- Make sure timeouts are not too high, so that machine does not hang if remote
servers are not reachable
- Make sure root can always login no matter what the status of the ldap
servers
- use rfc2307bis schema directive
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
using nsswitch calls that read it and also take in account any other name
resolution mechanism that might be installed (like NIS lol :-).
This also should make the check support IPv6 transparently too (not tested)
is created.
We basically just need to add a check to see if we're to use a group
DN as the memberOf value when performing an operation on itself for
all operation types.
439450
values without specifying the values to delete in the memberOf
plug-in. Member entries were not being updated because the code
used the values in the mod to find the member entries to update.
The fix is to detect when a delete modify has no values specified
and just use the replace code since it compares the pre-op and
post-op copies of the group to figure out what member entries to
update.
439097
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
current value to prevent unnecessary LPAP updates (and failed writes)
Don't check against these lists on updates, only add them on new entries.
Disable the ability to configure in the UI these values for now.
438256
The DS setup program uses Perl and does a similar port available test.
It seems that perl always sets FD_CLOEXEC and python does not. This is
why the port test would pass in python but fail in perl.
439024
The memberOf attribute includes members that are directly in the group
via the "member" attribute and those that are included as a result of
being in a group that is in the group.
The UI needs to be able to distinguish between the two.
438706
Without this, an entry's memberOf attribute is not updated with
the new group DN when an indirect group is renamed.
This is in bugzilla for FDS as bz 438891.
This is used when a new replica is created as well as whenever a replica
is re-initialized from another master.
In order for this to work when not creating an instance the __init__
function needs to be able to determine the suffix and the dm_password
is needed.
I've also added the time to the RDN of the member task to ensure
uniqueness.
438222
This runs the risk of showing too much and confusing users but on the other
hand it often includes required information detailing why the error
occurred such as what attribute the user lacks write access too and why
changing a password failed.
438057
To build a package one need to run autoconf and then create a tarball of the
RHEL4 directory so that the content is like this:
$ ls -1 ipa-client-0.99.0
aclocal.m4
AUTHORS
autom4te.cache
ChangeLog
configure
configure.ac
COPYING
INSTALL
install-sh
ipachangeconf.py
ipa-client-setup
ipa.conf
Makefile.am
Makefile.in
missing
NEWS
README
setup.py
the spec file will then be able to build a package for RHEL4
we do updates, so use the right terminology internally. Also fix the actual
field we update (and grant permission appropriately in delegations).
The DS password handles updating userPassword and any Samba passwords
as necessary.
438256
This function was assuming that the target list was all lower-case so the
set could end up with duplicate values which would get kicked out by LDAP.
433680
