summaryrefslogtreecommitdiffstats
path: root/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* install: create kdcproxy user during server installJan Cholasta2015-09-223-1/+18
| | | | | | | | | | This change makes kdcproxy user creation consistent with DS and CA user creation. Before, the user was created in the spec file, in %pre scriptlet of freeipa-server. https://fedorahosted.org/freeipa/ticket/5314 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Rewrap errors in get_principal to CCacheErrorMichael Simacek2015-09-221-1/+1
| | | | | | | | | Causes nicer error message when kerberos credentials are not available. https://fedorahosted.org/freeipa/ticket/5272 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-backup: Add mechanism to store empty directory structureTomas Babej2015-09-221-3/+47
| | | | | | | | | | | | | Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: Add common base class for server and replica installJan Cholasta2015-09-223-564/+525
| | | | | | https://fedorahosted.org/freeipa/ticket/4517 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Simplify the install_replica_ca functionSimo Sorce2015-09-221-10/+5
| | | | | | | | Instantiate CAInstall only once instead of 3 times in a row always with the same values. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove unused argumentsSimo Sorce2015-09-224-15/+9
| | | | | | | | In the dogtag/ca/kra instances self.domain is never used. Remove it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for ↵Gabe2015-09-221-2/+2
| | | | | | | | unlimited minvalue https://fedorahosted.org/freeipa/ticket/4023 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Server Upgrade: addifnew should not create entryMartin Basti2015-09-211-2/+2
| | | | | | | addifnew should add value only if entry exists, instead of creating entry. Reviewed-By: David Kupka <dkupka@redhat.com>
* Limit max age of replication changelogMartin Basti2015-09-211-0/+1
| | | | | | | | | Limit max age of replication changelog to seven days, instead of grow to unlimited size. https://fedorahosted.org/freeipa/ticket/5086 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: support KRA updateJan Cholasta2015-09-171-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Use byte literals where appropriateJan Cholasta2015-09-172-7/+7
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Alias "unicode" to "str" under Python 3Jan Cholasta2015-09-1714-0/+62
| | | | | | | | | The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* winsync: Add inetUser objectclass to the passsync sysaccountTomas Babej2015-09-161-1/+1
| | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=1262315 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Server Install: print message that client is being installedMartin Basti2015-09-112-0/+2
| | | | | | | | IPA client is installed on server side during "Restarting web server" step, which lasts too long. This commit explicitly print message that IPA client is being installed. Reviewed-By: Simo Sorce <ssorce@redhat.com>
* IPA Restore: allows to specify files that should be removedMartin Basti2015-09-111-0/+28
| | | | | | | | | | | | | Some files/directories should be removed before backup files are copied to filesystem. In case of DNSSEC, the /var/lib/ipa/dnssec/tokens directory has to be removed, otherwise tokens that are backed up and existing tokens will be mixed and SOFTHSM log in will not work https://fedorahosted.org/freeipa/ticket/5293 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: backup CS.cfg when dogtag is turned offMartin Basti2015-09-111-1/+4
| | | | | | | | Is unable to made CS.cfg when dogtag is running. https://fedorahosted.org/freeipa/ticket/5287 Reviewed-By: David Kupka <dkupka@redhat.com>
* Using LDAPI to setup CA and KRA agents.Endi S. Dewata2015-09-072-90/+72
| | | | | | | | | | | The CA and KRA installation code has been modified to use LDAPI to create the CA and KRA agents directly in the CA and KRA database. This way it's no longer necessary to use the Directory Manager password or CA and KRA admin certificate. https://fedorahosted.org/freeipa/ticket/5257 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use six.with_metaclass to specify metaclassesJan Cholasta2015-09-071-3/+2
| | | | | | | Metaclass specification is incompatible between Python 2 and 3. Use the six.with_metaclass helper to specify metaclasses. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ldap: Make ldap2 connection management thread-safe againJan Cholasta2015-09-041-18/+15
| | | | | | | | | | | This fixes the connection code in LDAPClient to not store the LDAP connection in an attribute of the object, which in combination with ldap2's per-thread connections lead to race conditions resulting in connection failures. ldap2 code was updated accordingly. https://fedorahosted.org/freeipa/ticket/5268 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNSSEC: remove ccache and keytab of ipa-ods-exporterMartin Basti2015-09-031-0/+7
| | | | | | | | | Reusing old ccache after reinstall causes authentication error. And prevents DNSSEC from working. Related to ticket: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: backup and restore opendnssec zone list fileMartin Basti2015-09-031-1/+5
| | | | | | | | | | When zone list is not restored after unninstall, this may slow down enbaling DNSSEC signing for zones and print unwanted errors into log after new installation. Related to: https://fedorahosted.org/freeipa/ticket/5273 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Installer: do not modify /etc/hosts before user agreementMartin Basti2015-09-034-18/+53
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/4561 As side effect this also fixes: https://fedorahosted.org/freeipa/ticket/5266 Reviewed-By: David Kupka <dkupka@redhat.com>
* Server Upgrade: fix traceback caused by cidictMartin Basti2015-09-031-1/+1
| | | | | | | | Traceback caused by recent py3 code migration. https://fedorahosted.org/freeipa/ticket/5283 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Backup: back up the hosts fileMartin Basti2015-09-021-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/5275 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* DNSSEC: remove "DNSSEC is experimental" warningsMartin Basti2015-09-021-2/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/5265 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Modernize use of range()Petr Viktorin2015-09-014-7/+8
| | | | | | | | | | | | In Python 3, range() behaves like the old xrange(). The difference between range() and xrange() is usually not significant, especially if the whole result is iterated over. Convert xrange() usage to range() for small ranges. Use modern idioms in a few other uses of range(). Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use new-style raise syntaxPetr Viktorin2015-09-011-5/+5
| | | | | | | | | The form`raise Error, value` is deprecated in favor of `raise Error(value)`, and will be removed in Python 3. Use the new syntax. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-0119-304/+340
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace uses of map()Petr Viktorin2015-09-011-2/+2
| | | | | | | | | | In Python 2, map() returns a list; in Python 3 it returns an iterator. Replace all uses by list comprehensions, generators, or for loops, as required. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Replace filter() calls with list comprehensionsPetr Viktorin2015-09-012-2/+2
| | | | | | | | In Python 3, filter() returns an iterator. Use list comprehensions instead. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use Python3-compatible dict method namesPetr Viktorin2015-09-017-10/+11
| | | | | | | | | | | | | | | | | | | | | | Python 2 has keys()/values()/items(), which return lists, iterkeys()/itervalues()/iteritems(), which return iterators, and viewkeys()/viewvalues()/viewitems() which return views. Python 3 has only keys()/values()/items(), which return views. To get iterators, one can use iter() or a for loop/comprehension; for lists there's the list() constructor. When iterating through the entire dict, without modifying the dict, the difference between Python 2's items() and iteritems() is negligible, especially on small dicts (the main overhead is extra memory, not CPU time). In the interest of simpler code, this patch changes many instances of iteritems() to items(), iterkeys() to keys() etc. In other cases, helpers like six.itervalues are used. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.string_types instead of "basestring"Petr Viktorin2015-09-011-1/+2
| | | | | Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Fix SASL mappings not added in ipa-server-installJan Cholasta2015-08-271-0/+1
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* cert renewal: Include KRA users in Dogtag LDAP updateJan Cholasta2015-08-271-4/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5253 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Insure the admin_conn is disconnected on stopSimo Sorce2015-08-271-0/+7
| | | | | | | | If we stop or restart the server insure admin_conn gets reset or other parts may fail to properly connect/authenticate Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Move sasl mappings creation to dsinstanceSimo Sorce2015-08-272-48/+51
| | | | | | | | | Sasl mappings can be created directly by the DS Instance, there is no reason to create them in the krbinstance as they do not depend on the kdc to be configured just to be created. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Remove custom utility function from krbinstanceSimo Sorce2015-08-271-21/+3
| | | | | | | | Remove the custom update_key_val_in_file() and instead use the common function config_replace_variables() available from ipautil. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Removed clear text passwords from KRA install log.Endi S. Dewata2015-08-261-8/+8
| | | | | | | | | | The ipa-kra-install tool has been modified to use password files instead of clear text passwords when invoking pki tool such that the passwords are no longer visible in ipaserver-kra-install.log. https://fedorahosted.org/freeipa/ticket/5246 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Port from python-krbV to python-gssapiMichael Simacek2015-08-2610-81/+62
| | | | | | | | | | | | | | | | | | python-krbV library is deprecated and doesn't work with python 3. Replacing all it's usages with python-gssapi. - Removed Backend.krb and KRB5_CCache classes They were wrappers around krbV classes that cannot really work without them - Added few utility functions for querying GSSAPI credentials in krb_utils module. They provide replacements for KRB5_CCache. - Merged two kinit_keytab functions - Changed ldap plugin connection defaults to match ipaldap - Unified getting default realm Using api.env.realm instead of krbV call Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
* Backup/resore authentication control configurationDavid Kupka2015-08-192-0/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5071 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Server Upgrade: Start DS before CA is started.Martin Basti2015-08-191-2/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5232 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* install: Fix replica install with custom certificatesJan Cholasta2015-08-181-8/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5226 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa-restore: check whether DS is running before attempting connectionMartin Babinsky2015-08-181-0/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4838 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-backup: archive DNSSEC zone file and kasp.dbMartin Babinsky2015-08-171-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/5159 Reviewed-By: Martin Basti <mbasti@redhat.com>
* fix typo in BasePathNamespace member pointing to ods exporter configMartin Babinsky2015-08-172-2/+2
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* winsync-migrate: Add warning about passsyncTomas Babej2015-08-171-0/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/5162 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* dbus: Create empty dbus.Array with specified signatureDavid Kupka2015-08-141-1/+2
| | | | | | | | Python DBus binding could fail to guess the type signature from empty list. This issue was seen but we don't have a reproducer. There is no harm in making sure that it will not happen. Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use absolute importsPetr Viktorin2015-08-129-24/+21
| | | | | | | In Python 3, implicit relative imports will not be supported. Use fully-qualified imports everywhere. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace dict.has_key with the 'in' operatorPetr Viktorin2015-08-122-14/+14
| | | | | | | | | The deprecated has_key method will be removed from dicts in Python 3. For custom dict-like classes, has_key() is kept on Python 2, but disabled for Python 3. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-1236-232/+232
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-10 14:51:46 +0000