IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
983 Commits 11 Branches 60 Tags
c80ecc8c2af350483f3316727395cb0e5bb3600e
Commit Graph

983 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rich Megginson
c80ecc8c2a Added ipa-winsync-config.c - this handles dynamic configuration via the DSE callbacks, and gets default values from various configuration entries in the IPA tree 2008-10-13 14:09:04 -04:00
Rich Megginson
61b5a95dd1 Added support for posixAccount -lookup attribute containing the homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute 2008-10-13 14:09:03 -04:00
Rich Megginson
6454956d51 Added the new IPA WinSync Plug-in Work done so far * added the new plugin to makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list 2008-10-13 14:09:03 -04:00
Rich Megginson
0951496593 Initial addition of ipa-winsync plugin 2008-10-13 14:09:02 -04:00
Martin Nagy
83fa46a706 ipa-pwpolicy: correctly compare minlife and maxlife Fixes: 463849 2008-10-08 16:44:51 +02:00
Martin Nagy
574ca532b5 Fix a typo in ipa-modgroup causing it to fail Fixes: 463567 2008-10-08 16:44:51 +02:00
Martin Nagy
9b8f7b1eac ipa-change-master-key: Really exit when not run as root Also fix this for ipa-fix-CVE-2008-3274 2008-09-24 20:09:35 +02:00
Rob Crittenden
4d8a255c06 Fix segfault in ipa-getkeytab 
463548
 2008-09-24 18:04:28 -04:00
Rob Crittenden
7b799d8c6f Fix class declaration to work with Python 2.4 2008-09-19 23:09:59 -04:00
Martin Nagy
a62b85a233 Fix architecture detection in ldapupdate 2008-09-19 17:25:05 +02:00
Rob Crittenden
ca07cdb390 Add detection to the update tool to detect when it would apply changes. 
Remove SUP name from RFC2307bis.update to match FDS
 2008-09-19 18:04:40 -04:00
Simo Sorce
b4938f5e35 Fix syntax error 2008-09-18 17:23:13 -04:00
Simo Sorce
f6cd489909 We were assuming that, if the realm was correct then also the 
rest of the krb5.conf configuration were. This clearly breaks
with the default EXAMPLE.COM realm configuratrion. Furthermore
it makes it not possible to try to 'fix' an installation by
rerruninng ipa-client-install

This patch removes the special case and avoids krb5.conf only
if the on_master flag is passed.
Fix also one inner 'if' statement to be simpler to understand.
 2008-09-18 17:23:12 -04:00
Simo Sorce
bc70a5146f Remove reference to very unlikely service examples that are not 
currently kerberized (and may never be due to their nature).
 2008-09-18 17:23:12 -04:00
Martin Nagy
8683c23e9d Restart httpd and dirsrv services after yum upgrade. 
Fixes: 441566
 2008-09-17 23:06:33 +02:00
Martin Nagy
1913996584 Don't try to discover servers if we specified them on command line. 2008-09-17 23:06:23 +02:00
Martin Nagy
1634e09973 Add standard override options to ipa-replica-prepare 
Fixes: 462489
 2008-09-17 23:06:18 +02:00
Rob Crittenden
00d54a5668 Move the bulk of ipa-ldap-updater into a python library. 
This significantly simplifies the tool and makes it possible to apply
updates from the installer without forking off another process.
 2008-09-17 20:56:18 -04:00
Rob Crittenden
f736253b93 Run the LDAP updater at the end of the installation process. 
Running at the end ensures that /etc/ipa/ipa.conf is created and generally
makes it more likely to succeed.

Added a new argument to ipa-server-installl, -y <password_file>, so we
don't have to pass it on the command-line.
 2008-09-17 20:56:08 -04:00
Rob Crittenden
aa8c4a53bf Allow passwords to work without a tty ala: echo password | some_program 2008-09-17 20:56:03 -04:00
Rob Crittenden
661dee8c03 Add more development packages to test for 2008-09-12 20:37:36 -04:00
Rob Crittenden
88960f1597 Sort updates by DN length and by default process all files in the updates dir. 
The updates directory is currently hardcoded to /usr/share/ipa/updates.

All of the files are read into memory and then sorted by the length of the DN.
This is so we can be sure that parent entries are added before children.

Also add a man page.
 2008-09-12 20:07:48 -04:00
Rob Crittenden
1eec34393b Update files for the schema compatibility plugin and RFC4876 profiles 
Also handle syntax errors a bit more gracefully and allow the updater to
work on more than one file at a time.

Adjust to new config.py and use a custom exception class for syntax errors.

Also fix a error in parsing the separate files

Include slapi-nis in Requires

Includes work provided by Martin Nagy

460055
 2008-09-12 20:07:41 -04:00
Rob Crittenden
ec57bc3e44 Tool for doing configuration updates over LDAP 
This tool takes as input a file which contains basically an LDIF, prefixed
with a command: default, add, remove or only. These define the operations
to perform such as adding new entries, adding new sub-entries to an existing
entry, adding or modifying attributes in a record.

If an index entry is modified a task is created to re-create the index.

Schema may be added using this tool.

454031
 2008-09-12 20:06:46 -04:00
Rob Crittenden
d33b7fc839 The True/False logic was reversed, so "no" meant remove the existing instance 2008-09-12 19:38:48 -04:00
Rob Crittenden
567bab9850 Fix error where usage wasn't being updated properly 2008-09-12 18:14:22 -04:00
Martin Nagy
b5ee09c097 Fix spelling. 2008-09-12 00:03:50 +02:00
Martin Nagy
f33c57e6f8 Fix the -G option of ipa-adduser. Don't add the user if one of the groups doesn't exist. Fixes: 459801 2008-09-11 23:39:28 +02:00
Martin Nagy
fa019e932d Ignore GSS exception when iterating through server list. Fixes: 459864 2008-09-11 23:38:41 +02:00
Martin Nagy
a9e8a72059 Try servers from ipa.conf even if we specified them on the command line. 2008-09-11 23:34:01 +02:00
Martin Nagy
7206a6d43c More strict input checks in ipa-pwpolicy and return non-zero when unsuccessful. Fixes: 461213, 461325, 461332, 461543 2008-09-11 23:34:01 +02:00
Martin Nagy
885103c321 Rework config.py and change cli tools. Maintain order of IPA servers from command line, config and DNS. Parse options before detecting IPA configuration. Don't ignore rest of the options if one is missing in ipa.conf. Drop the --usage options, we will rely on --help. Fixes: 458869, 459070, 458980, 459234 2008-09-11 23:34:01 +02:00
Simo Sorce
57669ba432 Add script to simplify operations to fix CVE 2008 3274 
Import all of change master key directly into the help fix,
allows for better control
 2008-09-10 15:07:42 -04:00
Simo Sorce
8e7c98eb7f CVE 2008 3274 related fixes 2008-09-10 15:07:33 -04:00
Simo Sorce
89ed5a0277 Add a tool to change the kerberos Master Key in case an admin wants to. 
This tool will dump and re-encrypt all keys, then reload and change
the master key in LDAP and in the stash file.
It will also restart the Directory Server and the the KDC
 2008-09-10 15:07:26 -04:00
Simo Sorce
86afc680cd Retrieve the kerberos configuration every time a new, it will be a bit slower 
but will allow for changing configurations without having to restart DS.
Password operations are slow and rare enough this is an acceptable compromise.
 2008-09-10 15:07:17 -04:00
Rob Crittenden
76bf420754 Display name as separate attributes instead of showing common name. 
We allow one to individually set first and last name but we do not
automatically update the common name so changes don't seem to happen.

451318
 2008-08-22 18:02:20 -04:00
Rob Crittenden
c7ee747ee5 Add options to display a subset of delegations and return 2 if none are found. 
452027
 2008-08-22 17:57:09 -04:00
Simo Sorce
2846083979 Add 2 features to ipa-getkeytab: 
1. Allow to specify the salt type along with the enctype
2. Allow to specify a password instead of forcing a random secret
 2008-08-21 11:04:59 -04:00
Simo Sorce
2659fb0eb4 Minor bugs found while testing stuff. 
- wrong import in certs.py makes ipa-replica-manage fail
- close the fs after the stash file is written so that the file is updated
  immediately and not when the fd is garbage collected
 2008-08-21 11:04:52 -04:00
Rob Crittenden
ff82c4c1e5 Limit the mod_rewrite rules to just /ipa 
459209
 2008-08-21 09:48:48 -04:00
Rob Crittenden
e9bde984e0 Add tool to manage IPA Search and User policy 
448624, 448625
 2008-08-20 17:39:46 -04:00
Simo Sorce
0c6aeee6f1 Fix segfault cause by empty target entry 2008-08-19 11:14:27 -04:00
Rob Crittenden
548c169c5a Create temporary files used in self-signed cert requests in a temporary directory and ensure that it gets cleaned up when we're done with it. 
458159
 2008-08-15 11:05:31 -04:00
Simo Sorce
c5b44f77a1 Comment out code that generates keys with a random salt, apparently this does not work as expected and generates faulty keys 2008-08-15 08:54:44 +02:00
Martin Nagy
828c9b9cdd Delete old mercurial files. 2008-08-15 08:54:37 +02:00
Rob Crittenden
4be5d862a6 When installing with an IPA-created CA generate the Firefox autoconfiguration files. 
458871
 2008-08-14 18:07:52 -04:00
Rob Crittenden
8edc9aa8aa Make Proxy directive wildcard match more specific so we can play nicer with other apps. 
459061
 2008-08-14 14:55:39 -04:00
Rob Crittenden
a013fe5cc2 Fix some copy/paste and other syntax errors from the validators commit. 
450613, 457124
 2008-08-14 14:55:35 -04:00
Simo Sorce
cee4b2cc1e Fix usage of mozldap libraries, 
thanks to W. Michael Petullo <mike@flyn.org> for finding the problem.
 2008-08-13 15:57:43 -04:00