IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-06 06:13:00 -06:00
Code Issues Packages Projects Releases Wiki Activity
802 Commits 11 Branches 59 Tags 60 MiB
29ddbc610c
Commit Graph

802 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
W. Michael Petullo
29ddbc610c This patch begins the process of replacing OpenLDAP with mozldap. 
FreeIPA relies on RedHat's Directory Server, which uses mozldap.
A FreeIPA build using mozldap would reduce the project's dependencies and
redundant code. In addition, mozldap uses NSS instead of OpenSSL.
This is beneficial for the reasons listed in [1].

[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
 2008-05-01 09:59:43 -04:00
Rob Crittenden
274eb708c2 Fix ownership of the Apache NSS cert and key databases. 
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
 2008-04-30 09:44:48 -04:00
Rob Crittenden
306d8241b3 Fix the client-side search size limit. 
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).

The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig

python-ldap expects this to be an int type

In the UI sizelimit was hardcoded at 0 for users

439880
 2008-04-25 16:46:13 -04:00
Simo Sorce
1e3276cec1 Make sure recent ldapmodify tool (as in F9) do not complain by splitting the 
operation into 2 modify operations
 2008-04-25 14:18:39 -04:00
Rob Crittenden
12ea8efc0b Add --verbose option so the HTTP headers and XML request/response can be seen. 
Also re-do the way modules are imported. I was attemping to have ^C handled
gracefully but the way I did it could mask other problems.

443987
 2008-04-25 10:35:22 -04:00
Rob Crittenden
47e6a75cff Add nfs as a service principal type. 
440242
 2008-04-23 15:42:41 -04:00
Rob Crittenden
03b3dbd2ab Don't let a user change their own uid. Fix some related errors if they try. 
440895
 2008-04-23 15:36:14 -04:00
Rob Crittenden
2427e7c130 Don't allow a replica to prepare a replica for itself. 
442756
 2008-04-23 15:36:13 -04:00
Nathan Kinder
d854d25483 Fixed various memory leaks in memberOf plug-in. 
440474
 2008-04-22 16:55:50 -04:00
Simo Sorce
298747e15a Make sure we always have the [domain-realm] section or kerberos libs misbheave. 2008-04-22 15:28:42 -04:00
Rob Crittenden
def28f3d5b Become version 1.0.0 2008-04-16 14:29:17 -07:00
Rob Crittenden
dce8008167 Catch all errors when obtaining an LDAP connection. 
442582
 2008-04-15 21:08:55 -07:00
Rob Crittenden
78bdb75291 Move print statement to the correct scope so it displays both lock and unlock. 
442625
 2008-04-15 21:27:04 -04:00
Rob Crittenden
4eb7c51e59 Better detection of DS not starting. 
The dirsrv init script always returns 0 on status checks, even if an
instance is not started. So we have to look through the output instead.

442452
 2008-04-14 23:14:16 -04:00
Rob Crittenden
b1f58e5441 Don't quit trying to lock a user if they aren't in the activated group. 
Users are considered activated by default so don't need to be in the
activated group explicitly. Ignore the "not in group" error when trying
to remove them.

442470
 2008-04-14 23:13:58 -04:00
Rob Crittenden
ff3ca61f73 Handle exceptions more gracefully on systems with python-ldap 2.2.0 
442136
 2008-04-14 18:23:29 -04:00
Rob Crittenden
ce3f79e51c Configure the ipa_pwd_extop plugin on replicas. 
If plugin isn't configured then the kerberos attributes don't get populated.
User's will get Preauthentication errors from the kerberos libraries
because there is no krbPrincipalKey to match against.

442134
 2008-04-14 17:55:25 -04:00
Rob Crittenden
27691b9e1c Use the same kpasswd.keytab on all replicas. 
If we generate a new keytab for each replica then effectively password
changes can only occur on the last replica created.

439905
 2008-04-09 16:57:41 -04:00
Simo Sorce
24a7cf3714 Fix client discovery and make sure command line options are not overwritten 
with discovered options, just verified.
 2008-04-09 15:55:46 -04:00
Simo Sorce
3e47b48068 Make sure we use the configured server in ipa.conf first, and 
fallback to the discovered ones only if that's not available
 2008-04-09 14:37:01 -04:00
Simo Sorce
70d3717e8b Add --permitted-enctypes command and add it to the man page too 2008-04-08 18:02:42 -04:00
Simo Sorce
c45d58cc3f Make sure we start the NSCD daemon. 
It makes a huge difference on clients, if we cache lookups
 2008-04-08 14:58:52 -04:00
Simo Sorce
f24842fd9d is_integer returns the integer, don't use an if clause, just check it, if it 
is wrong it will just throw an exception and exit.
Fix error reporting to use the canonical str(e)
 2008-04-08 14:35:26 -04:00
Rob Crittenden
3ec54383f9 Fix error where password was getting set wrong if passed in on command-line. 
439905
 2008-04-08 15:44:05 -04:00
Simo Sorce
6778085531 The kpasswd keytab must not be owned by the dirsrv user. 
Fix copy&paste error.
 2008-04-08 09:25:48 -04:00
Rob Crittenden
0f00ba24a2 SELinux fix from Dan Walsh 
440646
 2008-04-07 23:50:43 -04:00
Rob Crittenden
f88f9f3cc0 Add (post) to Requires: ipa-server-spec 2008-04-07 23:45:00 -04:00
Rob Crittenden
039581d1ed Some SELinux policy changes provided by Dan Walsh. 
440651
 2008-04-07 23:38:51 -04:00
Simo Sorce
dc861888ad Add _ntp SRV record 2008-04-07 15:27:42 -04:00
Simo Sorce
f16d2d6e2d Password policy checks fixes. 
- don't let a user set a password identical to the current one.
- don't check more then the policy defined number of passwords in history
- don't set an history longer than policy defined
 2008-04-07 09:26:18 -04:00
Rob Crittenden
ac5a35086e Don't allow the admin user to be removed from the admins group. 
439281
 2008-04-04 17:41:32 -04:00
Rob Crittenden
cb4648a8af Add missing normalizeDN() when removing members from a group. 
438387
 2008-04-04 16:30:36 -04:00
Rob Crittenden
a761093a30 Create /etc/ipa/ipa.conf earlier in the installation process. 
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.

440475
 2008-04-03 15:49:07 -04:00
Rob Crittenden
8dafa9dc92 Add missing image 2008-04-03 15:40:11 -04:00
Simo Sorce
f7a425fff8 Need python-ldap in Requires 2008-04-02 19:13:46 -04:00
Rob Crittenden
c30a533de6 Don't try to update ipauserobjectclasses or ipagroupobjectclasses 
since they aren't being displayed anymore. They will just get blanked.

Also add some error handling in ipahelper.fix_incoming_fields()

438256
 2008-04-02 21:15:49 -04:00
Rob Crittenden
d567aa4441 Add missing start_creation() so the install process will get kicked off. 2008-04-02 22:04:24 -04:00
Simo Sorce
1083207dca Make sure we have ipa-client installed as now ipa-server-install calls 
ipa-client-install
 2008-04-02 12:36:25 -04:00
Simo Sorce
a903eacba2 Cut&patse error 2008-04-02 11:57:52 -04:00
Simo Sorce
0d5f45b3dd Stricter directory control for ipa daemons, each one it's own directory 2008-04-01 18:07:14 -04:00
Simo Sorce
625d9b2de8 - Better defaults for nss_ldap 
- Make sure timeouts are not too high, so that machine does not hang if remote
  servers are not reachable
- Make sure root can always login no matter what the status of the ldap
  servers
- use rfc2307bis schema directive
 2008-04-01 18:04:59 -04:00
Simo Sorce
c260d63245 Move ipa_kpasswd credential cache in its own directory 2008-04-01 17:33:53 -04:00
Rob Crittenden
05efbe9991 Fix typo in python directive. Fixes marking a group active. 
440142
 2008-04-01 22:01:23 -04:00
Rob Crittenden
6d136d7fff Fix crash when creating new groups. You can't iterate over a None variable. 
440081
 2008-04-01 15:46:50 -04:00
Rob Crittenden
04da7a1ecc Fix AVC when for reading /proc during password change on RHEL 5 
438007
 2008-04-01 15:40:42 -04:00
Rob Crittenden
98f8a31320 No need to use a regular expression to find the replication host 
430015
 2008-03-31 18:27:42 -04:00
Simo Sorce
af50f341ad Call client uninstall from server uninstall so that uninstall reverses also 
client bits.
 2008-03-31 17:35:45 -04:00
Simo Sorce
a81ea4051b RHEL4 contrib client uninstall 2008-03-31 17:34:40 -04:00
Simo Sorce
28ac93a535 Implement client uninstall 
(including RHEL4 contrib setup script)
 2008-03-31 17:33:55 -04:00
Simo Sorce
7b5088955a Sysrestore fixes. 
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
 2008-03-31 17:27:56 -04:00