summaryrefslogtreecommitdiffstats
path: root/ipapython
Commit message (Collapse)AuthorAgeFilesLines
* Add a DRM to IPAAde Lee2014-05-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds the capability of installing a Dogtag DRM to an IPA instance. With this patch, when ipa-server-install is run, a Dogtag CA and a Dogtag DRM are created. The DRM shares the same tomcat instance and DS instance as the Dogtag CA. Moreover, the same admin user/agent (and agent cert) can be used for both subsystems. Certmonger is also confgured to monitor the new subsystem certificates. It is also possible to clone the DRM. When the IPA instance is cloned, if --enable-ca and --enable-drm are specified, the DRM is cloned as well. Installing a DRM requires the user to have a Dogtag CA instance. We can look into possibly relaxing that requirement in a later patch. The install scripts have been refactored somewhat to minimize duplication of code. A new base class dogtagintance.py has been introduced containing code that is common to DRM and CA installs. This will become very useful when we add more PKI subsystems. I am still working on patches for a ipa-drm-install script, which would be used to add a DRM to an existing master (that includes a dogtag CA), or an existing clone.
* admin tools: Log IPA versionPetr Viktorin2014-05-271-0/+1
| | | | | | | | | | | Add the IPA version, and vendor version if applicable, to the beginning of admintool logs -- both framework and indivitual tools that don't yet use the framework. This will make debugging easier. https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib.version: Add VENDOR_VERSIONPetr Viktorin2014-05-271-0/+3
| | | | | | | | | This will allow us to make vendors' lives easier by embedding a vendor tag to installation logs. Part of the work for: https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-client: Set NIS domain name in the installerTomas Babej2014-05-092-1/+4
| | | | | | | | | | | | | | | | Provides two new options for the ipa-client-install: --nisdomain: specifies the NIS domain name --no_nisdomain: flag to aviod setting the NIS domain name In case no --nisdomain is specified and --no_nisdomain flag was not set, the IPA domain is used. Manual pages updated. http://fedorahosted.org/freeipa/ticket/3202 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: Add DateTime parameterTomas Babej2014-05-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a parameter that represents a DateTime format using datetime.datetime object from python's native datetime library. In the CLI, accepts one of the following formats: Accepts LDAP Generalized time without in the following format: '%Y%m%d%H%M%SZ' Accepts subset of values defined by ISO 8601: '%Y-%m-%dT%H:%M:%SZ' '%Y-%m-%dT%H:%MZ' '%Y-%m-%dZ' Also accepts above formats using ' ' (space) as a separator instead of 'T'. As a simplification, it does not deal with timezone info and ISO 8601 values with timezone info (+-hhmm) are rejected. Values are expected to be in the UTC timezone. Values are saved to LDAP as LDAP Generalized time values in the format '%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid confusion, in addition to subset of ISO 8601 values, the LDAP generalized time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the format user will see on the output). Part of: https://fedorahosted.org/freeipa/ticket/3306 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Keep original name when setting attribute in LDAPEntry.Jan Cholasta2014-04-181-33/+20
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Replace get_syntax method of IPASimpleObject with new get_type method.Jan Cholasta2014-04-181-13/+15
| | | | | | get_type returns the Python type for an LDAP attribute. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Use dogtag-ipa-ca-renew-agent to retrieve renewed certificates from LDAP.Jan Cholasta2014-03-251-6/+3
| | | | | | Before, this was done by dogtag-ipa-retrieve-agent-submit. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix modlist generation code not to generate empty replace mods.Jan Cholasta2014-03-031-3/+3
| | | | | https://fedorahosted.org/freeipa/ticket/4138 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Raise an exception when legacy LDAP API is used.Jan Cholasta2014-01-241-19/+12
|
* Add runas option to run functionMartin Kosek2014-01-221-21/+38
| | | | | | | | Run function can now run the specified command as different user by setting the both real and effective UID and GID for executed process. Add both the missing run function attribute doc strings as well as a doc string for the runas attribute.
* Do not crash on bad LDAP data when formatting decode error message.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Store old entry state in dict rather than LDAPEntry.Jan Cholasta2014-01-101-29/+17
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove legacy LDAPEntry properties data and orig_data.Jan Cholasta2014-01-101-11/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Remove unused LDAPClient methods get_syntax and get_single_value.Jan Cholasta2014-01-101-12/+0
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Add LDAPEntry method generate_modlist.Jan Cholasta2014-01-101-46/+39
| | | | | | | Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and remove LDAPClient._generate_modlist. https://fedorahosted.org/freeipa/ticket/3488
* Use LDAPClient.update_entry for LDAP mods in ldapupdate.Jan Cholasta2014-01-101-60/+0
| | | | | | Remove legacy IPAdmin methods generateModList and updateEntry. https://fedorahosted.org/freeipa/ticket/3488
* Make IPASimpleLDAPObject.get_single_value result overridable.Jan Cholasta2014-01-101-3/+13
| | | | | | Add some default overrides. https://fedorahosted.org/freeipa/ticket/3488
* Move LDAPClient method get_single_value to IPASimpleLDAPObject.Jan Cholasta2014-01-101-18/+30
| | | | | | Refactor IPASimpleLDAPObject methods get_syntax and get_single_value. https://fedorahosted.org/freeipa/ticket/3488
* Use old entry state in LDAPClient.update_entry.Jan Cholasta2014-01-101-32/+26
| | | | https://fedorahosted.org/freeipa/ticket/3488
* Rename LDAPEntry method commit to reset_modlist.Jan Cholasta2014-01-101-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3488
* PKI service restart after CA renewal failedJan Cholasta2014-01-082-1/+5
| | | | | | | | | | Fix both the service restart procedure and registration of old pki-cad well known service name. This patch was adapted from original patch of Jan Cholasta 178 to fix ticket 4092. https://fedorahosted.org/freeipa/ticket/4092
* Use /usr/bin/python2Xiao-Long Chen2014-01-033-9/+9
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Convert remaining backend code to LDAPEntry API.Jan Cholasta2013-12-161-3/+3
|
* Allow kernel keyring CCACHE when supportedMartin Kosek2013-12-091-0/+17
| | | | | | | Server and client installer should allow kernel keyring ccache when supported. https://fedorahosted.org/freeipa/ticket/4013
* Support searches with paged results control in LDAPClient.Jan Cholasta2013-11-271-16/+59
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Add wrapper for result3 to IPASimpleLDAPObject.Jan Cholasta2013-11-271-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Move IPA specific code from LDAPClient to the ldap2 plugin.Jan Cholasta2013-11-271-212/+7
| | | | https://fedorahosted.org/freeipa/ticket/3971
* Improve LDAPEntry.__repr__ for freshly created entriesPetr Viktorin2013-11-261-1/+3
| | | | | | | Creating a LDAPEntry from dict does not set the raw entries, to display everything we need to combine the underlying data. https://fedorahosted.org/freeipa/ticket/4015
* ipa-client-install: Publish CA certificate to systemwide storeTomas Babej2013-11-202-2/+76
| | | | | | | | | | | During the installation, copy the CA certificate to the systemwide store (/etc/pki/ca-trust/source/anchors/ipa-ca.crt) and update the systemwide CA database. This allows browsers to access IPA WebUI without warning out of the box. https://fedorahosted.org/freeipa/ticket/3504
* platform: Add Fedora 19 platform fileTomas Babej2013-11-202-0/+56
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3504
* Remove schema special-casing from the LDAP updaterPetr Viktorin2013-11-181-19/+8
| | | | | | | Now that there's a dedicated schema updater, we do not need the code in ldapupdate. https://fedorahosted.org/freeipa/ticket/3454
* Add schema updater based on IPA schema filesPetr Viktorin2013-11-181-0/+6
| | | | | | | | | | | | The new updater is run as part of `ipa-ldap-updater --upgrade` and `ipa-ldap-updater --schema` (--schema is a new option). The --schema-file option to ipa-ldap-updater may be used (multiple times) to select a non-default set of schema files to update against. The updater adds an X-ORIGIN tag with the current IPA version to all elements it adds or modifies. https://fedorahosted.org/freeipa/ticket/3454
* ipa-client-install: Added options to configure firefoxMartin Basti2013-11-154-3/+27
| | | | | | | | | Option --configure-firefox configures firefox to use Kerberos credentials within IPA domain Optional option --firefox-dir=DIR allows to user to specify non-standard path where firefox install directory is placed. Part of ticket: https://fedorahosted.org/freeipa/ticket/3821
* Remove unused utf8_encode_value functionsPetr Viktorin2013-11-081-12/+0
| | | | | The utf8_encode_value/_values functions from ipautil are no longer used. Remove them.
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-052-24/+32
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Use encoded values from entry objects directly when adding new entries.Jan Cholasta2013-10-311-7/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Use encoded values from entry objects directly when generating modlists.Jan Cholasta2013-10-311-33/+6
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Store encoded attribute values from search results directly in entry objects.Jan Cholasta2013-10-311-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Remove legacy toDict and origDataDict methods of LDAPEntry.Jan Cholasta2013-10-311-27/+4
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Make sure attributeTypes updates are done before objectClasses updates.Jan Cholasta2013-10-311-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Decode and encode attribute values in LDAPEntry on demand.Jan Cholasta2013-10-311-28/+186
| | | | | | | | | | | This is achieved by storing both decoded and encoded attribute values in LDAPEntry and synchronizing changes between them whenever an attribute is accessed. Added a new property "raw" to LDAPEntry. It provides a dictionary-like object which can be used to directly access encoded attribute values. https://fedorahosted.org/freeipa/ticket/3521
* Always use lists for values in LDAPEntry internally.Jan Cholasta2013-10-311-2/+28
| | | | | | | Outside of LDAPEntry, it is still possible to use non-lists. Once we enforce lists for attribute values, this will be removed. https://fedorahosted.org/freeipa/ticket/3521
* Introduce IPASimpleLDAPObject.decode method for decoding LDAP values.Jan Cholasta2013-10-311-27/+31
| | | | | | | This method is intended as a counterpart of IPASimpleLDAPObject.encode and replaces IPASimpleLDAPObject.convert_value_list. https://fedorahosted.org/freeipa/ticket/3521
* Make LDAPEntry a wrapper around dict rather than a dict subclass.Jan Cholasta2013-10-311-68/+83
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Installer should always wait until CA starts upMartin Kosek2013-10-172-6/+11
| | | | | | | | | | | | | | Patch for ticket 3964 changed the installer so that it does not always wait for CA if the proxy is not configured. However, it was found out that it may freeze an installation when a step subsequent after CA restart call the CA and receives no reply. Change the wait so that it always waits for CA to start up. If HTTP proxy is already configured, it should wait on port 443. If not, it should wait on local PKI port 8443. https://fedorahosted.org/freeipa/ticket/3973
* PKI installation on replica failing due to missing proxy confMartin Kosek2013-10-111-1/+2
| | | | | | | | Proxy configuration was not detected correctly. Both ipa-pki-proxy.conf and ipa.conf need to be in place and httpd restarted to be able to check it's status. https://fedorahosted.org/freeipa/ticket/3964
* ipapython.nsslib: Name arguments to NSPRErrorPetr Viktorin2013-10-041-5/+7
| | | | | Previously NSPRError was given arguments in the wrong order. Fix this by naming the arguments.
* Raise an error when updating CIDict with duplicate keysPetr Viktorin2013-09-251-3/+22
| | | | | | | | | Updating a CIDict with data like {'A': 1, 'a': 2} would lead to data loss since only one of the items would get to the CIDict. This can result in non-obvious bugs similar to this one in python-ldap: https://bugzilla.redhat.com/show_bug.cgi?id=1007820 Raise an error in this case; any resolution must be done by the caller.
* Add missing dict methods to CIDictPetr Viktorin2013-09-251-18/+49
| | | | | | | | | | | | | Make the CIDict interface match standard dict (except view* methods). Add __contains__, __iter__, clear. Add keyword and iterable support for __init__, update. Also add values() and itervalues(). Previously the dict versions were used; the new ones guarantee that the order matches keys(). Mark view* methods as not implemented. CIDict.copy() now returns a CIDict. Test the above additions, and fromkeys() which worked but wasn't tested.
generated by cgit (git 2.34.1) at 2024-05-05 10:00:11 +0000