IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,004 Commits 11 Branches 60 Tags
955885d8d909592325f017e09af79d62d912dcd0
Commit Graph

8004 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jan Cholasta
955885d8d9 ldap: Move value encoding from IPASimpleLDAPObject to LDAPClient 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
964e7e906a makeaci: Use LDAPClient instead of IPASimpleLDAPObject 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
8dca1cbd53 cainstance: Use LDAPClient instead of IPASimpleLDAPObject 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
e1f7bcfbea ldap: Use LDAPClient instead of IPASimpleLDAPObject in ldap2.modify_password 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
32505157ea ldap: Use LDAPClient bind and unbind methods in ldap2 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
232e04d861 ldap: Use LDAPClient bind and unbind methods in IPAdmin 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
c904dea06a ldap: Add bind and unbind methods to LDAPClient 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
8f263df245 ldap: Use LDAPClient connection management in ldap2 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
45d9b82f40 ldap: Use LDAPClient connection management in IPAdmin 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
02e1ebe07c ldap: Add connection management to LDAPClient 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
a849bca53f ldap: Remove unused IPAdmin methods 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Jan Cholasta
b106450dbf ldap: Drop python-ldap tuple compatibility 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-16 06:58:31 +00:00
Thierry Bordaz
c20009123f User life cycle: allows MODRDN from ldap2 
enhance update_entry_rdn so that is allows
to move an entry a new superior

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-04-16 06:50:16 +00:00
Martin Babinsky
1bd099a114 do not install CA on replica during integration test if setup_ca=False 
The patch fixes bug in the construction of ipa-replica-install arguments in
test_integration/tasks.install_replica. Due to this bug the replica
installation during certain integration tests involved CA setup even when
setup_ca was set to False.

Reviewed-By: Milan Kubik <mkubik@redhat.com>
 2015-04-15 13:09:59 +02:00
Martin Babinsky
c8fae594df proper client host setup/teardown in forced client reenrollment integration test suite 
Replace setUp()/tearDown() methods with a pytest.fixture for proper client
setup/teardown during test_forced_client_reenrollment

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Milan Kubik <mkubik@redhat.com>
 2015-04-14 19:38:04 +02:00
Petr Vobornik
11bd9d96f1 performance: faster DN implementation 
DN code was optimized to be faster if DNs are created from string. This is
the major use case, since most DNs come from LDAP.

With this patch, DN creation is almost 8-10x faster (with 30K-100K DNs).

Second mojor use case - deepcopy in LDAPEntry is about 20x faster - done by
custom __deepcopy__ function.

The major change is that DN is no longer internally composed  of RDNs and
AVAs but it rather keeps the data in open ldap format - the same as output
of str2dn function. Therefore, for immutable DNs, no other transformations
are required on instantiation.

The format is:

DN: [RDN, RDN,...]
RDN: [AVA, AVA,...]
AVA: ['utf-8 encoded str - attr', 'utf-8 encode str -value', FLAG]
FLAG: int

Further indexing of DN object constructs an RDN which is just an encapsulation
of the RDN part of open ldap representation. Indexing of RDN constructs AVA in
the same fashion.

Obtained EditableAVA, EditableRDN from EditableDN shares the respected lists
of the open ldap repr. so that the change of value or attr is reflected in
parent object.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2015-04-14 19:31:54 +02:00
Martin Basti
0a1a3d7312 DNSSEC CI tests 
Tests:
* install master, replica, then instal DNSSEC on master
  * test if zone is signed (added on master)
  * test if zone is signed (added on replica)

* install master with DNSSEC, then install replica
  * test if root zone is signed
  * add zone, verify signatures using our root zone

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Milan Kubik <mkubik@redhat.com>
 2015-04-14 19:29:36 +02:00
Martin Basti
b9c5744031 Server Upgrade: only root can run updates 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
d09706a8c8 Server Upgrade: restart DS using ipaplatfom service 
Removes extra class DSRestart which do the same thing

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
b605ccc94b Server Upgrade: use ldap2 connection in fix_replica_agreements 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
4aec9d2280 Server Upgrade: Handle connection better in updates_from_dict 
Connection should be closed if update is done

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
0e752aab29 Server Upgrade: plugins should use ldapupdater API instance 
This is required to have proper LDAP connection in plugins

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
f24f614396 Server Upgrade: specify order of plugins in update files 
* add 'plugin' directive
* specify plugins order in update files
* remove 'run plugins' options
* use ldapupdater API instance in plugins
* add update files representing former PreUpdate and PostUpdate order of plugins

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
cc19b5a76a Server Upgrade: Apply plugin updates immediately 
Preparation to moving plugins executin into update files.
* remove apply_now flag
* plugins will return only (restart, modifications)

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
b4ca5c57d2 Server Upgrade: remove unused code in upgrade 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Martin Basti
13c4631813 Server Upgrade: use only LDAPI connection 
Use only ldapi connection to execute upgrade

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-14 19:25:47 +02:00
Gabe
e537fd202e Add message for skipping NTP configuration during client install 
https://fedorahosted.org/freeipa/ticket/3092

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-14 19:12:47 +02:00
Petr Vobornik
efcd48ad01 webui: use no_members option in entity select search 
Obtaining member information for entity selects is not needed and it
causes unwanted performance hit, especially with larger groups.

This patch removes it.

https://fedorahosted.org/freeipa/ticket/4948

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-04-14 19:05:20 +02:00
Petr Vobornik
f7eeaa4ce0 webui: unable to select single value in CB by enter key 
Fix: If editable combobox has one value, the value is selected and changed by hand, it can't be re-selected by enter key.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-04-14 19:03:53 +02:00
Thierry bordaz (tbordaz)
d1691eee88 User life cycle: stageuser-add verb 
Add a accounts plugin (accounts class) that defines
variables and methods common to 'users' and 'stageuser'.
accounts is a superclass of users/stageuser

Add the stageuser plugin, with support of stageuser-add verb.

Reviewed By: David Kupka, Martin Basti, Jan Cholasta

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-08 08:19:09 +02:00
Thierry bordaz (tbordaz)
c3ede5f1e9 User Life Cycle: Exclude subtree for ipaUniqueID generation 
IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX'

Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree'

https://fedorahosted.org/freeipa/ticket/3813

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-08 08:19:09 +02:00
Martin Basti
b92136cba2 Fix ldap2 shared connection 
Since API is not singleton anymore, ldap2 connections should not be
shared by default.

https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-04-02 12:26:04 +00:00
Martin Babinsky
c311af06f6 fix improper handling of boolean option in 
read_replica_info_kra_enabled

This patch fixes https://fedorahosted.org/freeipa/ticket/4530.

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 11:31:27 +00:00
Martin Babinsky
4192cce80e do not log BINDs to non-existent users as errors 
https://fedorahosted.org/freeipa/ticket/4889

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-04-02 08:59:25 +00:00
Ales 'alich' Marecek
ca96ecbf40 Ipatests DNS SOA Record Maintenance 
https://fedorahosted.org/freeipa/ticket/4746

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 08:56:32 +00:00
Milan Kubik
59f024487e ipatests: port of p11helper test from github 
Ported the github hosted [1] script to use pytest's abilities
and included it in ipatests/test_ipapython directory.

[1]: https://github.com/spacekpe/freeipa-pkcs11/blob/master/python/run.py

https://fedorahosted.org/freeipa/ticket/4829

Signed-off-by: Martin Basti <mbasti@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-04-02 08:51:27 +00:00
Martin Basti
1216da8b9f DNSSEC: Do not log into files 
We want to log DNSSEC daemons only into console (journald)

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-04-02 08:45:08 +00:00
Martin Basti
b5e941d49b Server Upgrade: Fix comments 
https://fedorahosted.org/freeipa/ticket/4904

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-04-02 08:42:43 +00:00
David Kupka
b9657975b7 Bump ipa.conf version to 17. 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
David Kupka
5a03462bfc Use mod_auth_gssapi instead of mod_auth_kerb. 
https://fedorahosted.org/freeipa/ticket/4190

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
David Kupka
8c72e2efad Remove unused part of ipa.conf. 
Separate configuration of '/var/www/cgi-bin' is no longer needed legacy from
IPA 1.0.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-03-30 13:06:12 +00:00
Nathan Kinder
f0c1daf7a2 Skip time sync during client install when using --no-ntp 
When --no-ntp is specified during ipa-client-install, we still
attempt to perform a time sync before obtaining a TGT from the
KDC.  We should not be attempting to sync time with the KDC if
we are explicitly told to not configure ntp.

Ticket: https://fedorahosted.org/freeipa/ticket/4842
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-03-26 18:30:19 +01:00
Alexander Bokovoy
1b781b777f slapi-nis: require 0.54.2 for CVE-2015-0283 fixes 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-26 15:03:44 +01:00
Sumit Bose
c1114ef825 extdom: fix wrong realloc size 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
 2015-03-26 14:58:37 +01:00
Alexander Bokovoy
704c79d91d fix Makefile.am for daemons 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Sumit Bose <sbose@redhat.com>
 2015-03-26 14:58:37 +01:00
Martin Babinsky
e8d4f6dba1 show the exception message thrown by dogtag._parse_ca_status during install 
https://fedorahosted.org/freeipa/ticket/4885

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
 2015-03-26 14:46:56 +01:00
Martin Babinsky
5a5e1a2494 migrate-ds: print out failed attempts when no users/groups are migrated 
This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and
https://fedorahosted.org/freeipa/ticket/4952.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2015-03-23 13:08:41 +01:00
Jan Cholasta
fa50068607 upload_cacrt: Fix empty cACertificate in cn=CAcert 
https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Jan Cholasta
572d68b539 client: Fix ca_is_enabled calls 
The command was added in API version 2.107. Old IPA servers may crash with
NetworkError on ca_is_enabled, handle this case gracefully.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00
Jan Cholasta
95a628cfb9 client-install: Do not crash on invalid CA certificate in LDAP 
When CA certificates in LDAP are corrupted, use the otherwise acquired CA
certificates from before.

https://fedorahosted.org/freeipa/ticket/4565

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-03-19 14:38:34 +00:00