deletion is not permitted. Because this plugin also ensures internal operations behave properly, this also gives ipa-pwd-extop the appropriate behavior for OTP authentication. https://fedorahosted.org/freeipa/ticket/4493 https://fedorahosted.org/freeipa/ticket/4494 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Display token type when viewing tokenNathaniel McCallum2014-10-201-0/+1
| | | | | | | | | When viewing a token from the CLI or UI, the type of the token should be displayed. https://fedorahosted.org/freeipa/ticket/4563 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add new iduseroverride fieldsPetr Vobornik2014-10-171-1/+12
| | | | | | | | - add gecos, gidnumber, loginshell, sshkeys fields https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add link to OTP token appPetr Vobornik2014-10-172-1/+10
| | | | | | | | | - display info message which points user to FreeOTP project page - the link or the text can be easily changed by a plugin if needed https://fedorahosted.org/freeipa/ticket/4469 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-174-15/+27
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not fix trust flags in the DS NSS DB in ipa-upgradeconfigJan Cholasta2014-10-171-6/+5
| | | | | | | | | It is necessary to fix trust flags only in the HTTP NSS DB, as it is used as a source in the upload_cacrt update plugin. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfigJan Cholasta2014-10-171-1/+5
| | | | | | | | This fixes upgrade from CA-less to CA-full after IPA upgrade. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove changetype attribute from update pluginMartin Kosek2014-10-171-1/+0
| | | | The attribute addition had no effect, but it should not be there.
* Remove token ID from self-service UINathaniel McCallum2014-10-161-6/+2
| | | | | | Also, fix labels to properly use i18n strings for token types. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-ca-installJan Cholasta2014-10-162-2/+12
| | | | | | | | | The --ca-signing-algorithm option is available in ipa-server-install, make it available in ipa-ca-install as well. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix printing of reverse zones in ipa-dns-install.David Kupka2014-10-161-2/+2
| | | | | | | This was forgotten in patch for ticket https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Stop dogtag when updating its configuration in ipa-upgradeconfig.David Kupka2014-10-151-23/+27
| | | | | | | | | Modifying CS.cfg when dogtag is running may (and does) result in corrupting this file. https://fedorahosted.org/freeipa/ticket/4569 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-141-4/+4
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-142-0/+126
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ignore irrelevant subtrees in schema compat pluginLudwig Krispenz2014-10-141-0/+14
| | | | | | | | | | For changes in cn=changelog or o=ipaca the scheam comapat plugin doesn't need to be executed. It saves many internal searches and reduces contribution to lock contention across backens in DS. https://fedorahosted.org/freeipa/ticket/4586 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-134-2/+27
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check that port 8443 is available when installing PKI.David Kupka2014-10-103-0/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4564 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix certmonger configuration in installer codeJan Cholasta2014-10-102-4/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4619 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix ipactl service orderingMartin Basti2014-10-091-1/+5
| | | | | | | | | Ipactl sorted service start order as string, which causes service with start order 100 starts before service with start order 30. Patch fixes ipactl to use integers for ordering. Reviewed-By: David Kupka <dkupka@redhat.com>
* webui: add link from host to idviewPetr Vobornik2014-09-304-1/+39
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: list only not-applied hosts in "apply to host" dialogPetr Vobornik2014-09-301-2/+22
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: facet group labels for idview's facetsPetr Vobornik2014-09-302-1/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: new ID views sectionPetr Vobornik2014-09-309-5/+743
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add simple link column supportPetr Vobornik2014-09-302-1/+9
| | | | | | | | Usual link columns are link with primary key of current entity. This patch allows to create a link to arbitrary non-nested entity. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow to skip link widget link validationPetr Vobornik2014-09-301-3/+16
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: do not show internal facet name to userPetr Vobornik2014-09-301-1/+0
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: treat value as pkey in link widgetPetr Vobornik2014-09-301-3/+5
| | | | | | | | | | Current default mechanism of a link widget assumes that pkeys of a current facet are pkeys for the link. It works for the only usage - in password policy. It's rather inflexible since it can't be used if the keys are in other attribute. This behavior is also bad in nested entities - creates a link to itself which is pointless. This patch changes the default behavior to assume that the supplied value are the pkeys and that the last pkey is the value to display. It also keeps the old method of overriding `other_pkeys` method so if the last and only pkey is the actual value to display then the method can tranform it into the pkeys which keeps compatibility with descendant widgets (`host_dnsrecord_entity_link_widget`, `dnsrecord_host_link_widget`). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improve breadcrumb navigationPetr Vobornik2014-09-301-15/+29
| | | | | | | | | | | | | Fixes issue when: - user navigates to a nested facet - refreshes browser - uses breadcrumb navigation to go to parent entity page which requires a pkey. E.g. from automount keys to maps. The old code relies on the facet, that user visited the parent facet before and therefore the facet has pkey stored. It fails after the browser reload. Allows to specify a containing_facet. It allows breadcrumb navigation to return to a different facet than the 'default'. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: Add Default Trust View as part of adtrustinstallTomas Babej2014-09-302-0/+7
| | | | | | | | | | Add a Default Trust View, which is used by SSSD as default mapping for AD users. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Update the referential plugin config to watch for ipaAssignedIDViewTomas Babej2014-09-302-0/+8
| | | | | | | | | | | We need the referential plugin config to watch for changes in the ID view objects, since hosts refer to them in ipaAssignedIDView attribute. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaOriginalUidTomas Babej2014-09-301-1/+2
| | | | | | | | | | | For slapi-nis plugin, we need to cache the original uid value of the user in the override object. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Create container for ID views under cn=accountsTomas Babej2014-09-302-0/+5
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add necessary schema for the ID viewsTomas Babej2014-09-303-1/+10
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix ImportError in ipa-ca-installMartin Kosek2014-09-301-1/+1
| | | | | | | Patch 3aa0731f was not merged correctly and import for a function that no longer exists. This patch fixes the import. https://fedorahosted.org/freeipa/ticket/4480
* Allow choosing CA-less server certificates by nameJan Cholasta2014-09-304-3/+33
| | | | | | | | | | | Added new --*-cert-name options to ipa-server-install and ipa-replica-prepare and --cert-name option to ipa-server-certinstall. The options allows choosing a particular certificate and private key from PKCS#12 files by its friendly name. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CA-less installer options usability fixesJan Cholasta2014-09-304-90/+133
| | | | | | | | | | | | | | | | | | | The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have been replaced by --*-cert-file options which accept multiple files. ipa-server-certinstall now accepts multiple files as well. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. The --root-ca-file option of ipa-server-install has been replaced by --ca-cert-file option which accepts multiple files. The files are accepted in PEM and DER certificate and PKCS#7 certificate chain formats. The --*_pin options of ipa-server-install and ipa-replica-prepare have been renamed to --*-pin. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* External CA installer options usability fixesJan Cholasta2014-09-305-73/+53
| | | | | | | | | | | The --external_cert_file and --external_ca_file options of ipa-server-install and ipa-ca-install have been replaced by --external-cert-file option which accepts multiple files. The files are accepted in PEM and DER certificate and PKCS#7 certificate chain formats. https://fedorahosted.org/freeipa/ticket/4480 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: do not offer ipa-ad-winsync and ipa-ipa-trust range typesPetr Vobornik2014-09-291-8/+0
| | | | | | They are not supported by API. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-server-install.Jan Cholasta2014-09-292-3/+13
| | | | | | | | | This is especially useful for external CA install, as the algorithm is also used for the CSR signature. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Detect and configure all usable IP addresses.David Kupka2014-09-263-119/+67
| | | | | | | | | | | Find, verify and configure all IP addresses that can be used to reach the server FreeIPA is being installed on. Ignore some IP address only if user specifies subset of detected addresses using --ip-address option. This change simplyfies FreeIPA installation on multihomed and dual-stacked servers. https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Refactoring of autobind, object_existsMartin Basti2014-09-261-2/+2
| | | | | | | | | Required to prevent code duplications ipaldap.IPAdmin now has method do_bind, which tries several bind methods ipaldap.IPAClient now has method object_exists(dn) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* WebUI: DNS: Remove ip-address, admin-email optionsMartin Basti2014-09-251-89/+4
| | | | | | Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add correct NS records during installationMartin Basti2014-09-251-0/+1
| | | | | | | | | | | All ipa-dns capable server is added to root zones as nameserver During uninstall all NS records pointing to particular replica are removed. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 10:40:46 +0000