summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Track DS certificate with certmonger on replicas.Jan Cholasta2013-10-291-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3975
* Remove mod_ssl conflictMartin Kosek2013-10-253-0/+9
| | | | | | | | | | | Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking of either mod_nss or mod_ssl was configured to listen on that port. https://fedorahosted.org/freeipa/ticket/3974
* Do not add kadmin/changepw ACIs on new installsMartin Kosek2013-10-252-2/+0
| | | | | | | | | | | | These ACI were needed when FreeIPA had a custom ipa_kpasswd daemon, now that a standard kadmin is used, ACIs are not needed anymore as kadmin uses the same driver as the KDC. The ACIs is not removed on upgrades to avoid breaking older replicas which may still use FreeIPA version with the ipa_kpasswd daemon. https://fedorahosted.org/freeipa/ticket/3987
* Add ipa-advise plugins for nss-pam-ldapd legacy clientsAna Krivokapic2013-10-185-3/+52
| | | | | | | | | | | Add three new ipa-advise plugins, to facilitate configuration of legacy clients using nss-pam-ldapd: * config-redhat-nss-pam-ldapd * config-generic-linux-nss-pam-ldapd * config-freebsd-nss-pam-ldapd https://fedorahosted.org/freeipa/ticket/3672
* Registries and Build GuidePetr Vobornik2013-10-162-0/+310
|
* Navigation GuidePetr Vobornik2013-10-162-0/+276
|
* Plugin Infrastructure GuidePetr Vobornik2013-10-162-0/+79
|
* Debugging Web UI guidePetr Vobornik2013-10-162-0/+85
|
* Phases GuidePetr Vobornik2013-10-163-0/+131
|
* Configuration for JSDuck documentation generatorPetr Vobornik2013-10-165-0/+252
| | | | | | | | | | Installation: https://github.com/senchalabs/jsduck/wiki/Installation Basically it requires ruby and jsduck gem. Usage: $ cd install/ui/doc $ make Documentation will be generated into: install/ui/build/code_doc directory
* Web UI source code annotationPetr Vobornik2013-10-1643-479/+5571
| | | | Part of ongoing Web UI documentation effort. Source code is annotated in a way that it can be processed by documentation generator.
* Removal of unused codePetr Vobornik2013-10-161-14/+0
|
* Load updated Web UI files after server upgradePetr Vobornik2013-10-1612-103/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
* adtrustinstance: Properly handle uninstall of AD trust instanceTomas Babej2013-10-142-2/+5
| | | | | | | | | | | | | | | | | | The uninstall method of the AD trust instance was not called upon at all in the ipa-server-install --uninstall phase. This patch makes sure that AD trust instance is unconfigured when the server is uninstalled. The following steps are undertaken: * Remove /var/run/samba/krb5cc_samba * Remove our keys from /etc/samba/samba.keytab using ipa-rmkeytab * Remove /var/lib/samba/*.tdb files Additionally, we make sure winbind service is stopped from within the stop() method. Part of: https://fedorahosted.org/freeipa/ticket/3479
* ipa-adtrust-install: Add warning that we will break existing samba configurationTomas Babej2013-10-141-3/+15
| | | | | | | | In case /etc/samba/smb.conf exists and it was not created by ipa-adtrust-install, print a warning that we will break existing samba configuration and ask for a confirmation in the interactive mode. Part of: https://fedorahosted.org/freeipa/ticket/3479
* ipa-upgradeconfig: Remove backed up smb.confTomas Babej2013-10-141-0/+14
| | | | | | | | | | | Since we are not able to properly restore the Samba server to the working state after running ipa-adtrust-install, we should not keep the smb.conf in the fstore. This patch makes sure that any backed up smb.conf is removed from the backup and that this file is not backed up anymore. Part of: https://fedorahosted.org/freeipa/ticket/3479
* Winsync re-initialize should not run memberOf fixup taskMartin Kosek2013-10-111-5/+6
| | | | | | | Change re-initialize command to consider memberOf fixup task only for non-winsync replication agreements. https://fedorahosted.org/freeipa/ticket/3854
* Remove --no-serial-autoincrementMartin Kosek2013-10-115-16/+2
| | | | | | | | Deprecate this option and do not offer it in installation tools. Without this option enabled, advanced DNS features like DNSSEC would not work. https://fedorahosted.org/freeipa/ticket/3962
* Do not allow '%' in DM passwordMartin Kosek2013-10-041-1/+1
| | | | | | | Having '%' in DM password causes pkispawn to crash. Do not allow users to enter it until pkispawn is fixed. https://bugzilla.redhat.com/show_bug.cgi?id=953488
* Update translations from TransifexPetr Viktorin2013-10-0417-516/+2596
|
* Remove faulty DNS memberOf TaskMartin Kosek2013-10-041-9/+2
| | | | | | | | | | | This task was added with a DN colliding with privilege update memberOf task being run later and caused this task to be ineffective and thus miss some privilege membership, like "SELinux User Map Administrators" DNS update plugin do not need to run any task at all as privileges will be updated later in scope of 55-pbacmemberof.update https://fedorahosted.org/freeipa/ticket/3877
* Allow PKCS#12 files with empty password in install tools.Jan Cholasta2013-10-041-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/3897
* Read passwords from stdin when importing PKCS#12 files with pk12util.Jan Cholasta2013-10-042-18/+25
| | | | | | | This works around pk12util refusing to use empty password files, which prevents the use of PKCS#12 files with empty password. https://fedorahosted.org/freeipa/ticket/3897
* Warn user about realm-domain mismatch in install scriptsTomas Babej2013-10-034-1/+31
| | | | | | | | | | | | | | If the IPA server is setup with non-matching domain and realm names, it will not be able to estabilish trust with the Active Directory. Adds warnings to the ipa-server-install and warning to the ipa-adtrust-install (which has to be confirmed). Man pages for the ipa-server-install and ipa-adtrust-install were updated with the relevant notes. https://fedorahosted.org/freeipa/ticket/3924
* Fix enablement of automount map type selectorPetr Vobornik2013-10-031-1/+1
| | | | | | Map type radio used old way of defining that its value should not be used in add command. Recent patch related to 'enable' attribute hardened/fixed the behavior of radio widgets so they are disabled in UI as well when enabled==false. Automount did not reflect this change. https://fedorahosted.org/freeipa/ticket/3954
* Allow edit of ipakrbokasdelegate in Web UI when attrlevelrights are unknownPetr Vobornik2013-09-261-1/+2
| | | | | | | | Old host entries are missing object class with krbticketflags attribute. Therefore UI does not receive attrlevelrights for it. This OC is added when ipakrbokasdelegate is set. This patch adds the usual hack for such cases. https://fedorahosted.org/freeipa/ticket/3940
* ipa-sam: do not modify objectclass when trust object already createdAlexander Bokovoy2013-09-201-0/+1
| | | | | | | | | | | When trust is established, last step done by IPA framework is to set encryption types associated with the trust. This operation fails due to ipa-sam attempting to modify object classes in trust object entry which is not allowed by ACI. Additionally, wrong handle was used by dcerpc.py code when executing SetInformationTrustedDomain() against IPA smbd which prevented even to reach the point where ipa-sam would be asked to modify the trust object.
* Fix redirection on deletion of last dns record entryPetr Vobornik2013-09-161-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3907
* Fix nsslapdPlugin object class after initial replication.Jan Cholasta2013-09-102-0/+8
| | | | | | This is a workaround for <https://fedorahosted.org/389/ticket/47490>. https://fedorahosted.org/freeipa/ticket/3915
* Do not crash if DS is down during server uninstallAna Krivokapic2013-09-091-23/+41
| | | | | | | | DS is contacted during server uninstallation, in order to obtain information about replication agreements. If DS is unavailable, warn and continue with uninstallation. https://fedorahosted.org/freeipa/ticket/3867
* Add timestamps to named debug logs in /var/named/data/named.runPetr Spacek2013-09-061-0/+1
|
* Fix RUV search scope in ipa-replica-managePetr Vobornik2013-09-041-1/+1
| | | | | | | | The search had an incorrect scope and therefore it didn't find any RUV. This issue prevented removing of replica. https://fedorahosted.org/freeipa/ticket/3876
* Add warning when uninstalling active replicaAna Krivokapic2013-09-041-5/+31
| | | | | | | Add a warning when trying to uninstall a replica that has active replication agreements. https://fedorahosted.org/freeipa/ticket/3867
* Create DS user and group during ipa-restoreAna Krivokapic2013-09-022-27/+6
| | | | | | | ipa-restore would fail if DS user did not exist. Check for presence of DS user and group and create them if needed. https://fedorahosted.org/freeipa/ticket/3856
* Update idrange search facet after trust creationPetr Vobornik2013-08-281-0/+10
| | | | | | Adding a trust creates a range -> range search facet should be marked as expired. https://fedorahosted.org/freeipa/ticket/3874
* Add --dirman-password option to ipa-server-certinstall.Jan Cholasta2013-08-281-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3869
* Make CS.cfg edits with CA instance stoppedTomas Babej2013-08-264-3/+6
| | | | | | | | | | | This patch makes sure that all edits to CS.cfg configuration file are performed while pki-tomcatd service is stopped. Introduces a new contextmanager stopped_service for handling a general problem of performing a task that needs certain service being stopped. https://fedorahosted.org/freeipa/ticket/3804
* Show human-readable error name in error dialog titlePetr Vobornik2013-08-261-1/+2
| | | | | | Fixes RPC server's JSON encoding of exception's name. It allows to show the name in Web UI's error dialog title.
* Hide 'New Certificate' action on CA-less installPetr Vobornik2013-08-221-0/+1
| | | | | | This action calls cert-request command which is not available on CA-less installs. Thus this action won't be enabled and therefore there is no reason to keep it visible. https://fedorahosted.org/freeipa/ticket/3363
* Add base-id, range-size and range-type options to trust-add dialogPetr Vobornik2013-08-222-0/+48
| | | | https://fedorahosted.org/freeipa/ticket/3049
* Fix broken replica installationAna Krivokapic2013-08-201-4/+10
| | | | | | | Make sure the subject base parameter is correctly passed and used during the creation of the DS instance on a replica. https://fedorahosted.org/freeipa/ticket/3868
* Add --pin option to ipa-server-certinstall.Jan Cholasta2013-08-201-5/+2
| | | | | | Hide the unnecessary --dirsrv_pin and --http_pin options. https://fedorahosted.org/freeipa/ticket/3869
* Port ipa-server-certinstall to the admintool framework.Jan Cholasta2013-08-201-141/+4
| | | | | | | Change the log file path from /var/log/ipa/default.log to admintool's default path. https://fedorahosted.org/freeipa/ticket/3641
* Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.Jan Cholasta2013-08-201-34/+18
| | | | | | | In particular, PKCS#12 validation and server certificate selection is now done the same way as in ipa-server-install and ipa-replica-prepare. https://fedorahosted.org/freeipa/ticket/3641
* Bypass ipa-replica-conncheck ssh tests when ssh is not installedNathaniel McCallum2013-08-151-29/+31
| | | | https://fedorahosted.org/freeipa/ticket/3777
* Removal of deprecated selenium testsPetr Vobornik2013-08-15134-23441/+0
| | | | | | Tests were deprecated by new FreeIPA 3.3 Web UI integration tests (ticket #3744). https://fedorahosted.org/freeipa/ticket/3857
* Remove systemd upgrader as it is not used anymoreAlexander Bokovoy2013-08-151-1/+0
|
* Fix selected minor issues in the spec file and licenseMartin Kosek2013-08-132-4/+4
| | | | | | | | | | | | This patch fixes: - too long description for server-trust-ad subpackage - adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid overwriting potential user changes - changes permissions on default_encoding_utf8.so to prevent it pollute python subpackage Provides. - wrong address in GPL v2 license preamble in 2 distributed files https://fedorahosted.org/freeipa/ticket/3855
* Prevent *.pyo and *.pyc multilib problemsMartin Kosek2013-08-131-0/+1
| | | | | | | | | | | | | Differences in the python byte code fails in a build validation (rpmdiff) done on difference architecture of the same package. This patch: 1) Ensures that timestamps of generated *.pyo and *.pyc files match 2) Python integer literals greater or equal 2^32 and lower than 2^64 are converted to long right away to prevent different type of the integer on architectures with different size of int https://fedorahosted.org/freeipa/ticket/3858
* Fix handling of CSS files in sync.sh scriptAna Krivokapic2013-08-131-2/+2
|
generated by cgit (git 2.34.1) at 2024-10-04 06:25:56 +0000