mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Go to file

Florence Blanc-Renaud e052c2dce0 ipa-sam: create the gidNumber attribute in the trusted domain entry When a trusted domain entry is created, the uidNumber attribute is created but not the gidNumber attribute. This causes samba to log Failed to find a Unix account for DOM-AD$ because the samu structure does not contain a group_sid and is not put in the cache. The fix creates the gidNumber attribute in the trusted domain entry, and initialises the group_sid field in the samu structure returned by ldapsam_getsampwnam. This ensures that the entry is put in the cache. Note that this is only a partial fix for 6660 as it does not prevent _netr_ServerAuthenticate3 from failing with the log _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client VM-AD machine account dom-ad.example.com. https://pagure.io/freeipa/issue/6827 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>		2017-04-07 12:38:35 +02:00
asn1	Build: fix distribution of asn1/asn1c files	2016-11-09 13:08:32 +01:00
client	Clarify meaning of --domain and --realm in installers	2017-01-05 09:47:25 +01:00
contrib	Add copy-schema-to-ca for RHEL6 to contrib/	2017-03-14 15:16:20 +01:00
daemons	ipa-sam: create the gidNumber attribute in the trusted domain entry	2017-04-07 12:38:35 +02:00
doc	scripts, tests: explicitly set confdir in the rest of server code	2017-02-22 08:07:48 +00:00
init	Use Custodia 0.3.1 features	2017-03-28 15:02:06 +02:00
install	Add --password-expiration to allow admin to force user password expiration	2017-03-31 12:19:40 +02:00
ipaclient	csrgen: Beginnings of NSS database support	2017-04-03 07:46:30 +00:00
ipalib	setup, pylint, spec file: drop python-nss dependency	2017-03-31 12:20:35 +02:00
ipaplatform	collect audit.log for easier selinux investigation	2017-04-06 10:08:54 +02:00
ipapython	Remove publish_ca_cert() method from NSSDatabase	2017-04-03 13:06:29 +00:00
ipaserver	idrange-add: properly handle empty --dom-name option	2017-04-05 10:15:51 +02:00
ipatests	collect audit.log for easier selinux investigation	2017-04-06 10:08:54 +02:00
po	Update 4.5 translations	2017-03-15 17:44:14 +01:00
pypi	Add placeholders for ipaplatform, ipaserver and ipatests	2017-03-02 14:43:37 +01:00
util	C compilation fixes and hardening	2017-03-01 10:38:01 +01:00
.git-commit-template	git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org	2017-03-28 13:10:08 +02:00
.gitignore	IPA certauth plugin	2017-03-27 09:52:57 +02:00
.mailmap	Update Contributors.txt	2017-02-23 10:16:44 +01:00
.test_runner_config.yaml	Travis CI: invoke integration test helper scripts before test execution	2017-03-22 14:18:51 +01:00
.travis_run_task.sh	Travis CI: actually return non-zero exit status when the test job fails	2017-01-09 15:22:51 +01:00
.travis.yml	Run test_ipaclient test suite	2017-03-14 17:14:26 +01:00
.wheelconstraints.in	Constrain wheel package versions	2017-03-22 15:16:25 +01:00
ACI.txt	Add --password-expiration to allow admin to force user password expiration	2017-03-31 12:19:40 +02:00
API.txt	Add --password-expiration to allow admin to force user password expiration	2017-03-31 12:19:40 +02:00
autogen.sh	build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches	2010-11-29 11:39:55 -05:00
BUILD.txt	We don't offer no quickies	2017-03-06 13:13:10 +01:00
configure.ac	Add an option to build ipaserver wheels	2017-04-03 13:08:52 +02:00
Contributors.txt	Update Contributors.txt	2017-02-23 10:16:44 +01:00
COPYING	Change FreeIPA license to GPLv3+	2010-12-20 17:19:53 -05:00
COPYING.openssl	Add a clear OpenSSL exception.	2015-02-23 16:25:54 +01:00
freeipa.spec.in	Don't hard-code with_wheels	2017-04-03 13:08:52 +02:00
ignore_import_errors.py	makeapi, makeaci: do not fail on missing imports	2016-10-24 14:11:08 +02:00
ipa	Revert "Switch /usr/bin/ipa to Python 3"	2016-06-14 13:07:04 +02:00
ipasetup.py.in	Add an option to build ipaserver wheels	2017-04-03 13:08:52 +02:00
make-doc	Make an ipa-tests package	2013-06-17 19:22:50 +02:00
make-test	Use pytest conftest.py and drop pytest.ini	2017-01-05 17:37:02 +01:00
makeaci	makeapi, makeaci: do not fail on missing imports	2016-10-24 14:11:08 +02:00
makeapi	Python3 pylint fixes	2016-11-25 16:18:22 +01:00
Makefile.am	Add an option to build ipaserver wheels	2017-04-03 13:08:52 +02:00
Makefile.python.am	Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb	2017-03-15 13:48:23 +01:00
makerpms.sh	Build: update makerpms.sh to use same paths as rpmbuild	2016-11-16 09:12:07 +01:00
pylint_plugins.py	Add options to run only ipaclient unittests	2017-03-17 15:02:13 +01:00
pylintrc	setup, pylint, spec file: drop python-nss dependency	2017-03-31 12:20:35 +02:00
README.md	Change README to use Markdown	2017-03-02 16:55:57 +01:00
server.m4	server: make sure we test for sss_nss_getlistbycert	2017-03-29 10:34:59 +02:00
VERSION.m4	Add --password-expiration to allow admin to force user password expiration	2017-03-31 12:19:40 +02:00
zanata.xml	Zanata: exlude testing ipa.pot file	2016-11-21 14:47:47 +01:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based managment tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

Allows all your users to access all the machines with the same credentials and security settings
Allows users to access personal files transparently from any machine in an authenticated and secure way
Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
Enables delegation of selected administrative tasks to other power users
Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

LDAP Server - based on the 389 project
KDC - based on MIT Kerberos implementation
PKI based on Dogtag project
Samba libraries for Active Directory integration
DNS Server based on BIND and the Bind-DynDB-LDAP plugin

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

Licensing

Please see the file called COPYING.

Contacts

If you want to be informed about new code releases, bug fixes, security fixes, general news and information about the IPA server subscribe to the freeipa-announce mailing list at https://www.redhat.com/mailman/listinfo/freeipa-interest/ .
If you have a bug report please submit it at: https://pagure.io/freeipa/issues
If you want to participate in actively developing IPA please subscribe to the freeipa-devel mailing list at https://www.redhat.com/mailman/listinfo/freeipa-devel/ or join us in IRC at irc://irc.freenode.net/freeipa