rest of the krb5.conf configuration were. This clearly breaks
with the default EXAMPLE.COM realm configuratrion. Furthermore
it makes it not possible to try to 'fix' an installation by
rerruninng ipa-client-install
This patch removes the special case and avoids krb5.conf only
if the on_master flag is passed.
Fix also one inner 'if' statement to be simpler to understand.
Running at the end ensures that /etc/ipa/ipa.conf is created and generally
makes it more likely to succeed.
Added a new argument to ipa-server-installl, -y <password_file>, so we
don't have to pass it on the command-line.
The updates directory is currently hardcoded to /usr/share/ipa/updates.
All of the files are read into memory and then sorted by the length of the DN.
This is so we can be sure that parent entries are added before children.
Also add a man page.
Also handle syntax errors a bit more gracefully and allow the updater to
work on more than one file at a time.
Adjust to new config.py and use a custom exception class for syntax errors.
Also fix a error in parsing the separate files
Include slapi-nis in Requires
Includes work provided by Martin Nagy
460055
This tool takes as input a file which contains basically an LDIF, prefixed
with a command: default, add, remove or only. These define the operations
to perform such as adding new entries, adding new sub-entries to an existing
entry, adding or modifying attributes in a record.
If an index entry is modified a task is created to re-create the index.
Schema may be added using this tool.
454031
This tool will dump and re-encrypt all keys, then reload and change
the master key in LDAP and in the stash file.
It will also restart the Directory Server and the the KDC
but will allow for changing configurations without having to restart DS.
Password operations are slow and rare enough this is an acceptable compromise.
- wrong import in certs.py makes ipa-replica-manage fail
- close the fs after the stash file is written so that the file is updated
immediately and not when the fd is garbage collected
ldap add and modify operation performed on the userPassword attribute.
Add helper functions to reduce code duplication.
Do not enforce encrypted connections on ldap add/ldap mod for compatibility
reasons. (We cannot enforce people not to send the password in the clear
anyway, we can only refuse to accept it at the most which does not gain
you much if someone then re-send you the same password previously exposed)
Fix make maintainer-clean
Also make RPM naming consistent by using a temp RELEASE file.
This one helps when testing builds using rpms.
Just 'echo X > RELEASE' to build a new rpms (X, X+1, X+2 ...)
Version 1.1.0 was released some times ago, bump up to 1.1.1
information. This way we do not risk to leave around sensitive data.
Set the destination host in the replica file too and do checks against
in ipa-replica-install
We will use them to encrypt the replica file so that we can
transport it over more safely.
It contains sensitive data, by encrypting it we assure that
even if a distracted admin leaves it around it cannot be accessed
without knowing the access passphrase (usually the Directory Manager
password)
Along the way fix also ipautil.run which was buggy and not passing
in correctly stdin.
Add dependency for gnupg in spec file
