This addresses some problems trying to build on non-Fedora/RHEL
distributions, notably Gentoo and Ubuntu/Debian.
Patch contributed by Ian Kumlien <pomac@vapor.com>
We used to check for these one at a time so you'd run it once and find
out you're missing the bind package. Install that and run the installer
again and you'd discover you're missing bind-dyndb-ldap.
ticket 140
* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema
No SUDO rules are created by default by this patch.
Make two krbV imports conditional. These aren't used during a client
install so should cause no problems.
Also fix the client installer to use the new env option in ipautil.run.
We weren't getting the krb5 configuration set in the environment because
we were overriding the environment to set the PATH.
ticket 136
Also do the following:
- Remove conflicts on mod_ssl
- Remove a lot of version checking for EOL'd Fedora versions
- Add a few conditionals for rhel6
- Add Requires of nss-tools on ipa-client
The EntityBuilder has been modified to obtain the pkey value by
invoking getPKey(). This function can be overriden for different
entities.
The addOptionsFunction() has been renamed to getOptions() and it
can be overriden for different entities. Each entity that uses this
function has been modified accordingly.
The addEdit(), addAnother(), add_fail() has been moved into the
EntityBuilder class. The global builders is no longer needed because
a reference to the builder object can be obtained via enclosure.
The ServiceForms has been modified to take service name and
hostname and combine them to generate the service principal by
overriding the getPKey().
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.
This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.
I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.
ticket 142
We don't use certmonger to get certificates during installation because
of the chicken-and-egg problem. This means that the IPA web and ldap
certs aren't being tracked for renewal.
This requires some manual changes to the certmonger request files once
tracking has begun because it doesn't store a subject or principal template
when a cert is added via start-tracking.
This also required some changes to the cert command plugin to allow a
host to execute calls against its own service certs.
ticket 67
When making LDAP calls via api.Backend.ldap2 the ldap2 object will already
be locked by the api.finalize() call. So the first time that
api.Backend.ldap2.connect() is called an error would be thrown that
self.schema cannot be set because the object is ReadOnly. This uses the
documented procedure for working around this lock.
This was preventing the DNS installation to proceed.
ticket #188
Move the user-private group caching code out of the global config and
determine the value the first time it is needed.
Renamed global_init() back to get_schema() and make it take an optional
connection. This solves the problem of being able to do all operations
with a simple bind instead of GSSAPI.
Moved the global get_syntax() into a class method so that a schema
can be passed in.
If a schema wasn't loaded during the module import then it is loaded
when the connection is created (so we have the credntials needed for
binding).
ticket 63
-Refactored the associations code into a set of objects that are configured by the entities
-Added support for associations that can be done in a single rpc
-hostgroup to host and group to user associations working
-Restructed sampledata so that the file is matched automatically by the RPC method name
-The new ipa_cmd/sampledata scheme insists on there being sample data for any commands or the ipa_command fails.
-Added sampledata files for all the calls we make
-renamed several of the sampledata files to match their rpc calls
-Started a pattern of refactoring where all the forms for the entity fall under a single object
Fedora 14 introduced the following incompatiblities:
- the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin
- the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6
Also, when moving the installed host service principals:
- don't assume that krbticketflags is set
- allow multiple values for krbextradata
ticket 155
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.
This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.
ticket 156
We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf,
/etc/libnss-ldap.conf and /etc/pam_ldap.conf.
nslcd is the replacement for nss_ldap.
ticket 50
We now catch the hashchange event and use that to drive most of the site.
To trigger page transitions, modify location.hash.
Params start with # not ?.
Removed user-group.inc.
converted tabs to spaces
trivial imlementation of add and details for netgroup and hostgroup
lots of bug fixes based on routing problems and the refactorings.
- Add/Remove links are now only available for multivalue
attributes (Param.multivalue = true) and attributes with param
types, that are multivalue by definition (as of now only List).
Single-value attributes with no value are displayed as empty
input elements.
- When updating an attribute, leading and trailing spaces are
stripped
- Context help available in the form of hints, that are extracted
form Param.hint.
the code was calling ldap_init, which is a deprecated function, and getting a compilation warning. This version uses the recommended function ldap_initilaize.
to hash params ( starting with # ). User Details are now part of
index.xhtml, ao one more .inc file has been removed.
Updated commit to catch a few things that had been left out, including
sampledata handling and updateing Makefile.am
Installing dogtag is quite slow and it isn't always clear that things
are working. This breaks out some restart calls into separate steps
to show some amount of progress. There are still some steps that take
more than a minute (pkicreate and pkisilent).
Add new argument to pkisilent, -key_algorithm
Update a bunch of minimum required versions in the spec file.
tickets 139 (time) and 144 (key_algorithm)
Move the netgroup compat configuration from the nis configuration to
the existing compat configuration.
Add a 'status' option to the ipa-copmat-manage tool.
ticket 91
This disables debug output in the Apache log by default. If you want
increased output create /etc/ipa/server.conf and set it to:
[global]
debug=True
If this is too much output you can select verbose output instead:
[global]
debug=False
verbose=True
ticket 60
The problem was that parameters with no values are automatically
set to None by the framework and it wasn't handled properly in
baseldap.py:get_attributes function. Also, there were two logical
bugs in details.js:
1) atttribute callback to update values were called for input elements
instead of dt elements
2) it was always trying to update the primary key
Unfortunately we can't have any javascript in *.inc files, because
the browser will strip them for security reasons. I moved all the
attribute callbacks etc. to the only logical place: user.js.
It's fine for now, but user.js is going to need some serious cleaning
up in the future.
