summaryrefslogtreecommitdiffstats
path: root/ipa-server
Commit message (Collapse)AuthorAgeFilesLines
...
* Don't allow a replica to prepare a replica for itself.Rob Crittenden2008-04-231-0/+3
| | | | 442756
* Fixed various memory leaks in memberOf plug-in.Nathan Kinder2008-04-221-2/+9
| | | | 440474
* Become version 1.0.0release-1-0-0Rob Crittenden2008-04-164-4/+16
|
* Catch all errors when obtaining an LDAP connection.Rob Crittenden2008-04-151-0/+2
| | | | 442582
* Better detection of DS not starting.Rob Crittenden2008-04-141-3/+23
| | | | | | | The dirsrv init script always returns 0 on status checks, even if an instance is not started. So we have to look through the output instead. 442452
* Don't quit trying to lock a user if they aren't in the activated group.Rob Crittenden2008-04-141-1/+5
| | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470
* Configure the ipa_pwd_extop plugin on replicas.Rob Crittenden2008-04-141-1/+4
| | | | | | | | If plugin isn't configured then the kerberos attributes don't get populated. User's will get Preauthentication errors from the kerberos libraries because there is no krbPrincipalKey to match against. 442134
* Use the same kpasswd.keytab on all replicas.Rob Crittenden2008-04-093-3/+12
| | | | | | | If we generate a new keytab for each replica then effectively password changes can only occur on the last replica created. 439905
* The kpasswd keytab must not be owned by the dirsrv user.Simo Sorce2008-04-081-2/+0
| | | | Fix copy&paste error.
* SELinux fix from Dan WalshRob Crittenden2008-04-071-1/+1
| | | | 440646
* Add (post) to Requires: ipa-server-specRob Crittenden2008-04-072-2/+4
|
* Some SELinux policy changes provided by Dan Walsh.Rob Crittenden2008-04-073-4/+18
| | | | 440651
* Add _ntp SRV recordSimo Sorce2008-04-071-0/+2
|
* Password policy checks fixes.Simo Sorce2008-04-071-37/+94
| | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined
* Don't allow the admin user to be removed from the admins group.Rob Crittenden2008-04-041-0/+10
| | | | 439281
* Add missing normalizeDN() when removing members from a group.Rob Crittenden2008-04-041-4/+11
| | | | 438387
* Create /etc/ipa/ipa.conf earlier in the installation process.Rob Crittenden2008-04-031-8/+8
| | | | | | | Because the ipa.config() object raises an error if there is no configuration file and auto-detection fails, ipa_webgui may fail to start at install time. 440475
* Add missing imageRob Crittenden2008-04-031-0/+1
|
* Don't try to update ipauserobjectclasses or ipagroupobjectclassesRob Crittenden2008-04-022-9/+13
| | | | | | | | since they aren't being displayed anymore. They will just get blanked. Also add some error handling in ipahelper.fix_incoming_fields() 438256
* Add missing start_creation() so the install process will get kicked off.Rob Crittenden2008-04-021-0/+1
|
* Make sure we have ipa-client installed as now ipa-server-install callsSimo Sorce2008-04-022-0/+2
| | | | ipa-client-install
* Stricter directory control for ipa daemons, each one it's own directorySimo Sorce2008-04-013-1/+16
|
* Move ipa_kpasswd credential cache in its own directorySimo Sorce2008-04-014-3/+15
|
* Fix typo in python directive. Fixes marking a group active.Rob Crittenden2008-04-011-1/+1
| | | | 440142
* Fix crash when creating new groups. You can't iterate over a None variable.Rob Crittenden2008-04-011-0/+2
| | | | 440081
* Fix AVC when for reading /proc during password change on RHEL 5Rob Crittenden2008-04-011-0/+2
| | | | 438007
* No need to use a regular expression to find the replication hostRob Crittenden2008-03-311-3/+1
| | | | 430015
* Call client uninstall from server uninstall so that uninstall reverses alsoSimo Sorce2008-03-311-0/+15
| | | | client bits.
* Sysrestore fixes.Simo Sorce2008-03-311-3/+8
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Some more function name errors due to merge from DS own memberof plugin thatSimo Sorce2008-03-311-6/+6
| | | | has different function names. This was a runtime linker crash bug :/
* On the delegation edit screen allow the direct entry of a group nameRob Crittenden2008-03-241-4/+28
| | | | | | Fix the redirection errors, it was going to back to the Add delegation page 438257
* Don't try to add the default group to a user when creating the group.Rob Crittenden2008-03-311-4/+19
| | | | | | This is done automatically and trying to do so will return an error. 432106
* Fix account activation.Rob Crittenden2008-03-312-12/+64
| | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230
* Fix typoSimo Sorce2008-03-311-2/+2
|
* Better check for IPA nServer own address, avoid manually parsing /etc/hosts bySimo Sorce2008-03-301-36/+54
| | | | | | | using nsswitch calls that read it and also take in account any other name resolution mechanism that might be installed (like NIS lol :-). This also should make the check support IPv6 transparently too (not tested)
* Avoid listing a group as a memberOf itself when a circular groupingNathan Kinder2008-03-281-10/+23
| | | | | | | | | | is created. We basically just need to add a check to see if we're to use a group DN as the memberOf value when performing an operation on itself for all operation types. 439450
* Fixed handling of modify operations that delete all present memberNathan Kinder2008-03-281-2/+13
| | | | | | | | | | | | | values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097
* Put replica info file into /var/lib/ipa instead of the current directoryRob Crittenden2008-03-281-2/+2
| | | | 439120
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-2712-350/+152
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Don't allow the admin user to be removed using the XML-RPC Interface.Rob Crittenden2008-03-281-0/+2
| | | | | | If a site really wants it gone then can delete it via LDAP. 439281
* Do case-less comparisons when considering objectclass but store theRob Crittenden2008-03-283-3/+7
| | | | | | | | | | current value to prevent unnecessary LPAP updates (and failed writes) Don't check against these lists on updates, only add them on new entries. Disable the ability to configure in the UI these values for now. 438256
* Properly detect when ports are available.Rob Crittenden2008-03-271-4/+3
| | | | | | | | The DS setup program uses Perl and does a similar port available test. It seems that perl always sets FD_CLOEXEC and python does not. This is why the port test would pass in python but fail in perl. 439024
* Put the replica hostname back together properlyRob Crittenden2008-03-271-2/+3
| | | | 439057
* Normalize member DN's when determining whether they are in a groupRob Crittenden2008-03-261-1/+5
| | | | | | as a direct or indirect member. 438387
* When getting members let user indicate what type of member they want.Rob Crittenden2008-03-275-11/+121
| | | | | | | | | | The memberOf attribute includes members that are directly in the group via the "member" attribute and those that are included as a result of being in a group that is in the group. The UI needs to be able to distinguish between the two. 438706
* Handle MODRDN operations properly for indirect group members.Nathan Kinder2008-03-261-1/+11
| | | | | | | Without this, an entry's memberOf attribute is not updated with the new group DN when an indirect group is renamed. This is in bugzilla for FDS as bz 438891.
* Make the memberof task a public function.Rob Crittenden2008-03-274-14/+29
| | | | | | | | | | | | | | This is used when a new replica is created as well as whenever a replica is re-initialized from another master. In order for this to work when not creating an instance the __init__ function needs to be able to determine the suffix and the dm_password is needed. I've also added the time to the RDN of the member task to ensure uniqueness. 438222
* Add additional detail to error messages.Rob Crittenden2008-03-255-24/+24
| | | | | | | | | This runs the risk of showing too much and confusing users but on the other hand it often includes required information detailing why the error occurred such as what attribute the user lacks write access too and why changing a password failed. 438057
* Make Install and Uninstall have different log filesSimo Sorce2008-03-241-2/+5
|
* Don't error out if the user isn't in any groups.Rob Crittenden2008-03-261-0/+3
| | | | 438222
generated by cgit (git 2.34.1) at 2025-09-28 03:48:39 +0000