summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Remove 'cn' attribute from idnsRecord and idnsZone objectClassesPetr Viktorin2013-04-102-1/+2
| | | | | | A commonName attribute has no meaning in DNS records. https://fedorahosted.org/freeipa/ticket/3514
* Fix regression in group type selection in group adder dialogPetr Vobornik2013-04-101-4/+3
| | | | Refactoring of radio widget (04325fbb4c64ee4aef6d8c9adf0ff95b8b653101) caused that value is no longer supplied to value_change handler.
* Don't show trusts pages when trust is not configuredPetr Vobornik2013-04-103-2/+49
| | | | | | When trust is not configured trust-config page is raising an error. Trusts search page won't find anything either -> no use for the pages -> hiding. https://fedorahosted.org/freeipa/ticket/3333
* Global trust config pagePetr Vobornik2013-04-106-3/+255
| | | | https://fedorahosted.org/freeipa/ticket/3333
* Do actually stop pki_cad in stop_pkicad instead of starting it.Jan Cholasta2013-04-091-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3554
* Run permission target switch action only for visible widgetsPetr Vobornik2013-04-051-1/+1
| | | | | | | | | | | | Permission details page was incorrectly evaluated as dirty (update button enabled) right after load when permission type={subtree,filter} and some attrs are set. Can be reproduced by opening 'Modify Automount maps' permission. The culprit is that attrs widget is populated and dirty-checked even targets where it doesn't belong. Fixed by running target_mapping action only for visible targets. https://fedorahosted.org/freeipa/ticket/3527
* Add ipakrbokasdelegate option to service and host Web UI pagesPetr Vobornik2013-04-048-5/+45
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Change CNAME and DNAME attributes to single valuedMartin Kosek2013-04-022-2/+4
| | | | | | | | These DNS attributeTypes are of a singleton type, update LDAP schema to reflect it. https://fedorahosted.org/freeipa/ticket/3440 https://fedorahosted.org/freeipa/ticket/3450
* Properly handle ipa-replica-install when its zone is not managed by IPATomas Babej2013-04-021-6/+16
| | | | | | | | | The ipa-replica-install script tries to add replica's A and PTR records to the master DNS, if master does manage DNS. However, master need not manage replica's zone. Properly handle this use case. https://fedorahosted.org/freeipa/ticket/3496
* Web UI: Disable cert functionality if a CA is not availablePetr Vobornik2013-04-021-11/+13
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
* Load the CA cert into server NSS databasesPetr Viktorin2013-04-022-4/+8
| | | | | | | | | The CA cert was not loaded, so if it was missing from the PKCS#12 file, installation would fail. Pass the cert filename to the server installers and include it in the NSS DB. Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
* Support installing with custom SSL certs, without a CAPetr Viktorin2013-04-022-12/+56
| | | | | Design: http://freeipa.org/page/V3/CA-less_install https://fedorahosted.org/freeipa/ticket/3363
* ipa-server-install: Remove the --selfsign optionPetr Viktorin2013-04-022-44/+33
| | | | | | | | | Instead, certificates in pkcs12 files can be given to set up IPA with no CA at all. Use a flag, setup_ca, to signal if a CA is being installed. Design: http://freeipa.org/page/V3/Drop_selfsign Part of the work for: https://fedorahosted.org/freeipa/ticket/3494
* ipa-server-install: Make temporary pin files available for the whole ↵Petr Viktorin2013-04-021-37/+21
| | | | | | | | | | | | | | | installation We pass names of files with pkcs12 pins to installers which may continue to use the files after the initial call to create_instance, at which point the installer has already removed them. Also, some of the files were not properly removed on failure. Use ipautil.write_tmp_file for the pin files, which returns a NamedTemporaryFile object that removes the underlying file when it is garbage-collected. Create the files at start of installation. This will allow checking the pkcs#12 files before the system is modified.
* Added Web UI support for service PAC type option: NONEPetr Vobornik2013-03-292-3/+33
| | | | | | | | | ipakrbauthzdata accepts [null, 'NONE', 'MS-PAC, 'PAD'] New nesting feature of radios/checkboxes was used to handle mutual exclusivity between ['MS-PAC', 'PAD'], 'NONE' and ''. https://fedorahosted.org/freeipa/ticket/3404
* Nestable checkbox/radio widgetPetr Vobornik2013-03-294-143/+390
| | | | | | | | | New component: option_widget_base. It's not a regular widget but it share some of its characteristics. It should extend regular widget or it can be nested in itself alone. checkbox_widget, checkboxes_widget, radio_widget were modified to use it. Built as a prerequisite for: https://fedorahosted.org/freeipa/ticket/3404
* Add Kerberos ticket flags management to service and host plugins.Jan Cholasta2013-03-292-2/+4
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Update mod_wsgi socket directoryMartin Kosek2013-03-291-2/+2
| | | | | Fedora 19 splitted /var/run and /run directories. Update mod_wsgi configuration so that it generates its sockets in the right one.
* Put pid-file to named.confMartin Kosek2013-03-292-1/+45
| | | | | | | | | Fedora 19 has splitted /var/run and /run directories while in Fedora 18 it used to be a symlink. Thus, named may expect its PID file to be in other direct than it really is and fail to start. Add pid-file configuration option to named.conf both for new installations and for upgraded machines.
* Add mkhomedir option to ipa-server-install and ipa-replica-installAna Krivokapic2013-03-284-0/+22
| | | | | | | Add the option to create home directories for users on their first login to ipa-server-install and ipa-replica-install. https://fedorahosted.org/freeipa/ticket/3515
* Use default NETBIOS name in unattended ipa-adtrust-installAna Krivokapic2013-03-221-1/+4
| | | | | | | | Unattended ipa-adtrust-install used to fail if --netbios option was not provided. This patches fixes this, so that instead of failing the default NETBIOS name is used. https://fedorahosted.org/freeipa/ticket/3497
* Configure ipa_dns DS plugin on install and upgradeMartin Kosek2013-03-221-0/+16
| | | | | | | | | | The plugin is configured unconditionally (i.e. does not check if IPA was configured with DNS) as the plugin is needed on all replicas to prevent objectclass violations due to missing SOA serial in idnsZone objectclass. The violation could happen if just one replica configured DNS and added a new zone. https://fedorahosted.org/freeipa/ticket/3347
* Add DNS Setup Prompt to InstallBrian Cook2013-03-211-0/+5
| | | | | | | | | Currently the only way to setup integrated DNS is by passing --setup-dns to ipa-server-install. This patch modifies install so that if --setup-dns is not passed, the user is asked if they want to configure integrated dns. http://fedorahosted.org/freeipa/ticket/2575
* Fixed Web UI build error caused by rhino changes in F19Petr Vobornik2013-03-211-1/+7
| | | | | | | | | rhino-1.7R4-2.fc19.noarch dropped -main flag which made the build fail in rawhide (F19). We can't use the same command for rhino-1.7R3-6 (F18) and rhino-1.7R4-2 (F19). This patch adds check if rhino supports '-require' option. If so it calls rhino with it if not it calls rhino with -main option. https://fedorahosted.org/freeipa/ticket/3501
* Realm Domains pageAna Krivokapic2013-03-186-2/+179
| | | | | | Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407
* Web UI:Choose different search option for cert-findPetr Vobornik2013-03-184-4/+128
| | | | | | | | | | This extends certificate search page by search option select. Therefore the search is not restricted to 'subject'. It should be replaced by https://fedorahosted.org/freeipa/ticket/191 in a future. https://fedorahosted.org/freeipa/ticket/3419
* Web UI:Certificate pagesPetr Vobornik2013-03-1812-31/+614
| | | | | | | | | | | | | | | | | Following pages were added to Web UI: * certificated details * certificate search Certificate is not regular object so it gets no metadata. Therefore artificial metadata were created for it to allow usage of search and details facet. Search and details facet were modified to allow removing of add/remove/update/ reset buttons - certificates have no mod operation and they are not added by standard means. User can revoke and restore certificated in details facet. https://fedorahosted.org/freeipa/ticket/3419
* Improve some error handling in ipa-replica-manageRob Crittenden2013-03-141-3/+6
| | | | | | | | | | | | If you break a replica install after the agreement is created but before it gets much further you'll be in the situation where an agreement exists, no cn=masters entry exists, and the RUV may not be set yet. This adds some error handling so the broken install can be safely removed. https://fedorahosted.org/freeipa/ticket/3444
* Do not force named connections on upgradesMartin Kosek2013-03-141-1/+1
| | | | | | We used to set connections argument for bind-dyndb-ldap even when the attribute was not in named.conf. This is not necessary as the bind-dyndb-ldap plugin chooses a sane default instead of us.
* Use tkey-gssapi-keytab in named.confMartin Kosek2013-03-142-3/+69
| | | | | | | | | | | Remove obsolete BIND GSSAPI configuration options tkey-gssapi-credential and tkey-domain and replace them with tkey-gssapi-keytab which avoids unnecessary Kerberos checks on BIND startup and can cause issues when KDC is not available. Both new and current IPA installations are updated. https://fedorahosted.org/freeipa/ticket/3429
* Extend ipa-replica-manage to be able to manage DNA ranges.Rob Crittenden2013-03-135-7/+352
| | | | | | | | | | | | | | | | | Attempt to automatically save DNA ranges when a master is removed. This is done by trying to find a master that does not yet define a DNA on-deck range. If one can be found then the range on the deleted master is added. If one cannot be found then it is reported as an error. Some validation of the ranges are done to ensure that they do overlap an IPA local range and do not overlap existing DNA ranges configured on other masters. http://freeipa.org/page/V3/Recover_DNA_Ranges https://fedorahosted.org/freeipa/ticket/3321
* Use IPAdmin rather than raw python-ldap in migration.py and ipadiscovery.pyPetr Viktorin2013-03-131-20/+6
| | | | | | | | | | | | | These used ipautil.get_ipa_basedn. Convert that to use the new wrappers. Beef up the error handling in ipaldap to accomodate the errors we catch in the server discovery. Add a DatabaseTimeout exception to errors.py. These were the last uses of ipautil.convert_ldap_error, remove that. https://fedorahosted.org/freeipa/ticket/3487 https://fedorahosted.org/freeipa/ticket/3446
* Remove ipaserver/ipaldap.pyPetr Viktorin2013-03-135-10/+6
| | | | | | In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446
* Change DNA magic value to -1 to make UID 999 usablePetr Viktorin2013-03-113-2/+12
| | | | | | | | | | | | | Change user-add's uid & gid parameters from autofill to optional. Change the DNA magic value to -1. For old clients, which will still send 999 when they want DNA assignment, translate the 999 to -1. This is done via a new capability, optional_uid_params. Tests included https://fedorahosted.org/freeipa/ticket/2886
* Fix installing server with external CAPetr Viktorin2013-03-081-34/+42
| | | | | | | | | | | | | | Reorganize ipa-server-instal so that DS (and NTP server) installation only happens in step one. Change CAInstance to behave correctly in two-step install. Add an `init_info` method to DSInstance that includes common attribute/sub_dict initialization from create_instance and create_replica. Use it in ipa-server-install to get a properly configured DSInstance for later tasks. https://fedorahosted.org/freeipa/ticket/3459
* Allow 'nfs:NONE' in global configurationSumit Bose2013-03-081-2/+2
| | | | | | | | | | | | This patch adds 'nfs:NONE' as an allowed entry for the global authorization data type in the CLI and WebUI. This is an ad-hoc solution to make sure that the new default value for the NFS service is not removed by chance. This patch should be removed if a more generic solution is implemented to modify service:TYPE style values of the authorization data type. https://fedorahosted.org/freeipa/ticket/2960
* Add NFS specific default for authorization data typeSumit Bose2013-03-081-0/+5
| | | | | | | Since the hardcoded default fpr the NFS service was removed the default authorization data type is now set in the global server configuration. https://fedorahosted.org/freeipa/ticket/2960
* ipa-replica-manage: migrate to single_value after LDAPEntry updatesAlexander Bokovoy2013-03-061-2/+2
|
* Remove disabled entries from sudoers compat tree.Jan Cholasta2013-03-062-1/+3
| | | | | | | The removal is triggered by generating an invalid RDN when ipaEnabledFlag of the original entry is FALSE. https://fedorahosted.org/freeipa/ticket/3437
* Web UI: configurable SID blacklistsPetr Vobornik2013-03-062-0/+15
| | | | | | | Added blacklists section, with ipantsidblacklistincoming and ipantsidblacklistoutgoing multivalued textbox fields, into trust details page. https://fedorahosted.org/freeipa/ticket/3289
* Fix handling of no_update flag in Web UIPetr Vobornik2013-03-061-2/+2
| | | | | | There was an incorrect check for no_update flag. Check was performed as if the flag was an attribute of object not an item of array. Hence, the flag never caused any effect.
* Fix dirty state update of editable comboboxPetr Vobornik2013-03-062-25/+3
| | | | | | Editable combobox didn't update it's dirty state correctly. CB had it's own internal value changed event, which was incorrectly used. It was removed and widget's value_changed event was used instead.
* Combobox keyboard supportPetr Vobornik2013-03-061-27/+186
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combobox can be controlled just by using keyboard. When value list is closed, user can: * use UP and DOWN error to open list, it will focus the list and select previous/next value * when CB is non-editable, user can start typing, first character will open list, second will be entered into search input. Note: I wanted to copy the first char to the search box as well, but I did not figure out reliable method for converting keycode to char for non ASCII keyboard layouts * ESCAPE, ENTER, TAB keys are handled to allow keyboard operations in a container When value list is opened: * CB tries to keep focus on either search input or a select * when focus is lost, the value list is closed. So user can click anywhere on a page to close it - two comboboxes can't be opened on the same time * hitting TAB key switches between search and select * if CB is not searchable, hitting TAB will close the value list and select input textbox * hitting ESCAPE on will close the value list * hitting ENTER on search input will invoke search operation * hitting ENTER on select will close the value list * hitting UP/DOWN arrows will select previous/next values Additional modifications: * opening arrow and search button were made non-focusable. It fixes the 'wrong focus area' bug and simplifies keyboard usage. It doesn't affect mouse usage. https://fedorahosted.org/freeipa/ticket/3324
* Remove support for DN normalization from LDAPClient.Jan Cholasta2013-03-014-10/+10
|
* Use the dn attribute of LDAPEntry to set/get DNs of entries.Jan Cholasta2013-03-012-6/+6
| | | | | Convert all code that uses the 'dn' key of LDAPEntry for this to use the dn attribute instead.
* Remove some uses of raw python-ldapPetr Viktorin2013-03-015-176/+110
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in ipactlPetr Viktorin2013-03-011-42/+32
| | | | | | Add a new init argument, ldap_uri, to IPAdmin to make this possible. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in migration.bindPetr Viktorin2013-03-011-8/+11
| | | | | | | | The get_base_dn function still uses python-ldap because get_ipa_basedn is shared with client code, which doesn't have access to uor LDAP wrappers. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Do not use global variables in migration.pyPetr Viktorin2013-03-011-18/+18
|
* Remove IPAdmin.unbind_s(), keep unbind()Petr Viktorin2013-03-012-3/+3
| | | | | | | | The unbind and unbind_s functions do the same thing (both are synchronous). In the low-level IPASimpleLDAPObject, unbind_s rather than unbind is kept. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
generated by cgit (git 2.34.1) at 2024-06-30 20:17:41 +0000