summaryrefslogtreecommitdiffstats
path: root/ipaserver
Commit message (Collapse)AuthorAgeFilesLines
* Add logging to join commandTomas Babej2013-03-251-6/+20
| | | | | | | | | The following is mentioned in the log now: - existence of host entry (if it already does exist) - missing krbprincipalname and its new value (if there was no principal name set) https://fedorahosted.org/freeipa/ticket/3481
* Configure ipa_dns DS plugin on install and upgradeMartin Kosek2013-03-221-0/+6
| | | | | | | | | | The plugin is configured unconditionally (i.e. does not check if IPA was configured with DNS) as the plugin is needed on all replicas to prevent objectclass violations due to missing SOA serial in idnsZone objectclass. The violation could happen if just one replica configured DNS and added a new zone. https://fedorahosted.org/freeipa/ticket/3347
* Update named.conf parserMartin Kosek2013-03-141-21/+48
| | | | | | | | Refactor the named.conf parsing and editing functions in bindinstance so that both "dynamic-db" and "options" sections of named.conf can be read and updated https://fedorahosted.org/freeipa/ticket/3429
* Enforce exact SID match when adding or modifying a ID rangeTomas Babej2013-03-141-13/+37
| | | | | | | | SID validation in idrange.py now enforces exact match on SIDs, thus one can no longer use SID of an object in a trusted domain as a trusted domain SID. https://fedorahosted.org/freeipa/ticket/3432
* Extend ipa-replica-manage to be able to manage DNA ranges.Rob Crittenden2013-03-132-2/+99
| | | | | | | | | | | | | | | | | Attempt to automatically save DNA ranges when a master is removed. This is done by trying to find a master that does not yet define a DNA on-deck range. If one can be found then the range on the deleted master is added. If one cannot be found then it is reported as an error. Some validation of the ranges are done to ensure that they do overlap an IPA local range and do not overlap existing DNA ranges configured on other masters. http://freeipa.org/page/V3/Recover_DNA_Ranges https://fedorahosted.org/freeipa/ticket/3321
* Remove ipaserver/ipaldap.pyPetr Viktorin2013-03-139-46/+13
| | | | | | In addition to removing the module, fix all places where it was imported. Preparation for: https://fedorahosted.org/freeipa/ticket/3446
* Move ipaldap to ipapythonPetr Viktorin2013-03-132-1800/+4
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3446
* Fix installing server with external CAPetr Viktorin2013-03-082-31/+32
| | | | | | | | | | | | | | Reorganize ipa-server-instal so that DS (and NTP server) installation only happens in step one. Change CAInstance to behave correctly in two-step install. Add an `init_info` method to DSInstance that includes common attribute/sub_dict initialization from create_instance and create_replica. Use it in ipa-server-install to get a properly configured DSInstance for later tasks. https://fedorahosted.org/freeipa/ticket/3459
* Disable schema retrieval and attribute decoding when talking to AD GC.Jan Cholasta2013-03-081-5/+2
|
* Allow disabling attribute decoding in LDAPClient and IPAdmin.Jan Cholasta2013-03-081-3/+13
|
* Allow disabling LDAP schema retrieval in LDAPClient and IPAdmin.Jan Cholasta2013-03-081-3/+8
|
* Do not fail if schema cannot be retrieved from LDAP server.Jan Cholasta2013-03-081-9/+15
|
* Don't base64-encode the CA cert when uploading it during an upgrade.Rob Crittenden2013-03-071-2/+1
| | | | | | | | We want to store the raw value. Tools like ldapsearch will automatically base64 encode the value because it's binary so we don't want to duplicate that. https://fedorahosted.org/freeipa/ticket/3477
* ipaserver/dcerpc: enforce search_s without schema checks for GC searchingAlexander Bokovoy2013-03-061-1/+1
|
* Remove support for DN normalization from LDAPClient.Jan Cholasta2013-03-014-72/+29
|
* Use full DNs in plugin code.Jan Cholasta2013-03-011-6/+4
|
* Support attributes with multiple names in LDAPEntry.Jan Cholasta2013-03-011-0/+12
|
* Aggregate IPASimpleLDAPObject in LDAPEntry.Jan Cholasta2013-03-012-13/+53
|
* Preserve case of attribute names in LDAPEntry.Jan Cholasta2013-03-011-26/+77
|
* Use the dn attribute of LDAPEntry to set/get DNs of entries.Jan Cholasta2013-03-012-4/+2
| | | | | Convert all code that uses the 'dn' key of LDAPEntry for this to use the dn attribute instead.
* Remove some uses of raw python-ldapPetr Viktorin2013-03-014-25/+32
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in ipactlPetr Viktorin2013-03-011-2/+3
| | | | | | Add a new init argument, ldap_uri, to IPAdmin to make this possible. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use ldap instead of _ldap in ipaldapPetr Viktorin2013-03-011-47/+47
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.unbind_s(), keep unbind()Petr Viktorin2013-03-014-13/+4
| | | | | | | | The unbind and unbind_s functions do the same thing (both are synchronous). In the low-level IPASimpleLDAPObject, unbind_s rather than unbind is kept. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.simple_bind_sPetr Viktorin2013-03-013-9/+6
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.sasl_interactive_bind_sPetr Viktorin2013-03-013-13/+6
| | | | | | | Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better reflect what it is. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace IPAdmin.start_tls_s by an __init__ argumentPetr Viktorin2013-03-012-11/+11
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove search_s and search_ext_s from IPAdminPetr Viktorin2013-03-015-20/+16
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Proxy LDAP methods explicitly rather than using __getattr__Petr Viktorin2013-03-011-3/+38
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Inline waitForEntry in its only callerPetr Viktorin2013-03-012-43/+40
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Inline inactivateEntry in its only callerPetr Viktorin2013-03-012-20/+3
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* replace getEntry with get_entry (or get_entries if scope != SCOPE_BASE)Petr Viktorin2013-03-017-54/+47
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Fix typo and traceback suppression in replication.pyPetr Viktorin2013-03-011-3/+4
|
* Replace deleteEntry with delete_entryPetr Viktorin2013-03-015-16/+11
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace addEntry with add_entryPetr Viktorin2013-03-018-28/+23
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Rename LDAPConnection to LDAPClientPetr Viktorin2013-03-012-7/+7
| | | | | | | It does more than just connecting, so it should have more suitable name. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove toTupleList and attrList from LDAPEntryPetr Viktorin2013-03-012-19/+2
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace getList by a get_entries methodPetr Viktorin2013-03-014-28/+40
| | | | | | | | | | | The find_entries method is cumbersome to use: it requires keyword arguments for simple uses, and callers are tempted to ignore the 'truncated' flag it returns. Introduce a simpler method, get_entries, that returns the found list directly, and raises an errors if the list is truncated. Replace the getList method by get_entries. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace entry.getValue by entry.single_valuePetr Viktorin2013-03-017-47/+41
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove special-casing for missing and single-valued attributes in ↵Petr Viktorin2013-03-011-6/+0
| | | | LDAPUpdate._entry_to_entity
* Introduce LDAPEntry.single_value for getting single-valued attributesPetr Viktorin2013-03-011-0/+23
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace IPAdmin.checkTask by replication.wait_for_taskPetr Viktorin2013-03-013-27/+24
| | | | | | The method was only used for waiting, not actual checking. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.get_dns_sorted_by_lengthPetr Viktorin2013-03-012-48/+8
| | | | | | | A simple sort(key=len) is simpler both implementation-wise and semantics-wise. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.updateEntry calls from fix_replica_agreementsPetr Viktorin2013-03-011-4/+2
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove dbdir, binddn, bindpwd from IPAdminPetr Viktorin2013-03-012-23/+15
| | | | | | | The dbdir logic was moved to replication.py, the only caller. The binddn and bindpwd attributes were unused. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Turn the LDAPError handler into a context managerPetr Viktorin2013-03-012-72/+45
| | | | | | | This has the advantage that the traceback is left intact if an error other than LDAPError is raised. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove unused bindcert and bindkey arguments to IPAdminPetr Viktorin2013-03-011-9/+2
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove unused imports from ipaserver/installPetr Viktorin2013-03-0112-55/+24
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Change {add,update,delete}_entry to take LDAPEntriesPetr Viktorin2013-03-011-27/+48
| | | | | | | | | These methods currently take (dn, entry_attrs, normalize=True) (or (dn, normalize=True) for delete). Change them to also accept just an LDAPEntry. For add and update, document the old style as deprecated. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace add_s and delete_s by their newer equivalentsPetr Viktorin2013-03-013-15/+15
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
generated by cgit (git 2.34.1) at 2024-06-28 08:30:59 +0000