IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,678 Commits 11 Branches 60 Tags
a55dfa99d8e5a1afbf86abcc4338b58f522ef970
Commit Graph

8678 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Drung
a55dfa99d8 Fix typo in description: python -> Python 2014-10-09 11:01:19 +02:00
Benjamin Drung
caf94b8cc6 Support backported versions of libapache2-mod-auth-kerb 2014-10-09 09:46:33 +02:00
Benjamin Drung
279009352a Fix bind-dyndb-ldap dependency to bind9-dyndb-ldap 2014-10-01 11:33:14 +02:00
Benjamin Drung
779a819976 Place /usr/share/ipa/generate-rndc-key.sh into freeipa-server 2014-10-01 11:28:40 +02:00
Timo Aaltonen
1d71be411c drop fix-pykerberos-api.diff, obsolete 2014-09-15 15:55:01 +03:00
Timo Aaltonen
6f5df82e6a install debian/generate-rndc-key.sh in rules, fix the name typo too 2014-09-15 15:27:51 +03:00
Timo Aaltonen
9e85d20bc1 a bunch of changes 
- add missing dependencies
- ship stub config files
- update platform code
- hack the path for dirsrv plugins (FIXME)
- use debian users for apache, bind
- add an initscript for ipa-memcached
- use dh_systemd
- ship generate-rndc-key.sh with the server
 2014-09-12 14:19:13 +03:00
Timo Aaltonen
9e09304f08 add slapi-nis to server depends 2014-09-11 22:59:56 +03:00
Timo Aaltonen
476e2be982 delete obsolete patch 2014-09-11 19:19:15 +03:00
Timo Aaltonen
1d8a0c1dd3 bump the version 2014-09-11 19:17:52 +03:00
Timo Aaltonen
767c009d48 Merge branch 'upstream' 2014-09-11 19:17:26 +03:00
Petr Viktorin
52cf28aae6 Become IPA 4.0.2 2014-09-05 18:48:17 +02:00
Rob Crittenden
2dd2fd7e1a No longer generate a machine certificate on client installs 
https://fedorahosted.org/freeipa/ticket/4449

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 17:51:29 +02:00
Jan Cholasta
8292b228b8 Backup CS.cfg before modifying it 
https://fedorahosted.org/freeipa/ticket/4166

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 16:11:23 +02:00
Petr Viktorin
b5870edb40 Fix: Add managed read permissions for compat tree and operational attrs 
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bf
ipa-4-0: 3e2c86aeab
ipa-4-1: 9bcd88589e

Thanks to Alexander Bokovoy for contributions

https://fedorahosted.org/freeipa/ticket/4521
 2014-09-05 15:39:42 +02:00
Petr Vobornik
3e987f6973 webui: extract complex pkey on Add and Edit 
DNS zone 'Add and Edit' failed because of new DNS name encoding.

This patch makes sure that keys are extracted properly.

https://fedorahosted.org/freeipa/ticket/4520

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-09-05 15:10:47 +02:00
David Kupka
0e07731904 Allow user to force Kerberos realm during installation. 
User can set realm not matching one resolved from DNS. This is useful especially
when DNS is missconfigured.

https://fedorahosted.org/freeipa/ticket/4444

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 14:50:36 +02:00
Jan Cholasta
7c690d7e12 Make CA-less ipa-server-install option --root-ca-file optional. 
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.

Document --root-ca-file in ipa-server-install man page.

https://fedorahosted.org/freeipa/ticket/4457

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 13:59:04 +02:00
Jan Cholasta
063cd7724d Add new NSSDatabase method get_cert for getting certs from NSS databases. 
Part of https://fedorahosted.org/freeipa/ticket/3737

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-05 13:59:04 +02:00
Petr Viktorin
3e2c86aeab Add managed read permissions for compat tree 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2014-09-05 13:50:29 +02:00
David Kupka
cabc9bf8b3 Do not restart apache server when not necessary. 
https://fedorahosted.org/freeipa/ticket/4352

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-05 13:17:13 +02:00
Martin Basti
3c6f83e41d Tests: DNS wildcard records 
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
Martin Basti
300a6a369e FIX DNS wildcard records (RFC4592) 
Make validation more strict

* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name

Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-09-05 12:29:29 +02:00
David Kupka
ff6e43cc14 Use certmonger D-Bus API instead of messing with its files. 
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.

>=certmonger-0.75.13 is needed for this to work.

https://fedorahosted.org/freeipa/ticket/4280

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:53:24 +02:00
Martin Basti
1dc9db49db Fix dnsrecord-mod raise error if last record attr is removed 
Removing last record attribute causes output type validation error

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-09-05 10:34:11 +02:00
Benjamin Drung
f288adcad1 Require libxmlrpc-core-c3-dev >= 1.33.14 (version 1.16.33-3.2 leads to a build failure). 2014-09-04 18:47:38 +02:00
Benjamin Drung
95abd3ff07 Run wrap-and-sort -s 2014-09-04 18:08:21 +02:00
Benjamin Drung
e26e277c5e Remove quilt dependency. 2014-09-04 18:07:23 +02:00
Benjamin Drung
6551749fa4 Refresh patches 2014-09-04 18:06:14 +02:00
Benjamin Drung
3b1054f97d Remove commands from override_dh_auto_clean which are run by dh_clean 2014-09-04 18:06:14 +02:00
Benjamin Drung
72fa547e2d Call dh_install in override_dh_install target 2014-09-04 18:06:14 +02:00
Benjamin Drung
fa38c70677 Do not use quilt dh plugin. We use 3.0 (quilt) format already. 2014-09-04 18:06:14 +02:00
Tomas Babej
6bb6671cb5 ipa-client-install: Do not add already configured sources to nsswitch.conf entries 
Makes sure that any new sources added are not already present
in the entry.

https://fedorahosted.org/freeipa/ticket/4508

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-04 13:39:13 +02:00
Jan Cholasta
b50528a7d9 Normalize external CA cert before passing it to pkispawn 
https://fedorahosted.org/freeipa/ticket/4019

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-04 12:13:11 +02:00
David Kupka
c1b680c54e Add record(s) to /etc/host when IPA is configured as DNS server. 
This is to avoid chicken-egg problem when directory server fails to start
without resolvable hostname and named fails to provide hostname without
directory server.

https://fedorahosted.org/freeipa/ticket/4220

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-03 16:03:31 +02:00
Nathaniel McCallum
4200af9b7a Ensure ipaUserAuthTypeClass when needed on user creation 
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.

https://fedorahosted.org/freeipa/ticket/4455

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2014-09-03 13:13:16 +02:00
Petr Viktorin
77e91623c6 permission plugin: Improve description of the target option 
https://fedorahosted.org/freeipa/ticket/4521

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-03 12:57:04 +02:00
Petr Viktorin
1044d09333 permission plugin: Make --target available in the CLI 
This was left out by mistake when permissions were refactored.
The API is already tested.

https://fedorahosted.org/freeipa/ticket/4522
 2014-09-03 12:16:43 +02:00
Petr Viktorin
4adefc3f5d freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequires 
This patch adds an explicit build dependency to
python-backports-ssl_match_hostname.
Without it, the build-time lint would fail.

https://fedorahosted.org/freeipa/ticket/4515

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-02 16:57:58 +02:00
Jan Cholasta
113b033ae5 Pick new CA renewal master when deleting a replica. 
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 16:25:33 +02:00
Jan Cholasta
4abe79f151 Add method for setting CA renewal master in LDAP to CAInstance. 
Allow checking and setting CA renewal master for non-local CA instances.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 16:25:33 +02:00
Jakub Hrozek
aa5d86cf84 CLIENT: Explicitly require python-backports-ssl_match_hostname 
Without python-backports-ssl_match_hostname installed, an ipa-client
installation could have failed with:
    from backports.ssl_match_hostname import match_hostname
    ImportError: No module named ssl_match_hostname

This patch adds an explicit dependency to
python-backports-ssl_match_hostname.

https://fedorahosted.org/freeipa/ticket/4515

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-09-02 16:18:13 +02:00
Jan Cholasta
8999300894 Allow changing CA renewal master in ipa-csreplica-manage. 
https://fedorahosted.org/freeipa/ticket/4039

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-09-02 15:28:51 +02:00
Timo Aaltonen
cea61e3312 add dnsutils to client deps 2014-09-02 11:00:01 +03:00
Alexander Bokovoy
5383f28510 ipaserver/dcerpc.py: Make sure trust is established only to forest root domain 
Part of https://fedorahosted.org/freeipa/ticket/4463

Reviewed-By: Sumit Bose <sbose@redhat.com>
 2014-09-01 08:42:52 +02:00
Alexander Bokovoy
c0b438e0a1 ipaserver/dcerpc.py: be more open to what domains can be seen through the forest trust 
https://fedorahosted.org/freeipa/ticket/4463

Reviewed-By: Sumit Bose <sbose@redhat.com>
 2014-09-01 08:42:52 +02:00
Alexander Bokovoy
4bf0aa88b9 ipaserver/dcerpc.py: Avoid hitting issue with transitive trusts on Windows Server prior to 2012 
http://msdn.microsoft.com/en-us/library/2a769a08-e023-459f-aebe-4fb3f595c0b7#id83

Reviewed-By: Sumit Bose <sbose@redhat.com>
 2014-09-01 08:42:52 +02:00
Alexander Bokovoy
56810434ec ipaserver/dcerpc.py: make PDC discovery more robust 
Certain operations against AD domain controller can only be done if its
FSMO role is primary domain controller. We need to use writable DC and
PDC when creating trust and updating name suffix routing information.

https://fedorahosted.org/freeipa/ticket/4479

Reviewed-By: Sumit Bose <sbose@redhat.com>
 2014-09-01 08:42:52 +02:00
Alexander Bokovoy
0abaf4a81d ipaserver/dcerpc.py: if search of a closest GC failed, try to find any GC 
https://fedorahosted.org/freeipa/ticket/4458

Reviewed-By: Sumit Bose <sbose@redhat.com>
 2014-09-01 08:42:52 +02:00
Gabe
b708001074 ipa trust-add command should be interactive 
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'

https://fedorahosted.org/freeipa/ticket/3034

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2014-08-25 12:32:29 +02:00