IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-28 18:01:23 -06:00
Code Issues Packages Projects Releases Wiki Activity
858 Commits 11 Branches 59 Tags 60 MiB
165d26ce2b
Commit Graph

195 Commits

Author SHA1 Message Date
Rob Crittenden
165d26ce2b Make check_inst() a standalone function in bindinstance. 
When an install instance is created that contains a pointer to a sysrestore
point it loads in the current configuration when instantiated. If an
instance is instantiated but not used then changes may occur to the
system state that it is unaware of. So one needs to take care in the order
that things are done to avoid losing information.

When bind was setup it was overwriting all data in sysrestore.state and
leaving just a [named] section. This caused problems at uninstall.

448173
 2008-05-30 11:21:11 -04:00
Simo Sorce
53afb67537 Fix the case where domain != lower(REALM) 
add the domain to the ipa.conf file for apps that need to know
This should fix a bug in the replica setup
 2008-05-29 09:43:00 -04:00
Simo Sorce
3931d1d753 Move admin into cn=users,cn=accounts 
After some deep thinking I think the advantages of keeping all
posix enabled user accounts under cn=users,cn=accounts overweight a
perceived better protection of the admin account by keeping it in a
separate tree.
 2008-05-23 15:07:37 -04:00
Rob Crittenden
927447b144 Fix up function return values so we can return 1 on an installation error. 
447973
 2008-05-22 16:37:33 -04:00
Martin Nagy
1069324eba Only ask the user to install bind. 2008-05-22 11:40:31 -04:00
Rob Crittenden
fcd3260955 Ensure hostnames are lower during installation and when adding service princs 
447381
 2008-05-20 15:07:24 -04:00
Simo Sorce
6119f83799 Use split instead of find as split does not fail to provide a complete 
component if no '.' is found.
 2008-05-15 14:26:25 -04:00
Martin Nagy
2d608a8354 Don't ask the user again if he wants to replace bind configuration files if he specified --setup-bind. 
430090
 2008-05-14 16:25:10 -04:00
Rob Crittenden
41457f0e81 Display information on how to uninstall a partially installed server. 
This may have failed either because the user pressed ^C or something
failed during installation.

442454
 2008-05-09 14:05:47 -04:00
Rob Crittenden
6538c150b1 Detect existing DS instances and prompt for removal during replica install. 
442454
 2008-05-08 15:56:10 -04:00
Rob Crittenden
318c6adfae Add missing colon to function definition that broke the build 2008-05-08 15:17:59 -04:00
Rob Crittenden
bd9dea888d Add a version API to the server so it knows what version it is. 
435019
 2008-05-08 13:01:27 -04:00
Rob Crittenden
2bb64e404c Don't prompt for confirmation of DM password when installing a replica. 
It implies that you are setting a new password and you really aren't.

Also added a catch for KeyboardInterrupt with instructions on how to
recover from a partial install.

441607
 2008-05-08 12:01:38 -04:00
Simo Sorce
1e3276cec1 Make sure recent ldapmodify tool (as in F9) do not complain by splitting the 
operation into 2 modify operations
 2008-04-25 14:18:39 -04:00
Rob Crittenden
2427e7c130 Don't allow a replica to prepare a replica for itself. 
442756
 2008-04-23 15:36:13 -04:00
Rob Crittenden
27691b9e1c Use the same kpasswd.keytab on all replicas. 
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.

439905
 2008-04-09 16:57:41 -04:00
Simo Sorce
dc861888ad Add _ntp SRV record 2008-04-07 15:27:42 -04:00
Rob Crittenden
a761093a30 Create /etc/ipa/ipa.conf earlier in the installation process. 
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.

440475
 2008-04-03 15:49:07 -04:00
Rob Crittenden
98f8a31320 No need to use a regular expression to find the replication host 
430015
 2008-03-31 18:27:42 -04:00
Simo Sorce
af50f341ad Call client uninstall from server uninstall so that uninstall reverses also 
client bits.
 2008-03-31 17:35:45 -04:00
Rob Crittenden
767acbee06 Put replica info file into /var/lib/ipa instead of the current directory 
439120
 2008-03-28 15:56:07 -04:00
Simo Sorce
aac086582a Move sysrestore to ipa-python so it can be used by client scripts too. 
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
 2008-03-27 19:01:38 -04:00
Rob Crittenden
382ff1d29e Put the replica hostname back together properly 
439057
 2008-03-27 10:20:15 -04:00
Rob Crittenden
fd92652ace Make the memberof task a public function. 
This is used when a new replica is created as well as whenever a replica
is re-initialized from another master.

In order for this to work when not creating an instance the __init__
function needs to be able to determine the suffix and the dm_password
is needed.

I've also added the time to the RDN of the member task to ensure
uniqueness.

438222
 2008-03-27 09:33:01 -04:00
Simo Sorce
402187c838 Make Install and Uninstall have different log files 2008-03-24 12:22:34 -04:00
Rob Crittenden
79db4c3aa2 Fix file permissions on ca.crt when it is installed. 
438220
 2008-03-26 12:11:58 -04:00
Rob Crittenden
6464c40424 Start ntpd after FDS so that the ntp user can be found. 
Start httpd after ipa_webgui becuse otherwise mod_proxy may not like it if it
can't connect to the UI listening port

438090
 2008-03-24 11:02:49 -04:00
Rob Crittenden
5547ed320a Remove ACI that was causing RDN changes to fail 
Fix for session code so RDN change can succeed

433523
 2008-03-10 10:04:15 -04:00
Rob Crittenden
092b1b694c Add ability to initialize a replication agreement 
Add ability to force a synch to occur
Clean up a lot of unused code in ipaldap.py. This lets us do a simple bind
  without being root (it used to try to read dse.ldif)

436237
 2008-03-07 10:56:03 -05:00
Rob Crittenden
03d7125eac Verify that the hostname is correct in /etc/hosts 
Don't ignore exceptions when getting the hostname from the user

433515
 2008-03-06 13:17:28 -05:00
Rob Crittenden
f948904b5c KDC is Key Distribution Center, not Kerberos Domain Controller 
435949
 2008-03-04 14:47:47 -05:00
Rob Crittenden
b3c8780c1d Fix build breakage. 2008-03-03 22:30:10 -05:00
Rob Crittenden
b49942fe96 Close all fds when running another program. This fixes the SELinux AVCs. 
Put installation log files into /var/log.

430024
 2008-03-03 16:14:48 -05:00
Rob Crittenden
cc3b9cddef Add small script to start/stop all of the services that IPA requires in the 
proper order.

435026
 2008-02-28 11:37:06 -05:00
Simo Sorce
d7ad62cd7e Make sure all entries are generated by us according to IPA 
default tree. This patch make sure that the DS setup script
does not add unwanted entries.
 2008-02-28 13:35:10 -05:00
Nathan Kinder
2c559fce85 Fixed the way we call ipa-client-install from ipa-replica-install. 
434980
 2008-02-28 15:24:10 -08:00
Simo Sorce
d2fd2270cd We do not require the Master password anymore, fix code and error message 2008-02-25 17:18:18 -05:00
Simo Sorce
e50f0fdbee Fix unattended install 2008-02-25 17:16:18 -05:00
Rob Crittenden
231913f3c2 Make sure KrbPrincipalName is unique server-wide 
Fix the build. Somehow this file didn't get committed.
 2008-02-21 23:22:31 -05:00
Simo Sorce
144a728182 Make sure KrbPrincipalName is unique server-wide 2008-02-21 22:31:16 -05:00
Rob Crittenden
87d9c037e4 Add some additional error handling 
433347
 2008-02-20 16:31:32 -05:00
Simo Sorce
ae0eaa0120 Let users write their own password, should fix 433707 2008-02-21 09:51:47 -05:00
Simo Sorce
0ae42b28de Start ntpd first unless we do not want it. 
Make sure we do sync the clock leaping to the current correct time.
This avoids problems with bad dates on certificates, etc..
 2008-02-20 11:03:46 -05:00
Simo Sorce
46cb6e9bdd Run ipa-client-install after server install bits 2008-02-20 10:16:19 -05:00
Rob Crittenden
da24953f9a Warn if a user tries to install a replica on the wrong target machine 
432691
 2008-02-19 10:46:22 -05:00
Rob Crittenden
e31d33619d Add some error handling for LDAP connection issues 
Verify the DM password earlier in the process

433368
 2008-02-19 10:20:13 -05:00
Rob Crittenden
80a4e94e5b Verify current domain with user during installation 
Use that domain when creating replicas

Resolves 432066
 2008-02-15 20:47:29 -05:00
Rob Crittenden
eef18e5c38 Display the path to the PKCS#12 password file at the end of installation 2008-02-19 11:40:27 -05:00
Rob Crittenden
5b1e7e3a5f Don't create a backup of the PKCS#12 cert on replicas 
Name the file created by ipa-replica-prepare after the FQDN of the target

Resolves 432904
 2008-02-14 17:39:06 -08:00
Rob Crittenden
5be3defccf Gracefully handle sys.exit() in python 2.4 2008-02-11 09:41:14 -05:00