Commits - freeipa - Pagure.io

Keep NSS trust flags of existing certificates

Tomas Krizek • 4 years ago

202ab87

ipa-kdb: simplify trusted domain parent search

Alexander Bokovoy • 4 years ago

ac62484

trust: make sure ID range is created for the child domain even if it exists

Alexander Bokovoy • 4 years ago

0dfd570

cert-revoke: fix permission check bypass (CVE-2016-5404)

Fraser Tweedale • 4 years ago

e26ec4c

DNS: Fix tests for realm domains integration with DNS zone add

Petr Spacek • 4 years ago

864cc69

mod_auth_gssapi: enable unique credential caches names

Petr Vobornik • 4 years ago

6683442

DNS: Fix realm domains integration with DNS zone add.

Petr Spacek • 4 years ago

8d57d3b

installer: index() raises ValueError

David Kupka • 4 years ago

46802c8

installer: positional_arguments must be tuple or list of strings

David Kupka • 4 years ago

48aa3be

Translations: remove deprecated locale configuration

Martin Basti • 4 years ago

776ef9a

Set proper zanata project-version

Martin Basti • 4 years ago

c404d65

replica install: do not set CA renewal master flag

Jan Cholasta • 4 years ago

9d39d5e

spec file: bump minimum required pki-core version

Jan Cholasta • 4 years ago

bd5abb4

Detect and repair incorrect caIPAserviceCert config

Fraser Tweedale • 4 years ago

f116e51

Prevent replica install from overwriting cert profiles

Fraser Tweedale • 4 years ago

c72993b

Batch command: avoid accessing potentially undefined context.principal

Petr Spacek • 4 years ago

da06be4

spec: Add python-sssdconfig dependency for freeipa-tests package

Milan Kubík • 4 years ago

492c1cb

ipatests: Add test case for requesting a certificate with full principal.

Milan Kubík • 4 years ago

ffd6703

ipatests: fix for change_principal context manager

Milan Kubík • 4 years ago

eadd47e

caacl: correctly handle full user principal name

Fraser Tweedale • 4 years ago

8a8ee89

Become IPA 4.2.4

Petr Vobornik • 4 years ago

a1d3baf

Fix broken trust warnings

Martin Basti • 4 years ago

fb11384

certdb: never use the -r option of certutil

Jan Cholasta • 4 years ago

00097c1

pylint: supress false positive no-member errors

Martin Basti • 4 years ago

aaad91d

fix incorrect name of ipa-winsync-migrate command in help

Petr Vobornik • 4 years ago

7151ea3

Fix connections to DS during installation

Martin Basti • 4 years ago

0af8191

Insure the admin_conn is disconnected on stop

Simo Sorce • 4 years ago

e2ef561

cookie parser: do not fail on cookie with empty value

Petr Vobornik • 4 years ago

09de449

use LDAPS during standalone CA/KRA subsystem deployment

Martin Babinsky • 4 years ago

c7c126f

advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins

Petr Vobornik • 4 years ago

6111a30

slapi-nis: update configuration to allow external members of IPA groups

Alexander Bokovoy • 4 years ago

dbea05e

spec: Bump required sssd version to 1.13.3-5

Tomas Babej • 4 years ago

fea62ea

ipa-adtrust-install: Allow dash in the NETBIOS name

Tomas Babej • 4 years ago

6578384

Make PTR records check optional for IPA installation

Martin Basti • 4 years ago

e66ce1a

fix permission: Read Replication Agreements

Martin Basti • 4 years ago

de7ec77

Pylint: add missing attributes of errors to definitions

Martin Basti • 4 years ago

a27f7df

CI tests: use old schema when testing hostmask-based sudo rules

Martin Babinsky • 4 years ago

6147563

fix upgrade: wait for proper DS socket after DS restart

Martin Basti • 4 years ago

63d8caf

Warn user if trust is broken

Martin Basti • 4 years ago

4338161

trusts: use ipaNTTrustPartner attribute to detect trust entries

Martin Basti • 4 years ago

10ca4df

upgrade: fix config of sidgen and extdom plugins

Martin Basti • 4 years ago

0ac22cf

Disable new pylint checks

Martin Basti • 4 years ago

9136d72

upgrade: unconditional import of certificate profiles into LDAP

Martin Babinsky • 4 years ago

704319c

Do not decode HTTP reason phrase from Dogtag

Fraser Tweedale • 4 years ago

0aedaf1

make lint: use config file and plugin for pylint

Martin Basti • 4 years ago

f224590

Tests: DNS replace 192.0.2.0/24 with 198.18.0.0/15 range

Martin Basti • 4 years ago

32b7ba7

ipa-kdb: map_groups() consider all results

Sumit Bose • 4 years ago

d70c86f

always start certmonger during IPA server configuration upgrade

Martin Babinsky • 4 years ago

3664efa

replica install: validate DS and HTTP server certificates

Jan Cholasta • 4 years ago

c2ade68

fix standalone installation of externally signed CA on IPA master

Martin Babinsky • 5 years ago

2438462

CA install: explicitly set dogtag_version to 10

Jan Cholasta • 5 years ago

7c78a1f

cert renewal: import all external CA certs on IPA CA cert renewal

Jan Cholasta • 5 years ago

2314fa6

Fixed login error message box in LoginScreen page

Abhijeet Kasurde • 5 years ago

fc2a4d5

ipalib: assume version 2.0 when skip_version_check is enabled

Jan Cholasta • 5 years ago

7a4a3b0

use FFI call to rpmvercmp function for version comparison

Martin Babinsky • 5 years ago

be9af72

Upgrade: Fix upgrade of NIS Server configuration

Martin Basti • 5 years ago

98a86d0

prevent crash of CA-less server upgrade due to absent certmonger

Martin Babinsky • 5 years ago

f55a228

Allow to used mixed case for sysrestore

Martin Basti • 5 years ago

2fce8fd

FIX: ipa_kdb_principals: add missing break statement

Martin Basti • 5 years ago

fec0f46

Return default TL_DATA is krbExtraData is missing

Simo Sorce • 5 years ago

d5180ee

Require Dogtag 10.2.6-13 to fix KRA uninstall

Christian Heimes • 5 years ago

8488426

DNSSEC: Log debug messages at log level DEBUG

Petr Spacek • 5 years ago

614d9af

DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal

Petr Spacek • 5 years ago

ab0b5e9

DNSSEC: ipa-ods-exporter: add ldap-cleanup command

Petr Spacek • 5 years ago

dfefa6d

DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP

Petr Spacek • 5 years ago

2e6c3b3

DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP

Petr Spacek • 5 years ago

6647349

DNSSEC: logging improvements in ipa-ods-exporter

Petr Spacek • 5 years ago

3eaabd9

DNSSEC: add debug mode to ldapkeydb.py

Petr Spacek • 5 years ago

aa76c60

DNSSEC: remove obsolete TODO note

Petr Spacek • 5 years ago

9beb33c

DNSSEC: Make sure that current key state in LDAP matches key state in BIND

Petr Spacek • 5 years ago

52369bb

DNSSEC: Make sure that current state in OpenDNSSEC matches key state in LDAP

Petr Spacek • 5 years ago

cb8a958

DNSSEC: Improve error reporting from ipa-ods-exporter

Petr Spacek • 5 years ago

d2022d0

Fix: replace mkdir with chmod

Martin Basti • 5 years ago

066ecf4

Explicitly call chmod on newly created directories

Martin Basti • 5 years ago

5c2dbcc

DNS: fix file permissions

Martin Basti • 5 years ago

d910de8

Fix version comparison

Martin Basti • 5 years ago

dccdade

installer: Fix logic of reading option values from cache.

David Kupka • 5 years ago

d655b94

installer: Propagate option values from components instead of copying them.

David Kupka • 5 years ago

2bead37

Modify error message to install first instance of KRA

Martin Basti • 5 years ago

cacca7b

ipa-kra-install: allow to install first KRA on replica

Martin Basti • 5 years ago

991e57b

Tests: Fix tests for (stage)user plugin

Lenka Doudova • 5 years ago

d62f023

Makefile: disable parallel build

Petr Spacek • 5 years ago

58453bc

test: Temporarily increase timeout in vault test.

David Kupka • 5 years ago

ac0999e

tests: Add hostmask detection for sudo rules validating on hostmask

Tomas Babej • 5 years ago

f676b12

fix error message assertion in negative forced client reenrollment tests

Martin Babinsky • 5 years ago

742ffcd

Adding descriptive IDs to stageuser tests

Lenka Doudova • 5 years ago

75675fc

tests: Fix incorrect uninstall method invocation

Tomas Babej • 5 years ago

e5189ef

Fixed small typo in stage-user documentation

Abhijeet Kasurde • 5 years ago

d96b840

KRA: do not stop certmonger during standalone uninstall

Martin Basti • 5 years ago

6776bee

ipa-getkeytab: do not return error when translations cannot be loaded

Martin Basti • 5 years ago

34db888

Fix upgrade of forwardzones when zone is in realmdomains

Martin Basti • 5 years ago

8b0f60f

do not disconnect when using existing connection to check default CA ACLs

Martin Babinsky • 5 years ago

c5faaed

disconnect ldap2 backend after adding default CA ACL profiles

Martin Babinsky • 5 years ago

0f39612

Add profiles and default CA ACL on migration

Fraser Tweedale • 5 years ago

a2371f3

Do not erroneously reinit NSS in Dogtag interface

Fraser Tweedale • 5 years ago

3cb7933

ipa-otptoken-import: Fix connection to ldap.

David Kupka • 5 years ago

8d59f77

ipa-cacert-renew: Fix connection to ldap.

David Kupka • 5 years ago

f043201

ipasam: fix a use-after-free issue

Sumit Bose • 5 years ago

181d254

ipasam: use more restrictive search filter for group lookup

Sumit Bose • 5 years ago

6974302

ipasam: fix wrong usage of talloc_new()

Sumit Bose • 5 years ago

f903fdf

Check if IPA is configured before attempting a winsync migration

Gabe • 5 years ago

dbc442c

update idrange tests to reflect disabled modification of local ID ranges

Martin Babinsky • 5 years ago

92e00d1

Avoid race condition caused by profile delete and recreate

Fraser Tweedale • 5 years ago

a8a6664

TLS and Dogtag HTTPS request logging improvements

Fraser Tweedale • 5 years ago

1874ccf

upgrade: fix migration of old dns forward zones

Martin Basti • 5 years ago

68eef6c

client install: do not corrupt OpenSSH config with Match sections

Jan Cholasta • 5 years ago

f3b04d5

fix caching in get_ipa_config

Martin Basti • 5 years ago

0ca4c1d

suppress errors arising from adding existing LDAP entries during KRA install

Martin Babinsky • 5 years ago

f2a7a3e

cert renewal: make renewal of ipaCert atomic

Jan Cholasta • 5 years ago

f831cb6

install: export KRA agent PEM file in ipa-kra-install

Jan Cholasta • 5 years ago

9d4f383

ipatests: Fix missed module import in ipaserver tests

Milan Kubík • 5 years ago

af07652

fix error reporting when installer option is supplied with invalid choice

Martin Babinsky • 5 years ago

dc0f2d1

Applied tier0 and tier1 marks on unit tests and xmlrpc tests

Milan Kubik • 5 years ago

2f703e5

Incomplete ports for IPA AD Trust

Gabe • 5 years ago

e76e866

install: fix command line option validation

Jan Cholasta • 5 years ago

09d47c4

fix broken translations after last po update

Petr Vobornik • 5 years ago

f6f1a21

spec file: depend on Dogtag 10.2.6-12 for tomcat 8 upgrade

Alexander Bokovoy • 5 years ago

0c4342c

Become IPA 4.2.3

Petr Vobornik • 5 years ago

6c5b65d

Update .po files

Petr Vobornik • 5 years ago

a583344

KRA: fix check that CA is installed

Martin Basti • 5 years ago

0f77745

ipatests: CA ACL and cert profile functional test

Milan Kubík • 5 years ago

21fed03

ipatests: added unlock_principal_password and change_principal

Milan Kubík • 5 years ago

f1414fe

ipatests: CA ACL - added config templates

Milan Kubík • 5 years ago

b6193e8

tests: add test to check the default ACL

Milan Kubík • 5 years ago

127b109

ipatests: Add initial CAACLTracker implementation

Milan Kubík • 5 years ago

438a29f

ipatests: add fuzzy instances for CA ACL DN and RDN

Milan Kubík • 5 years ago

5aba3c7

trustdomain: Perform validation of the trust domain first

Tomas Babej • 5 years ago

b0aea24

trusts: Make trust_show.get_dn raise properly formatted NotFound

Tomas Babej • 5 years ago

d0911de

always ask the resolver for the reverse zone when manipulating PTR records

Martin Babinsky • 5 years ago

2d48544

DNSSEC: warn user if DNSSEC key master is not installed

Martin Basti • 5 years ago

1c17374

DNSSEC: Remove service containers from LDAP after uninstalling

Martin Basti • 5 years ago

ffd0e64

DNSSEC CI: wait until DS records is replicated

Martin Basti • 5 years ago

edaf466

Warn if no installation found when running ipa-server-install --uninstall

Gabe • 5 years ago

85dc0c2

fix class teardown in user plugin tests

Martin Babinsky • 5 years ago

1573d3a

execute user-del pre-callback also during user preservation

Martin Babinsky • 5 years ago

a85a8f3

Revert allow to customize dirsrv configuration during install

Martin Basti • 5 years ago

a17936a

CI: installation with customized DS config

Martin Basti • 5 years ago

94412b8

Add option to specify LDIF file that contains DS configuration changes

Martin Basti • 5 years ago

9a6b224

Add method to read changes from LDIF

Martin Basti • 5 years ago

23363ff

Make offline LDIF modify more robust

Martin Basti • 5 years ago

fca082f

tests: Add tests for idoverride object integrity

Tomas Babej • 5 years ago

cc085d2

idoverride: Ignore ValidationErrors when converting the anchor

Tomas Babej • 5 years ago

52680a1

remove ID overrides when deleting a user

Martin Babinsky • 5 years ago

bbe7d99

ipa-adtrust-install: Print complete SRV records

Petr Spacek • 5 years ago

6b2dec8

Fixes disappearing automember expressions

Stanislav Laznicka • 5 years ago

cbccec6

Replace tab with space in test_user_plugin.py

Martin Basti • 5 years ago

8b66b6f

Remove bind configuration detected question

Gabe • 5 years ago

1d78cbb

vault: fix private service vault creation

Jan Cholasta • 5 years ago

285043e

comment: Add Documentation string to deduplicate function

David Kupka • 5 years ago

9e3d0d6

CI Test: add setup_kra options into install scripts

Martin Basti • 5 years ago

a23b1ca

upgrade: make sure ldap2 is connected in export_kra_agent_pem

Jan Cholasta • 5 years ago

9182f40

schema: do not derive ipaVaultPublicKey from ipaPublicKey

Jan Cholasta • 5 years ago

e92da55

CI TEST: Vault

Martin Basti • 5 years ago

ad345b4

tests: Amend result assertions in realmdomains tests

Tomas Babej • 5 years ago

291aa25

realmdomains: Do not fail due the ValidationError when adding _kerberos TXT record

Tomas Babej • 5 years ago

31e7a7e

realmdomains: Issue a warning when automated management of realmdomains failed

Tomas Babej • 5 years ago

01a75c6

realmdomains: Add validation that realmdomain being added is indeed from our realm

Tomas Babej • 5 years ago

3bcd894

realmdomains: Minor style and wording improvements

Tomas Babej • 5 years ago

a593abd

util: Add detect_dns_zone_realm_type helper

Tomas Babej • 5 years ago

6248ae2

Fixed a timing issue with drill returning non-zero exitcode

Oleg Fayans • 5 years ago

f076da9

Become IPA 4.2.2

Petr Vobornik • 5 years ago

06cedee

client referral support for trusted domain principals

Alexander Bokovoy • 5 years ago

47a8d4f

vault: select a server with KRA for vault operations

Jan Cholasta • 5 years ago

0cfa434

install: always export KRA agent PEM file

Jan Cholasta • 5 years ago

1002052

install: fix KRA agent PEM file permissions

Jan Cholasta • 5 years ago

55a66cc

Avoid ipa-dnskeysync-replica & ipa-ods-exporter crashes caused by exceeding LDAP limits

Petr Spacek • 5 years ago

5841d49

Update FreeIPA package description

Gabe • 5 years ago

0667794

httpinstance: Replace a hardcoded path to password.conf with HTTPD_PASSWORD_CONF

Timo Aaltonen • 5 years ago

181c814

paths: Add GENERATE_RNDC_KEY.

Timo Aaltonen • 5 years ago

b8a2104

Include ipatests/test_xmlrpc/data directory into distribution.

Milan Kubík • 5 years ago

c99e0aa

Fix import get_reverse_zone_default in tasks

Martin Basti • 5 years ago

e7a33b7

ipatests: configure Network Manager not to manage resolv.conf

Milan Kubík • 5 years ago

7a90baf

do not overwrite files with local users/groups when restoring authconfig

Martin Babinsky • 5 years ago

d333a96

re-kinit after ipa-restore in backup/restore CI tests

Martin Babinsky • 5 years ago

a5f6887

ipa-server-install: mark master_password Knob as deprecated

Martin Babinsky • 5 years ago

63c8884

install: fix ipa-server-install fail on missing --forwarder

Jan Cholasta • 5 years ago

75a8454

Added a proper workaround for dnssec test failures in Beaker environment

Oleg Fayans • 5 years ago

c898c96

webui: improve performance of search in association dialog

Petr Vobornik • 5 years ago

bf3121d

Fix an integer underflow bug in libotp

Nathaniel McCallum • 5 years ago

7db0a8e

Replica inst. fix: do not require -r, -a, -p options in unattended mode

Martin Basti • 5 years ago

ad28589

dnssec option missing in ipa-dns-install man page

Gabe • 5 years ago

a5b1cb2

CI: backup and restore with KRA

Martin Basti • 5 years ago

e87ae21

winsync-migrate: Properly handle collisions in the names of external groups

Tomas Babej • 5 years ago

d639e93

winsync-migrate: Convert entity names to posix friendly strings

Tomas Babej • 5 years ago

aac5f93

install: fix kdcproxy user home directory

Jan Cholasta • 5 years ago

091b119

platform: add option to create home directory when adding user

Jan Cholasta • 5 years ago

5750fbd

destroy httpd ccache after stopping the service

Martin Babinsky • 5 years ago

23f1d4e

install: create kdcproxy user during server install

Jan Cholasta • 5 years ago

4663625

ipa-backup: Add mechanism to store empty directory structure

Tomas Babej • 5 years ago

210a425

install: Move unattended option to the general help section

Jan Cholasta • 5 years ago

42d16b0

install: Add common base class for server and replica install

Jan Cholasta • 5 years ago

61170a4

install: Support overriding knobs in subclasses

Jan Cholasta • 5 years ago

8040a0e

Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for unlimited minvalue

Gabe • 5 years ago

28d6ae0

webui: use manual Firefox configuration for Firefox >= 40

Petr Vobornik • 5 years ago

f1b2b0f

Server Upgrade: addifnew should not create entry

Martin Basti • 5 years ago

96003cb

Limit max age of replication changelog

Martin Basti • 5 years ago

accc2b7

install: support KRA update

Jan Cholasta • 5 years ago

b1587bf

vault: add permissions and administrator privilege

Jan Cholasta • 5 years ago

500e0d1

vault: update access control

Jan Cholasta • 5 years ago

b9615c8

vault: set owner to current user on container creation

Jan Cholasta • 5 years ago

78f8906

vault: add vault container commands

Petr Vobornik • 5 years ago

ad7325d

baseldap: make subtree deletion optional in LDAPDelete

Jan Cholasta • 5 years ago

b393205

ipatests: Add basic tests for certificate profile plugin

Milan Kubík • 5 years ago

223dc3d

ipatests: Add Certprofile tracker class implementation

Milan Kubík • 5 years ago

5418c33

Add Chromium configuration note to ssbrowser

Gabe • 5 years ago

7d5bc9f

backup CI: test DNS/DNSSEC after backup and restore

Martin Basti • 5 years ago

c469f81

DNSSEC CI: test master migration

Martin Basti • 5 years ago

773c02e

DNSSEC: improve CI test

Martin Basti • 5 years ago

c1e9435

winsync: Add inetUser objectclass to the passsync sysaccount

Tomas Babej • 5 years ago

ffb6765

config: allow user/host attributes with tagging options

Jan Cholasta • 5 years ago

bbcbbf3

Updated number of legacy permission in ipatests

Abhijeet Kasurde • 5 years ago

72e87e8

IPA Restore: allows to specify files that should be removed

Martin Basti • 5 years ago

21f2a3d

Server Upgrade: backup CS.cfg when dogtag is turned off

Martin Basti • 5 years ago

c3d8a13

Handle timeout error in ipa-httpd-kdcproxy

Christian Heimes • 5 years ago

1464437

FIX vault tests

Martin Basti • 5 years ago

72ba377

load RA backend plugins during standalone CA install on CA-less IPA master

Martin Babinsky • 5 years ago

eef88c5

Become IPA 4.2.1

Petr Vobornik • 5 years ago

60fe517

Using LDAPI to setup CA and KRA agents.

Endi S. Dewata • 5 years ago

3973da5

ldap: Make ldap2 connection management thread-safe again

Jan Cholasta • 5 years ago

fa15297

DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.

Petr Spacek • 5 years ago

5ad806e

DNSSEC: Fix key metadata export

Petr Spacek • 5 years ago

73058ca

DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master

Petr Spacek • 5 years ago

e1101c2

DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction

Petr Spacek • 5 years ago

87c4945

DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart

Petr Spacek • 5 years ago

f8c637d

DNSSEC: remove ccache and keytab of ipa-ods-exporter

Martin Basti • 5 years ago

8767fff

DNSSEC: backup and restore opendnssec zone list file

Martin Basti • 5 years ago

a007a15

Installer: do not modify /etc/hosts before user agreement

Martin Basti • 5 years ago

af10e86

certprofile: remove 'rename' option

Fraser Tweedale • 5 years ago

b7386dc

Backup: back up the hosts file

Martin Basti • 5 years ago

e6a0182

DNSSEC: remove "DNSSEC is experimental" warnings

Martin Basti • 5 years ago

cdad393

Use %license instead of %doc for packaging the license

Rob Crittenden • 5 years ago

30cfae7

cert renewal: Automatically update KRA agent PEM file

Jan Cholasta • 5 years ago

cea6636

cert renewal: Include KRA users in Dogtag LDAP update

Jan Cholasta • 5 years ago

a3310c3

Fix user tracker to reflect new user-del message

Lenka Doudova • 5 years ago

f5dcb03

ipactl: Do not start/stop/restart single service multiple times

David Kupka • 5 years ago

21cdcbd

vault: Limit size of data stored in vault

David Kupka • 5 years ago

9fc82bc

vault: fix vault tests after default type change

Petr Vobornik • 5 years ago

91de475

certprofile: prevent rename (modrdn)

Fraser Tweedale • 5 years ago

d943bf0

Removed clear text passwords from KRA install log.

Endi S. Dewata • 5 years ago

4e474c5

webui: add option to establish bidirectional trust

Petr Vobornik • 5 years ago

b1f1dca

fix missing information in object metadata

Petr Vobornik • 5 years ago

42e8ab8

vault: change default vault type to symmetric

Petr Vobornik • 5 years ago

e247bab

spec file: Add Requires(post) on selinux-policy

Jan Cholasta • 5 years ago

94adf09

Added support for changing vault encryption.

Endi S. Dewata • 5 years ago

d4969ed

DNSSEC: fix forward zone forwarders checks

Martin Basti • 5 years ago

32fedf0

Automated test for stageuser plugin

Lenka Doudova • 5 years ago

b648d12

improve the usability of `ipa user-del --preserve` command

Martin Babinsky • 5 years ago

361a4fb

Change internal rsa_(public|private)_key variable names

Christian Heimes • 5 years ago

5f55768

Temporary fix for ticket 5240

Oleg Fayans • 5 years ago

aa38174

Added a user-friendly output to an import error

Oleg Fayans • 5 years ago

74c0bcc

trusts: format Kerberos principal properly when fetching trust topology

Alexander Bokovoy • 5 years ago

e13a5ed

Add user-stage command

Martin Basti • 5 years ago

6b86238

ipatests: Take otptoken import test out of execution

Milan Kubík • 5 years ago

57b0707

Add flag to list all service and user vaults

Christian Heimes • 5 years ago

89c9fea

Backup/resore authentication control configuration

David Kupka • 5 years ago

4fe994b

client: Add description of --ip-address and --all-ip-addresses to man page

David Kupka • 5 years ago

d0c41bd

cert-request: remove allowed extensions check

Fraser Tweedale • 5 years ago

7723b3a

Server Upgrade: Start DS before CA is started.

Martin Basti • 5 years ago

9cb6018

Add dependency to SSSD 1.13.1

Martin Basti • 5 years ago

7924007

vault: Add container information to vault command results

Jan Cholasta • 5 years ago

cb575e6

vault: Fix vault-find with criteria

Jan Cholasta • 5 years ago

9d32bca

client: Add support for multiple IP addresses during installation.

David Kupka • 5 years ago

ff34125

improve the handling of krb5-related errors in dnssec daemons

Martin Babinsky • 5 years ago

a9f010f

Prohibit deletion of predefined profiles

Fraser Tweedale • 5 years ago

9ca156c

user-undel: Fix error messages.

David Kupka • 5 years ago

6005dfb

trusts: harden trust-fetch-domains oddjobd-based script

Alexander Bokovoy • 5 years ago

c30baa9

install: Fix replica install with custom certificates

Jan Cholasta • 5 years ago

bfe9377

ipa-restore: check whether DS is running before attempting connection

Martin Babinsky • 5 years ago

e4b8cff

vault: validate vault type

Petr Vobornik • 5 years ago

c34b288

vault: normalize service principal in service vault operations

Petr Vobornik • 5 years ago

c38e8c3

Fixed vault container ownership.

Endi S. Dewata • 5 years ago

e110f6d

vault: Fix param labels in output of vault owner commands

Jan Cholasta • 5 years ago

f66d704

baseldap: Allow overriding member param label in LDAPModMember

Jan Cholasta • 5 years ago

649a1a7

ipa-backup: archive DNSSEC zone file and kasp.db

Martin Babinsky • 5 years ago

73ab485

fix typo in BasePathNamespace member pointing to ods exporter config

Martin Babinsky • 5 years ago

f3c16ff

winsync-migrate: Expand the man page

Tomas Babej • 5 years ago

5a9a8e2

winsync-migrate: Add warning about passsync

Tomas Babej • 5 years ago

fc62c13

trusts: Detect missing Samba instance

Tomas Babej • 5 years ago

91c9559

trusts: Detect domain clash with IPA domain when adding a AD trust

Tomas Babej • 5 years ago

5fd2a89

spec file: Fix install with the server-dns subpackage

Jan Cholasta • 5 years ago

5d5240b

Added CLI param and ACL for vault service operations.

Endi S. Dewata • 5 years ago

f211747

Add permission for bypassing CA ACL enforcement

Fraser Tweedale • 5 years ago

ef8f431

add permission: System: Manage User Certificates

Petr Vobornik • 5 years ago

7a50998

ipa-client-install: warn when IP used in --server

Stanislav Laznicka • 5 years ago

d55e10f

Asymmetric vault: validate public key in client

Christian Heimes • 5 years ago

06d68b4

ULC: Prevent preserved users from being assigned membership

Jan Cholasta • 5 years ago

cd81727

certprofile: add profile format explanation

Fraser Tweedale • 5 years ago

5afe202

install: Fix server and replica install options

Jan Cholasta • 5 years ago

8e1a9b4

idranges: raise an error when local IPA ID range is being modified

Martin Babinsky • 5 years ago

5738cdb

validate mutually exclusive options in vault-add

Petr Vobornik • 5 years ago

dc0d4f7

adjust search so that it works for non-admin users

Petr Vobornik • 5 years ago

e37821a

Fix KRB5PrincipalName / UPN SAN comparison

Fraser Tweedale • 5 years ago

58cf1cd

Fix default CA ACL added during upgrade

Fraser Tweedale • 5 years ago

8685c0d

adtrust-install: Correctly determine 4.2 FreeIPA servers

Tomas Babej • 5 years ago

ef192fb

Work around python-nss bug on unrecognised OIDs

Fraser Tweedale • 5 years ago

190c7c0

Add profile for DNP3 / IEC 62351-8 certificates

Fraser Tweedale • 5 years ago

2001e7b

Allow SAN extension for cert-request self-service

Fraser Tweedale • 5 years ago

0e44568

Give more info on virtual command access denial

Fraser Tweedale • 5 years ago

8cc61cc

Fix upgrade of sidgen and extdom plugins

Martin Basti • 5 years ago

609abd5

webui: add LDAP vs Kerberos behavior description to user auth types

Petr Vobornik • 5 years ago

dcd8a15

Fixed missing KRA agent cert on replica.

Endi S. Dewata • 5 years ago

ad6a87e

dcerpc: Simplify generation of LSA-RPC binding strings

Tomas Babej • 5 years ago

04bf609

Fix selector of protocol for LSA RPC binding string

Alexander Bokovoy • 5 years ago

ef781dd

Fix incorrect type comparison in trust-fetch-domains

Tomas Babej • 5 years ago

2812242

Fix otptoken-remove-managedby command summary

Fraser Tweedale • 5 years ago

dc07456

store certificates issued for user entries as userCertificate;binary

Martin Babinsky • 5 years ago

8b3ed42

test suite for user/host/service certificate management API commands

Martin Babinsky • 5 years ago

d0db86f

user-show: add --out option to save certificates to file

Fraser Tweedale • 5 years ago

3332a0a

certprofile-import: do not require profileId in profile data

Christian Heimes • 5 years ago

d80e90f

tests: Allow Tracker.dn be an instance of Fuzzy

Milan Kubík • 5 years ago

3b90044

Validate vault's file parameters

Christian Heimes • 5 years ago

2d7565e

Require Dogtag PKI >= 10.2.6

Christian Heimes • 5 years ago

b01dc89

webui: fix regressions failed auth messages

Petr Vobornik • 5 years ago

2afe352

ULC: Fix stageused-add --from-delete command

Martin Basti • 5 years ago

10e43f8

Use 'mv -Z' in specfile to restore SELinux context

Martin Basti • 5 years ago

21d3122

ACI plugin: correctly parse bind rules enclosed in parentheses

Martin Babinsky • 5 years ago

d85f92c

otptoken: use ipapython.nsslib instead of Python's ssl module

Christian Heimes • 5 years ago

4fe3bd1

certprofile-import: improve profile format documentation

Christian Heimes • 5 years ago

b4722be

Remove ico files from Makefile

Martin Basti • 5 years ago

4ab9723

webui: add Kerberos configuration instructions for Chrome

Petr Vobornik • 5 years ago

8e528db

replication: Fix incorrect exception invocation

Tomas Babej • 5 years ago

b098005

idviews: Enforce objectclass check in idoverride*-del

Tomas Babej • 5 years ago

a60f4ad

idviews: Restrict anchor to name and name to anchor conversions

Tomas Babej • 5 years ago

68e00cf

dcerpc: Add get_trusted_domain_object_type method

Tomas Babej • 5 years ago

fe74c83

fix broken search for users by their manager

Martin Babinsky • 5 years ago

dae3d0e

dcerpc: Fix UnboundLocalError for ccache_name

Tomas Babej • 5 years ago

fe3fa23

tests: test_cert: Services can have multiple certificates

Tomas Babej • 5 years ago

1a5ada5

tests: test_rpc: Create connection for the current thread

Tomas Babej • 5 years ago

86cc9c2

tests: vault_plugin: Skip tests if KRA not available

Tomas Babej • 5 years ago

dafab2a

tests: Version is currently generated during command call

Tomas Babej • 5 years ago

d66e5b7

tests: realmdomains_plugin: Add explanatory comment

Tomas Babej • 5 years ago

4292641

tests: service_plugin: Make sure the cert is decoded from base64

Tomas Babej • 5 years ago

0fe31fa

idviews: Check for the Default Trust View only if applying the view

Tomas Babej • 5 years ago

bcb8278

dcerpc: Expand explanation for WERR_ACCESS_DENIED

Tomas Babej • 5 years ago

0eec93e

tests: user_plugin: Add preserved flag when --all is used

Tomas Babej • 5 years ago

e59127e

DNS: check if DNS package is installed

Martin Basti • 5 years ago

eefe6dc

ipaplatform: Add constants submodule

Tomas Babej • 5 years ago

9ecfd98

DNS: Consolidate DNS RR types in API and schema

Martin Basti • 5 years ago

bb64985

ipa-client-install: Do not (re)start certmonger and DBus daemons.

David Kupka • 5 years ago

d3f2fd4

cermonger: Use private unix socket when DBus SystemBus is not available.

David Kupka • 5 years ago

2b56cb1

enable debugging of ntpd during client installation

Martin Babinsky • 5 years ago

a637e21

Py3: replace tab with space

Martin Basti • 5 years ago

7e5a0be

trusts: Check for AD root domain among our trusted domains

Tomas Babej • 5 years ago

ddec450

Allow value 'no' for replica-certify-all attr in abort-clean-ruv subcommand

Martin Basti • 5 years ago

58d0d33

Fix minor typos

Yuri Chornoivan • 5 years ago

2cd77df

sysrestore: copy files instead of moving them to avoind SELinux issues

Martin Basti • 5 years ago

92a73e8

Create server-dns sub-package.

Petr Spacek • 5 years ago

f555fe9

migration: Use api.env variables.

David Kupka • 5 years ago

6587782

Validate adding privilege to a permission

Martin Basti • 5 years ago

652eb08

fix selinuxusermap search for non-admin users

Martin Basti • 5 years ago

c10de0a

fix hbac rule search for non-admin users

Petr Vobornik • 5 years ago

6ead80d

ipa-ca-install: print more specific errors when CA is already installed

Martin Babinsky • 5 years ago

f5fa383

webui: fix user reset password dialog

Petr Vobornik • 5 years ago

cc5be14

Fix selinux denial during kdcproxy user creation

Christian Heimes • 5 years ago

9c3368a

oddjob: avoid chown keytab to sssd if sssd user does not exist

Alexander Bokovoy • 5 years ago

d7f91dc

selinux: enable httpd_run_ipa to allow communicating with oddjobd services

Alexander Bokovoy • 5 years ago

5b9ea32

do not import memcache on client

Petr Vobornik • 5 years ago

6275d94

spec file: Update minimum required version of krb5

Jan Cholasta • 5 years ago

5678e21

spec file: Move /etc/ipa/kdcproxy to the server subpackage

Jan Cholasta • 5 years ago

3fa581a

copy-schema-to-ca: allow to overwrite schema files

Martin Basti • 5 years ago

cbdeba7

Stageusedr-activate: show username instead of DN

Martin Basti • 5 years ago

49802bf

Prevent to rename certprofile profile id

Martin Basti • 5 years ago

62e30d0

spec file: update the python package names for libipa_hbac and libsss_nss_idmap

Milan Kubík • 5 years ago

9c8d23a

Fix DNS records installation for replicas

Simo Sorce • 5 years ago

97f099b

Start dirsrv for kdcproxy upgrade

Christian Heimes • 5 years ago

d98aa76

ipalib: pass api instance into textui in doctest snippets

Milan Kubík • 5 years ago

c210b3d

ipalib: Fix missing format for InvalidDomainLevelError

Tomas Babej • 5 years ago

fe69b2c

Become IPA 4.2.0

Petr Vobornik • 5 years ago

2e1ab0b

freeipa

Source Code

Commits 8743