freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Author	SHA1	Message	Date
Martin Basti	cc19b5a76a	Server Upgrade: Apply plugin updates immediately Preparation to moving plugins executin into update files. * remove apply_now flag * plugins will return only (restart, modifications) https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-14 19:25:47 +02:00
Martin Basti	b4ca5c57d2	Server Upgrade: remove unused code in upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-14 19:25:47 +02:00
Martin Basti	13c4631813	Server Upgrade: use only LDAPI connection Use only ldapi connection to execute upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-14 19:25:47 +02:00
Gabe	e537fd202e	Add message for skipping NTP configuration during client install https://fedorahosted.org/freeipa/ticket/3092 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-04-14 19:12:47 +02:00
Petr Vobornik	efcd48ad01	webui: use no_members option in entity select search Obtaining member information for entity selects is not needed and it causes unwanted performance hit, especially with larger groups. This patch removes it. https://fedorahosted.org/freeipa/ticket/4948 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-04-14 19:05:20 +02:00
Petr Vobornik	f7eeaa4ce0	webui: unable to select single value in CB by enter key Fix: If editable combobox has one value, the value is selected and changed by hand, it can't be re-selected by enter key. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-04-14 19:03:53 +02:00
Thierry bordaz (tbordaz)	d1691eee88	User life cycle: stageuser-add verb Add a accounts plugin (accounts class) that defines variables and methods common to 'users' and 'stageuser'. accounts is a superclass of users/stageuser Add the stageuser plugin, with support of stageuser-add verb. Reviewed By: David Kupka, Martin Basti, Jan Cholasta https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-08 08:19:09 +02:00
Thierry bordaz (tbordaz)	c3ede5f1e9	User Life Cycle: Exclude subtree for ipaUniqueID generation IPA UUID should not generate ipaUniqueID for entries under 'cn=provisioning,SUFFIX' Add in the configuration the ability to set (optional) 'ipaUuidExcludeSubtree' https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-08 08:19:09 +02:00
Martin Basti	b92136cba2	Fix ldap2 shared connection Since API is not singleton anymore, ldap2 connections should not be shared by default. https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2015-04-02 12:26:04 +00:00
Martin Babinsky	c311af06f6	fix improper handling of boolean option in read_replica_info_kra_enabled This patch fixes https://fedorahosted.org/freeipa/ticket/4530. Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-04-02 11:31:27 +00:00
Martin Babinsky	4192cce80e	do not log BINDs to non-existent users as errors https://fedorahosted.org/freeipa/ticket/4889 Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-04-02 08:59:25 +00:00
Ales 'alich' Marecek	ca96ecbf40	Ipatests DNS SOA Record Maintenance https://fedorahosted.org/freeipa/ticket/4746 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-04-02 08:56:32 +00:00
Milan Kubik	59f024487e	ipatests: port of p11helper test from github Ported the github hosted [1] script to use pytest's abilities and included it in ipatests/test_ipapython directory. [1]: https://github.com/spacekpe/freeipa-pkcs11/blob/master/python/run.py https://fedorahosted.org/freeipa/ticket/4829 Signed-off-by: Martin Basti <mbasti@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-04-02 08:51:27 +00:00
Martin Basti	1216da8b9f	DNSSEC: Do not log into files We want to log DNSSEC daemons only into console (journald) https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-04-02 08:45:08 +00:00
Martin Basti	b5e941d49b	Server Upgrade: Fix comments https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-04-02 08:42:43 +00:00
David Kupka	b9657975b7	Bump ipa.conf version to 17. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>	2015-03-30 13:06:12 +00:00
David Kupka	5a03462bfc	Use mod_auth_gssapi instead of mod_auth_kerb. https://fedorahosted.org/freeipa/ticket/4190 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>	2015-03-30 13:06:12 +00:00
David Kupka	8c72e2efad	Remove unused part of ipa.conf. Separate configuration of '/var/www/cgi-bin' is no longer needed legacy from IPA 1.0. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>	2015-03-30 13:06:12 +00:00
Nathan Kinder	f0c1daf7a2	Skip time sync during client install when using --no-ntp When --no-ntp is specified during ipa-client-install, we still attempt to perform a time sync before obtaining a TGT from the KDC. We should not be attempting to sync time with the KDC if we are explicitly told to not configure ntp. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-03-26 18:30:19 +01:00
Alexander Bokovoy	1b781b777f	slapi-nis: require 0.54.2 for CVE-2015-0283 fixes Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-03-26 15:03:44 +01:00
Sumit Bose	c1114ef825	extdom: fix wrong realloc size Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sumit Bose <sbose@redhat.com>	2015-03-26 14:58:37 +01:00
Alexander Bokovoy	704c79d91d	fix Makefile.am for daemons Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Sumit Bose <sbose@redhat.com>	2015-03-26 14:58:37 +01:00
Martin Babinsky	e8d4f6dba1	show the exception message thrown by dogtag._parse_ca_status during install https://fedorahosted.org/freeipa/ticket/4885 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>	2015-03-26 14:46:56 +01:00
Martin Babinsky	5a5e1a2494	migrate-ds: print out failed attempts when no users/groups are migrated This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and https://fedorahosted.org/freeipa/ticket/4952. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-03-23 13:08:41 +01:00
Jan Cholasta	fa50068607	upload_cacrt: Fix empty cACertificate in cn=CAcert https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 14:38:34 +00:00
Jan Cholasta	572d68b539	client: Fix ca_is_enabled calls The command was added in API version 2.107. Old IPA servers may crash with NetworkError on ca_is_enabled, handle this case gracefully. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 14:38:34 +00:00
Jan Cholasta	95a628cfb9	client-install: Do not crash on invalid CA certificate in LDAP When CA certificates in LDAP are corrupted, use the otherwise acquired CA certificates from before. https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 14:38:34 +00:00
Jan Cholasta	39e474e14e	certstore: Make certificate retrieval more robust https://fedorahosted.org/freeipa/ticket/4565 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 14:38:34 +00:00
Martin Basti	c3d441ae03	Server Upgrade: remove --test option As --test option is not used for developing, and it is not recommended to test if upgrade will pass, this path removes it copmletely. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:48:41 +01:00
Tomas Babej	4190b1a47c	Revert "Server Upgrade: respect --test option in plugins" This reverts commit `c95c4849ae`.	2015-03-19 12:48:06 +01:00
Martin Basti	c95c4849ae	Server Upgrade: respect --test option in plugins Several plugins do the LDAP data modification directly. In test mode these plugis should not be executed. https://fedorahosted.org/freeipa/ticket/3448 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:40:24 +01:00
Martin Basti	a42fcfc18b	Server Upgrade: order update files by default https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:37:09 +01:00
Martin Basti	0c7274ead8	Server Upgrade: Update entries in order specified in file Dictionary replaced with list. Particular upgrades are executed in the same order as they are specified in update a file. Different updates for the smae cn, are not merged into one upgrade https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:37:09 +01:00
Martin Basti	144bc6c1eb	Server Upgrade: Set modified to false, before each update Variable self.modified should be set to false before each run of update Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:37:09 +01:00
Martin Basti	10bc6bd0bf	Server Upgrade: Upgrade one file per time * Files are sorted alphabetically, no numbering required anymore * One file updated per time Ticket: https://fedorahosted.org/freeipa/ticket/3560 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:37:09 +01:00
Martin Basti	bb1d7a741c	Server Upgrade: do not sort updates by DN Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:37:09 +01:00
Martin Basti	d3f5d5d1ff	Server Upgrade: Remove unused PRE_SCHEMA_UPDATE This is not used anymore. Ticket: https://fedorahosted.org/freeipa/ticket/4904 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-03-19 12:33:22 +01:00
Sumit Bose	d0d79ada37	extdom: migrate check-based test to cmocka Besides moving the existing tests to cmocka two new tests are added which were missing from the old tests. Related to https://fedorahosted.org/freeipa/ticket/4922 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2015-03-18 13:33:38 +01:00
Lukas Slebodnik	6ce47d86db	SPEC: Require python2 version of sssd bindings Python modules pysss and pysss_murmur was part of package sssd-common. Fedora 22 tries to get rid of python2 and therefore these modules were extracted from package sssd-common to separate packages python-sss and python-sss-murmur and python3 version of packages python3-sss python3-sss-murmur git grep "pysss" \| grep import ipalib/plugins/trust.py: import pysss_murmur #pylint: disable=F0401 ipaserver/dcerpc.py:import pysss ipaserver/dcerpc.py is pacakged in freeipa-server-trust-ad palib/plugins/trust.py is packaged in freeipa-python Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-03-18 13:13:58 +01:00
Lukas Slebodnik	e152836047	SPEC: Explicitly requires python-sssdconfig Resolves: https://fedorahosted.org/freeipa/ticket/4929 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-03-18 13:13:58 +01:00
Sumit Bose	6cc6a3ceec	extdom: add selected error messages Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2015-03-18 12:57:54 +01:00
Sumit Bose	02bd676939	extdom: add add_err_msg() with test Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2015-03-18 12:57:54 +01:00
Sumit Bose	5bf0592505	extdom: add err_msg member to request context Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>	2015-03-18 12:57:54 +01:00
David Kupka	082c55fb9c	Always reload StateFile before getting or modifying the stored values. This change does not solve using multiple instances of StateFile concurently because there is no use for it in near future. Instead this solves an issue of loosing records when more instances of StateFile are interleaved in sequential code. https://fedorahosted.org/freeipa/ticket/4901 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-03-18 12:42:16 +01:00
Martin Babinsky	26d6c6fbbb	ipa-dns-install: use LDAPI to connect to DS ipa-dns-install now uses LDAPI/autobind to connect to DS during the setup of DNS/DNSSEC-related service and thus makes -p option obsolete. Futhermore, now it makes more sense to use LDAPI also for API Backend connections to DS and thus all forms of Kerberos auth were removed. This fixes https://fedorahosted.org/freeipa/ticket/4933 and brings us closer to fixing https://fedorahosted.org/freeipa/ticket/2957 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-03-18 12:31:23 +01:00
Martin Babinsky	7b6bee030d	ipa-dns-install: use STARTTLS to connect to DS BindInstance et al. now use STARTTLS to set up secure connection to DS during ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-03-18 12:31:23 +01:00
Nathan Kinder	a58b77ca9c	Timeout when performing time sync during client install We use ntpd now to sync time before fetching a TGT during client install. Unfortuantely, ntpd will hang forever if it is unable to reach the NTP server. This patch adds the ability for commands run via ipautil.run() to have an optional timeout. This capability is used by the NTP sync code that is run during ipa-client-install. Ticket: https://fedorahosted.org/freeipa/ticket/4842 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-03-16 15:55:26 +01:00
Gabe	fbf192f0e2	ipa-replica-prepare can only be created on the first master https://fedorahosted.org/freeipa/ticket/4944 Reviewed-By: Martin Kosek <mkosek@redhat.com>	2015-03-13 14:46:45 +01:00
Martin Basti	6af49259c2	Fix dead code in ipap11helper module https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-03-11 14:32:20 +01:00
Sumit Bose	8dac096ae3	extdom: fix memory leak Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2015-03-10 12:13:43 +01:00

1 2 3 4 5 ...

7981 Commits