Use ipaplatform.constants in every corner instead of importing other bits or calling
some platform specific things, and remove most of the remaining hardcoded uid's.
https://fedorahosted.org/freeipa/ticket/5343
Reviewed-By: David Kupka <dkupka@redhat.com>
Wildcard imports should not be used.
Check for wildcard imports has been enabled in pylint.
Pylint note: options 'wildcard-import' causes too much false positive
results, so instead it I used 'unused-wildcard-import' option which has almost
the same effect.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
each service possessing Kerberos keytab/ccache will now perform their removal
before service principal creation and during service uninstall
https://fedorahosted.org/freeipa/ticket/5243
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
DNS installer allows to reinstall DNS and DNSSEC, so the status of
services should be stored only for first time.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reusing old ccache after reinstall causes authentication error. And
prevents DNSSEC from working.
Related to ticket: https://fedorahosted.org/freeipa/ticket/5273
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Use Python-3 compatible syntax, without breaking compatibility with py 2.7
- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
strict type checking checking, e.g. type(0).
https://fedorahosted.org/freeipa/ticket/4985
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit allows to replace or disable DNSSEC key master
Replacing DNSSEC master requires to copy kasp.db file manually by user
ipa-dns-install:
--disable-dnssec-master DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement
--force Skip checks
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
ipa-dns-install now uses LDAPI/autobind to connect to DS during the setup of
DNS/DNSSEC-related service and thus makes -p option obsolete.
Futhermore, now it makes more sense to use LDAPI also for API Backend
connections to DS and thus all forms of Kerberos auth were removed.
This fixes https://fedorahosted.org/freeipa/ticket/4933 and brings us closer
to fixing https://fedorahosted.org/freeipa/ticket/2957
Reviewed-By: Martin Basti <mbasti@redhat.com>
BindInstance et al. now use STARTTLS to set up secure connection to DS during
ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933
Reviewed-By: Martin Basti <mbasti@redhat.com>
Services hasn't been restored correctly, which causes disabling already
disabled services, or some service did not start. This patch fix these
issues.
Ticket: https://fedorahosted.org/freeipa/ticket/4869
Reviewed-By: David Kupka <dkupka@redhat.com>
