IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,989 Commits 11 Branches 60 Tags
11bd9d96f191066f7ba760549f00179c128a9787
Commit Graph

7989 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Petr Vobornik
11bd9d96f1 performance: faster DN implementation 
DN code was optimized to be faster if DNs are created from string. This is
the major use case, since most DNs come from LDAP.

With this patch, DN creation is almost 8-10x faster (with 30K-100K DNs).

Second mojor use case - deepcopy in LDAPEntry is about 20x faster - done by
custom __deepcopy__ function.

The major change is that DN is no longer internally composed  of RDNs and
AVAs but it rather keeps the data in open ldap format - the same as output
of str2dn function. Therefore, for immutable DNs, no other transformations
are required on instantiation.

The format is:

DN: [RDN, RDN,...]
RDN: [AVA, AVA,...]
AVA: ['utf-8 encoded str - attr', 'utf-8 encode str -value', FLAG]
FLAG: int

Further indexing of DN object constructs an RDN which is just an encapsulation
of the RDN part of open ldap representation. Indexing of RDN constructs AVA in
the same fashion.

Obtained EditableAVA, EditableRDN from EditableDN shares the respected lists
of the open ldap repr. so that the change of value or attr is reflected in
parent object.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-14 19:31:54 +02:00
Martin Basti
0a1a3d7312 DNSSEC CI tests 
Tests:
* install master, replica, then instal DNSSEC on master
  * test if zone is signed (added on master)
  * test if zone is signed (added on replica)

* install master with DNSSEC, then install replica
  * test if root zone is signed
  * add zone, verify signatures using our root zone

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Milan Kubik <mkubik@redhat.com>
 2015-04-14 19:29:36 +02:00
Martin Basti
b9c5744031 Server Upgrade: only root can run updates 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
d09706a8c8 Server Upgrade: restart DS using ipaplatfom service 
Removes extra class DSRestart which do the same thing

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
b605ccc94b Server Upgrade: use ldap2 connection in fix_replica_agreements 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
4aec9d2280 Server Upgrade: Handle connection better in updates_from_dict 
Connection should be closed if update is done

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
0e752aab29 Server Upgrade: plugins should use ldapupdater API instance 
This is required to have proper LDAP connection in plugins

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
f24f614396 Server Upgrade: specify order of plugins in update files 
* add 'plugin' directive
* specify plugins order in update files
* remove 'run plugins' options
* use ldapupdater API instance in plugins
* add update files representing former PreUpdate and PostUpdate order of plugins

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
cc19b5a76a Server Upgrade: Apply plugin updates immediately 
Preparation to moving plugins executin into update files.
* remove apply_now flag
* plugins will return only (restart, modifications)

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
b4ca5c57d2 Server Upgrade: remove unused code in upgrade 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
13c4631813 Server Upgrade: use only LDAPI connection 
Use only ldapi connection to execute upgrade

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Gabe
e537fd202e Add message for skipping NTP configuration during client install 
https://fedorahosted.org/freeipa/ticket/3092

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-14 19:12:47 +02:00
Petr Vobornik
efcd48ad01 webui: use no_members option in entity select search 
Obtaining member information for entity selects is not needed and it
causes unwanted performance hit, especially with larger groups.

This patch removes it.

https://fedorahosted.org/freeipa/ticket/4948

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-04-14 19:05:20 +02:00
Petr Vobornik
f7eeaa4ce0 webui: unable to select single value in CB by enter key 
Fix: If editable combobox has one value, the value is selected and changed by hand, it can't be re-selected by enter key.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-04-14 19:03:53 +02:00
Thierry bordaz (tbordaz)
d1691eee88 User life cycle: stageuser-add verb 
Add a accounts plugin (accounts class) that defines
variables and methods common to 'users' and 'stageuser'.
accounts is a superclass of users/stageuser

Add the stageuser plugin, with support of stageuser-add verb.

Reviewed By: David Kupka, Martin Basti, Jan Cholasta

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-08 08:19:09 +02:00
Thierry bordaz (tbordaz)
c3ede5f1e9 User Life Cycle: Exclude subtree for ipaUniqueID generation 
IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX'

Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree'

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-08 08:19:09 +02:00
Martin Basti
b92136cba2 Fix ldap2 shared connection 
Since API is not singleton anymore, ldap2 connections should not be
shared by default.

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-04-02 12:26:04 +00:00
Martin Babinsky
c311af06f6 fix improper handling of boolean option in 
read_replica_info_kra_enabled

This patch fixes https://fedorahosted.org/freeipa/ticket/4530.

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 11:31:27 +00:00
Martin Babinsky
4192cce80e do not log BINDs to non-existent users as errors 
https://fedorahosted.org/freeipa/ticket/4889

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-04-02 08:59:25 +00:00
Ales 'alich' Marecek
ca96ecbf40 Ipatests DNS SOA Record Maintenance 
https://fedorahosted.org/freeipa/ticket/4746

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 08:56:32 +00:00
Milan Kubik
59f024487e ipatests: port of p11helper test from github 
Ported the github hosted [1] script to use pytest's abilities
and included it in ipatests/test_ipapython directory.

[1]: https://github.com/spacekpe/freeipa-pkcs11/blob/master/python/run.py

https://fedorahosted.org/freeipa/ticket/4829

Signed-off-by: Martin Basti <mbasti@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 08:51:27 +00:00
Martin Basti
1216da8b9f DNSSEC: Do not log into files 
We want to log DNSSEC daemons only into console (journald)

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-04-02 08:45:08 +00:00
Martin Basti
b5e941d49b Server Upgrade: Fix comments 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-02 08:42:43 +00:00
David Kupka
b9657975b7 Bump ipa.conf version to 17. 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
David Kupka
5a03462bfc Use mod_auth_gssapi instead of mod_auth_kerb. 
https://fedorahosted.org/freeipa/ticket/4190

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
David Kupka
8c72e2efad Remove unused part of ipa.conf. 
Separate configuration of '/var/www/cgi-bin' is no longer needed legacy from
IPA 1.0.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
Nathan Kinder
f0c1daf7a2 Skip time sync during client install when using --no-ntp 
When --no-ntp is specified during ipa-client-install, we still
attempt to perform a time sync before obtaining a TGT from the
KDC.  We should not be attempting to sync time with the KDC if
we are explicitly told to not configure ntp.

Ticket: https://fedorahosted.org/freeipa/ticket/4842
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-03-26 18:30:19 +01:00
Alexander Bokovoy
1b781b777f slapi-nis: require 0.54.2 for CVE-2015-0283 fixes 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-26 15:03:44 +01:00
Sumit Bose
c1114ef825 extdom: fix wrong realloc size 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
 2015-03-26 14:58:37 +01:00
Alexander Bokovoy
704c79d91d fix Makefile.am for daemons 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
 2015-03-26 14:58:37 +01:00
Martin Babinsky
e8d4f6dba1 show the exception message thrown by dogtag._parse_ca_status during install 
https://fedorahosted.org/freeipa/ticket/4885

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
 2015-03-26 14:46:56 +01:00
Martin Babinsky
5a5e1a2494 migrate-ds: print out failed attempts when no users/groups are migrated 
This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and
https://fedorahosted.org/freeipa/ticket/4952.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-23 13:08:41 +01:00
Jan Cholasta
fa50068607 upload_cacrt: Fix empty cACertificate in cn=CAcert 
https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Jan Cholasta
572d68b539 client: Fix ca_is_enabled calls 
The command was added in API version 2.107. Old IPA servers may crash with
NetworkError on ca_is_enabled, handle this case gracefully.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Jan Cholasta
95a628cfb9 client-install: Do not crash on invalid CA certificate in LDAP 
When CA certificates in LDAP are corrupted, use the otherwise acquired CA
certificates from before.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Jan Cholasta
39e474e14e certstore: Make certificate retrieval more robust 
https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Martin Basti
c3d441ae03 Server Upgrade: remove --test option 
As --test option is not used for developing, and it is not recommended
to test if upgrade will pass, this path removes it copmletely.

https://fedorahosted.org/freeipa/ticket/3448

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:48:41 +01:00
Tomas Babej
4190b1a47c Revert "Server Upgrade: respect --test option in plugins" 
This reverts commit c95c4849ae.
 2015-03-19 12:48:06 +01:00
Martin Basti
c95c4849ae Server Upgrade: respect --test option in plugins 
Several plugins do the LDAP data modification directly.
In test mode these plugis should not be executed.

https://fedorahosted.org/freeipa/ticket/3448

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:40:24 +01:00
Martin Basti
a42fcfc18b Server Upgrade: order update files by default 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:37:09 +01:00
Martin Basti
0c7274ead8 Server Upgrade: Update entries in order specified in file 
Dictionary replaced with list. Particular upgrades are
executed in the same order as they are specified in update
a file.

Different updates for the smae cn, are not merged into one upgrade

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:37:09 +01:00
Martin Basti
144bc6c1eb Server Upgrade: Set modified to false, before each update 
Variable self.modified should be set to false before each run of update

Ticket: https://fedorahosted.org/freeipa/ticket/3560
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:37:09 +01:00
Martin Basti
10bc6bd0bf Server Upgrade: Upgrade one file per time 
* Files are sorted alphabetically, no numbering required anymore
* One file updated per time

Ticket: https://fedorahosted.org/freeipa/ticket/3560
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:37:09 +01:00
Martin Basti
bb1d7a741c Server Upgrade: do not sort updates by DN 
Ticket: https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:37:09 +01:00
Martin Basti
d3f5d5d1ff Server Upgrade: Remove unused PRE_SCHEMA_UPDATE 
This is not used anymore.

Ticket: https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 12:33:22 +01:00
Sumit Bose
d0d79ada37 extdom: migrate check-based test to cmocka 
Besides moving the existing tests to cmocka two new tests are added
which were missing from the old tests.

Related to https://fedorahosted.org/freeipa/ticket/4922

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2015-03-18 13:33:38 +01:00
Lukas Slebodnik
6ce47d86db SPEC: Require python2 version of sssd bindings 
Python modules pysss and pysss_murmur was part of package sssd-common.
Fedora 22 tries to get rid of python2 and therefore these modules were
extracted from package sssd-common to separate packages python-sss and
python-sss-murmur and python3 version of packages python3-sss
python3-sss-murmur

git grep "pysss"  | grep import
ipalib/plugins/trust.py:    import pysss_murmur #pylint: disable=F0401
ipaserver/dcerpc.py:import pysss

ipaserver/dcerpc.py is pacakged in freeipa-server-trust-ad
palib/plugins/trust.py is packaged in freeipa-python

Resolves:
https://fedorahosted.org/freeipa/ticket/4929

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-18 13:13:58 +01:00
Lukas Slebodnik
e152836047 SPEC: Explicitly requires python-sssdconfig 
Resolves:
https://fedorahosted.org/freeipa/ticket/4929

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-18 13:13:58 +01:00
Sumit Bose
6cc6a3ceec extdom: add selected error messages 
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2015-03-18 12:57:54 +01:00
Sumit Bose
02bd676939 extdom: add add_err_msg() with test 
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2015-03-18 12:57:54 +01:00