Commit Graph

17 Commits

Author SHA1 Message Date
Marko Myllynen
6c9b6548cc Don't remove /tmp when removing temp cert dir
If /tmp happens to be empty os.removedirs() happily removes it...

https://fedorahosted.org/freeipa/ticket/1843
2011-09-22 22:02:54 -04:00
Jan Cholasta
9e7a3e7f3c Make sure that hostname specified by user is not an IP address.
ticket 1375
2011-07-25 01:47:52 -04:00
Rob Crittenden
02df85bb2e Make ipa-client-install error messages more understandable and relevant.
* Check remote LDAP server to see if it is a V2 server
* Replace numeric return values with alphanumeric constants
* Display the error message from the ipa-enrollment extended op
* Remove generic join failed error message when XML-RPC fails
* Don't display Certificate subject base when enrollment fails
* Return proper error message when LDAP bind fails

https://fedorahosted.org/freeipa/ticket/1417
2011-07-19 20:41:54 -04:00
Martin Kosek
95b4040f6b KDC autodiscovery may fail when domain is not realm
When ipa-client-install autodiscovers IPA server values it
doesn't fill the fixed KDC address to Kerberos configuration
file. However, when realm != domain or the autodiscovered values
are overridden, installation may fail because it cannot find the
KDC.

This patch adds a failover to use static KDC address in case when
such an issue occurs.

https://fedorahosted.org/freeipa/ticket/1100
2011-05-17 08:56:22 +02:00
Rob Crittenden
b3a85890ef Make retrieval of the CA during DNS discovery non-fatal.
ticket 1135
2011-03-30 10:03:56 -04:00
Jr Aquino
32e4914584 18 Use TLS for ipadiscovery during ipa-client-install https://fedorahosted.org/freeipa/ticket/974 2011-02-21 16:09:37 -05:00
Jakub Hrozek
7493d781df Change FreeIPA license to GPLv3+
The changes include:
 * Change license blobs in source files to mention GPLv3+ not GPLv2 only
 * Add GPLv3+ license text
 * Package COPYING not LICENSE as the license blobs (even the old ones)
   mention COPYING specifically, it is also more common, I think

 https://fedorahosted.org/freeipa/ticket/239
2010-12-20 17:19:53 -05:00
Rob Crittenden
74e5d8c2af Better distinguish between when DNS discovery works and search more domains.
Passing domain and server on the command-line used to be considered as
DNS autodiscovery worked. This was problematic if there was in fact no
SRV records because krb5.conf would be configured without a specific KDC
causing all Kerberos ops to fail.

Now if you pass in a domain/server it still tries to see if they are
discoverable and if so won't hardcode a server, but will fall back to doing
so if necessary.

Also be a lot more aggressive on looking for the SRV records. Use the
search and domain values from /etc/resolv.conf on the chance that the
SRV records aren't in the domain of the hostname of the machine.

An example of this would be if your laptop is in dhcp.example.com and
your company's SRV records are in corp.example.com. Searching
dhcp.example.com and example.com won't find the SRV records but the user
is likely to have corp.redhat.com in the search list, at least.

ticket 234
2010-09-20 16:04:30 -04:00
Rob Crittenden
060662f320 Better LDAP error handling in ipa-client-install 2009-12-01 09:52:14 -07:00
Rob Crittenden
262ff2d731 Rename ipa-python directory to ipapython so it is a real python library
We used to install it as ipa, now installing it as ipapython. The rpm
is still ipa-python.
2009-02-09 14:35:15 -05:00
Rob Crittenden
ff3ca61f73 Handle exceptions more gracefully on systems with python-ldap 2.2.0
442136
2008-04-14 18:23:29 -04:00
Rob Crittenden
7fd656477a Prevent server and domain from being undefined or blank when we need them
Improve LDAP error reporting
Don't return the str() of discovery values because it can return "None"

436130
2008-03-05 16:33:12 -05:00
Rob Crittenden
97d9c235dd Set the license uniformly to GPLv2 only. 2008-02-04 15:15:52 -05:00
Rob Crittenden
042fb11fa1 Fix issues reported by rpmlint.
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
  ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
  site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
2008-01-18 16:20:36 -05:00
Simo Sorce
c0b809efd5 Move dnsclient into ipa-python so that I will be able to use it in ipaconfig 2007-12-10 16:31:21 -05:00
Simo Sorce
12b46527c6 Complete autodiscovery with autoconfiguration
The code is still not perfect and rely on a yet unreleased
nss_ldap package that fix dns discovery problems within nss_ldap
itself.
Also the manipulation of krb5.conf need to be improved
2007-08-30 19:40:54 -04:00
Simo Sorce
0e419aa4bf Add a prototype client tool to configure a client of the IPA server
Right now it does only discovery (or fallback)
2007-08-16 18:00:16 -04:00