The use of a uuid for the DS instance name is overkill and it is a real
pain. This patch will use ipa-realm-name instead (resulting in something
like slapd-EXAMPLE-COM). All periods are converted to "-" because the DS
can't handle periods in server ids.
> > This largish patch makes the build and installation work on 64bit
> > machines. The only catch here is that to get a 64bit build you need to
> > set LIBDIR on make:
> >
> > make install LIBDIR=/usr/lib64
> >
> > The spec file does this correctly. I couldn't find any reliable way to
> > guess this that works both on real systems and in the almost entirely
> > empty rpm build root (you can't, for example, check for the existence
> > of /usr/lib64).
> William Jon McCann wrote:
> > Hi,
> >
> > After playing with the install (repeatedly) I ended up with a lot of
> > duplicate values in:
> > /etc/sysconfig/dirsrv
> > /etc/sysconfig/ipa-kpasswd
> >
> > Here is a patch that should fix this. It modifies the file "in-place"
> > and removes lines that matching the key (or commented key) and then
> > appends the new key=value.
> >
> > Jon
>
> Cool, I've wanted to fix this for a while (and recently aborted a switch
> from open with "a" to "w").
>
> What happens if the file doesn't exist yet? Do we need to wrap the
> fileinput loop in either a try/except or just look to see if the file
> exists first (my vote)?
>
> Something like:
>
> def update_key_val_in_file(filename, key, val):
> if os.path.exists(filename):
> pattern = "^[\s#]*%s\s*=" % re.escape(key)
> p = re.compile(pattern)
> for line in fileinput.input(filename, inplace=1):
> if not p.search(line):
> sys.stdout.write(line)
> fileinput.close()
> f = open(filename, "a")
> f.write("%s=%s\n" % (key, val))
> f.close()
Good point. In genera,l I prefer doing a try because it is a little
less racy but in this case it doesn't make a difference.
Updated patch attached.
Thanks,
Jon
Modify the way we detect SELinux to use selinuxenabled instead of using
a try/except.
Handle SASL/GSSAPI authentication failures when getting a connection
* Remove the rpmbuild tree with the dist-clean target.
* Move ipa-server-setupssl from /usr/sbin to /usr/share/ipa
* Check in requirement change for generated freeipa-python.spec
* Fix interactive hostname in ipa-server-install.
- Members of groups are clickable
- Combine name and uid into a single column in find users
- Remove license plate from searching
- Mailto links on user emails
- Add timelimit to finds. This is experimental...
- Fix usersearch to only search on objectClass=Person
- Change search to use get parameter
name and location of the keytab. In order for this keytab to be usable
TurboGears and Apache will need to run as the same user. We will also need
to listen only on localhost in TG.
Set password for admin user using the Directory Mangaer account
and the mozldapldappaswd binary to get and SSL connection
Fix some timeout problems with deploying keytabs
Fix ipa_pwd_extop to actuallt correctly detect an SSL connection
Do not ask for the user to use for the directory unless 'dirsrv' is
an existing user which may clash, create it silently
This way it returns results even if the search times out.
The find_users() search now returns a counter as the first result, which
is set to -1 if the results are partial.
removes the need for LDIF conversion. It will make TurboGears direct
code faster, but should keep xmlrpc about the same speed.
The patch also swaps out ldap.cidict for the IPA CIDict class. IPA code
should only use the CIDict class now.
Create separate object for Users and Groups (using same base class)
Check for uniqueness before adding new users and groups
Remove user_container from everything but add operations
Abstract out a number of functions that are common across users and groups
Make sure all strings passed in to be in a filter are checked
Add new error message: No modifications specified
rpcclient.py must call XML-RPC functions with all arguments.
Removed encode_args and decode_args. They were the source of most of the
argument pain. Now opts is alwyas appended to the end of the arguments
so MUST be the last argument in any server-side function (can be None)
Allow the User object to handle unicode data
Small fixes to command-line tools to be friendlier
Broke out get_user() into get_user_by_dn() and get_user_by_uid()
Need to request more than just 'nsAccountLock' attribute when trying to
see if a user is already marked deleted. If it is blank the record
coming back is empty. Add 'uid' to the list to guarantee something coming
back (dn is handled specially)
Added user_container attribute to get_user_* and add_user so the caller
can specify where in the tree the user will be searched for/added.
Added global default value for user_container
