summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Remove invalid error messages from topology upgradeMartin Basti2015-11-251-3/+2
| | | | | | | | | Return False does not mean that update failed, it mean that nothing has been updated, respectively ldap is up to date. https://fedorahosted.org/freeipa/ticket/5482 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* install: drop support for Dogtag 9Jan Cholasta2015-11-251-3/+2
| | | | | | | | | | | Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
* topology: manage ca replication agreementsPetr Vobornik2015-10-151-0/+34
| | | | | | | | | | | | | Configure IPA so that topology plugin will manage also CA replication agreements. upgrades if CA is congigured: - ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX - ipaReplTopoManagedSuffix: o=ipaca is added to master entry - binddngroup is added to o=ipaca replica entry Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use byte literals where appropriateJan Cholasta2015-09-171-1/+1
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-172-0/+11
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-011-2/+2
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-012-3/+3
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-126-17/+17
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* upgrade: Enable and start oddjobd if adtrust is availableTomas Babej2015-07-081-0/+24
| | | | | | | If ipa-adtrust-install has already been run on the system, enable and start the oddjobd service. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Server Upgrade: use debug log level for upgrade instead of infoMartin Basti2015-07-035-19/+19
| | | | | | Upgrade contains too many unnecessary info logs. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipalib: Load ipaserver plugins when api.env.in_server is TrueJan Cholasta2015-07-011-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Add Domain Level featureTomas Babej2015-05-261-1/+10
| | | | | | | https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* install part - manage topology in shared treeLudwig Krispenz2015-05-261-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* User life cycle: Stage user Administrators permission/priviledgeThierry Bordaz2015-05-181-2/+10
| | | | | | | | Creation of stage user administrator https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Allow base64 encoded valuesMartin Basti2015-05-116-21/+29
| | | | | | | | | | | | | | This patch allows to use base64 encoded values in update files. Double colon ('::') must be used as separator between attribute name and base64 encoded value. add:attr::<base64-value> replace:attr::<old-base64-value>::<new-base64-value> https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: remove CSV from upgrade filesMartin Basti2015-05-111-4/+2
| | | | | | | | | | | | | | | | | CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* rename_managed: Remove use of EditableDNPetr Viktorin2015-04-231-20/+32
| | | | | | This was the last use of EditableDN in IPA; the class can now be removed. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: restart DS using ipaplatfom serviceMartin Basti2015-04-141-47/+0
| | | | | | | | Removes extra class DSRestart which do the same thing https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: use ldap2 connection in fix_replica_agreementsMartin Basti2015-04-141-3/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: plugins should use ldapupdater API instanceMartin Basti2015-04-148-28/+32
| | | | | | | | This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: specify order of plugins in update filesMartin Basti2015-04-1416-270/+50
| | | | | | | | | | | | * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Apply plugin updates immediatelyMartin Basti2015-04-1414-74/+67
| | | | | | | | | | Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Fix commentsMartin Basti2015-04-021-8/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* upload_cacrt: Fix empty cACertificate in cn=CAcertJan Cholasta2015-03-191-24/+30
| | | | | | https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove --test optionMartin Basti2015-03-191-12/+9
| | | | | | | | | As --test option is not used for developing, and it is not recommended to test if upgrade will pass, this path removes it copmletely. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Revert "Server Upgrade: respect --test option in plugins"Tomas Babej2015-03-197-35/+0
| | | | This reverts commit c95c4849ae1ecc90ac926b8b7d61e153b42e7699.
* Server Upgrade: respect --test option in pluginsMartin Basti2015-03-197-0/+35
| | | | | | | | | Several plugins do the LDAP data modification directly. In test mode these plugis should not be executed. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Update entries in order specified in fileMartin Basti2015-03-198-26/+17
| | | | | | | | | | | | Dictionary replaced with list. Particular upgrades are executed in the same order as they are specified in update a file. Different updates for the smae cn, are not merged into one upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Remove unused PRE_SCHEMA_UPDATEMartin Basti2015-03-193-16/+2
| | | | | | | This is not used anymore. Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix uniqueness pluginsMartin Basti2015-03-051-91/+0
| | | | | | | | | | | | * add uniqueness-subtree-entries-oc:posixAccount to ensure idviews users will not be forced to have unique uid * remove unneded update plugins -> update was moved to .update file * add uniqueness-across-all-subtrees required by user lifecycle management Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Migrate uniquess plugins configuration to new styleMartin Basti2015-03-051-1/+202
| | | | | | | New configuration style contains options required for user lifecycle management. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add anonymous read ACI for DUA profileMartin Kosek2015-01-211-0/+20
| | | | | | | | DUA profile(s) are consumed by Solaris clients. https://fedorahosted.org/freeipa/ticket/4850 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow PassSync user to locate and update NT usersMartin Kosek2015-01-191-0/+78
| | | | | | | | | | | | | | | Add new PassSync Service privilege that have sufficient access to let AD PassSync service search for NT users and update the password. To make sure existing PassSync user keeps working, it is added as a member of the new privilege. New update plugin is added to add link to the new privilege to the potentially existing PassSync user to avoid breaking the PassSync service. https://fedorahosted.org/freeipa/ticket/4837 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix zone find during forwardzone upgradeMartin Basti2015-01-091-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4818 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix: Upgrade forwardzones zones after adding newer replicaMartin Basti2015-01-091-31/+34
| | | | | | | | Patch fixes issue, when forwardzones has not been upgraded after adding replica >=4.0 into topology with IPA 3.x servers. Ticket: https://fedorahosted.org/freeipa/ticket/4818 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Remove usage of app_PYTHON in ipaserver MakefilesGabe2014-12-101-24/+0
| | | | | | | | - Remove ChangeLog from ipa-client/Makefile.am https://fedorahosted.org/freeipa/ticket/4700 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix upgrade referint pluginMartin Basti2014-11-132-0/+91
| | | | | | | | Mixing 'Old' and 'New' attr style for referential integrity plugin causes errors. Now old setting are migrated to new style setting before upgrade Ticket: https://fedorahosted.org/freeipa/ticket/4622 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix: DNS policy upgrade raises asertion errorMartin Basti2014-11-131-1/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4708 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldapupdater: set baserid to 0 for ipa-ad-trust-posix rangesPetr Vobornik2014-11-111-1/+68
| | | | | | | | New updater plugin which sets baserid to 0 for ranges with type ipa-ad-trust-posix https://fedorahosted.org/freeipa/ticket/4221 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix upgrade: do not use invalid ldap connectionMartin Basti2014-11-061-0/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4670 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* updater: enable uid uniqueness plugin for posixAccountsAlexander Bokovoy2014-10-212-0/+116
| | | | | | https://fedorahosted.org/freeipa/ticket/4636 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support idviews in compat treeAlexander Bokovoy2014-10-201-0/+11
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-3/+4
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* idviews: Fix typo in upgrade handling of the Default Trust ViewTomas Babej2014-09-301-5/+5
| | | | | | | | | Fixed missing comma. Also removes leading spaces from the ldif, since this is not stripped by the updater. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* idviews: Create Default Trust View for upgraded serversTomas Babej2014-09-301-0/+48
| | | | | | | | | | | For upgraded servers with enabled AD trust support, we want to ensure that Default Trust View entry is created. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix certmonger code causing the ca_renewal_master update plugin to failJan Cholasta2014-09-231-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4547 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow deleting obsolete permissions; remove operational attribute permissionsPetr Viktorin2014-09-121-18/+21
| | | | | | https://fedorahosted.org/freeipa/ticket/4534 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix: Add managed read permissions for compat tree and operational attrsPetr Viktorin2014-09-051-0/+18
| | | | | | | | | | | This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-051-4/+4
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server update.Jan Cholasta2014-07-301-16/+52
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 07:49:01 +0000