IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-01 11:47:11 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,577 Commits 11 Branches 59 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
52ea3a6b29
Go to file
Martin Kosek 52ea3a6b29 Refactor dnsrecord processing 
Current DNS record processing architecture has many flaws,
including custom execute() methods which does not take advantage
of base LDAP commands or nonstandard and confusing DNS record
option processing.

This patch refactors DNS record processing with the following
improvements:
 * Every DNS record has now own Parameter type. Each DNS record
   consists from one or more "parts" which are also Parameters.
   This architecture will enable much easier implementation of
   future per-DNS-type API.
 * Validation is now not written as a separate function for
   every parameter but is delegated to DNS record parts.
 * Normalization is also delegated to DNS record parts.
 * Since standard LDAP base commands execute method is now used,
   dnsrecord-add and dnsrecord-mod correctly supports --setattr
   and --addattr options.
 * In order to prevent confusion unsupported DNS record types
   are now hidden. They are still present in the plugin so that
   old clients receive proper validation error.

The patch also contains several fixes:
 * Fix domain-name validation and normalization- allow domain
   names that are not fully qualified. For example --cname-rec=bar
   is a valid domain-name for bind which will translate it then
   as bar.<owning-domain>. This change implies, that fully qualified
   domain names must end with '.'.
 * Do not let user accidentally remove entire zone with command
   "ipa dnsrecord-del @ --del-all".
 * Fix --ttl and --class option processing in dnsrecord-add and
   dnsrecord-mod.

All API changes are compatible with clients without this patch.

https://fedorahosted.org/freeipa/ticket/2082
2012-01-12 09:43:05 +01:00
.tx Add Transifex tx client configuration file 2011-03-07 16:05:33 -05:00
checks Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
contrib ticket 2022 - modify codebase to utilize IPALogManager, obsoletes logging 2011-11-23 09:36:18 +01:00
daemons ipa-kdb: Create PAC's KDC checksum with right key 2012-01-11 17:34:21 -05:00
doc Rename included snippets to avoid problems with pylint 2011-11-22 17:04:03 +02:00
init Add support for systemd environments and use it to support Fedora 16 2011-10-24 15:10:11 +02:00
install Added IP address validator to Host and DNS record adder dialog 2012-01-11 00:48:44 -06:00
ipa-client Require an HTTP Referer header in the server. Send one in ipa tools. 2011-12-12 17:36:45 -05:00
ipalib Refactor dnsrecord processing 2012-01-12 09:43:05 +01:00
ipapython User-add random password support 2011-12-12 00:17:07 -05:00
ipaserver Configure s4u2proxy during installation. 2012-01-10 22:39:26 -05:00
selinux daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
tests Refactor dnsrecord processing 2012-01-12 09:43:05 +01:00
util Add missing copyright header 2011-11-17 16:15:24 -05:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
API.txt Refactor dnsrecord processing 2012-01-12 09:43:05 +01:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Rename ipa.spec.in to freeipa.spec.in in BUILD.txt. 2011-02-10 17:52:43 -05:00
Contributors.txt Add Ondrej Hamada to Contributors.txt 2011-11-10 19:57:31 -05:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
freeipa.spec.in Configure s4u2proxy during installation. 2012-01-10 22:39:26 -05:00
ipa Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
ipa-compliance.cron Add support for tracking and counting entitlements 2011-02-02 10:00:38 -05:00
ipa.1 daemons: Remove ipa_kpasswd 2011-08-26 08:26:08 -04:00
lite-server.py rename static to ui 2011-01-20 14:12:47 +00:00
make-doc This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
make-lint ticket 2172 - If "make rpms" fails so will the next make 2011-12-08 08:33:00 +01:00
make-test Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
make-testcert Make data type of certificates more obvious/predictable internally. 2011-06-21 19:09:50 -04:00
makeapi Finalize plugin initialization on demand. 2011-11-22 00:52:24 -05:00
Makefile Remove old RPMROOT contents before it is used for rpmbuild 2011-12-09 10:03:41 +01:00
MANIFEST.in Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
README Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup-client.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup.py Add plugin framework to LDAP updates. 2011-11-22 23:57:10 -05:00
TODO Parse comma-separated lists of values in all parameter types. This can be enabled for a specific parameter by setting the "csv" option to True. 2011-11-30 17:08:35 +01:00
VERSION HBAC test optional sourcehost option 2012-01-09 08:49:10 +02:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Quick Start
  -----------

  To get started quickly, start here:
  <https://fedorahosted.org/freeipa/wiki/QuickStartGuide>

  Licensing
  ---------

  Please see the file called COPYING.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa