mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
559c76f761
This also adds a new option to the template system. If you include eval(string) in a file that goes through the templater then the string in the eval will be evaluated by the Python interpreter. This is used so one can do $UIDSTART+1. If any errors occur during the evaluation the original string is is returned, eval() and all so it is up to the developer to make sure the evaluation passes. The default value for uid and gid is now a random value between 1,000,000 and (2^31 - 1,000,000) |
||
---|---|---|
.. | ||
man | ||
ipa-compat-manage | ||
ipa-fix-CVE-2008-3274 | ||
ipa-ldap-updater | ||
ipa-nis-manage | ||
ipa-replica-install | ||
ipa-replica-manage | ||
ipa-replica-prepare | ||
ipa-server-certinstall | ||
ipa-server-install | ||
ipa-upgradeconfig | ||
ipactl | ||
Makefile.am | ||
README |
Required packages: krb5-server fedora-ds-base fedora-ds-base-devel openldap-clients openldap-devel krb5-server-ldap cyrus-sasl-gssapi httpd mod_auth_kerb ntp openssl-devel nspr-devel nss-devel mozldap-devel mod_python gcc python-ldap TurboGears python-kerberos python-krbV python-tgexpandingformwidget python-pyasn1 Installation example: TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is fixed. Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/ to patch your init scripts before running ipa-server-install. This tells FDS where to find its kerberos keytab. Things done as root are denoted by #. Things done as a unix user are denoted by %. # cd freeipa # patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch Now to do the installation. # cd freeipa # make install To start an interactive installation use: # /usr/sbin/ipa-server-install For more verbose output add the -d flag run the command with -h to see all options You have a basic working system with one super administrator (named admin). To create another administrative user: % kinit admin@FREEIPA.ORG % /usr/sbin/ipa-adduser -f Test -l User test % ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org % /usr/sbin/ipa-groupmod -a test admins An admin user is just a regular user in the group admin. Now you can destroy the old ticket and log in as test: % kdestroy % kinit test@FREEIPA.ORG % /usr/sbin/ipa-finduser test