| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
If the DNS zones already exist but don't contain our own records, add
them. This patch introduces the ipalib.api into the installers. For now,
the code is still little messy. Later patches will abandon the way we
create zones now and use ipalib.api exclusively.
|
|
|
|
|
|
|
|
|
| |
This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command
line.
|
|
|
|
| |
generated.
|
|
|
|
| |
514027
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also adds a new option to the template system. If you include
eval(string) in a file that goes through the templater then the
string in the eval will be evaluated by the Python interpreter. This is
used so one can do $UIDSTART+1. If any errors occur during the evaluation
the original string is is returned, eval() and all so it is up to the
developer to make sure the evaluation passes.
The default value for uid and gid is now a random value between
1,000,000 and (2^31 - 1,000,000)
|
|
|
|
|
|
| |
If you don't want to use ldapi then you can remove the ldap_uri setting
in /etc/ipa/default.conf. The default for the framework is to use
ldap://localhost:389/
|
| |
|
| |
|
|
|
|
|
| |
Much of this is formatting to make pylint happy but it also fixes some
real bugs.
|
|
|
|
| |
Also prevent a few cases of double processing of arguments.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We used to use certutil -O to determine the cert chain to trust. This
behavior changed in F-11 such that untrusted CAs are not displayed.
This is only used when we import PKCS#12 files so use pk12util -l to
display the list of certs and keys in the file to determine the nickname(s)
of the CAs to trust.
509111
|
|
|
|
|
|
|
|
|
|
| |
sha has been replaced by hashlib. We need to support Python 2.4 - 2.6 so
this will use hashlib if available but fall back onto sha if not.
Fortunately they use the same API for the function we need.
509042
Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
- Add some logging so we have a better idea of what happened if things fail
- Default to self-signed CA to trust if one is not found. This will fix
the self-signed CA case where certutil doesn't return untrusted CA's in
-O output.
- Remove unused httplib import
Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
|
|
|
|
|
|
|
| |
The ipa-replica-install script will setup the DNS if user specifies the
--setup-dns option. It will only add the zone into LDAP if the
cn=dns,$SUFFIX container doesn't exist. For now, however, we do not add
the records.
|
|
|
|
| |
Also, small cosmetic change in dns.ldif.
|
|
|
|
|
|
|
|
| |
This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.
Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
|
|
|
|
|
|
|
|
| |
Also moves delagation layout installation in dsinstance.
This is needed to allow us to set default membership in
other modules like bindinstance.
Signed-off-by: Martin Nagy <mnagy@redhat.com>
|
|
|
|
|
|
| |
version of python-ldap. Fix bug in add_entry_to_group.
Resolves 510149
|
|
|
|
|
| |
Older python-ldap versions will crash if you call ldap.get_option()
on a value that has not been set.
|
|
|
|
| |
more efficient.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ldap2.find_entries now returns a tuple containing 2 values. First,
a list of entries (dn, entry_attrs), Second, the truncated flag. If
the truncated flag is True, search results hit a server limitation
and are incomplete.
This patch also removes decoding of non-string scalar python types into
unicode (they are left unchanged).
|
| |
|
|
|
|
| |
DN was always returned as lower-case, sometimes resulting in 2 RDN values with different cases when creating entries.
|
| |
|
|
|
|
|
|
| |
We were duplicating it for KrbInstance and DsInstance. Since we will
also need it for BindInstance as well, it will be better if it is in the
Service class instead.
|
|
|
|
| |
(find_entry_by_attr). Fix minor search filter generation issues.
|
|
|
|
| |
base classes and use encode_args/decode_retval where applicable.
|
| |
|
|
|
|
|
|
| |
If we use cn for hostname there is no easy way to distinguish between
a host and a hostgroup. So adding a fqdn attribute to be used to store
the hostname instead.
|
|
|
|
|
|
|
|
| |
The first character in a line is used to determine how the line will be
quoted. If it begins with no quote we use '. If it begins with either
' or " we use that character. So if you have a quoted string and you don't
want it to be considered a comma-separated value put the other quote string
around the whole block.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Use the requestId we get back from the CA when requesting the RA agent cert
and use that to issue the certificate rather than hardcoding 7.
This also adds some clean-up of file permissions and leaking fds
|
| |
|
| |
|
|
|
|
| |
trailing CR/LF from the password file
|
| |
|
| |
|
|
|
|
| |
member to a group.
|
| |
|
|
|
|
| |
methods. Add missing _sasl_auth variable.
|
| |
|
|
|
|
|
|
|
| |
Notes:
- will create a CA instance (pki-ca) if it doesn't exist
- maintains support for a self-signed CA
- A signing cert is still not created so Firefox autoconfig still won't work
|