freeipa/install
Petr Vobornik 88f7154f7f webui: prevent infinite reload for users with krbbprincipal alias set
Web UI has inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2016-07-01 08:53:35 +02:00
..
certmonger ipa-certupdate: track lightweight CA certificates 2016-06-29 08:52:29 +02:00
conf mod_auth_gssapi: enable unique credential caches names 2016-06-24 16:06:49 +02:00
ffextension webui: append network.negotiate-auth.trusted-uris 2014-09-11 09:41:51 +02:00
html Added warning to user for Internet Explorer 2016-04-28 14:28:11 +02:00
migration Remove unused imports 2015-12-23 07:59:22 +01:00
oddjob makeaci, makeapi, oddjob: use the default API context 2016-06-30 14:09:24 +02:00
po Updated IPA translations 2016-06-21 12:48:17 +02:00
restart_scripts Update lightweight CA serial after renewal 2016-06-29 08:52:29 +02:00
share Fix wrong imports in copy-schema-to-ca.py 2016-06-30 14:28:14 +02:00
tools Fix replica install with CA 2016-06-30 13:18:51 +02:00
ui webui: prevent infinite reload for users with krbbprincipal alias set 2016-07-01 08:53:35 +02:00
updates Add missing nsSystemIndex attributes 2016-06-27 10:49:51 +02:00
wsgi Modernize 'except' clauses 2015-08-12 18:17:23 +02:00
configure.ac CONFIGURE: Replace obsolete macros 2016-03-08 20:02:27 +01:00
Makefile.am trusts: add support for one-way trust and switch to it by default 2015-07-08 01:56:52 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.