IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,686 Commits 11 Branches 60 Tags 60 MiB
5cd2f03482
Commit Graph

8686 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Timo Aaltonen
5cd2f03482 we don't have a similar systemwide ca-store as fedora 2014-10-14 15:19:20 +03:00
Timo Aaltonen
b1ed26d239 install the tmpfile conf too 2014-10-14 14:34:45 +03:00
Timo Aaltonen
2ceee8fbc8 fix check for bind9-dyndb-ldap 2014-10-14 13:48:37 +03:00
Timo Aaltonen
13738b4a1d install tmpfiles.d config 2014-10-14 13:47:46 +03:00
Benjamin Drung
1b2d7ba4f3 Fix typo 2014-10-09 12:41:58 +02:00
Benjamin Drung
163deeb9cd Remove execution bit from /etc/default/ipa-memcached 2014-10-09 12:25:47 +02:00
Benjamin Drung
22e7562a71 Fix manpage-has-errors-from-man warning (found by Lintian) 2014-10-09 11:49:05 +02:00
Benjamin Drung
be4448ddc9 Fix hyphen-used-as-minus-sign warning (found by Lintian) 2014-10-09 11:48:44 +02:00
Benjamin Drung
a55dfa99d8 Fix typo in description: python -> Python 2014-10-09 11:01:19 +02:00
Benjamin Drung
caf94b8cc6 Support backported versions of libapache2-mod-auth-kerb 2014-10-09 09:46:33 +02:00
Benjamin Drung
279009352a Fix bind-dyndb-ldap dependency to bind9-dyndb-ldap 2014-10-01 11:33:14 +02:00
Benjamin Drung
779a819976 Place /usr/share/ipa/generate-rndc-key.sh into freeipa-server 2014-10-01 11:28:40 +02:00
Timo Aaltonen
1d71be411c drop fix-pykerberos-api.diff, obsolete 2014-09-15 15:55:01 +03:00
Timo Aaltonen
6f5df82e6a install debian/generate-rndc-key.sh in rules, fix the name typo too 2014-09-15 15:27:51 +03:00
Timo Aaltonen
9e85d20bc1 a bunch of changes 
- add missing dependencies
- ship stub config files
- update platform code
- hack the path for dirsrv plugins (FIXME)
- use debian users for apache, bind
- add an initscript for ipa-memcached
- use dh_systemd
- ship generate-rndc-key.sh with the server
 2014-09-12 14:19:13 +03:00
Timo Aaltonen
9e09304f08 add slapi-nis to server depends 2014-09-11 22:59:56 +03:00
Timo Aaltonen
476e2be982 delete obsolete patch 2014-09-11 19:19:15 +03:00
Timo Aaltonen
1d8a0c1dd3 bump the version 2014-09-11 19:17:52 +03:00
Timo Aaltonen
767c009d48 Merge branch 'upstream' 2014-09-11 19:17:26 +03:00
Petr Viktorin
52cf28aae6 Become IPA 4.0.2 2014-09-05 18:48:17 +02:00
Rob Crittenden
2dd2fd7e1a No longer generate a machine certificate on client installs 
https://fedorahosted.org/freeipa/ticket/4449

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 17:51:29 +02:00
Jan Cholasta
8292b228b8 Backup CS.cfg before modifying it 
https://fedorahosted.org/freeipa/ticket/4166

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 16:11:23 +02:00
Petr Viktorin
b5870edb40 Fix: Add managed read permissions for compat tree and operational attrs 
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bf
ipa-4-0: 3e2c86aeab
ipa-4-1: 9bcd88589e

Thanks to Alexander Bokovoy for contributions

https://fedorahosted.org/freeipa/ticket/4521
 2014-09-05 15:39:42 +02:00
Petr Vobornik
3e987f6973 webui: extract complex pkey on Add and Edit 
DNS zone 'Add and Edit' failed because of new DNS name encoding.

This patch makes sure that keys are extracted properly.

https://fedorahosted.org/freeipa/ticket/4520

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-05 15:10:47 +02:00
David Kupka
0e07731904 Allow user to force Kerberos realm during installation. 
User can set realm not matching one resolved from DNS. This is useful especially
when DNS is missconfigured.

https://fedorahosted.org/freeipa/ticket/4444

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 14:50:36 +02:00
Jan Cholasta
7c690d7e12 Make CA-less ipa-server-install option --root-ca-file optional. 
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.

Document --root-ca-file in ipa-server-install man page.

https://fedorahosted.org/freeipa/ticket/4457

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 13:59:04 +02:00
Jan Cholasta
063cd7724d Add new NSSDatabase method get_cert for getting certs from NSS databases. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 13:59:04 +02:00
Petr Viktorin
3e2c86aeab Add managed read permissions for compat tree 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-05 13:50:29 +02:00
David Kupka
cabc9bf8b3 Do not restart apache server when not necessary. 
https://fedorahosted.org/freeipa/ticket/4352

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 13:17:13 +02:00
Martin Basti
3c6f83e41d Tests: DNS wildcard records 
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
Martin Basti
300a6a369e FIX DNS wildcard records (RFC4592) 
Make validation more strict

* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name

Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
David Kupka
ff6e43cc14 Use certmonger D-Bus API instead of messing with its files. 
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.

>=certmonger-0.75.13 is needed for this to work.

https://fedorahosted.org/freeipa/ticket/4280

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:53:24 +02:00
Martin Basti
1dc9db49db Fix dnsrecord-mod raise error if last record attr is removed 
Removing last record attribute causes output type validation error

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:34:11 +02:00
Benjamin Drung
f288adcad1 Require libxmlrpc-core-c3-dev >= 1.33.14 (version 1.16.33-3.2 leads to a build failure). 2014-09-04 18:47:38 +02:00
Benjamin Drung
95abd3ff07 Run wrap-and-sort -s 2014-09-04 18:08:21 +02:00
Benjamin Drung
e26e277c5e Remove quilt dependency. 2014-09-04 18:07:23 +02:00
Benjamin Drung
6551749fa4 Refresh patches 2014-09-04 18:06:14 +02:00
Benjamin Drung
3b1054f97d Remove commands from override_dh_auto_clean which are run by dh_clean 2014-09-04 18:06:14 +02:00
Benjamin Drung
72fa547e2d Call dh_install in override_dh_install target 2014-09-04 18:06:14 +02:00
Benjamin Drung
fa38c70677 Do not use quilt dh plugin. We use 3.0 (quilt) format already. 2014-09-04 18:06:14 +02:00
Tomas Babej
6bb6671cb5 ipa-client-install: Do not add already configured sources to nsswitch.conf entries 
Makes sure that any new sources added are not already present
in the entry.

https://fedorahosted.org/freeipa/ticket/4508

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-04 13:39:13 +02:00
Jan Cholasta
b50528a7d9 Normalize external CA cert before passing it to pkispawn 
https://fedorahosted.org/freeipa/ticket/4019

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-04 12:13:11 +02:00
David Kupka
c1b680c54e Add record(s) to /etc/host when IPA is configured as DNS server. 
This is to avoid chicken-egg problem when directory server fails to start
without resolvable hostname and named fails to provide hostname without
directory server.

https://fedorahosted.org/freeipa/ticket/4220

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-03 16:03:31 +02:00
Nathaniel McCallum
4200af9b7a Ensure ipaUserAuthTypeClass when needed on user creation 
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.

https://fedorahosted.org/freeipa/ticket/4455

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-09-03 13:13:16 +02:00
Petr Viktorin
77e91623c6 permission plugin: Improve description of the target option 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-03 12:57:04 +02:00
Petr Viktorin
1044d09333 permission plugin: Make --target available in the CLI 
This was left out by mistake when permissions were refactored.
The API is already tested.

https://fedorahosted.org/freeipa/ticket/4522
 2014-09-03 12:16:43 +02:00
Petr Viktorin
4adefc3f5d freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequires 
This patch adds an explicit build dependency to
python-backports-ssl_match_hostname.
Without it, the build-time lint would fail.

https://fedorahosted.org/freeipa/ticket/4515

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-02 16:57:58 +02:00
Jan Cholasta
113b033ae5 Pick new CA renewal master when deleting a replica. 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 16:25:33 +02:00
Jan Cholasta
4abe79f151 Add method for setting CA renewal master in LDAP to CAInstance. 
Allow checking and setting CA renewal master for non-local CA instances.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 16:25:33 +02:00
Jakub Hrozek
aa5d86cf84 CLIENT: Explicitly require python-backports-ssl_match_hostname 
Without python-backports-ssl_match_hostname installed, an ipa-client
installation could have failed with:
    from backports.ssl_match_hostname import match_hostname
    ImportError: No module named ssl_match_hostname

This patch adds an explicit dependency to
python-backports-ssl_match_hostname.

https://fedorahosted.org/freeipa/ticket/4515

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-02 16:18:13 +02:00