summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
...
* webui: add new iduseroverride fieldsPetr Vobornik2014-10-171-1/+12
| | | | | | | | - add gecos, gidnumber, loginshell, sshkeys fields https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add link to OTP token appPetr Vobornik2014-10-172-1/+10
| | | | | | | | | - display info message which points user to FreeOTP project page - the link or the text can be easily changed by a plugin if needed https://fedorahosted.org/freeipa/ticket/4469 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-174-15/+27
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not fix trust flags in the DS NSS DB in ipa-upgradeconfigJan Cholasta2014-10-171-6/+5
| | | | | | | | | It is necessary to fix trust flags only in the HTTP NSS DB, as it is used as a source in the upload_cacrt update plugin. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfigJan Cholasta2014-10-171-1/+5
| | | | | | | | This fixes upgrade from CA-less to CA-full after IPA upgrade. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove changetype attribute from update pluginMartin Kosek2014-10-171-1/+0
| | | | The attribute addition had no effect, but it should not be there.
* Remove token ID from self-service UINathaniel McCallum2014-10-161-6/+2
| | | | | | Also, fix labels to properly use i18n strings for token types. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-ca-installJan Cholasta2014-10-162-2/+12
| | | | | | | | | The --ca-signing-algorithm option is available in ipa-server-install, make it available in ipa-ca-install as well. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix printing of reverse zones in ipa-dns-install.David Kupka2014-10-161-2/+2
| | | | | | | This was forgotten in patch for ticket https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Stop dogtag when updating its configuration in ipa-upgradeconfig.David Kupka2014-10-151-23/+27
| | | | | | | | | Modifying CS.cfg when dogtag is running may (and does) result in corrupting this file. https://fedorahosted.org/freeipa/ticket/4569 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-141-4/+4
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-142-0/+126
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ignore irrelevant subtrees in schema compat pluginLudwig Krispenz2014-10-141-0/+14
| | | | | | | | | | For changes in cn=changelog or o=ipaca the scheam comapat plugin doesn't need to be executed. It saves many internal searches and reduces contribution to lock contention across backens in DS. https://fedorahosted.org/freeipa/ticket/4586 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-134-2/+27
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check that port 8443 is available when installing PKI.David Kupka2014-10-103-0/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4564 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix certmonger configuration in installer codeJan Cholasta2014-10-102-4/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4619 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix ipactl service orderingMartin Basti2014-10-091-1/+5
| | | | | | | | | Ipactl sorted service start order as string, which causes service with start order 100 starts before service with start order 30. Patch fixes ipactl to use integers for ordering. Reviewed-By: David Kupka <dkupka@redhat.com>
* webui: add link from host to idviewPetr Vobornik2014-09-304-1/+39
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: list only not-applied hosts in "apply to host" dialogPetr Vobornik2014-09-301-2/+22
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: facet group labels for idview's facetsPetr Vobornik2014-09-302-1/+13
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: new ID views sectionPetr Vobornik2014-09-309-5/+743
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add simple link column supportPetr Vobornik2014-09-302-1/+9
| | | | | | | | Usual link columns are link with primary key of current entity. This patch allows to create a link to arbitrary non-nested entity. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow to skip link widget link validationPetr Vobornik2014-09-301-3/+16
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: do not show internal facet name to userPetr Vobornik2014-09-301-1/+0
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: treat value as pkey in link widgetPetr Vobornik2014-09-301-3/+5
| | | | | | | | | | Current default mechanism of a link widget assumes that pkeys of a current facet are pkeys for the link. It works for the only usage - in password policy. It's rather inflexible since it can't be used if the keys are in other attribute. This behavior is also bad in nested entities - creates a link to itself which is pointless. This patch changes the default behavior to assume that the supplied value are the pkeys and that the last pkey is the value to display. It also keeps the old method of overriding `other_pkeys` method so if the last and only pkey is the actual value to display then the method can tranform it into the pkeys which keeps compatibility with descendant widgets (`host_dnsrecord_entity_link_widget`, `dnsrecord_host_link_widget`). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improve breadcrumb navigationPetr Vobornik2014-09-301-15/+29
| | | | | | | | | | | | | Fixes issue when: - user navigates to a nested facet - refreshes browser - uses breadcrumb navigation to go to parent entity page which requires a pkey. E.g. from automount keys to maps. The old code relies on the facet, that user visited the parent facet before and therefore the facet has pkey stored. It fails after the browser reload. Allows to specify a containing_facet. It allows breadcrumb navigation to return to a different facet than the 'default'. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: Add Default Trust View as part of adtrustinstallTomas Babej2014-09-302-0/+7
| | | | | | | | | | Add a Default Trust View, which is used by SSSD as default mapping for AD users. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Update the referential plugin config to watch for ipaAssignedIDViewTomas Babej2014-09-302-0/+8
| | | | | | | | | | | We need the referential plugin config to watch for changes in the ID view objects, since hosts refer to them in ipaAssignedIDView attribute. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaOriginalUidTomas Babej2014-09-301-1/+2
| | | | | | | | | | | For slapi-nis plugin, we need to cache the original uid value of the user in the override object. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Create container for ID views under cn=accountsTomas Babej2014-09-302-0/+5
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add necessary schema for the ID viewsTomas Babej2014-09-303-1/+10
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix ImportError in ipa-ca-installMartin Kosek2014-09-301-1/+1
| | | | | | | Patch 3aa0731f was not merged correctly and import for a function that no longer exists. This patch fixes the import. https://fedorahosted.org/freeipa/ticket/4480
* Allow choosing CA-less server certificates by nameJan Cholasta2014-09-304-3/+33
| | | | | | | | | | | Added new --*-cert-name options to ipa-server-install and ipa-replica-prepare and --cert-name option to ipa-server-certinstall. The options allows choosing a particular certificate and private key from PKCS#12 files by its friendly name. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* CA-less installer options usability fixesJan Cholasta2014-09-304-90/+133
| | | | | | | | | | | | | | | | | | | The --*_pkcs12 options of ipa-server-install and ipa-replica-prepare have been replaced by --*-cert-file options which accept multiple files. ipa-server-certinstall now accepts multiple files as well. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. The --root-ca-file option of ipa-server-install has been replaced by --ca-cert-file option which accepts multiple files. The files are accepted in PEM and DER certificate and PKCS#7 certificate chain formats. The --*_pin options of ipa-server-install and ipa-replica-prepare have been renamed to --*-pin. https://fedorahosted.org/freeipa/ticket/4489 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* External CA installer options usability fixesJan Cholasta2014-09-305-73/+53
| | | | | | | | | | | The --external_cert_file and --external_ca_file options of ipa-server-install and ipa-ca-install have been replaced by --external-cert-file option which accepts multiple files. The files are accepted in PEM and DER certificate and PKCS#7 certificate chain formats. https://fedorahosted.org/freeipa/ticket/4480 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: do not offer ipa-ad-winsync and ipa-ipa-trust range typesPetr Vobornik2014-09-291-8/+0
| | | | | | They are not supported by API. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-server-install.Jan Cholasta2014-09-292-3/+13
| | | | | | | | | This is especially useful for external CA install, as the algorithm is also used for the CSR signature. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Detect and configure all usable IP addresses.David Kupka2014-09-263-119/+67
| | | | | | | | | | | Find, verify and configure all IP addresses that can be used to reach the server FreeIPA is being installed on. Ignore some IP address only if user specifies subset of detected addresses using --ip-address option. This change simplyfies FreeIPA installation on multihomed and dual-stacked servers. https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Refactoring of autobind, object_existsMartin Basti2014-09-261-2/+2
| | | | | | | | | Required to prevent code duplications ipaldap.IPAdmin now has method do_bind, which tries several bind methods ipaldap.IPAClient now has method object_exists(dn) Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* WebUI: DNS: Remove ip-address, admin-email optionsMartin Basti2014-09-251-89/+4
| | | | | | Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add correct NS records during installationMartin Basti2014-09-251-0/+1
| | | | | | | | | | | All ipa-dns capable server is added to root zones as nameserver During uninstall all NS records pointing to particular replica are removed. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* WebUI: DNS: remove --class optionMartin Basti2014-09-251-7/+0
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3414 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* webui: fix regression in association facet preopPetr Vobornik2014-09-251-1/+1
| | | | | | | Association facet specs use 'add_method' instead of 'add command' origin: https://fedorahosted.org/freeipa/ticket/4507 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Set the default attributes for RootDSETomas Babej2014-09-242-0/+10
| | | | | | | | | | | With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr attribute to enumerate the list of attributes that should be returned even if not specified explicitly. Use the behaviour to get the same attributes returned from searches on rootDSE as in 1.3.1. https://fedorahosted.org/freeipa/ticket/4288 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaserver.install: Consolidate system user creationPetr Viktorin2014-09-232-6/+6
| | | | | | | | | | | | | | Sytem users and their groups are always created together. Also, users & groups should never be removed once they exist on the system (see comit a5a55ce). Use a single function for generic user creation, and specific funtions in dsinstance and cainstance. Remove code left over from when we used to delete the DS user. Preparation for: https://fedorahosted.org/freeipa/ticket/3866 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Re-enable uninstall feature for ipa-kra-installAde Lee2014-09-151-1/+1
| | | | | | | | | | | | | The underlying Dogtag issue (Dogtag ticket 1113) has been fixed. We can therefore re-enable the uninstall option for ipa-kra-install. Also, fixes an incorrect path in the ipa-pki-proxy.conf, and adds a debug statement to provide status to the user when an uninstall is done. Also, re-added the no_host_dns option which is used when unpacking a replica file. Part of the work for: https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Update referential integrity config for DS 1.3.3Petr Viktorin2014-09-122-43/+24
| | | | | | | | | | | | | | | | | | | | | | | Hisorically DS provided defaults for the referential integrity plugin in nsslapd-pluginArg*: nsslapd-pluginarg3: member nsslapd-pluginarg4: uniquemember nsslapd-pluginarg5: owner nsslapd-pluginarg6: seeAlso In 389-ds 1.3.3, the multi-valued referint-membership-attr is used instead. The old way still works, but it requires that the values are numbered consecutively, so IPA's defaults that started with 7 were not taken into account. Convert IPA defaults to use referint-membership-attr. https://fedorahosted.org/freeipa/ticket/4537 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update SSL ciphers configured in 389-ds-baseLudwig Krispenz2014-09-122-0/+7
| | | | | | | | | | use configuration parameters to enable ciphers provided by NSS and not considered weak. This requires 389-ds version 1.3.3.2 or later https://fedorahosted.org/freeipa/ticket/4395 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: hide otp fields based on token typePetr Vobornik2014-09-111-3/+8
| | | | | | | | - uses hide empty feature https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: hide non-readable fieldsPetr Vobornik2014-09-113-2/+51
| | | | | | | | | | | | hide widgets if associated field had received attribute level rights without 'r' right. Explicit rights are required to avoid hiding of special widgets which are not associated with any LDAP attribute. https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-30 08:47:19 +0000