IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
13,527 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
911992b8bf
Go to file
Florence Blanc-Renaud 911992b8bf ipa-adtrust-install: run remote configuration for new agents 
When ipa-adtrust-install is run, the tool detects masters that are
not enabled as trust agents and propose to configure them. With the
current code, the Schema Compat plugin is not enabled on these new
trust agents and a manual restart of LDAP server + SSSD is required.

With this commit, ipa-adtrust-install now calls remote code on the new
agents through JSON RPC api, in order to configure the missing parts.
On the remote agent, the command is using DBus and oddjob to launch
a new command,
/usr/libexec/ipa/oddjob/org.freeipa.server.trust-enable-agent [--enable-compat]
This command configures the Schema Compat plugin if --enable-compat is
provided, then restarts LDAP server and SSSD.

If the remote agent is an older version and does not support remote
enablement, or if the remote server is not responding, the tool
ipa-adtrust-install prints a WARNING explaining the steps that need
to be manually executed in order to complete the installation, and
exits successfully (keeping the current behavior).

Fixes: https://pagure.io/freeipa/issue/7600
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Sergey Orlov <sorlov@redhat.com>
2020-03-05 14:40:58 +01:00
.copr Adding auto COPR builds 2019-12-14 14:20:34 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client Print LDAP diagnostic messages on error 2020-01-17 15:47:00 +01:00
contrib lite-setup: configure lite-server test env 2020-01-24 08:35:47 -05:00
daemons kdb: make sure audit_as_req callback signature change is preserved 2020-02-17 16:03:11 +02:00
doc DSU: add Design for Disable Stale Users 2019-11-23 00:12:24 +01:00
init Move ipa's systemd tmpfiles from /var/run to /run 2018-10-15 10:04:33 +02:00
install ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipaclient Fix typo in idrange.py docstring 2020-02-14 09:48:50 +02:00
ipalib pylint: Clean up comment 2020-02-12 18:08:32 +02:00
ipaplatform ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipapython DNS install check: allow overlapping zone to be from the master itself 2019-12-12 18:24:44 +01:00
ipaserver ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipatests ipatests: fix TestSubCAkeyReplication 2020-03-05 07:20:15 +01:00
po Update translations 2019-11-12 17:08:43 +02:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
selinux selinux: Remove obsolete memcached access 2020-03-05 09:57:00 +01:00
util Print LDAP diagnostic messages on error 2020-01-17 15:47:00 +01:00
.freeipa-pr-ci.yaml Making nigthly test definition editable by FreeIPA's contributors 2018-07-27 09:50:06 +02:00
.git-commit-template git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org 2017-03-28 13:10:08 +02:00
.gitignore Integrate SELinux policy into build system 2020-03-05 09:57:00 +01:00
.lgtm.yml Improve Python configuration for LGTM 2018-10-26 18:04:23 +02:00
.mailmap Update mailmap 2019-04-24 09:47:31 +02:00
.tox-install.sh Avoid use of '/tmp' for pip operations 2019-07-16 13:23:21 +03:00
.wheelconstraints.in Use pylint 1.7.5 with fix for bad python3 import 2017-12-19 13:28:06 +01:00
ACI.txt Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
API.txt ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Azure: Make it possible to configure distro-specific stuff 2020-02-25 18:02:12 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac selinux: move BUILD_SELINUX_POLICY definition 2020-03-05 09:57:00 +01:00
Contributors.txt Update contributors 2019-11-12 20:49:18 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipa.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipasetup.py.in Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
makeapi.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
Makefile.am Integrate SELinux policy into build system 2020-03-05 09:57:00 +01:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am ipa-scripts: fix all ipa command line scripts to operate with -I 2019-09-19 10:44:09 -04:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py pylint: Synchronize pylint plugin to ipatests code 2020-02-12 18:08:32 +02:00
pylintrc Fix errors found by Pylint-2.4.3 2019-10-21 18:01:32 +11:00
README.md README: Update link to freeipa-devel archive 2019-03-20 17:32:43 +01:00
server.m4 selinux: move BUILD_SELINUX_POLICY definition 2020-03-05 09:57:00 +01:00
tox.ini Avoid use of '/tmp' for pip operations 2019-07-16 13:23:21 +03:00
VERSION.m4 ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
zanata.xml Zanata: exlude testing ipa.pot file 2016-11-21 14:47:47 +01:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts