freeipa/install/tools
Rob Crittenden 559c76f761 Add option to the installer for uid/gid starting numbers.
This also adds a new option to the template system. If you include
eval(string) in a file that goes through the templater then the
string in the eval will be evaluated by the Python interpreter. This is
used so one can do $UIDSTART+1. If any errors occur during the evaluation
the original string is is returned, eval() and all so it is up to the
developer to make sure the evaluation passes.

The default value for uid and gid is now a random value between
1,000,000 and (2^31 - 1,000,000)
2009-08-27 14:15:26 -04:00
..
man Add option to the installer for uid/gid starting numbers. 2009-08-27 14:15:26 -04:00
ipa-compat-manage Rename errors2.py to errors.py. Modify all affected files. 2009-04-23 10:29:14 -04:00
ipa-fix-CVE-2008-3274 Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
ipa-ldap-updater Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
ipa-nis-manage Enable the portmap or rpcbind service if the NIS service is enabled 2009-05-21 14:51:04 -06:00
ipa-replica-install Enable ldapi connections in the management framework. 2009-08-27 13:36:58 -04:00
ipa-replica-manage Fix replica installation for self-signed CA (no dogtag) 2009-05-04 17:42:03 -04:00
ipa-replica-prepare Allow replicas of an IPA server using an internal dogtag server as the CA 2009-07-15 09:00:01 -04:00
ipa-server-certinstall Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
ipa-server-install Add option to the installer for uid/gid starting numbers. 2009-08-27 14:15:26 -04:00
ipa-upgradeconfig Rename ipa-python directory to ipapython so it is a real python library 2009-02-09 14:35:15 -05:00
ipactl Don't try to start/stop the old web UI 2009-02-05 09:32:53 -05:00
Makefile.am New tool to enable/disable DS plugin to act as NIS server 2009-05-13 14:09:56 -04:00
README Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test