IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
1,021 Commits 11 Branches 60 Tags 60 MiB
00e8af8ac3
Commit Graph

1021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simo Sorce
00e8af8ac3 We must always zero out the target ientry unconditionally where it is used 
and never free it in the destructor.
 2008-11-20 14:03:19 -05:00
Simo Sorce
16bb6e19df Avoid potential crashbug on invalid DNs (not in the tree). 2008-11-19 14:00:30 -05:00
Rob Crittenden
8da5dc4f79 Fix error in validation when editing new groups via the UI 
471808
 2008-11-19 13:11:32 -05:00
Simo Sorce
7156f2ddfb Fix a free before use bug, it may lead to crashes but usually just corrupts 
the changepw dn we store so that it won't match. This causes normal password
changes to be interpreted as password resets instead, and the new legit
password is immediately expired.
 2008-11-14 10:23:43 -05:00
Rich Megginson
e3929e60d5 set winsync account disable sync default value to both instead of none 2008-11-13 11:36:37 -05:00
Simo Sorce
818cafdd4d Bump up version number to 1.2.0 2008-11-13 11:20:06 -05:00
Rich Megginson
716d51c22a wait for sync agreement to be ready before starting 
Added checking for error status - Added maxtries so that the script won't wait forever if there is something wrong
 2008-11-13 11:19:02 -05:00
Rob Crittenden
e377ab0b7f Fix appending to a multi-valued field. 
There was a bug where only the first value of a multi-valued field
would be returned.
 2008-11-12 15:55:59 -05:00
Rob Crittenden
891068087e Remove the column width from #details table.details td 
This should make the User Find results page look nicer.

470428
 2008-11-12 15:53:07 -05:00
Rob Crittenden
93c2e4e3b4 Present a less-cryptic error if the replication agreement doesn't exist 2008-11-12 15:53:00 -05:00
Rob Crittenden
17261c2520 Create a user for Windows PassSync and grant password changing permissions 
This does 3 things:
1. Create a user for the Windows PassSync service
2. Add this use to the list of users that can skip password policies
3. Add an aci that grants permission to write the password attributes

471130
 2008-11-12 15:52:57 -05:00
Rob Crittenden
49e4876ba9 Fix deleting a winsync replication agreement. 2008-11-12 15:52:51 -05:00
Simo Sorce
8929075150 Make the list of users that can skip passwrod policies configurable. 
Addresses bz#471130

Also fix bugs in ipapwd_start.
Also remove mutex, it is not necessary with the current code,
we needed it when we used to change reload the configuration and
keep it referenced in a static pointer.
ipapwd_start runs only once and the global variables it sets are fixed
in stone until DS is restarted.
 2008-11-12 13:21:03 -05:00
Rich Megginson
47863ac169 Make DNA work with internal operations 2008-11-10 09:38:39 -05:00
Rob Crittenden
c7c2cf0956 Use the local connection when getting a replication ID for winsync. 
We can't connect to the windows AD server to get a unique repliation ID.
So first see if this master already has one and if not, get an id from
the local DS.

469977
 2008-11-05 12:02:20 -05:00
Rich Megginson
4ed44a06a1 use ipautil.CalledProcessError instead of CalledProcessError 2008-11-04 21:57:34 -05:00
Rob Crittenden
5f6f20ffaa Fix error in validation when adding new groups via the UI 
469256
 2008-10-31 14:27:58 -04:00
Rob Crittenden
08c49c5806 Install replication update file 2008-10-31 12:34:30 -04:00
Rob Crittenden
c13726ff66 Gracefully handle running on an unconfigured IPA server 2008-10-30 10:25:01 -04:00
Rob Crittenden
4699fc534b Don't report spurious upgrade message if IPA has not been configured yet. 
This was throwing the error
"Unable to determine hostname from ipa-rewrite.conf"
during RPM %post on unconfigured servers where there is nothing to do.

468947
 2008-10-29 17:08:32 -04:00
Rob Crittenden
f305864d90 Ensure that every replica gets a unique replication ID. Otherwise changes won't propogate between all replicas. 
468732
 2008-10-29 17:08:27 -04:00
Rob Crittenden
4862a8f9d9 Fix error if more than one values is being set in an only. The first entry wasn't being properly converted into a list so subsequent values caused it to crap out. 
467102
 2008-10-15 15:29:08 -04:00
Rich Megginson
f02d1429ca add update to fix the index for the winsync attributes 2008-10-13 14:09:15 -04:00
Rich Megginson
5c56c43693 do not store the OUs from the AD DN in the IPA user entry when flattening 2008-10-13 14:09:14 -04:00
Rich Megginson
9f18858e58 add --win-subtree argument to ipa-replica-manage 2008-10-13 14:09:13 -04:00
Rich Megginson
0988e1c53c Do not depend on MMR plugin - start before MMR plugin 
The ipa-winsync plugin needs to start before the MMR plugin, so that it
can register the API functions.  Also, the slapi-nis schema compat
plugin creates an entry that looks exactly like the default IPA group
gidNumber entry, so I added an extra (objectclass=groupOfNames) to the
filter since the slapi-nis entry doesn't have that.
 2008-10-13 14:09:13 -04:00
Rich Megginson
d3637dde7c Just add eq,pres to the existing indices 
There are already indexes created for ntUniqueID and ntUserDomainID by default
We just need to make sure they are indexed for equality and presence
 2008-10-13 14:09:12 -04:00
Rich Megginson
38154073a8 Don't try to conditionally stop the server - it doesn't seem to work 
Just call stop() - if it's not already running, no big deal
 2008-10-13 14:09:11 -04:00
Rich Megginson
28195610f6 Add more winsync support to cli 
The ipa-replica-manage list, init, and synch commands do not work for winsync
agreements.  This patch adds that support and some additional verbose logging.

The synch_master did not work correctly.  The way it should work is to set
the replication schedule to some bogus value, then reset it back to its
original setting.  This will force replication to take place immediately.
 2008-10-13 14:09:10 -04:00
Rich Megginson
068ed81195 Do not add enabled user to activated group - clean up parse_acct_disable 
If a user needs to be enabled, just delete the user from the inactivated group,
but do not add to the activated group.  If a user is in no group, the user is
active by default.  IPA uses the activated group for override purposes.

parse_acct_disable is only used when the config changes, but I cleaned it
up anyway to make the code clearer.
 2008-10-13 14:09:10 -04:00
Rich Megginson
0e346ff6fb add winsync options to ipa-replica-manage man page 2008-10-13 14:09:09 -04:00
Rich Megginson
69180c2dcc Adds winsync account disable and force sync 2008-10-13 14:09:08 -04:00
Rich Megginson
e8bebebc23 fix issues brought up by initial review of ipa winsync enhancements 2008-10-13 14:09:08 -04:00
Rich Megginson
be5e783f72 add --no-host-dns option to ipa-server-install - allows specifying a hostname that might actually exist but you do not want to even attempt to resolve it via DNS 2008-10-13 14:09:07 -04:00
Rich Megginson
5a5bfa2c70 Added support to IPA server install to install the winsync plugin configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert. 2008-10-13 14:09:07 -04:00
Rich Megginson
2a2bc851bd The library name is libipa_winsync not libipa-winsync 2008-10-13 14:09:06 -04:00
Rich Megginson
434f9aca6a Use dirsrv/file.h with includes by default - only use the other style if we are debugging within the directory server 2008-10-13 14:09:05 -04:00
Rich Megginson
4bc89c427e fix some memory leaks 2008-10-13 14:09:04 -04:00
Rich Megginson
c80ecc8c2a Added ipa-winsync-config.c - this handles dynamic configuration via the DSE callbacks, and gets default values from various configuration entries in the IPA tree 2008-10-13 14:09:04 -04:00
Rich Megginson
61b5a95dd1 Added support for posixAccount -lookup attribute containing the homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute 2008-10-13 14:09:03 -04:00
Rich Megginson
6454956d51 Added the new IPA WinSync Plug-in Work done so far * added the new plugin to makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list 2008-10-13 14:09:03 -04:00
Rich Megginson
0951496593 Initial addition of ipa-winsync plugin 2008-10-13 14:09:02 -04:00
Martin Nagy
83fa46a706 ipa-pwpolicy: correctly compare minlife and maxlife Fixes: 463849 2008-10-08 16:44:51 +02:00
Martin Nagy
574ca532b5 Fix a typo in ipa-modgroup causing it to fail Fixes: 463567 2008-10-08 16:44:51 +02:00
Martin Nagy
9b8f7b1eac ipa-change-master-key: Really exit when not run as root Also fix this for ipa-fix-CVE-2008-3274 2008-09-24 20:09:35 +02:00
Rob Crittenden
4d8a255c06 Fix segfault in ipa-getkeytab 
463548
 2008-09-24 18:04:28 -04:00
Rob Crittenden
7b799d8c6f Fix class declaration to work with Python 2.4 2008-09-19 23:09:59 -04:00
Martin Nagy
a62b85a233 Fix architecture detection in ldapupdate 2008-09-19 17:25:05 +02:00
Rob Crittenden
ca07cdb390 Add detection to the update tool to detect when it would apply changes. 
Remove SUP name from RFC2307bis.update to match FDS
 2008-09-19 18:04:40 -04:00
Simo Sorce
b4938f5e35 Fix syntax error 2008-09-18 17:23:13 -04:00