IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
6,117 Commits 11 Branches 60 Tags 60 MiB
Python 75.7%
JavaScript 10.9%
C 10.8%
Roff 1.1%
Makefile 0.4%
Other 1.1%
e95a7b1b8d
Go to file
Alexander Bokovoy e95a7b1b8d ipa-adtrust-install: configure compatibility tree to serve trusted domain users 
Enables  support  for  trusted  domains  users  for old clients through Schema
Compatibility plugin.  SSSD supports trusted domains natively starting with
version 1.9 platform. For platforms that lack SSSD or run older SSSD version
one needs  to  use  this  option.  When  enabled, slapi-nis  package  needs  to
be  installed  and schema-compat-plugin will be configured to provide lookup of
users and groups from trusted domains via SSSD on IPA server. These users and
groups will be available under  cn=users,cn=compat,$SUFFIX  and
cn=groups,cn=compat,$SUFFIX trees.  SSSD will normalize names of users and
groups to lower case.

In  addition  to  providing  these users and groups through the compat tree,
this option enables authentication over LDAP for trusted domain users with DN
under compat tree, i.e. using bind DN uid=administrator@ad.domain,cn=users,cn=compat,$SUFFIX.

This authentication  is related to  PAM  stack  using  'system-auth' PAM
service. If you have disabled HBAC rule 'allow_all', then make sure there is
special service called 'system-auth' created and HBAC rule to allow access to
anyone to this rule on IPA masters is added. Please note that system-auth PAM
service is  not used directly by any other application, therefore it is safe to
create one specifically to support trusted domain users via compatibility path.

https://fedorahosted.org/freeipa/ticket/3567
2013-07-18 17:56:30 +02:00
.tx Add Transifex tx client configuration file 2011-03-07 16:05:33 -05:00
checks Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
contrib Set master_kdc and dns_lookup_kdc to true 2012-09-19 20:47:12 -04:00
daemons Use pkg-config to detect cmocka 2013-07-15 16:42:46 +02:00
doc Add the version option to all Commands 2013-02-21 16:26:09 +01:00
init Avoid exporting KRB5_KTNAME in dirsrv env 2013-05-24 14:36:43 +02:00
install ipa-adtrust-install: configure compatibility tree to serve trusted domain users 2013-07-18 17:56:30 +02:00
ipa-client Add 'ipa_server_mode' option to SSSD configuration 2013-07-18 17:49:23 +02:00
ipalib Provide ipa-advise tool 2013-07-17 13:49:59 +02:00
ipapython Run gpg-agent explicitly when encrypting/decrypting files. 2013-07-17 16:15:15 +02:00
ipaserver ipa-adtrust-install: configure compatibility tree to serve trusted domain users 2013-07-18 17:56:30 +02:00
ipatests Upstream Web UI tests 2013-07-16 13:15:59 +02:00
util ipa-kdb: read SID blacklist from LDAP 2013-02-12 10:37:47 +01:00
.bzrignore Added top-level tests/ package that will contain all unit tests 2008-10-07 20:36:44 -06:00
.gitignore Fix location of service.crt in .gitignore 2013-06-18 16:55:29 +02:00
API.txt Add --range-type option that forces range type of the trusted domain 2013-07-11 12:39:28 +03:00
autogen.sh build tweaks - use automake's foreign mode, avoid creating empty files to satisfy gnu mode - run autoreconf -f to ensure that everything matches 2010-11-29 11:39:55 -05:00
BUILD.txt Remove obsolete self-sign references from man pages, docstrings, comments 2013-04-15 16:56:06 -04:00
Contributors.txt Add Nathaniel McCallum to Contributors.txt 2013-05-02 15:19:40 -04:00
COPYING Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
freeipa.spec.in Bump version of sssd in spec file 2013-07-18 17:49:28 +02:00
ipa Execute /usr/bin/python directly instead of /usr/bin/env python 2011-01-14 16:27:48 -05:00
ipa.1 Fix various typos. 2012-09-18 08:45:28 +02:00
lite-server.py Tweak the session auth to reflect developer consensus. 2012-02-27 05:54:29 -05:00
make-doc Make an ipa-tests package 2013-06-17 19:22:50 +02:00
make-lint Provide ipa-advise tool 2013-07-17 13:49:59 +02:00
make-test Make sure appropriate exit status is returned in make-test 2013-02-25 13:32:34 +01:00
make-testcert Make an ipa-tests package 2013-06-17 19:22:50 +02:00
makeapi Add client capabilities, enable messages 2013-02-21 16:26:09 +01:00
Makefile Make an ipa-tests package 2013-06-17 19:22:50 +02:00
MANIFEST.in Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
README Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup-client.py Change FreeIPA license to GPLv3+ 2010-12-20 17:19:53 -05:00
setup.py Provide ipa-advise tool 2013-07-17 13:49:59 +02:00
TODO Parse comma-separated lists of values in all parameter types. This can be enabled for a specific parameter by setting the "csv" option to True. 2011-11-30 17:08:35 +01:00
VERSION Add --range-type option that forces range type of the trusted domain 2013-07-11 12:39:28 +03:00
version.m4.in Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00

README 

                               IPA Server

  What is it?
  -----------

  For efficiency, compliance and risk mitigation, organizations need to
  centrally manage and correlate vital security information including:

    * Identity (machine, user, virtual machines, groups, authentication
      credentials)
    * Policy (configuration settings, access control information)
    * Audit (events, logs, analysis thereof) 

  Since these are not new problems. there exist many approaches and
  products focused on addressing them. However, these tend to have the
  following weaknesses:

    * Focus on solving identity management across the enterprise has meant
      less focus on policy and audit.
    * Vendor focus on Web identity management problems has meant less well
      developed solutions for central management of the Linux and Unix
      world's vital security info. Organizations are forced to maintain
      a hodgepodge of internal and proprietary solutions at high TCO.
    * Proprietary security products don't easily provide access to the
      vital security information they collect or manage. This makes it
      difficult to synchronize and analyze effectively. 

  The Latest Version
  ------------------

  Details of the latest version can be found on the IPA server project
  page under <http://www.freeipa.org/>.

  Documentation
  -------------

  The most up-to-date documentation can be found at
  <http://freeipa.org/page/Documentation/>.

  Quick Start
  -----------

  To get started quickly, start here:
  <https://fedorahosted.org/freeipa/wiki/QuickStartGuide>

  Licensing
  ---------

  Please see the file called COPYING.

  Contacts
  --------

     * If you want to be informed about new code releases, bug fixes,
       security fixes, general news and information about the IPA server
       subscribe to the freeipa-announce mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-interest/>.

     * If you have a bug report please submit it at:
       <https://bugzilla.redhat.com>

     * If you want to participate in actively developing IPA please
       subscribe to the freeipa-devel mailing list at
       <https://www.redhat.com/mailman/listinfo/freeipa-devel/> or join
       us in IRC at irc://irc.freenode.net/freeipa