IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,814 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
51601ac794
Go to file
Martin Kosek 51601ac794 Treat UPGs correctly in winsync replication 
IPA winsync plugin failed to replicate users when default user group
was non-posix even though User Private Groups (UPG) were enabled
on the server. Both their uidNumber and gidNumber were empty and
they missed essential object classes. When the default user group
was made posix and UPG was disabled it did not set gidNumber to
the default group gidNumber.

This patch improves this behavior to set gidNumber correctly
according to UPG configuration and the default group status
(posix/non-posix). 4 situations can occur, the following list
specifies what value is assigned to user gidNumber:
 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber
 2) Default group posix, UPG disabled: gidNumber = default
    group gidNumber
 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber
 4) Default group non-posix, UPG disabled: an error is printed to
    the dirsrv log as the gidNumber cannot be retrieved. User
    is replicated in the same way as before this patch, i.e.
    without essential object classes.

https://fedorahosted.org/freeipa/ticket/2436
2012-03-15 09:57:37 +01:00
.tx Add Transifex tx client configuration file 2011-03-07 16:05:33 -05:00
checks Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
contrib ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23 09:36:18 +01:00
daemons Treat UPGs correctly in winsync replication 2012-03-15 09:57:37 +01:00
doc Replace float with Decimal 2012-01-20 08:13:44 +01:00
init Disable false pylint error in freeipa-systemd-upgrade 2012-02-15 00:26:18 -05:00
install Add subject key identifier to the dogtag server cert profile. 2012-03-15 09:55:03 +01:00
ipa-client More exception handlers in ipa-client-install 2012-03-09 15:48:27 +01:00
ipalib Display serial number as HEX (DECIMAL) when showing certificates. 2012-03-14 04:40:35 -04:00
ipapython Fix NSS no_init in the NSSHTTPS class 2012-03-04 20:03:21 -05:00
ipaserver Add subject key identifier to the dogtag server cert profile. 2012-03-15 09:55:03 +01:00
selinux daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
tests Display serial number as HEX (DECIMAL) when showing certificates. 2012-03-14 04:40:35 -04:00
util ipa-kdb: add AS auditing support 2012-02-14 18:03:45 -05:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore ignore generated services file. 2012-02-07 15:52:02 +01:00
API.txt Fix API.txt and VERSION to reflect new sudoOrder option. 2012-03-01 22:24:26 -05:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Rename ipa.spec.in to freeipa.spec.in in BUILD.txt. 2011-02-10 17:52:43 -05:00
Contributors.txt Add Petr Viktorín to Contributors.txt 2012-02-10 11:57:53 +01:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
freeipa.spec.in Set minimum version of selinux-policy to pick up memcached fix 2012-03-11 22:36:44 -04:00
ipa Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
ipa-compliance.cron Add support for tracking and counting entitlements 2011-02-02 10:00:38 -05:00
ipa.1 Don't set delegation flag in client, we're using S4U2Proxy now 2012-02-15 17:08:33 +01:00
lite-server.py Tweak the session auth to reflect developer consensus. 2012-02-27 05:54:29 -05:00
make-doc This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
make-lint Log a message when returning non-success HTTP result 2012-02-28 23:15:41 -05:00
make-test Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
make-testcert Make data type of certificates more obvious/predictable internally. 2011-06-21 19:09:50 -04:00
makeapi Finalize plugin initialization on demand. 2011-11-22 00:52:24 -05:00
Makefile Remove old RPMROOT contents before it is used for rpmbuild 2011-12-09 10:03:41 +01:00
MANIFEST.in Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
README Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup-client.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup.py Add plugin framework to LDAP updates. 2011-11-22 23:57:10 -05:00
TODO Parse comma-separated lists of values in all parameter types. This can be enabled for a specific parameter by setting the "csv" option to True. 2011-11-30 17:08:35 +01:00
VERSION Fix API.txt and VERSION to reflect new sudoOrder option. 2012-03-01 22:24:26 -05:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Quick Start
  -----------

  To get started quickly, start here:
  <https://fedorahosted.org/freeipa/wiki/QuickStartGuide>

  Licensing
  ---------

  Please see the file called COPYING.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa