Go to file
Christian Heimes 3c98187988 Consider configured servers as valid
Under some conditions, ipa config-show and several other commands were
failing with error message:

  ERROR: invalid 'PKINIT enabled server': all masters must have IPA master role enabled

Amongst others the issue can be caused by a broken installation, when
some services are left in state 'configuredServices'. The problem even
block uninstallation or removal of replicas. Now configured servers are
also consider valid providers for associated roles.

A new test verifies that config-show works with hidden and configured HTTP
service.

Remark: The original intent of the sanity check is no longer clear to me. I
think it was used to very that all services can be started by ipactl.
Since ipactl starts hidden, configured, and enabled services, the new
logic reflect the fact, too.

Fixes: https://pagure.io/freeipa/issue/7929
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2019-04-29 16:51:40 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client Deprecate ipa-client-install --request-cert 2019-04-24 16:23:17 +02:00
contrib Update mod_nss cipher list so there is overlap with a 4.x master 2019-02-04 09:12:29 +01:00
daemons Fix inconsistent-return-statements in ipa-dnskeysync-replica 2019-04-24 08:10:45 +02:00
doc Add design draft 2019-03-28 17:57:58 +01:00
init Move ipa's systemd tmpfiles from /var/run to /run 2018-10-15 10:04:33 +02:00
install ipactl restart: fix wrong logic when checking service list 2019-04-26 17:26:00 +02:00
ipaclient Make ipaclient.discovery usable from command line 2019-04-26 12:53:23 +02:00
ipalib Pass token_name to certmonger 2019-04-25 08:57:58 +02:00
ipaplatform Correct path to systemd-detect-virt 2019-04-26 12:47:51 +02:00
ipapython Make python-ldap optional for PyPI packages 2019-04-26 12:53:23 +02:00
ipaserver Consider configured servers as valid 2019-04-29 16:51:40 +02:00
ipatests Consider configured servers as valid 2019-04-29 16:51:40 +02:00
po Update translations from Zanata 2019-04-24 09:47:31 +02:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
util Compile IPA modules with C11 extensions 2019-02-07 12:33:45 +01:00
.freeipa-pr-ci.yaml Making nigthly test definition editable by FreeIPA's contributors 2018-07-27 09:50:06 +02:00
.git-commit-template git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org 2017-03-28 13:10:08 +02:00
.gitignore Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
.lgtm.yml Improve Python configuration for LGTM 2018-10-26 18:04:23 +02:00
.mailmap Update mailmap 2019-04-24 09:47:31 +02:00
.test_runner_config.yaml Enable firewall in the tests for PR CI 2019-01-11 20:01:54 +01:00
.tox-install.sh tox testing support for client wheel packages 2017-04-12 16:53:22 +02:00
.travis_run_task.sh Remove Python 2 support and packages 2018-09-06 17:39:00 +02:00
.travis.yml Remove Python 2 support and packages 2018-09-06 17:39:00 +02:00
.wheelconstraints.in Use pylint 1.7.5 with fix for bad python3 import 2017-12-19 13:28:06 +01:00
ACI.txt radiusproxy: add permission for reading radius proxy servers 2018-11-13 12:40:44 +01:00
API.txt oddjob: allow to pass options to trust-fetch-domains 2019-04-01 13:27:41 +02:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Update builddep command in BUILD.txt 2018-07-17 16:52:31 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
Contributors.txt Update list of contributors and sort them alphabetically 2019-04-24 09:47:31 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
ipa.in Rename Python scripts and add dynamic shebang 2018-08-23 14:49:06 +02:00
ipasetup.py.in Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Add constructors to ldap client 2019-02-05 08:39:13 -05:00
makeapi.in Remove Python 2 support and packages 2018-09-06 17:39:00 +02:00
Makefile.am Add missing deps for make pylint 2019-04-24 08:10:45 +02:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am Add missing deps for make pylint 2019-04-24 08:10:45 +02:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py Address pylint violations in lite-server 2018-11-13 13:37:58 +01:00
pylintrc pylintrc: ignore R1720 no-else-raise errors 2019-02-28 18:27:58 +01:00
README.md README: Update link to freeipa-devel archive 2019-03-20 17:32:43 +01:00
server.m4 Correcting detect typo in server.m4 2018-04-05 11:25:01 +02:00
tox.ini Make python-ldap optional for PyPI packages 2019-04-26 12:53:23 +02:00
VERSION.m4 oddjob: allow to pass options to trust-fetch-domains 2019-04-01 13:27:41 +02:00
zanata.xml Zanata: exlude testing ipa.pot file 2016-11-21 14:47:47 +01:00

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts