mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
b29de6bf27
This disables all but the ldapi listener in DS so it will be quiet when we perform our upgrades. It is expected that any other clients that also use ldapi will be shut down by other already (krb5 and dns). Add ldapi as an option in ipaldap and add the beginning of pure offline support (e.g. direct editing of LDIF files). |
||
---|---|---|
.. | ||
man | ||
ipa-compat-manage | ||
ipa-dns-install | ||
ipa-fix-CVE-2008-3274 | ||
ipa-ldap-updater | ||
ipa-nis-manage | ||
ipa-replica-install | ||
ipa-replica-manage | ||
ipa-replica-prepare | ||
ipa-server-certinstall | ||
ipa-server-install | ||
ipa-upgradeconfig | ||
ipactl | ||
Makefile.am | ||
README |
Required packages: krb5-server fedora-ds-base fedora-ds-base-devel openldap-clients openldap-devel krb5-server-ldap cyrus-sasl-gssapi httpd mod_auth_kerb ntp openssl-devel nspr-devel nss-devel mozldap-devel mod_python gcc python-ldap TurboGears python-kerberos python-krbV python-tgexpandingformwidget python-pyasn1 Installation example: TEMPORARY: until bug https://bugzilla.redhat.com/show_bug.cgi?id=248169 is fixed. Please apply the fedora-ds.init.patch in freeipa/ipa-server/ipa-install/share/ to patch your init scripts before running ipa-server-install. This tells FDS where to find its kerberos keytab. Things done as root are denoted by #. Things done as a unix user are denoted by %. # cd freeipa # patch -p0 < ipa-server/ipa-install/share/fedora-ds.init.patch Now to do the installation. # cd freeipa # make install To start an interactive installation use: # /usr/sbin/ipa-server-install For more verbose output add the -d flag run the command with -h to see all options You have a basic working system with one super administrator (named admin). To create another administrative user: % kinit admin@FREEIPA.ORG % /usr/sbin/ipa-adduser -f Test -l User test % ldappasswd -Y GSSAPI -h localhost -s password uid=test,cn=users,cn=accounts,dc=freeipa,dc=org % /usr/sbin/ipa-groupmod -a test admins An admin user is just a regular user in the group admin. Now you can destroy the old ticket and log in as test: % kdestroy % kinit test@FREEIPA.ORG % /usr/sbin/ipa-finduser test