summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Server Upgrade: Allow base64 encoded valuesMartin Basti2015-05-116-21/+29
| | | | | | | | | | | | | | This patch allows to use base64 encoded values in update files. Double colon ('::') must be used as separator between attribute name and base64 encoded value. add:attr::<base64-value> replace:attr::<old-base64-value>::<new-base64-value> https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: remove CSV from upgrade filesMartin Basti2015-05-111-4/+2
| | | | | | | | | | | | | | | | | CSV values are not supported in upgrade files anymore Instead of add:attribute: 'first, part', second please use add:attribute: firts, part add:attribute: second Required for ticket: https://fedorahosted.org/freeipa/ticket/4984 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* rename_managed: Remove use of EditableDNPetr Viktorin2015-04-231-20/+32
| | | | | | This was the last use of EditableDN in IPA; the class can now be removed. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: restart DS using ipaplatfom serviceMartin Basti2015-04-141-47/+0
| | | | | | | | Removes extra class DSRestart which do the same thing https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: use ldap2 connection in fix_replica_agreementsMartin Basti2015-04-141-3/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: plugins should use ldapupdater API instanceMartin Basti2015-04-148-28/+32
| | | | | | | | This is required to have proper LDAP connection in plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: specify order of plugins in update filesMartin Basti2015-04-1416-270/+50
| | | | | | | | | | | | * add 'plugin' directive * specify plugins order in update files * remove 'run plugins' options * use ldapupdater API instance in plugins * add update files representing former PreUpdate and PostUpdate order of plugins https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Apply plugin updates immediatelyMartin Basti2015-04-1414-74/+67
| | | | | | | | | | Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Fix commentsMartin Basti2015-04-021-8/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* upload_cacrt: Fix empty cACertificate in cn=CAcertJan Cholasta2015-03-191-24/+30
| | | | | | https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: remove --test optionMartin Basti2015-03-191-12/+9
| | | | | | | | | As --test option is not used for developing, and it is not recommended to test if upgrade will pass, this path removes it copmletely. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Revert "Server Upgrade: respect --test option in plugins"Tomas Babej2015-03-197-35/+0
| | | | This reverts commit c95c4849ae1ecc90ac926b8b7d61e153b42e7699.
* Server Upgrade: respect --test option in pluginsMartin Basti2015-03-197-0/+35
| | | | | | | | | Several plugins do the LDAP data modification directly. In test mode these plugis should not be executed. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Update entries in order specified in fileMartin Basti2015-03-198-26/+17
| | | | | | | | | | | | Dictionary replaced with list. Particular upgrades are executed in the same order as they are specified in update a file. Different updates for the smae cn, are not merged into one upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: Remove unused PRE_SCHEMA_UPDATEMartin Basti2015-03-193-16/+2
| | | | | | | This is not used anymore. Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix uniqueness pluginsMartin Basti2015-03-051-91/+0
| | | | | | | | | | | | * add uniqueness-subtree-entries-oc:posixAccount to ensure idviews users will not be forced to have unique uid * remove unneded update plugins -> update was moved to .update file * add uniqueness-across-all-subtrees required by user lifecycle management Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Migrate uniquess plugins configuration to new styleMartin Basti2015-03-051-1/+202
| | | | | | | New configuration style contains options required for user lifecycle management. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add anonymous read ACI for DUA profileMartin Kosek2015-01-211-0/+20
| | | | | | | | DUA profile(s) are consumed by Solaris clients. https://fedorahosted.org/freeipa/ticket/4850 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow PassSync user to locate and update NT usersMartin Kosek2015-01-191-0/+78
| | | | | | | | | | | | | | | Add new PassSync Service privilege that have sufficient access to let AD PassSync service search for NT users and update the password. To make sure existing PassSync user keeps working, it is added as a member of the new privilege. New update plugin is added to add link to the new privilege to the potentially existing PassSync user to avoid breaking the PassSync service. https://fedorahosted.org/freeipa/ticket/4837 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix zone find during forwardzone upgradeMartin Basti2015-01-091-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4818 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix: Upgrade forwardzones zones after adding newer replicaMartin Basti2015-01-091-31/+34
| | | | | | | | Patch fixes issue, when forwardzones has not been upgraded after adding replica >=4.0 into topology with IPA 3.x servers. Ticket: https://fedorahosted.org/freeipa/ticket/4818 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Remove usage of app_PYTHON in ipaserver MakefilesGabe2014-12-101-24/+0
| | | | | | | | - Remove ChangeLog from ipa-client/Makefile.am https://fedorahosted.org/freeipa/ticket/4700 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix upgrade referint pluginMartin Basti2014-11-132-0/+91
| | | | | | | | Mixing 'Old' and 'New' attr style for referential integrity plugin causes errors. Now old setting are migrated to new style setting before upgrade Ticket: https://fedorahosted.org/freeipa/ticket/4622 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix: DNS policy upgrade raises asertion errorMartin Basti2014-11-131-1/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4708 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ldapupdater: set baserid to 0 for ipa-ad-trust-posix rangesPetr Vobornik2014-11-111-1/+68
| | | | | | | | New updater plugin which sets baserid to 0 for ranges with type ipa-ad-trust-posix https://fedorahosted.org/freeipa/ticket/4221 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix upgrade: do not use invalid ldap connectionMartin Basti2014-11-061-0/+3
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4670 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* updater: enable uid uniqueness plugin for posixAccountsAlexander Bokovoy2014-10-212-0/+116
| | | | | | https://fedorahosted.org/freeipa/ticket/4636 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support idviews in compat treeAlexander Bokovoy2014-10-201-0/+11
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-3/+4
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* idviews: Fix typo in upgrade handling of the Default Trust ViewTomas Babej2014-09-301-5/+5
| | | | | | | | | Fixed missing comma. Also removes leading spaces from the ldif, since this is not stripped by the updater. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* idviews: Create Default Trust View for upgraded serversTomas Babej2014-09-301-0/+48
| | | | | | | | | | | For upgraded servers with enabled AD trust support, we want to ensure that Default Trust View entry is created. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix certmonger code causing the ca_renewal_master update plugin to failJan Cholasta2014-09-231-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4547 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow deleting obsolete permissions; remove operational attribute permissionsPetr Viktorin2014-09-121-18/+21
| | | | | | https://fedorahosted.org/freeipa/ticket/4534 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix: Add managed read permissions for compat tree and operational attrsPetr Viktorin2014-09-051-0/+18
| | | | | | | | | | | This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
* Use certmonger D-Bus API instead of messing with its files.David Kupka2014-09-051-4/+4
| | | | | | | | | | | | FreeIPA certmonger module changed to use D-Bus to communicate with certmonger. Using the D-Bus API should be more stable and supported way of using cermonger than tampering with its files. >=certmonger-0.75.13 is needed for this to work. https://fedorahosted.org/freeipa/ticket/4280 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Upload CA chain from DS NSS database to certificate store on server update.Jan Cholasta2014-07-301-16/+52
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add permissions for certificate store.Jan Cholasta2014-07-301-0/+46
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add permissions for CA certificate renewal.Jan Cholasta2014-07-301-0/+23
| | | | Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix DNS upgrade plugin should check if DNS container existsMartin Basti2014-07-281-0/+4
| | | | | | | Fortunately this cause no error, because dnszone-find doesnt raise exception if there is no DNS container Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Restore privileges after forward zones updateMartin Basti2014-07-041-1/+42
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix upgrade to forward zonesMartin Basti2014-07-031-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Upgrade special master zones to forward zonesMartin Basti2014-06-271-2/+177
| | | | | | | | | | | This upgrade is executed only if IPA version is older than 4.0 Requires detection if 'idnsforwardzone' objectclass is presented in schema before schema is upgraded Design: http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Added upgrade step executed before schmema is upgradedMartin Basti2014-06-272-1/+15
| | | | | | | | Class PreSchemaUpdate is executed before ldap schema update This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Join --type objectclass filters with ORPetr Viktorin2014-06-231-2/+3
| | | | | | | | | | | | For groups, we will need to filter on either posixgroup (which UPGs have but non-posix groups don't) and groupofnames/nestedgroup (which normal groups have but UPGs don't). Join permission_filter_objectclasses with `|` and add them as a single ipapermtargetfilter value. Part of the work for: https://fedorahosted.org/freeipa/ticket/3566 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add $REALM to variables supported by the managed permission updaterPetr Viktorin2014-06-181-0/+1
| | | | | | | | This will allow converting password policy permissions Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove the update_dns_permissions pluginPetr Viktorin2014-06-181-56/+0
| | | | | | | | | This plugin created permissions that the managed permission updater would remove right away. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* managed permission updater: Add mechanism to replace SYSTEM permissionsPetr Viktorin2014-06-181-0/+18
| | | | | | | | | | | | | | The "Read DNS Entries" permission, which was marked SYSTEM (no associated ACI), can now be converted to a regular managed permission. Add a mechanism for the updater to replace old SYSTEM permissions. This cannot be done in an update file because we do not want to replace V2 permissions with the same name. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaplatform: Move all filesystem paths to ipaplatform.paths moduleTomas Babej2014-06-162-2/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Make 'permission' the default bind type for managed permissionsPetr Viktorin2014-06-111-1/+1
| | | | | | | | | | | This reduces typing (or copy/pasting), and draws a bit of attention to any non-default privileges (currently 'any' or 'anonymous'). Leaving the bindtype out by mistake isn't dangerous: by default a permission is not granted to anyone, since it is not included in any priviliges. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add method to enumerate managed permission templatesPetr Viktorin2014-06-111-15/+30
| | | | | | This will ease writing audit and management scripts for managed permissions. Reviewed-By: Martin Kosek <mkosek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 11:24:08 +0000