IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-26 00:41:25 -06:00
Code Issues Packages Projects Releases Wiki Activity
14,499 Commits 11 Branches 59 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
e6f8d8bc9b
Go to file
Alexander Bokovoy e6f8d8bc9b ipasam: implement PASSDB getgrnam call 
ipasam already implemented retrieval of groups for MS-SAMR calls.
However, it did not have implementation of a group retrieval for the
path of lookup_name() function in Samba. The lookup_name() is used in
many places in smbd and winbindd.

With this change it will be possible to resolve IPA groups in Windows UI
(Security tab) and console (net localgroup ...). When Global Catalog
service is enabled, it will be possible to search for those groups as
well.

In Active Directory, security groups can be domain, domain local, local
and so on. In IPA, only domain groups exposed through ipasam because
SID generation plugin only supports adding SIDs to POSIX groups and
users. Thus, non-POSIX groups are not going to have SIDs associated and
will not be visible in both UNIX and Windows environments.

Group retrieval in Samba is implemented as a mapping between NT and
POSIX groups. IPA doesn't have explicit mapping tables. Instead, any
POSIX group in IPA that has a SID associated with it is considered a
domain group for Samba.

Finally, additional ACI is required to ensure attributes looked up by
ipasam are always readable by the trust agents.

Fixes: https://pagure.io/freeipa/issue/8660
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-01-22 12:21:33 -05:00
.copr Adding auto COPR builds 2019-12-14 14:20:34 +02:00
.github Let GH auto-notify and auto-close stale PRs 2020-05-06 20:17:01 +02:00
asn1 fix minor spelling mistakes 2017-05-19 09:52:46 +02:00
client Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
contrib lite-server: Fix werkzeug deprecation warnings 2020-06-08 14:23:56 +02:00
daemons ipasam: implement PASSDB getgrnam call 2021-01-22 12:21:33 -05:00
doc Update kdcpolicy design doc for jitter implementation 2020-11-17 14:27:28 +02:00
init systemd: enforce en_US.UTF-8 locale in systemd units 2020-12-10 14:38:05 +02:00
install ipasam: implement PASSDB getgrnam call 2021-01-22 12:21:33 -05:00
ipaclient Remove support for csrgen 2021-01-21 13:51:45 +01:00
ipalib Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
ipaplatform ipatests: clear initgroups cache in clear_sssd_cache 2021-01-06 16:41:50 +01:00
ipapython Added nsslapd-logging-hr-timestamps-enabled attribute in _SINGLE_VALUE_OVERRIDE table 2020-11-09 09:06:11 +01:00
ipaserver Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
ipasphinx Create ipasphinx package for Sphinx plugins 2020-04-28 20:03:21 +02:00
ipatests ipatests: fix discrepancies in nightly defs 2021-01-22 18:07:46 +01:00
po Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
pypi Cleanup shebang and executable bit 2018-07-05 19:46:42 +02:00
selinux selinux: modify policy to allow one-way trust 2021-01-09 12:33:58 +01:00
util ipa_pwd: Remove unnecessary conditional 2021-01-15 10:01:28 +01:00
.freeipa-pr-ci.yaml Making nigthly test definition editable by FreeIPA's contributors 2018-07-27 09:50:06 +02:00
.git-commit-template git-commit-template: update ticket url to use pagure.io instead of fedorahosted.org 2017-03-28 13:10:08 +02:00
.gitignore Add ccache sweeper files to gitignore 2021-01-19 11:49:20 +01:00
.lgtm.yml WebUI: use python3-rjsmin to minify JavaScript files 2020-05-12 09:50:28 +02:00
.mailmap mailmap: add ftweedal 2020-11-11 14:08:35 +02:00
.tox-install.sh tox: Don't expand symlinks 2020-08-31 09:46:03 +03:00
.wheelconstraints.in Use pylint 1.7.5 with fix for bad python3 import 2017-12-19 13:28:06 +01:00
ACI.txt Extend IPA pwquality plugin to include libpwquality support 2020-10-23 09:32:52 -04:00
API.txt Extend IPA pwquality plugin to include libpwquality support 2020-10-23 09:32:52 -04:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Bootstrap Sphinx documentation 2020-03-21 07:40:33 +02:00
CODE_OF_CONDUCT.md Changing Django's CoC to reflect FreeIPA CoC 2018-03-26 09:51:25 +02:00
configure.ac configure: Do not set -Wno-strict-aliasing -Wno-sign-compare 2021-01-15 14:11:56 +01:00
Contributors.txt Update list of contributors 2020-12-23 16:10:01 +02:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
COPYING.openssl Add a clear OpenSSL exception. 2015-02-23 16:25:54 +01:00
freeipa.doap.rdf Adding modified DOAP file 2018-06-22 11:02:40 -04:00
freeipa.spec.in Remove support for csrgen 2021-01-21 13:51:45 +01:00
ipa.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
ipasetup.py.in Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-test Use pytest conftest.py and drop pytest.ini 2017-01-05 17:37:02 +01:00
makeaci.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
makeapi.in Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
Makefile.am Fix make devcheck 2020-05-06 09:13:32 +02:00
Makefile.python.am Add PYTHON_INSTALL_EXTRA_OPTIONS and --install-layout=deb 2017-03-15 13:48:23 +01:00
Makefile.pythonscripts.am ipa-scripts: fix all ipa command line scripts to operate with -I 2019-09-19 10:44:09 -04:00
makerpms.sh Fix unnecessary usrmerge assumptions 2019-04-17 13:56:05 +02:00
pylint_plugins.py Add User and Group to all ipaplatform.constants 2020-09-22 09:23:18 -04:00
pylintrc pylint: Ignore raise-missing-from 2020-08-23 09:16:18 +03:00
README.md README: Update link to freeipa-devel archive 2019-03-20 17:32:43 +01:00
server.m4 extdom-extop: refactor tests to use unshare+chroot to override nss_files configuration 2020-08-04 18:43:22 +03:00
tox.ini Don't install csrgen extra dependencies 2021-01-21 15:47:51 -05:00
VERSION.m4 VERSION: back to git snapshots 2020-11-17 19:12:50 +02:00

README.md

FreeIPA Server

FreeIPA allows Linux administrators to centrally manage identity, authentication and access control aspects of Linux and UNIX systems by providing simple to install and use command line and web based management tools.

FreeIPA is built on top of well known Open Source components and standard protocols with a very strong focus on ease of management and automation of installation and configuration tasks.

FreeIPA can seamlessly integrate into an Active Directory environment via cross-realm Kerberos trust or user synchronization.

Benefits

FreeIPA:

  • Allows all your users to access all the machines with the same credentials and security settings
  • Allows users to access personal files transparently from any machine in an authenticated and secure way
  • Uses an advanced grouping mechanism to restrict network access to services and files only to specific users
  • Allows central management of security mechanisms like passwords, SSH Public Keys, SUDO rules, Keytabs, Access Control Rules
  • Enables delegation of selected administrative tasks to other power users
  • Integrates into Active Directory environments

Components

The FreeIPA project provides unified installation and management tools for the following components:

Project Website

Releases, announcements and other information can be found on the IPA server project page at http://www.freeipa.org/ .

Documentation

The most up-to-date documentation can be found at http://freeipa.org/page/Documentation .

Quick Start

To get started quickly, start here: http://www.freeipa.org/page/Quick_Start_Guide

For developers

Licensing

Please see the file called COPYING.

Contacts