IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,305 Commits 11 Branches 60 Tags
19d62e9aa4315c8afed687412f4737794d39cec0
Commit Graph

8305 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomas Babej
19d62e9aa4 winsync-migrate: Move the tool under ipaserver.install package 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e9a3b99717 winsync-migrate: Rename to tool to achive consistency with other tools 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
7017d9e8a6 winsync-migrate: Delete winsync agreement prior to migration 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
d584eb7001 winsync-migrate: Require explicit specification of the target server and validate existing agreement 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
bff7a748d6 idviews: Do not abort the find & show commands on conversion errors 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0e11a87090 winsync-migrate: Require root privileges 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e6a2a67d7a dcerpc: Add debugging message to failing kinit as http 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
69c6a33216 dcerpc: Change logging level for debug information 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
cf61e2ad94 winsync-migrate: Move the api initalization and LDAP connection to the main method 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e7d7f01d5f migrate-winsync: Add option validation and handling 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
2104e07fa8 migrate-winsync: Create user ID overrides in place of winsynced user entries 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
4c6ff80140 winsync-migrate: Add a way to find all winsync users 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0cb87fc31a winsync-migrate: Add initial plumbing 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
ccbf267872 ipaplatform: Remove redundant definitions 
The variables path_namespace and task_namespace in the base platform
are not used anywhere in the rest of the codebase and are just
debris from previous implementation.

This patch removes them.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 13:04:23 +02:00
Martin Basti
2e329ecdc7 KRA Install: check replica file if contains req. certificates 
https://fedorahosted.org/freeipa/ticket/5059

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 10:59:53 +00:00
Thierry Bordaz
b5cb95431b Display the wrong attribute name when mandatory attribute is missing 
When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing
	it displays an error with 'cn'

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 12:01:07 +02:00
Ludwig Krispenz
6f916b0ac9 allow deletion of segment if endpoint is not managed 
in the preop check do not reject the deletion of a segment, if not both endpoints
are managed servers for the suffix

thisis part of work for ticlet #5072

Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-07-02 11:54:01 +02:00
Martin Basti
96c23659fc DNS: Do not traceback if DNS is not installed 
Instead of internal error show 'DNS is not configured' message, when a
dns* command is executed.

https://fedorahosted.org/freeipa/ticket/5017

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 20:19:01 +02:00
Petr Vobornik
25a5e38b85 replication: fix regression in get_agreement_type 
dcb6916a3b introduced a regression where
get_agreement_type does not raise NotFound error if an agreement for host
does not exist. The exception was swallowed by get_replication_agreement.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 19:44:11 +02:00
Jan Cholasta
e43296ba9a replica prepare: Do not use entry after disconnecting from LDAP 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
5b39bc1003 plugable: Remove unused call method of Plugin 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
2b12bca660 plugable: Specify plugin base classes and modules using API properties 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
4b277d0477 plugable: Change is_production_mode to method of API 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
1a21fd971c plugable: Remove SetProxy, DictProxy and MagicDict 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
e9c9e3f009 ipaplatform: Do not use MagicDict for KnownServices 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
b1fc875c3a plugable: Lock API on finalization rather than on initialization 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
860088208b plugable: Do not use DictProxy for API 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
e39fe4ed31 plugable: Pass API to plugins on initialization rather than using set_api 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
2d1515323a plugable: Load plugins only from modules imported by API 
Previously all plugin modules imported from anywhere were added to the API.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
481f8ddaa3 plugable: Specify plugins to import in API by module names 
This change removes the automatic plugins sub-package magic and allows
specifying modules in addition to packages.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
7715d5bb04 ipalib: Move find_modules_in_dir from util to plugable 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
fe2accf776 ipalib: Load ipaserver plugins when api.env.in_server is True 
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
f87ba5ee08 plugable: Move plugin base class and override logic to API 
Each API object now maintains its own view of registered plugins. This change
removes the need to register plugin base classes.

This reverts commit 2db741e847.

https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Tomas Babej
e21dad4e1c idviews: Remove ID overrides for permanently removed users and groups 
For IPA users and groups we are able to trigger a removal of
any relevant ID overrides in user-del and group-del commands.

https://fedorahosted.org/freeipa/ticket/5026

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-07-01 13:06:40 +02:00
Tomas Babej
77b64e6023 idviews: Allow users specify the raw anchor directly as identifier 
For various reasons, it can happen that the users or groups that
have overrides defined in a given ID view are no longer resolvable.

Since user and group names are used to specify the ID override objects
too by leveraging the respective user's or group's ipaUniqueID,
we need to provide a fallback in case these user or group entries
no longer exist.

https://fedorahosted.org/freeipa/ticket/5026

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-07-01 13:00:07 +02:00
Tomas Babej
a6d448b8bf idviews: Set dcerpc detection flag properly 
The availability of dcerpc bindings is being checked on the client
side as well, hence we need to define it properly.

https://fedorahosted.org/freeipa/ticket/5025

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-07-01 12:57:22 +02:00
Ludwig Krispenz
5b76df4e73 v2 improve processing of invalid data. 
reject attempts to add segments to suffixes, which do not exist or are not configured.
    check completenes and validity of segment attributes

    cf ticket 5088: https://fedorahosted.org/freeipa/ticket/5088

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
 2015-07-01 12:29:24 +02:00
Fraser Tweedale
3827137b32 Migrate CA profiles after enabling LDAPProfileSubsystem 
After enabling LDAPProfileSubsystem in Dogtag, migrate the
file-based profiles into the LDAP database.

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-07-01 12:28:12 +02:00
Fraser Tweedale
6e641e8d18 Upgrade CA schema during upgrade 
New schema (for LDAP-based profiles) was introduced in Dogtag, but
Dogtag does not yet have a reliable method for upgrading its schema.
Use FreeIPA's schema update machinery to add the new attributeTypes
and objectClasses defined by Dogtag.

Also update the pki dependencies to 10.2.5, which provides the
schema update file.

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-07-01 12:28:12 +02:00
Petr Spacek
fe6819eb9d DNSSEC: Store time & date key metadata in UTC. 
OpenDNSSEC stores key metadata in local time zone but BIND needs
timestamps in UTC. UTC will be stored in LDAP.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-07-01 12:25:52 +02:00
Rob Crittenden
57429c1cfa Don't rely on positional arguments for python-kerberos calls 
Upstream PyKerberos uses a different argument ordering than
from the patch that Fedora/RHEL was carrying for
authGSSClientInit().

Using named arguments provides forwards and backwards
compatibility.

https://fedorahosted.org/freeipa/ticket/5085

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 12:20:07 +02:00
Martin Basti
b2f0a018b6 Sanitize CA replica install 
Check if cafile exist first.

https://fedorahosted.org/freeipa/ticket/4468

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-06-30 13:41:00 +02:00
Gabe
37729936dd Clear SSSD caches when uninstalling the client 
https://fedorahosted.org/freeipa/ticket/5049

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2015-06-30 12:59:19 +02:00
Martin Babinsky
90788a25d6 increase NSS memcache timeout for IPA server 
Increasing memcache timeout to 600 seconds when configuring sssd on IPA server
should improve performance when dealing with large groups in trusts.

https://fedorahosted.org/freeipa/ticket/4964

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-06-30 12:50:00 +02:00
Ludwig Krispenz
bb1f45b7f0 v2 clear start attr from segment after initialization 
Online initialization can be triggered by setting "nsds5BeginReplicaRefresh[;left|;right]": start to a
    segment. But this field remained in the segment and after restart the init would be executed again.
    see Ticket #5065

    To fix this the field is cleared:
    - after a backend comes back online after being initialized
    - since there is a delay and the sending server could be restarted in between,
        the field is also scheced and renḿoved at startup

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
 2015-06-30 12:47:50 +02:00
Christian Heimes
0bf4e7fb4a Fix upgrade of HTTPInstance for KDC Proxy 
HTTPInstance needs a LDAP connection for KDC Proxy upgrade. The patch
ensures that an admin_conn is available.

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
 2015-06-29 17:28:56 +02:00
Christian Heimes
2842a83568 Fix removal of ipa-kdc-proxy.conf symlink 
installutils.remove_file() ignored broken symlinks. Now it uses
os.path.lexists() to detect and also remove dangling symlinks.

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
 2015-06-29 17:24:03 +02:00
Ludwig Krispenz
5e92c981b0 fix coverity issues 
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-06-29 17:17:29 +02:00
Martin Babinsky
4d7b630992 ipa-kdb: common function to get key encodings/salt types 
This patch moves duplicate code in `ipadb_get_connection` to get default and
supported key encodings/salt types from Kerberos container to a common
function handling this task.

It is actually a small cosmetic enhancement of the fix of
https://fedorahosted.org/freeipa/ticket/4914

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-06-29 17:15:00 +02:00
Fraser Tweedale
7f923f922a certprofile: fix doc error 
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-06-29 17:14:00 +02:00