pagure Logo
  • Log In

freeipa

Clone
Source Code
GIT
  • Source
  • Issues  982
  • Roadmap 
  • Stats
 Overview  Files  Commits  Branches  Forks  Releases

Commits 7931

Branch: ipa-4-1
ipa-1-0 ipa-1-1 ipa-1-2 ipa-2-0 ipa-2-1 ipa-2-2 ipa-3-0 ipa-3-1 ipa-3-2 ipa-3-3 ipa-4-0 ipa-4-1 ipa-4-2 ipa-4-3 ipa-4-4 ipa-4-5 ipa-4-6 ipa-4-6-CVE-2019-10195-and-CVE-2019-14867 ipa-4-6-CVE-2020-10747 ipa-4-7 ipa-4-7-CVE-2019-10195-and-CVE-2019-14867 ipa-4-8 ipa-4-8-CVE-2019-10195-and-CVE-2019-14867 ipa-4-8-CVE-2020-10747 ipa-4-9 master webui-cleanup
This branch contains 540 commits not in the main branch master
Become IPA 4.1.5
Tomas Babej • 5 years ago  
572124c
ipasam: fix a use-after-free issue
Sumit Bose • 5 years ago  
47df949
ipasam: use more restrictive search filter for group lookup
Sumit Bose • 5 years ago  
bc0d6b4
ipasam: fix wrong usage of talloc_new()
Sumit Bose • 5 years ago  
c87ce19
enable debugging of ntpd during client installation
Martin Babinsky • 5 years ago  
bd1e314
Server Upgrade: fix memberUid index
Martin Basti • 5 years ago  
f6901e5
Fix indicies ntUserDomainId, ntUniqueId
Martin Basti • 5 years ago  
cf2587c
migration: Use api.env variables.
David Kupka • 5 years ago  
e40a6bc
ipa-kdb: filter out group membership from MS-PAC for exact SID matches too
Alexander Bokovoy • 5 years ago  
d69603c
ipa-kdb: use proper memory chunk size when moving sids
Alexander Bokovoy • 5 years ago  
74c80e8
FIX: Clear SSSD caches when uninstalling the client
Martin Basti • 5 years ago  
56db663
webui: add mangedby tab to otptoken
Petr Vobornik • 5 years ago  
5439e7a
idviews: Remove ID overrides for permanently removed users and groups
Tomas Babej • 5 years ago  
12f3da5
idviews: Allow users specify the raw anchor directly as identifier
Tomas Babej • 5 years ago  
7e61317
idviews: Set dcerpc detection flag properly
Tomas Babej • 5 years ago  
534822b
DNSSEC: Store time & date key metadata in UTC.
Petr Spacek • 5 years ago  
840bf5f
Clear SSSD caches when uninstalling the client
Gabe • 5 years ago  
222427c
DNSSEC: Improve ipa-ods-exporter log messages with key metadata.
Petr Spacek • 5 years ago  
a983140
DNSSEC: Add ability to trigger full data synchronization to ipa-ods-exporter.
Petr Spacek • 5 years ago  
4840b50
DNSSEC: log ipa-ods-exporter file lock operations into debug log
Petr Spacek • 5 years ago  
70ee45c
DNSSEC: ipa-ods-exporter: move zone synchronization into separate function
Petr Spacek • 5 years ago  
fd5ace8
DNSSEC: Accept ipa-ods-exporter commands from command line.
Petr Spacek • 5 years ago  
8fc6fa7
DNSSEC: Detect invalid master keys in LDAP.
Petr Spacek • 5 years ago  
17fcdc3
Bump minimal BIND version for CentOS.
Petr Spacek • 5 years ago  
bb396d4
Hide traceback in ipa-dnskeysyncd if kinit failed.
Petr Spacek • 5 years ago  
6f9d16f
Fix OTP token URI generation
Nathaniel McCallum • 5 years ago  
de7aed1
DNSSEC: fix traceback during shutdown phase
Martin Basti • 5 years ago  
a5d8d79
DNSSEC: Detect zone shadowing with incorrect DNSSEC signatures.
Petr Spacek • 5 years ago  
c5e6f97
DNSSEC: validate forward zone forwarders
Martin Basti • 5 years ago  
9a90ef2
DNSSEC: Improve global forwarders validation
Martin Basti • 5 years ago  
e8f3956
Add compatibility function for older libkrb5
Simo Sorce • 5 years ago  
aae54b2
Detect default encsalts kadmin password change
Simo Sorce • 5 years ago  
7077622
replica-manage: Properly delete nested entries
Tomas Babej • 5 years ago  
aa83d20
ipaserver/dcerpc: Ensure LSA pipe has session key before using it
Alexander Bokovoy • 5 years ago  
d74f938
client-install: Fix kinits with non-default Kerberos config file
Jan Cholasta • 5 years ago  
f6f94ae
DNSSEC: update OpenDNSSEC KASP configuration
Martin Basti • 5 years ago  
9b7fe37
DNSSEC: FIX Do not re-create kasp.db if already exists
Martin Basti • 5 years ago  
d7cfc11
Unsaved changes dialog internally inconsistent
Gabe • 5 years ago  
5ac5564
Fix a signedness bug in OTP code
Nathaniel McCallum • 5 years ago  
352360a
suppress errors arising from deleting non-existent files during client uninstall
Martin Babinsky • 5 years ago  
b04435a
point the users to PKI-related logs when CA configuration fails
Martin Babinsky • 5 years ago  
04fbbbb
Make lint work on Fedora 22.
David Kupka • 5 years ago  
0acfd39
Removed recommendation from ipa-adtrust-install
Thorsten Scherf • 5 years ago  
f838e80
Adopted kinit_keytab and kinit_password for kerberos auth
Martin Babinsky • 5 years ago  
0ca8254
ipa-client-install: try to get host TGT several times before giving up
Martin Babinsky • 5 years ago  
48095ca
ipautil: new functions kinit_keytab and kinit_password
Martin Babinsky • 5 years ago  
3749c8d
do not install CA on replica during integration test if setup_ca=False
Martin Babinsky • 5 years ago  
f47da5a
DNSSEC CI tests
Martin Basti • 5 years ago  
f3b5d16
do not log BINDs to non-existent users as errors
Martin Babinsky • 5 years ago  
ede3298
Ipatests DNS SOA Record Maintenance
Ales 'alich' Marecek • 5 years ago  
8f94ac1
DNSSEC: Do not log into files
Martin Basti • 5 years ago  
e27b9d1
Skip time sync during client install when using --no-ntp
Nathan Kinder • 5 years ago  
b5969c1
Become IPA 4.1.4
Petr Vobornik • 5 years ago  
1b46fad
slapi-nis: require 0.54.2 for CVE-2015-0283 fixes
Alexander Bokovoy • 5 years ago  
93302a8
extdom: fix wrong realloc size
Sumit Bose • 5 years ago  
fd8e796
fix Makefile.am for daemons
Alexander Bokovoy • 5 years ago  
447c5c7
show the exception message thrown by dogtag._parse_ca_status during install
Martin Babinsky • 5 years ago  
d7863f3
migrate-ds: print out failed attempts when no users/groups are migrated
Martin Babinsky • 5 years ago  
3284cbf
upload_cacrt: Fix empty cACertificate in cn=CAcert
Jan Cholasta • 5 years ago  
f0a49b9
client: Fix ca_is_enabled calls
Jan Cholasta • 5 years ago  
6e67210
client-install: Do not crash on invalid CA certificate in LDAP
Jan Cholasta • 5 years ago  
ad77613
certstore: Make certificate retrieval more robust
Jan Cholasta • 5 years ago  
4154c88
extdom: fix memory leak
Sumit Bose • 5 years ago  
179be3c
extdom: return LDAP_NO_SUCH_OBJECT to the client
Sumit Bose • 5 years ago  
c556323
extdom: make nss buffer configurable
Sumit Bose • 5 years ago  
ec7a55a
extdom: handle ERANGE return code for getXXYYY_r() calls
Sumit Bose • 5 years ago  
5bd4b7a
Add configure check for cwrap libraries
Sumit Bose • 5 years ago  
cc6fc37
ipa-dns-install: use STARTTLS to connect to DS
Martin Babinsky • 5 years ago  
41ca3fb
Timeout when performing time sync during client install
Nathan Kinder • 5 years ago  
80aeb44
ipa-replica-prepare can only be created on the first master
Gabe • 5 years ago  
169a37d
Fix dead code in ipap11helper module
Martin Basti • 5 years ago  
939fd3d
DNS: remove NSEC3PARAM from records
Martin Basti • 5 years ago  
5f191e8
DNS fix: do not show part options for unsupported records
Martin Basti • 5 years ago  
d89fca7
DNS fix: do not traceback if unsupported records are in LDAP
Martin Basti • 5 years ago  
56f0eb4
p11helper: clarify error message
Petr Spacek • 5 years ago  
8fefd63
p11helper: use sizeof() instead of magic constants
Petr Spacek • 5 years ago  
40f56e5
p11helper: standardize indentation and other visual aspects of the code
Petr Spacek • 5 years ago  
a6d7e8d
Remove unused method from ipap11pkcs helper module
Martin Basti • 5 years ago  
4e2ddfb
Fix memory leaks in ipap11helper
Martin Basti • 5 years ago  
508ad92
DNSSEC add support for CKM_RSA_PKCS_OAEP mechanism
Martin Basti • 5 years ago  
c411d6a
Limit deadlocks between DS plugin DNA and slapi-nis
root • 5 years ago  
5c36114
Restore default.conf and use it to build API.
David Kupka • 5 years ago  
253f9ad
Use IPA CA certificate when available and ignore NO_TLS_LDAP when not.
David Kupka • 5 years ago  
0344f24
ipatests: Add tests for valid and invalid ipa-advise
Gabe • 5 years ago  
ddd7fb6
ipa-replica-prepare should document ipv6 options
Gabe • 5 years ago  
3ab7f55
ipa-range-check: do not treat missing objects as error
Sumit Bose • 5 years ago  
e8b3ed3
idviews: Use case-insensitive detection of Default Trust View
Tomas Babej • 5 years ago  
96624f2
Stop including the DES algorythm from openssl.
Simo Sorce • 5 years ago  
840903c
Add a clear OpenSSL exception.
Simo Sorce • 5 years ago  
ecbef04
Remove references to GPL v2.0 license
Martin Kosek • 5 years ago  
4ddcca6
ipalib: Make sure correct attribute name is referenced for fax
Tomas Babej • 5 years ago  
73f6d69
ipatests: Add coverage for adding and removing sshpubkeys in ID overrides
Tomas Babej • 5 years ago  
6667701
ipatests: add missing ssh object classes to idoverrideuser
Petr Vobornik • 5 years ago  
bfef4d2
Become IPA 4.1.3
Petr Vobornik • 5 years ago  
7f560c5
Changing the token owner changes also the manager
Martin Babinsky • 5 years ago  
c985de1
group-detach does not add correct objectclasses
Martin Kosek • 5 years ago  
2dd54c9
Fix TOTP Synchronization Window label
Petr Vobornik • 5 years ago  
f1abbbc
permission-add does not prompt for ipapermright in interactive mode
Gabe • 5 years ago  
0ffe759
migrate-ds: exit with error message if no users/groups to migrate are found
Martin Babinsky • 5 years ago  
f7e6102
ipa-kdb: reject principals from disabled domains as a KDC policy
Alexander Bokovoy • 5 years ago  
6d6e924
ipa-kdb: when processing transitions, hand over unknown ones to KDC
Alexander Bokovoy • 5 years ago  
0d3b4cd
Handle DAL ABI change in MIT 1.13
Simo Sorce • 5 years ago  
6162426
Bump 389-ds-base and pki-ca dependencies for POODLE fixes
Jan Cholasta • 5 years ago  
caf70a1
Fix reference counting in pkcs11 extension
Martin Basti • 5 years ago  
2f4ed3c
ipa-client-install: put eol character after the last line of altered config file(s)
Martin Babinsky • 5 years ago  
919f0db
Typos in ipa-rmkeytab options help and man page
Gabe • 5 years ago  
d251e52
OTP: emit a log message when LDAP entry for config record is not found
Martin Babinsky • 5 years ago  
5bad375
ipa-uuid: emit a message when unexpected mod type is encountered
Martin Babinsky • 5 years ago  
f28facb
ipa-pwd-extop: added an informational comment about intentional fallthrough
Martin Babinsky • 5 years ago  
b5d29c7
OTP: failed search for the user of last token emits an error message
Martin Babinsky • 5 years ago  
8242660
ipa-kdb: more robust handling of principal addition/editing
Martin Babinsky • 5 years ago  
b0a8623
always get PAC for client principal if AS_REQ is true
Martin Babinsky • 5 years ago  
8e56f49
ipa-kdb: unexpected error code in 'ipa_kdb_audit_as_req' triggers a message
Martin Babinsky • 5 years ago  
e38c13e
Use dyndns_update instead of deprecated sssd option
Martin Basti • 6 years ago  
031bdca
Moved dbus-python dependence to freeipa-python package
Martin Babinsky • 6 years ago  
f5352a8
idviews: Allow setting ssh public key on ipauseroverride-add
David Kupka • 6 years ago  
0dc7448
Do not crash when replica is unreachable in ipa-restore
Jan Cholasta • 6 years ago  
74853b6
Create correct log directories during full restore in ipa-restore
Jan Cholasta • 6 years ago  
275fb2d
ipatests: Fix incorrect assumptions in idviews tests
Tomas Babej • 6 years ago  
375ab7a
ipatests: Fix old command references in the ID views tests
Tomas Babej • 6 years ago  
72ca23c
ipatests: Add coverage for referential integrity plugin applied on ipaAssignedIDView
Tomas Babej • 6 years ago  
60e157c
Always return absolute idnsname in dnszone commands
Martin Basti • 6 years ago  
270253a
DNSSEC: fix root zone dns name conversion
Martin Basti • 6 years ago  
64cf307
DNSSEC catch ldap exceptions in ipa-dnskeysyncd
Martin Basti • 6 years ago  
3b75c20
Print PublicError traceback when in debug mode
Martin Kosek • 6 years ago  
877321e
Revert "Make all ipatokenTOTP attributes mandatory"
Jan Cholasta • 6 years ago  
5b99024
Add anonymous read ACI for DUA profile
Martin Kosek • 6 years ago  
b54b740
Add debug messages into client autodetection
Martin Basti • 6 years ago  
1bde1b0
Put LDIF files to their original location in ipa-restore
Jan Cholasta • 6 years ago  
8559941
Replication Administrators cannot remove replication agreements
Martin Kosek • 6 years ago  
338831a
Do not assume certmonger is running in httpinstance
Jan Cholasta • 6 years ago  
f204b28
Allow Replication Administrators manipulate Winsync Agreements
Martin Kosek • 6 years ago  
794c9e6
Allow PassSync user to locate and update NT users
Martin Kosek • 6 years ago  
282d1ec
ipa-cldap: support NETLOGON_NT_VERSION_5EX_WITH_IP properly
Alexander Bokovoy • 6 years ago  
426759f
Support Samba PASSDB 0.2.0 aka interface version 24
Alexander Bokovoy • 6 years ago  
ecd6896
DNS tests: warning if forward zone is inactive
Martin Basti • 6 years ago  
3952035
Detect and warn about invalid DNS forward zone configuration
Martin Basti • 6 years ago  
0348331
Fix validation of ipa-restore options
Jan Cholasta • 6 years ago  
6950e7b
Make certificate renewal process synchronized
Jan Cholasta • 6 years ago  
760ebaa
Restart dogtag when its server certificate is renewed
Jan Cholasta • 6 years ago  
ff52891
Do not crash on unknown services in installutils.stopped_service
Jan Cholasta • 6 years ago  
065e2bb
Fix CA certificate renewal syslog alert
Jan Cholasta • 6 years ago  
818136b
Remove RUV from LDIF files before using them in ipa-restore
Jan Cholasta • 6 years ago  
eb79170
Fix ipa-restore on systems without IPA installed
Jan Cholasta • 6 years ago  
a98bc23
baseldap: Handle missing parent objects properly in *-find commands
Tomas Babej • 6 years ago  
4413446
Abort backup restoration on not matching host.
David Kupka • 6 years ago  
640a4b3
Remove ipanttrustauthincoming/ipanttrustauthoutgoing from ipa trust-add output.
David Kupka • 6 years ago  
333b899
New test cases for Forward_zones
Martin Basti • 6 years ago  
9f3b445
DNS tests: separate current forward zone tests
Martin Basti • 6 years ago  
e5cd6f2
rpcclient: use json_encode_binary for verbose output
Petr Vobornik • 6 years ago  
872ba41
migrate-ds: fix compat plugin check
Petr Vobornik • 6 years ago  
63ba170
Fix traceback if zonemgr error contains unicode
Martin Basti • 6 years ago  
fb1d848
Bump SSSD Requires to 1.12.3
Martin Kosek • 6 years ago  
30dae37
Fix zone find during forwardzone upgrade
Martin Basti • 6 years ago  
39a4f68
Fix: Upgrade forwardzones zones after adding newer replica
Martin Basti • 6 years ago  
11740bc
Remove the removal of the ccache
Simo Sorce • 6 years ago  
2d2230e
Avoid calling ldap functions without a context
Simo Sorce • 6 years ago  
7a90106
Always add /etc/hosts record when DNS is being configured.
David Kupka • 6 years ago  
30868db
idviews: Ignore host or hostgroup options set to None
Tomas Babej • 6 years ago  
86a7dfc
idviews: Complain if host is already assigned the ID View in idview-apply
Tomas Babej • 6 years ago  
12f6969
Remove dependency on subscription-manager
Gabe • 6 years ago  
bd5947a
Fix don't check certificate during getting CA status
Martin Basti • 6 years ago  
8440c2e
Show SSHFP record containing space in fingerprint
Martin Basti • 6 years ago  
d229c4a
Refer the user to freeipa.org when something goes wrong in ipa-cacert-manage
Jan Cholasta • 6 years ago  
3cb2f5e
Check subject name encoding in ipa-cacert-manage renew
Jan Cholasta • 6 years ago  
731035e
Using wget to get status of CA
Martin Basti • 6 years ago  
5052af7
revert removal of cn attribute from idnsRecord
Petr Vobornik • 6 years ago  
2fa07b1
Improve validation of --instance and --backend options in ipa-restore
Jan Cholasta • 6 years ago  
f92d0ef
Do not renew the IPA CA cert by serial number in dogtag-ipa-ca-renew-agent
Jan Cholasta • 6 years ago  
7f1db93
Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agent
Jan Cholasta • 6 years ago  
9bfb16c
Upgrade fix: masking named should be executed only once
Martin Basti • 6 years ago  
b13f764
webui: increase duration of notification messages
Petr Vobornik • 6 years ago  
88ab70b
webui: fix service unprovisioning
Petr Vobornik • 6 years ago  
d1cc285
Prefer TCP connections to UDP in krb5 clients
Nathaniel McCallum • 6 years ago  
d73ed48
hosts: Display assigned ID view by default in host-find and show commands
Tomas Babej • 6 years ago  
b986eb2
Create an OTP help topic
Nathaniel McCallum • 6 years ago  
f5ae902
Make token auth and sync windows configurable
Nathaniel McCallum • 6 years ago  
3013385
No explicit zone specification.
Jan Pazdziora • 6 years ago  
8b43014
add --hosts and --hostgroup options to allow/retrieve keytab methods
Petr Vobornik • 6 years ago  
1108e71
Enable last token deletion when password auth type is configured
Nathaniel McCallum • 6 years ago  
a0421d8
Move authentication configuration cache into libotp
Nathaniel McCallum • 6 years ago  
faa4d72
Preliminary refactoring of libotp files
Nathaniel McCallum • 6 years ago  
b4e85d0
certs: Fix incorrect flag handling in load_cacert
Tomas Babej • 6 years ago  
db4ac47
fix indentation in ipa-restore page
Petr Vobornik • 6 years ago  
250bb5c
Throw zonemgr error message before installation proceeds
Martin Basti • 6 years ago  
07e29d2
Re-initialize NSS database after otptoken plugin tests
Tomas Babej • 6 years ago  
7215f7e
Use singular in help metavars + update man pages.
David Kupka • 6 years ago  
2f8c4e7
Catch USBError during YubiKey location
Nathaniel McCallum • 6 years ago  
a7a7e96
Fix zonemgr option encoding detection
Martin Basti • 6 years ago  
e457a3e
webui: add radius fields to user page
Petr Vobornik • 6 years ago  
9e18d59
Become IPA 4.1.2
Petr Vobornik • 6 years ago  
ee01ea7
Add TLS 1.2 to the protocol list in mod_nss config
Jan Cholasta • 6 years ago  
dc443cc
AD trust: improve trust validation
Alexander Bokovoy • 6 years ago  
538e023
Fix memory leak in GetKeytabControl asn1 code
Jan Cholasta • 6 years ago  
94bc7a9
Fix unchecked return value in krb5 common utils
Jan Cholasta • 6 years ago  
856012e
Fix unchecked return value in ipa-join
Jan Cholasta • 6 years ago  
856321b
Fix unchecked return values in ipa-winsync
Jan Cholasta • 6 years ago  
d15eca0
Fix unchecked return value in ipa-kdb
Jan Cholasta • 6 years ago  
6aea2c3
Fix Kerberos error handling in ipa-sam
Jan Cholasta • 6 years ago  
02f8554
Unload P11_Helper object's library when it is finalized in ipap11helper
Jan Cholasta • 6 years ago  
3663b8c
Remove redefinition of LOG from ipa-otp-lasttoken
Jan Cholasta • 6 years ago  
70b1a2d
copy_schema_to_ca: Fallback to old import location for ipaplatform.services
Petr Viktorin • 6 years ago  
f287378
Fix error message for nonexistent members and add tests.
David Kupka • 6 years ago  
192c499
webui: normalize idview tab labels
Petr Vobornik • 6 years ago  
2fc53c9
webui: use domain name instead of domain SID in idrange adder dialog
Petr Vobornik • 6 years ago  
9aeef07
Fix detection of encoding in zonemgr option
Martin Basti • 6 years ago  
880f1e5
Use NSS protocol range API to set available TLS protocols
Rob Crittenden • 6 years ago  
8ef1914
Stop tracking certificates before restoring them in ipa-restore
Jan Cholasta • 6 years ago  
66db7b9
ipa-restore: Check if directory is provided + better errors.
David Kupka • 6 years ago  
b40cf4b
Use correct service name in cainstance.backup_config
Jan Cholasta • 6 years ago  
1b5cd5b
Fix: read_ip_addresses should return ipaddr object
Martin Basti • 6 years ago  
5b397dc
Use asn1c helpers to encode/decode the getkeytab control
Simo Sorce • 6 years ago  
dd3e916
Add asn1c generated code for keytab controls
Simo Sorce • 6 years ago  
45ceef1
Fix filtering of enctypes in server code.
Simo Sorce • 6 years ago  
f065cec
Fix --{user,group}-ignore-attribute in migration plugin.
David Kupka • 6 years ago  
8ab85f1
Fix pk11helper module compiler warnings
Martin Basti • 6 years ago  
b902ec2
restore: clear httpd ccache after restore
Petr Vobornik • 6 years ago  
7745e0f
Restore file extended attributes and SELinux context in ipa-restore
Jan Cholasta • 6 years ago  
215f545
Add additional backup & restore checks
Petr Viktorin • 6 years ago  
768cccd
Raise right exception if domain name is not valid
Martin Basti • 6 years ago  
1a6de2a
webui: fix potential XSS vulnerabilities
Petr Vobornik • 6 years ago  
af9fd4d
Show warning instead of error if CA did not start
Martin Basti • 6 years ago  
3f3f49e
Do not restore SELinux settings that were not backed up
Petr Viktorin • 6 years ago  
1d7407c
Fix wrong expiration date on renewed IPA CA certificates
Jan Cholasta • 6 years ago  
7aa855a
Fix warning message should not contain CLI commands
Martin Basti • 6 years ago  
38130c6
Enable QR code display by default in otptoken-add
Nathaniel McCallum • 6 years ago  
1cd2ca1
Update Requires on pki-ca to 10.2.1-0.1
Jan Cholasta • 6 years ago  
4e11931
Fix: zonemgr must be unicode value
Martin Basti • 6 years ago  
53cf615
Lower pki-ca requires to 10.1.2
Martin Kosek • 6 years ago  
1a8bb5b
Add UTC date to GIT snapshot version generation
Simo Sorce • 6 years ago  
43d779d
Fix named working directory permissions
Martin Basti • 6 years ago  
ba12404
Add help string on how to configure multiple DNS forwards for various cli tools
Thorsten Scherf • 6 years ago  
8a3389d
Ensure users exist when assigning tokens to them
Nathaniel McCallum • 6 years ago  
2c1d40b
Improve otptoken help messages
Nathaniel McCallum • 6 years ago  
444ae28
Produce better error in group-add command.
David Kupka • 6 years ago  
cef8e06
Remove service file even if it isn't link.
David Kupka • 6 years ago  
5179525
Remove unneeded internal methods. Move code to public methods.
David Kupka • 6 years ago  
814479a
Upgrade: fix trusts objectclass violationi
Martin Basti • 6 years ago  
60ff57b
Fix upgrade referint plugin
Martin Basti • 6 years ago  
65624c9
Search using proper scope when connecting CA instances
Rob Crittenden • 6 years ago  
606de21
Fix: DNS policy upgrade raises asertion error
Martin Basti • 6 years ago  
1b22a53
ipaplatform: Use the dirsrv service, not target
Petr Viktorin • 6 years ago  
082485c
Fix: DNS installer adds invalid zonemgr email
Martin Basti • 6 years ago  
3ab75d7
Fix CA certificate backup and restore
Jan Cholasta • 6 years ago  
7c2aad1
webui: prohibit setting rid base with ipa-trust-ad-posix type
Petr Vobornik • 6 years ago  
c2ac4a8
idrange: include raw range type in output
Petr Vobornik • 6 years ago  
0105ef6
ldapupdater: set baserid to 0 for ipa-ad-trust-posix ranges
Petr Vobornik • 6 years ago  
2983a0d
unittests: baserid for ipa-ad-trust-posix idranges
Petr Vobornik • 6 years ago  
b5aafa4
ranges: prohibit setting --rid-base with ipa-trust-ad-posix type
Petr Vobornik • 6 years ago  
0b36c10
ipa-restore: Don't crash if AD trust is not installed
Petr Viktorin • 6 years ago  
d6b79a3
ipa-server-install Directory Manager help incorrect
Gabe • 6 years ago  
488c10e
Fix minimal version of BIND for Fedora 20 and 21
Petr Spacek • 6 years ago  
4662f28
Update slapi-nis dependency to pull 0.54.1
Alexander Bokovoy • 6 years ago  
1102db7
Become IPA 4.1.1
Petr Vobornik • 6 years ago  
02ccfa1
Ensure that a password exists after OTP validation
Nathaniel McCallum • 6 years ago  
a601daa
Fix upgrade: do not use invalid ldap connection
Martin Basti • 6 years ago  
5d65a2a
Stop dirsrv last in ipactl stop.
David Kupka • 6 years ago  
25abb11
Deadlock in schema compat plugin (between automember_update_membership task and dse update)
Thierry bordaz (tbordaz) • 6 years ago  
f0bcf2b
Fix various bugs in ipap11helper
Jan Cholasta • 6 years ago  
1cc27f9
Fix memory leaks in ipa-join
Jan Cholasta • 6 years ago  
100262f
Fix memory leak in ipa-pwd-extop
Jan Cholasta • 6 years ago  
e2d47cb
Fix various bugs in ipa-opt-counter and ipa-otp-lasttoken
Jan Cholasta • 6 years ago  
2d357a3
Fix memory leaks in ipa-extdom-extop
Jan Cholasta • 6 years ago  
56d8329
Fix possible NULL dereference in ipa-kdb
Jan Cholasta • 6 years ago  
04a6f71
Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage
Jan Cholasta • 6 years ago  
59af17d
Respect UID and GID soft static allocation.
David Kupka • 6 years ago  
71c24b1
Fix CI tests: install_adtrust
Martin Basti • 6 years ago  
49a73e1
Add bind-dyndb-ldap working dir to IPA specfile
Martin Basti • 6 years ago  
a214431
Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
Jan Cholasta • 6 years ago  
1b940d3
Handle profile changes in dogtag-ipa-ca-renew-agent
Jan Cholasta • 6 years ago  
2ee248b
Fix zone name to directory name conversion in BINDMgr.
Petr Spacek • 6 years ago  
4e42d17
Fix dns zonemgr validation regression
Martin Basti • 6 years ago  
75cdc50
Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides
Alexander Bokovoy • 6 years ago  
47ab635
Do not check if port 8443 is available in step 2 of external CA install
Jan Cholasta • 6 years ago  
e22cf5b
build: increase java stack size for all arches
Petr Vobornik • 6 years ago  
1300f82
Become IPA 4.1.0
Petr Vobornik • 6 years ago  
5bcaea7
fix forwarder validation errors
Martin Basti • 6 years ago  
04816e7
Default to use TLSv1.0 and TLSv1.1 on the IPA server side
Alexander Bokovoy • 6 years ago  
77b5a81
fix DNSSEC restore named state
Martin Basti • 6 years ago  
27290bf
updater: enable uid uniqueness plugin for posixAccounts
Alexander Bokovoy • 6 years ago  
2bc2874
DNSSEC: remove container_dnssec_keys
Jan Cholasta • 6 years ago  
98100fe
DNSSEC: change link to ipa page
Martin Basti • 6 years ago  
b84fc92
DNSSEC: add files to backup
Martin Basti • 6 years ago  
bcb1e91
DNSSEC: add ipa dnssec daemons
Petr Spacek • 6 years ago  
dc5b3af
DNSSEC: ACI
Martin Basti • 6 years ago  
4ddc978
DNSSEC: upgrading
Martin Basti • 6 years ago  
d254bcb
DNSSEC: uninstallation
Martin Basti • 6 years ago  
4535324
DNSSEC: installation
Martin Basti • 6 years ago  
877fedf
DNSSEC: modify named service to support dnssec
Martin Basti • 6 years ago  
cc50112
DNSSEC: validate forwarders
Martin Basti • 6 years ago  
f01acf8
DNSSEC: platform paths and services
Martin Basti • 6 years ago  
9af49ff
DNSSEC: opendnssec services
Martin Basti • 6 years ago  
abf4418
DNSSEC: DNS key synchronization daemon
Martin Basti • 6 years ago  
52acc54
DNSSEC: add ipapk11helper module
Martin Basti • 6 years ago  
3c7bc2a
DNSSEC: schema
Martin Basti • 6 years ago  
3f0440f
DNSSEC: dependencies
Martin Basti • 6 years ago  
82961a0
Add mask, unmask methods for service
Martin Basti • 6 years ago  
f31f5f5
spec: Bump SSSD requires to 1.12.2
Tomas Babej • 6 years ago  
d969f73
webui: update combobox input on list click
Petr Vobornik • 6 years ago  
9053673
webui: do not show closed dialog
Petr Vobornik • 6 years ago  
d3de9c0
extdom: remove unused dependency to libsss_idmap
Sumit Bose • 6 years ago  
99b10e5
extdom: add support for sss_nss_getorigbyname()
Sumit Bose • 6 years ago  
85f229d
Change ipaOverrideTarget OID to avoid conflict with DNSSEC feature
Alexander Bokovoy • 6 years ago  
8629f17
Remove ipaContainer, ipaOrderedContainer objectclass
Martin Basti • 6 years ago  
1b7bc35
Support idviews in compat tree
Alexander Bokovoy • 6 years ago  
50f46fd
webui: do not offer ipa users to Default Trust View
Petr Vobornik • 6 years ago  
34fb9f0
webui: hide (un)apply buttons for Default Trust View
Petr Vobornik • 6 years ago  
3485c6e
webui: hide applied to hosts tab for Default Trust View
Petr Vobornik • 6 years ago  
04a3dad
webui: change order of idview's facet groups
Petr Vobornik • 6 years ago  
2046470
webui: make Evented a part of base IPA.object
Petr Vobornik • 6 years ago  
b05f395
webui: allow --force in dnszone-mod and dnsrecord-add
Petr Vobornik • 6 years ago  
502bf56
Configure IPA OTP Last Token plugin on upgrade
Nathaniel McCallum • 6 years ago  
424b099
webui: management of keytab permissions
Petr Vobornik • 6 years ago  
905238f
Create ipa-otp-counter 389DS plugin
Nathaniel McCallum • 6 years ago  
2f8dc3b
Display token type when viewing token
Nathaniel McCallum • 6 years ago  
23878c3
Update contributors
Martin Kosek • 6 years ago  
3e94aee
webui: add new iduseroverride fields
Petr Vobornik • 6 years ago  
ace4bec
webui: add link to OTP token app
Petr Vobornik • 6 years ago  
bb8740a
idviews: error out if appling Default Trust View on hosts
Petr Vobornik • 6 years ago  
47811d1
tests: management of keytab permissions
Petr Vobornik • 6 years ago  
7313ed4
keytab manipulation permission management
Petr Vobornik • 6 years ago  
9cfcb03
dns: fix privileges' memberof during dns install
Petr Vobornik • 6 years ago  
895f350
Check LDAP instead of local configuration to see if IPA CA is enabled
Jan Cholasta • 6 years ago  
5303e63
Do not fix trust flags in the DS NSS DB in ipa-upgradeconfig
Jan Cholasta • 6 years ago  
277850e
Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfig
Jan Cholasta • 6 years ago  
63557c2
Remove changetype attribute from update plugin
Martin Kosek • 6 years ago  
2e38855
Add ipa-client-install switch --request-cert to request cert for the host
Jan Cholasta • 6 years ago  
b5f9d40
Fix certmonger.request_cert
Jan Cholasta • 6 years ago  
68a36a2
Fix CA cert validity check for CA-less and external CA installer options
Jan Cholasta • 6 years ago  
9607fe3
Remove token vendor, model and serial defaults
Nathaniel McCallum • 6 years ago  
7ddf4b3
Remove token ID from self-service UI
Nathaniel McCallum • 6 years ago  
0f69e75
Raise better error message for permission added to generated tree
Martin Kosek • 6 years ago  
0a54b1c
Allow specifying signing algorithm of the IPA CA cert in ipa-ca-install
Jan Cholasta • 6 years ago  
e50d197
Fix typo causing certmonger is provided with wrong path to ipa-submit.
David Kupka • 6 years ago  
f046480
Fix printing of reverse zones in ipa-dns-install.
David Kupka • 6 years ago  
7e5a71d
Stop dogtag when updating its configuration in ipa-upgradeconfig.
David Kupka • 6 years ago  
080c863
Make named.conf template platform independent
Martin Basti • 6 years ago  
bac2cc9
Add missing attributes to named.conf
Martin Basti • 6 years ago  
ec928b1
Ignore irrelevant subtrees in schema compat plugin
Ludwig Krispenz • 6 years ago  
57eab1e
Set IPA CA for freeipa certificates.
David Kupka • 6 years ago  
eea9da2
Support MS CS as the external CA in ipa-server-install and ipa-ca-install
Jan Cholasta • 6 years ago  
fdf46ac
Require slapi-nis 0.54 or later for ID views support
Alexander Bokovoy • 6 years ago  
a4798c7
Update API version for ID views support
Alexander Bokovoy • 6 years ago  
79c0b31
Allow override of gecos field in ID views
Alexander Bokovoy • 6 years ago  
aa0f5d3
Allow user overrides to specify GID of the user
Alexander Bokovoy • 6 years ago  
240d93b
Allow user overrides to specify SSH public keys
Alexander Bokovoy • 6 years ago  
ad6d019
Support overridding user shell in ID views
Alexander Bokovoy • 6 years ago  
8a8d2e7
Check that port 8443 is available when installing PKI.
David Kupka • 6 years ago  
da61691
Support building RPMs for RHEL/CentOS 7.0
Jan Cholasta • 6 years ago  
612fcf8
Add RHEL platform module
Jan Cholasta • 6 years ago  
06f0b5b
Split off generic Red Hat-like platform code from Fedora platform code
Jan Cholasta • 6 years ago  
4370790
Fix ipactl service ordering
Martin Basti • 6 years ago  
f742138
Missing requires on python-dns in spec file
Gabe • 6 years ago  
19f5ec8
DNS missing tests
Martin Basti • 6 years ago  
6d10f98
Fix example usage in ipa man page.
David Kupka • 6 years ago  
6e1c7df
Remove misleading authorization error message in cert-request with --add
Jan Cholasta • 6 years ago  
ed5ffbf
sudo integration test: Remove the local user test
Petr Viktorin • 6 years ago  
e6edbe4
webui-ci: adjust dnszone-add test to recent DNS changes
Petr Vobornik • 6 years ago  
65da8e7
backup/restore: Add files from /etc/ipa/nssdb
Petr Viktorin • 6 years ago  
7ada6dd
test_forced_client_reenrollment: Don't check for host certificates
Petr Viktorin • 6 years ago  
4ba2ab8
Sudorule RunAsUser should work with external groups
Martin Kosek • 6 years ago  
9f6f223
test_service_plugin: Do not lowercase memberof_role
Petr Viktorin • 6 years ago  
9ee2c25
Move OTP synchronization step to after counter writeback
Nathaniel McCallum • 6 years ago  
98debb7
Become IPA 4.1.0 Alpha 1
Petr Viktorin • 6 years ago  
946291c
VERSION,Makefile: Rename "pre" to "alpha"
Petr Viktorin • 6 years ago  
3cb3452
idviews: Fix typo in upgrade handling of the Default Trust View
Tomas Babej • 6 years ago  
7ddebb6
webui: add link from host to idview
Petr Vobornik • 6 years ago  
6388aaa
webui: list only not-applied hosts in "apply to host" dialog
Petr Vobornik • 6 years ago  
7b7b98d
webui: facet group labels for idview's facets
Petr Vobornik • 6 years ago  
bdf1e6c
webui: new ID views section
Petr Vobornik • 6 years ago  
8a4730c
webui: add simple link column support
Petr Vobornik • 6 years ago  
cd4c337
webui: allow to skip link widget link validation
Petr Vobornik • 6 years ago  
e0c3344
webui: do not show internal facet name to user
Petr Vobornik • 6 years ago  
86fc8ec
webui: treat value as pkey in link widget
Petr Vobornik • 6 years ago  
1050ec8
webui: improve breadcrumb navigation
Petr Vobornik • 6 years ago  
f3c8c4c
idviews: Create Default Trust View for upgraded servers
Tomas Babej • 6 years ago  
f0b6254
idviews: Make sure only regular IPA objects are allowed to be overriden
Tomas Babej • 6 years ago  
ea1aac1
idviews: Display the list of hosts when using --all
Tomas Babej • 6 years ago  
60ea906
idviews: Catch errors on unsuccessful AD object lookup when resolving object name to anchor
Tomas Babej • 6 years ago  
1551ff1
idviews: Make sure the dict.get method is not abused for MUST attributes
Tomas Babej • 6 years ago  
0a7c10b
idviews: Handle Default Trust View properly in the framework
Tomas Babej • 6 years ago  
860a50f
idviews: Add Default Trust View as part of adtrustinstall
Tomas Babej • 6 years ago  
57a08ad
idviews: Make description optional for the ID View object
Tomas Babej • 6 years ago  
473fbe8
idviews: Fix casing of ID Views to be consistent
Tomas Babej • 6 years ago  
bdfa7ea
idviews: Update the referential plugin config to watch for ipaAssignedIDView
Tomas Babej • 6 years ago  
b8bf444
idviews: Add ipaOriginalUid
Tomas Babej • 6 years ago  
50fa40b
ipatests: Add xmlrpc tests for idviews plugin
Tomas Babej • 6 years ago  
7c339a8
idviews: Resolve anchors to object names in idview-show
Tomas Babej • 6 years ago  
731e7a5
idviews: Raise NotFound errors if object to override could not be found
Tomas Babej • 6 years ago  
8b59dfa
idviews: Change format of IPA anchor to include domain
Tomas Babej • 6 years ago  
49ef84c
idviews: Alter idoverride methods to work with splitted objects
Tomas Babej • 6 years ago  
959a1e0
idviews: Split the idoverride commands into iduseroverride and idgroupoverride
Tomas Babej • 6 years ago  
d6bc044
idviews: Split the idoverride object into iduseroverride and idgroupoverride
Tomas Babej • 6 years ago  
aa39f40
idviews: Support specifying object names instead of raw anchors only
Tomas Babej • 6 years ago  
b8e9dea
trusts: Add conversion from SID to object name
Tomas Babej • 6 years ago  
3d89dff
idviews: Extend idview-show command to display assigned idoverrides and hosts
Tomas Babej • 6 years ago  
505039c
idviews: Add ipa idview-apply and idview-unapply commands
Tomas Babej • 6 years ago  
b275ba6
hostgroup: Selected PEP8 fixes for the hostgroup plugin
Tomas Babej • 6 years ago  
3831c9d
hostgroup: Remove redundant and star imports
Tomas Babej • 6 years ago  
457aca1
hostgroup: Add helper that returns all members of a hostgroup
Tomas Babej • 6 years ago  
1625423
idvies: Add managed permissions for idview and idoverride objects
Tomas Babej • 6 years ago  
be916cc
idviews: Create basic idview plugin structure
Tomas Babej • 6 years ago  
6f3e3eb
ipalib: PEP8 fixes for host plugin
Tomas Babej • 6 years ago  
81e3b1a
ipalib: Remove redundant and star imports from host plugin
Tomas Babej • 6 years ago  
debfb01
idviews: Add ipaAssignedIDVIew reference to the host object
Tomas Babej • 6 years ago  
6d6da4b
idviews: Create container for ID views under cn=accounts
Tomas Babej • 6 years ago  
036ea78
idviews: Add necessary schema for the ID views
Tomas Babej • 6 years ago  
5b49a37
Add missing imports to ipapython.certdb
Jan Cholasta • 6 years ago  
9d061ea
Fix certmonger search for the CA cert in ipa-certupdate and ipa-cacert-manage
Jan Cholasta • 6 years ago  
d04fa16
Fix certmonger.wait_for_request
Jan Cholasta • 6 years ago  
7da4873
Remove ipa-ca.crt from systemwide CA store on client uninstall and cert update
Jan Cholasta • 6 years ago  
9666212
Get server hostname from jsonrpc_uri in ipa-certupdate
Jan Cholasta • 6 years ago  
6ab1f6c
Check if IPA client is configured in ipa-certupdate
Jan Cholasta • 6 years ago  
511dc3a
Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdb
Jan Cholasta • 6 years ago  
483ebf9
Use NSSDatabase instead of direct certutil calls in client code
Jan Cholasta • 6 years ago  
9c07228
Add NSSDatabase.has_nickname for checking nickname presence in a NSS DB
Jan Cholasta • 6 years ago  
e7b7492
Move NSSDatabase from ipaserver.certs to ipapython.certdb
Jan Cholasta • 6 years ago  
017d61d
Introduce NSS database /etc/ipa/nssdb
Jan Cholasta • 6 years ago  
ed2bfff
Do stricter validation of CA certificates
Jan Cholasta • 6 years ago  
0c4d7da
Allow choosing CA-less server certificates by name
Jan Cholasta • 6 years ago  
01623f7
CA-less installer options usability fixes
Jan Cholasta • 6 years ago  
a29ee45
External CA installer options usability fixes
Jan Cholasta • 6 years ago  
6136a3e
Add NSSDatabase.import_files method for importing files in various formats
Jan Cholasta • 6 years ago  
b93bdb7
extdom: add support for new version
Sumit Bose • 6 years ago  
2006d87
Use stack allocation when writing values during otp auth
Nathaniel McCallum • 6 years ago  
ada187f
webui: do not offer ipa-ad-winsync and ipa-ipa-trust range types
Petr Vobornik • 6 years ago  
d84b8fe
baseldap: Properly handle the case of renaming object to the same name
Tomas Babej • 6 years ago  
0cf2dbc
Allow specifying signing algorithm of the IPA CA cert in ipa-server-install.
Jan Cholasta • 6 years ago  
0815807
Do not require description in UI.
David Kupka • 6 years ago  
b69510b
Detect and configure all usable IP addresses.
David Kupka • 6 years ago  
579b614
ipaserver.install.service: Don't show error message on SystemExit(0)
Petr Viktorin • 6 years ago  
540f416
Add 'host' setting into default.conf configuration file on client. Fix description in man page.
David Kupka • 6 years ago  
d82bc63
LDAP disable service
Martin Basti • 6 years ago  
df9086c
Refactoring of autobind, object_exists
Martin Basti • 6 years ago  
8e0f8bc
ipa-restore: Set SELinux booleans when restoring
Petr Viktorin • 6 years ago  
9b5436c
Move setting SELinux booleans to platform code
Petr Viktorin • 6 years ago  
e3ba75d
ipa-kdb: fix unit tests
Sumit Bose • 6 years ago  
5297cc9
Remove --ip-address, --name-server otpions from DNS help
Martin Basti • 6 years ago  
0f2eb65
DNS tests: tests update to due to change in options
Martin Basti • 6 years ago  
b7e3a99
WebUI: DNS: Remove ip-address, admin-email options
Martin Basti • 6 years ago  
c675808
DNS: autofill admin email
Martin Basti • 6 years ago  
bf61689
Add correct NS records during installation
Martin Basti • 6 years ago  
637a082
Deprecation of --name-server and --ip-address option in DNS
Martin Basti • 6 years ago  
18460d6
DNS test: allow '.' as zone name
Martin Basti • 6 years ago  
72e0b33
Fix DNS plugin to allow to add root zone
Martin Basti • 6 years ago  
c32b89d
ipa-replica-prepare: Wait for the DNS entry to be resolvable
Petr Viktorin • 6 years ago  
ee4a023
upgradeinstance: Restore listeners on failure
Petr Viktorin • 6 years ago  
b333e7a
test_permission_plugin: Check legacy permissions
Petr Viktorin • 6 years ago  
5cae989
FIX: ldap schmema updater needs correct ordering of the updates
Martin Basti • 6 years ago  
d8d5b2e
WebUI: DNS: remove --class option
Martin Basti • 6 years ago  
12c49d8
DNS: remove --class option
Martin Basti • 6 years ago  
7d61444
webui-ci: case-insensitive record check
Petr Vobornik • 6 years ago  
c66b1ec
webui: fix regression in association facet preop
Petr Vobornik • 6 years ago  
18cb8d7
dnszone-remove-permission should raise error
Martin Basti • 6 years ago  
7a99f22
JSON client: Log pretty-printed request and response with -vv or above
Petr Viktorin • 6 years ago  
16ffb82
Add test for backup/delete system users/restore
Petr Viktorin • 6 years ago  
5fc92d6
Add basic test for backup & restore
Petr Viktorin • 6 years ago  
0efd4c9
Set the default attributes for RootDSE
Tomas Babej • 6 years ago  
38fe3a5
Include the ipa command in client-only build
Jan Cholasta • 6 years ago  
fbc6345
Include ipaplatform in client-only build
Jan Cholasta • 6 years ago  
72a82b8
Allow RPM upgrade from ipa-* packages
Jan Cholasta • 6 years ago  
9486f3d
Fix certmonger code causing the ca_renewal_master update plugin to fail
Jan Cholasta • 6 years ago  
1a327cf
ipa_backup: Log where the backup is be stored
Petr Viktorin • 6 years ago  
127e7a1
backup,restore: Don't overwrite /etc/{passwd,group}
Petr Viktorin • 6 years ago  
eb4e472
ipa_restore: Split the services list
Petr Viktorin • 6 years ago  
8359411
ipaserver.install: Consolidate system user creation
Petr Viktorin • 6 years ago  
c210126
ipalib: host_del: Extend LDAPDelete's takes_options instead of overriding
Tomas Babej • 6 years ago  
adc4abc
Allow deleting obsolete permissions; remove operational attribute permissions
Petr Viktorin • 6 years ago  
a0e23ce
permission plugin: Auto-add operational atttributes to read permissions
Petr Viktorin • 6 years ago  
477942b
Update referential integrity config for DS 1.3.3
Petr Viktorin • 6 years ago  
f8771db
Update SSL ciphers configured in 389-ds-base
Ludwig Krispenz • 6 years ago  
90e8731
webui: hide otp fields based on token type
Petr Vobornik • 6 years ago  
50291e7
webui: hide non-readable fields
Petr Vobornik • 6 years ago  
5369316
webui: hide empty fields and sections
Petr Vobornik • 6 years ago  
e27a774
webui: widget initialization
Petr Vobornik • 6 years ago  
009d272
webui: better value-change reporting
Petr Vobornik • 6 years ago  
a43af5c
webui: display fields based on otp token type
Petr Vobornik • 6 years ago  
935a6a1
webui: add i18n for the rest of QR code strings
Petr Vobornik • 6 years ago  
bb114e3
webui: add token from user page
Petr Vobornik • 6 years ago  
c1bf152
webui: better otp token type label
Petr Vobornik • 6 years ago  
46e5e69
webui: add measurement unit to otp token time fields
Petr Vobornik • 6 years ago  
26d2688
Fix typo causing ipa-upgradeconfig to fail.
David Kupka • 6 years ago  
f29d3d8
Update qrcode support for newer python-qrcode
Nathaniel McCallum • 6 years ago  
0436858
install: create ff krb extension on every install, replica install and upgrade
Petr Vobornik • 6 years ago  
97aebf8
webui: append network.negotiate-auth.trusted-uris
Petr Vobornik • 6 years ago  
de90d7d
Fix hardcoded lib dir in freeipa.spec
Gabe • 6 years ago  
ce86e5d
Use autobind when updating CA people entries during certificate renewal
Jan Cholasta • 6 years ago  
be4d5bf
Remove internaldb password from password.conf
Ana Krivokapic • 6 years ago  
712cb04
webui: notify psw change success only once
Petr Vobornik • 6 years ago  
f8fc3bb
webui: switch associators if default doesn't work
Petr Vobornik • 6 years ago  
cb2dc9c
webui: do not show login error when switching back from otp sync screen
Petr Vobornik • 6 years ago  
e77f0b9
webui: adjust behavior of bounce url
Petr Vobornik • 6 years ago  
c946029
No longer generate a machine certificate on client installs
Rob Crittenden • 6 years ago  
058c1f4
Backup CS.cfg before modifying it
Jan Cholasta • 6 years ago  
b6c7e5f
Fix: Add managed read permissions for compat tree and operational attrs
Petr Viktorin • 6 years ago  
cd80528
webui: extract complex pkey on Add and Edit
Petr Vobornik • 6 years ago  
2fd4f40
Allow user to force Kerberos realm during installation.
David Kupka • 6 years ago  
a28d9b8
Make CA-less ipa-server-install option --root-ca-file optional.
Jan Cholasta • 6 years ago  
be65682
Add managed read permissions for compat tree
Petr Viktorin • 6 years ago  
9bcd885
Do not restart apache server when not necessary.
David Kupka • 6 years ago  
ccc3762
Tests: DNS wildcard records
Martin Basti • 6 years ago  
031677c
FIX DNS wildcard records (RFC4592)
Martin Basti • 6 years ago  
803dc81
Fix DNS record rename test
Martin Basti • 6 years ago  
a327363
Test: DNS NS validation
Martin Basti • 6 years ago  
c7dc1b5
DNS fix NS record coexistence validator
Martin Basti • 6 years ago  
f605fe8
Tests: DNS dsrecord validation
Martin Basti • 6 years ago  
2863fc9
DNSSEC: fix DS record validation
Martin Basti • 6 years ago  
7348832
Use certmonger D-Bus API instead of messing with its files.
David Kupka • 6 years ago  
78b2a7a
Fix dnsrecord-mod raise error if last record attr is removed
Martin Basti • 6 years ago  
9e8aed8
ipa-client-install: Do not add already configured sources to nsswitch.conf entries
Tomas Babej • 6 years ago  
5aead1f
Normalize external CA cert before passing it to pkispawn
Jan Cholasta • 6 years ago  
451c2e2
Add record(s) to /etc/host when IPA is configured as DNS server.
David Kupka • 6 years ago  
7baf8fe
Ensure ipaUserAuthTypeClass when needed on user creation
Nathaniel McCallum • 6 years ago  
480512f
permission plugin: Improve description of the target option
Petr Viktorin • 6 years ago  
6456046
permission plugin: Make --target available in the CLI
Petr Viktorin • 6 years ago  
c01c616
freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequires
Petr Viktorin • 6 years ago  
cac070b
CLIENT: Explicitly require python-backports-ssl_match_hostname
Jakub Hrozek • 6 years ago  
c034044
Allow changing CA renewal master in ipa-csreplica-manage.
Jan Cholasta • 6 years ago  
aae7848
ipaserver/dcerpc.py: Make sure trust is established only to forest root domain
Alexander Bokovoy • 6 years ago  
d54d7ad
ipaserver/dcerpc.py: be more open to what domains can be seen through the forest trust
Alexander Bokovoy • 6 years ago  
e8a28b0
ipaserver/dcerpc.py: Avoid hitting issue with transitive trusts on Windows Server prior to 2012
Alexander Bokovoy • 6 years ago  
4f17f64
ipaserver/dcerpc.py: make PDC discovery more robust
Alexander Bokovoy • 6 years ago  
214c23b
ipaserver/dcerpc.py: if search of a closest GC failed, try to find any GC
Alexander Bokovoy • 6 years ago  
2bcf79e
ipa trust-add command should be interactive
Gabe • 6 years ago  
8bb2af0
webui: fix group type padding
Petr Vobornik • 6 years ago  
2752f8e
webui: disable batch action buttons by default
Petr Vobornik • 6 years ago  
dd45278
webui: sshkey widget - usability fixes
Petr Vobornik • 6 years ago  
a8a7998
webui: improve rule table css
Petr Vobornik • 6 years ago  
189f6fd
webui: convert widget.less indentation to spaces
Petr Vobornik • 6 years ago  
500db90
service: Normalize service principal in get_dn
Petr Viktorin • 6 years ago  
e497688
Support delegating RBAC roles to service principals
Petr Viktorin • 6 years ago  
e5b78c2
webui: better authentication types description
Petr Vobornik • 6 years ago  
af83c37
webui: tooltip support
Petr Vobornik • 6 years ago  
c1290a7
webui: rename tooltip to title
Petr Vobornik • 6 years ago  
9554b51
webui: login screen - improved button switching
Petr Vobornik • 6 years ago  
b378540
webui: improved info msgs on login/token sync/reset pwd pages
Petr Vobornik • 6 years ago  
6864727
webui: display expired session notification in a more visible area
Petr Vobornik • 6 years ago  
6f8dc9d
Change BuildRequires for Java
Stephen Gallagher • 6 years ago  
a692799
webui-ci: fix table widget add
Petr Vobornik • 6 years ago  
4fde716
webui: better error reporting
Petr Vobornik • 6 years ago  
23413e9
Become IPA 4.1.5
Tomas Babej • 5 years ago  
572124c
ipasam: fix a use-after-free issue
Sumit Bose • 5 years ago  
47df949
ipasam: use more restrictive search filter for group lookup
Sumit Bose • 5 years ago  
bc0d6b4
ipasam: fix wrong usage of talloc_new()
Sumit Bose • 5 years ago  
c87ce19
enable debugging of ntpd during client installation
Martin Babinsky • 5 years ago  
bd1e314
Server Upgrade: fix memberUid index
Martin Basti • 5 years ago  
f6901e5
Fix indicies ntUserDomainId, ntUniqueId
Martin Basti • 5 years ago  
cf2587c
migration: Use api.env variables.
David Kupka • 5 years ago  
e40a6bc
ipa-kdb: filter out group membership from MS-PAC for exact SID matches too
Alexander Bokovoy • 5 years ago  
d69603c
ipa-kdb: use proper memory chunk size when moving sids
Alexander Bokovoy • 5 years ago  
74c80e8
FIX: Clear SSSD caches when uninstalling the client
Martin Basti • 5 years ago  
56db663
webui: add mangedby tab to otptoken
Petr Vobornik • 5 years ago  
5439e7a
idviews: Remove ID overrides for permanently removed users and groups
Tomas Babej • 5 years ago  
12f3da5
idviews: Allow users specify the raw anchor directly as identifier
Tomas Babej • 5 years ago  
7e61317
idviews: Set dcerpc detection flag properly
Tomas Babej • 5 years ago  
534822b
DNSSEC: Store time & date key metadata in UTC.
Petr Spacek • 5 years ago  
840bf5f
Clear SSSD caches when uninstalling the client
Gabe • 5 years ago  
222427c
DNSSEC: Improve ipa-ods-exporter log messages with key metadata.
Petr Spacek • 5 years ago  
a983140
DNSSEC: Add ability to trigger full data synchronization to ipa-ods-exporter.
Petr Spacek • 5 years ago  
4840b50
DNSSEC: log ipa-ods-exporter file lock operations into debug log
Petr Spacek • 5 years ago  
70ee45c
DNSSEC: ipa-ods-exporter: move zone synchronization into separate function
Petr Spacek • 5 years ago  
fd5ace8
DNSSEC: Accept ipa-ods-exporter commands from command line.
Petr Spacek • 5 years ago  
8fc6fa7
DNSSEC: Detect invalid master keys in LDAP.
Petr Spacek • 5 years ago  
17fcdc3
Bump minimal BIND version for CentOS.
Petr Spacek • 5 years ago  
bb396d4
Hide traceback in ipa-dnskeysyncd if kinit failed.
Petr Spacek • 5 years ago  
6f9d16f
Fix OTP token URI generation
Nathaniel McCallum • 5 years ago  
de7aed1
DNSSEC: fix traceback during shutdown phase
Martin Basti • 5 years ago  
a5d8d79
DNSSEC: Detect zone shadowing with incorrect DNSSEC signatures.
Petr Spacek • 5 years ago  
c5e6f97
DNSSEC: validate forward zone forwarders
Martin Basti • 5 years ago  
9a90ef2
DNSSEC: Improve global forwarders validation
Martin Basti • 5 years ago  
e8f3956
Add compatibility function for older libkrb5
Simo Sorce • 5 years ago  
aae54b2
Detect default encsalts kadmin password change
Simo Sorce • 5 years ago  
7077622
replica-manage: Properly delete nested entries
Tomas Babej • 5 years ago  
aa83d20
ipaserver/dcerpc: Ensure LSA pipe has session key before using it
Alexander Bokovoy • 5 years ago  
d74f938
client-install: Fix kinits with non-default Kerberos config file
Jan Cholasta • 5 years ago  
f6f94ae
DNSSEC: update OpenDNSSEC KASP configuration
Martin Basti • 5 years ago  
9b7fe37
DNSSEC: FIX Do not re-create kasp.db if already exists
Martin Basti • 5 years ago  
d7cfc11
Unsaved changes dialog internally inconsistent
Gabe • 5 years ago  
5ac5564
Fix a signedness bug in OTP code
Nathaniel McCallum • 5 years ago  
352360a
suppress errors arising from deleting non-existent files during client uninstall
Martin Babinsky • 5 years ago  
b04435a
point the users to PKI-related logs when CA configuration fails
Martin Babinsky • 5 years ago  
04fbbbb
Make lint work on Fedora 22.
David Kupka • 5 years ago  
0acfd39
Removed recommendation from ipa-adtrust-install
Thorsten Scherf • 5 years ago  
f838e80
Adopted kinit_keytab and kinit_password for kerberos auth
Martin Babinsky • 5 years ago  
0ca8254
ipa-client-install: try to get host TGT several times before giving up
Martin Babinsky • 5 years ago  
48095ca
ipautil: new functions kinit_keytab and kinit_password
Martin Babinsky • 5 years ago  
3749c8d
do not install CA on replica during integration test if setup_ca=False
Martin Babinsky • 5 years ago  
f47da5a
DNSSEC CI tests
Martin Basti • 5 years ago  
f3b5d16
do not log BINDs to non-existent users as errors
Martin Babinsky • 5 years ago  
ede3298
Ipatests DNS SOA Record Maintenance
Ales 'alich' Marecek • 5 years ago  
8f94ac1
DNSSEC: Do not log into files
Martin Basti • 5 years ago  
e27b9d1
  • « Newer
  • page 1 of 159
  • » Older
Powered by Pagure 5.12.1
Documentation • File an Issue • About • SSH Hostkey/Fingerprint
© Red Hat, Inc. and others.