freeipa/install/tools
Rob Crittenden 04e9056ec2 Make the installer/uninstaller more aware of its state
We have had a state file for quite some time that is used to return
the system to its pre-install state. We can use that to determine what
has been configured.

This patch:
- uses the state file to determine if dogtag was installed
- prevents someone from trying to re-install an installed server
- displays some output when uninstalling
- re-arranges the ipa_kpasswd installation so the state is properly saved
- removes pkiuser if it was added by the installer
- fetches and installs the CA on both masters and clients
2010-05-03 13:41:18 -06:00
..
man Remove incorrect option -U for --uninstall. -U is short for --unattended. 2010-04-16 09:28:08 -04:00
ipa-compat-manage Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-dns-install Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-fix-CVE-2008-3274 Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-ldap-updater Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-nis-manage Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-replica-install Use correct name for CA PKCS#12 file. 2010-04-23 04:56:20 -06:00
ipa-replica-manage Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-replica-prepare Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-server-certinstall Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
ipa-server-install Make the installer/uninstaller more aware of its state 2010-05-03 13:41:18 -06:00
ipa-upgradeconfig Better upgrade detection so we don't print spurious errors 2009-09-15 17:42:36 -04:00
ipactl Add status option to ipactl 2010-02-09 04:07:33 -07:00
Makefile.am Add ipa-dns-install script 2010-02-09 15:45:35 -05:00
README Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

Required packages:

krb5-server
fedora-ds-base
fedora-ds-base-devel
openldap-clients
openldap-devel
krb5-server-ldap
cyrus-sasl-gssapi
httpd
mod_auth_kerb
ntp
openssl-devel
nspr-devel
nss-devel
mozldap-devel
mod_python
gcc
python-ldap
TurboGears
python-kerberos
python-krbV
python-tgexpandingformwidget
python-pyasn1

Installation example:

TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is
           fixed.

Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/
to patch your init scripts before running ipa-server-install. This tells
FDS where to find its kerberos keytab.

Things done as root are denoted by #. Things done as a unix user are denoted
by %.

# cd freeipa
# patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch

Now to do the installation.

# cd freeipa
# make install

To start an interactive installation use:
# /usr/sbin/ipa-server-install 

For more verbose output add the -d flag run the command with -h to see all options

You have a basic working system with one super administrator (named admin).

To create another administrative user:

% kinit admin@FREEIPA.ORG
% /usr/sbin/ipa-adduser -f Test -l User test
% ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org
% /usr/sbin/ipa-groupmod -a test admins

An admin user is just a regular user in the group admin.

Now you can destroy the old ticket and log in as test:

% kdestroy
% kinit test@FREEIPA.ORG
% /usr/sbin/ipa-finduser test