pagure Logo
  • Log In

freeipa

Clone
Source Code
GIT
  • Source
  • Issues  982
  • Roadmap 
  • Stats
 Overview  Files  Commits  Branches  Forks  Releases

Commits 8743

Branch: ipa-4-2
ipa-1-0 ipa-1-1 ipa-1-2 ipa-2-0 ipa-2-1 ipa-2-2 ipa-3-0 ipa-3-1 ipa-3-2 ipa-3-3 ipa-4-0 ipa-4-1 ipa-4-2 ipa-4-3 ipa-4-4 ipa-4-5 ipa-4-6 ipa-4-6-CVE-2019-10195-and-CVE-2019-14867 ipa-4-6-CVE-2020-10747 ipa-4-7 ipa-4-7-CVE-2019-10195-and-CVE-2019-14867 ipa-4-8 ipa-4-8-CVE-2019-10195-and-CVE-2019-14867 ipa-4-8-CVE-2020-10747 ipa-4-9 master webui-cleanup
This branch contains 368 commits not in the main branch master
Keep NSS trust flags of existing certificates
Tomas Krizek • 4 years ago  
202ab87
ipa-kdb: simplify trusted domain parent search
Alexander Bokovoy • 4 years ago  
ac62484
trust: make sure ID range is created for the child domain even if it exists
Alexander Bokovoy • 4 years ago  
0dfd570
cert-revoke: fix permission check bypass (CVE-2016-5404)
Fraser Tweedale • 4 years ago  
e26ec4c
DNS: Fix tests for realm domains integration with DNS zone add
Petr Spacek • 4 years ago  
864cc69
mod_auth_gssapi: enable unique credential caches names
Petr Vobornik • 4 years ago  
6683442
DNS: Fix realm domains integration with DNS zone add.
Petr Spacek • 4 years ago  
8d57d3b
installer: index() raises ValueError
David Kupka • 4 years ago  
46802c8
installer: positional_arguments must be tuple or list of strings
David Kupka • 4 years ago  
48aa3be
Translations: remove deprecated locale configuration
Martin Basti • 4 years ago  
776ef9a
Set proper zanata project-version
Martin Basti • 4 years ago  
c404d65
replica install: do not set CA renewal master flag
Jan Cholasta • 4 years ago  
9d39d5e
spec file: bump minimum required pki-core version
Jan Cholasta • 4 years ago  
bd5abb4
Detect and repair incorrect caIPAserviceCert config
Fraser Tweedale • 4 years ago  
f116e51
Prevent replica install from overwriting cert profiles
Fraser Tweedale • 4 years ago  
c72993b
Batch command: avoid accessing potentially undefined context.principal
Petr Spacek • 4 years ago  
da06be4
spec: Add python-sssdconfig dependency for freeipa-tests package
Milan Kubík • 4 years ago  
492c1cb
ipatests: Add test case for requesting a certificate with full principal.
Milan Kubík • 4 years ago  
ffd6703
ipatests: fix for change_principal context manager
Milan Kubík • 4 years ago  
eadd47e
caacl: correctly handle full user principal name
Fraser Tweedale • 4 years ago  
8a8ee89
Become IPA 4.2.4
Petr Vobornik • 4 years ago  
a1d3baf
Fix broken trust warnings
Martin Basti • 4 years ago  
fb11384
certdb: never use the -r option of certutil
Jan Cholasta • 4 years ago  
00097c1
pylint: supress false positive no-member errors
Martin Basti • 4 years ago  
aaad91d
fix incorrect name of ipa-winsync-migrate command in help
Petr Vobornik • 4 years ago  
7151ea3
Fix connections to DS during installation
Martin Basti • 4 years ago  
0af8191
Insure the admin_conn is disconnected on stop
Simo Sorce • 4 years ago  
e2ef561
cookie parser: do not fail on cookie with empty value
Petr Vobornik • 4 years ago  
09de449
use LDAPS during standalone CA/KRA subsystem deployment
Martin Babinsky • 4 years ago  
c7c126f
advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
Petr Vobornik • 4 years ago  
6111a30
slapi-nis: update configuration to allow external members of IPA groups
Alexander Bokovoy • 4 years ago  
dbea05e
spec: Bump required sssd version to 1.13.3-5
Tomas Babej • 4 years ago  
fea62ea
ipa-adtrust-install: Allow dash in the NETBIOS name
Tomas Babej • 4 years ago  
6578384
Make PTR records check optional for IPA installation
Martin Basti • 4 years ago  
e66ce1a
fix permission: Read Replication Agreements
Martin Basti • 4 years ago  
de7ec77
Pylint: add missing attributes of errors to definitions
Martin Basti • 4 years ago  
a27f7df
CI tests: use old schema when testing hostmask-based sudo rules
Martin Babinsky • 4 years ago  
6147563
fix upgrade: wait for proper DS socket after DS restart
Martin Basti • 4 years ago  
63d8caf
Warn user if trust is broken
Martin Basti • 4 years ago  
4338161
trusts: use ipaNTTrustPartner attribute to detect trust entries
Martin Basti • 4 years ago  
10ca4df
upgrade: fix config of sidgen and extdom plugins
Martin Basti • 4 years ago  
0ac22cf
Disable new pylint checks
Martin Basti • 4 years ago  
9136d72
upgrade: unconditional import of certificate profiles into LDAP
Martin Babinsky • 4 years ago  
704319c
Do not decode HTTP reason phrase from Dogtag
Fraser Tweedale • 4 years ago  
0aedaf1
make lint: use config file and plugin for pylint
Martin Basti • 4 years ago  
f224590
Tests: DNS replace 192.0.2.0/24 with 198.18.0.0/15 range
Martin Basti • 4 years ago  
32b7ba7
ipa-kdb: map_groups() consider all results
Sumit Bose • 4 years ago  
d70c86f
always start certmonger during IPA server configuration upgrade
Martin Babinsky • 4 years ago  
3664efa
replica install: validate DS and HTTP server certificates
Jan Cholasta • 4 years ago  
c2ade68
fix standalone installation of externally signed CA on IPA master
Martin Babinsky • 5 years ago  
2438462
CA install: explicitly set dogtag_version to 10
Jan Cholasta • 5 years ago  
7c78a1f
cert renewal: import all external CA certs on IPA CA cert renewal
Jan Cholasta • 5 years ago  
2314fa6
Fixed login error message box in LoginScreen page
Abhijeet Kasurde • 5 years ago  
fc2a4d5
ipalib: assume version 2.0 when skip_version_check is enabled
Jan Cholasta • 5 years ago  
7a4a3b0
use FFI call to rpmvercmp function for version comparison
Martin Babinsky • 5 years ago  
be9af72
Upgrade: Fix upgrade of NIS Server configuration
Martin Basti • 5 years ago  
98a86d0
prevent crash of CA-less server upgrade due to absent certmonger
Martin Babinsky • 5 years ago  
f55a228
Allow to used mixed case for sysrestore
Martin Basti • 5 years ago  
2fce8fd
FIX: ipa_kdb_principals: add missing break statement
Martin Basti • 5 years ago  
fec0f46
Return default TL_DATA is krbExtraData is missing
Simo Sorce • 5 years ago  
d5180ee
Require Dogtag 10.2.6-13 to fix KRA uninstall
Christian Heimes • 5 years ago  
8488426
DNSSEC: Log debug messages at log level DEBUG
Petr Spacek • 5 years ago  
614d9af
DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
Petr Spacek • 5 years ago  
ab0b5e9
DNSSEC: ipa-ods-exporter: add ldap-cleanup command
Petr Spacek • 5 years ago  
dfefa6d
DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
Petr Spacek • 5 years ago  
2e6c3b3
DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
Petr Spacek • 5 years ago  
6647349
DNSSEC: logging improvements in ipa-ods-exporter
Petr Spacek • 5 years ago  
3eaabd9
DNSSEC: add debug mode to ldapkeydb.py
Petr Spacek • 5 years ago  
aa76c60
DNSSEC: remove obsolete TODO note
Petr Spacek • 5 years ago  
9beb33c
DNSSEC: Make sure that current key state in LDAP matches key state in BIND
Petr Spacek • 5 years ago  
52369bb
DNSSEC: Make sure that current state in OpenDNSSEC matches key state in LDAP
Petr Spacek • 5 years ago  
cb8a958
DNSSEC: Improve error reporting from ipa-ods-exporter
Petr Spacek • 5 years ago  
d2022d0
Fix: replace mkdir with chmod
Martin Basti • 5 years ago  
066ecf4
Explicitly call chmod on newly created directories
Martin Basti • 5 years ago  
5c2dbcc
DNS: fix file permissions
Martin Basti • 5 years ago  
d910de8
Fix version comparison
Martin Basti • 5 years ago  
dccdade
installer: Fix logic of reading option values from cache.
David Kupka • 5 years ago  
d655b94
installer: Propagate option values from components instead of copying them.
David Kupka • 5 years ago  
2bead37
Modify error message to install first instance of KRA
Martin Basti • 5 years ago  
cacca7b
ipa-kra-install: allow to install first KRA on replica
Martin Basti • 5 years ago  
991e57b
Tests: Fix tests for (stage)user plugin
Lenka Doudova • 5 years ago  
d62f023
Makefile: disable parallel build
Petr Spacek • 5 years ago  
58453bc
test: Temporarily increase timeout in vault test.
David Kupka • 5 years ago  
ac0999e
tests: Add hostmask detection for sudo rules validating on hostmask
Tomas Babej • 5 years ago  
f676b12
fix error message assertion in negative forced client reenrollment tests
Martin Babinsky • 5 years ago  
742ffcd
Adding descriptive IDs to stageuser tests
Lenka Doudova • 5 years ago  
75675fc
tests: Fix incorrect uninstall method invocation
Tomas Babej • 5 years ago  
e5189ef
Fixed small typo in stage-user documentation
Abhijeet Kasurde • 5 years ago  
d96b840
KRA: do not stop certmonger during standalone uninstall
Martin Basti • 5 years ago  
6776bee
ipa-getkeytab: do not return error when translations cannot be loaded
Martin Basti • 5 years ago  
34db888
Fix upgrade of forwardzones when zone is in realmdomains
Martin Basti • 5 years ago  
8b0f60f
do not disconnect when using existing connection to check default CA ACLs
Martin Babinsky • 5 years ago  
c5faaed
disconnect ldap2 backend after adding default CA ACL profiles
Martin Babinsky • 5 years ago  
0f39612
Add profiles and default CA ACL on migration
Fraser Tweedale • 5 years ago  
a2371f3
Do not erroneously reinit NSS in Dogtag interface
Fraser Tweedale • 5 years ago  
3cb7933
ipa-otptoken-import: Fix connection to ldap.
David Kupka • 5 years ago  
8d59f77
ipa-cacert-renew: Fix connection to ldap.
David Kupka • 5 years ago  
f043201
ipasam: fix a use-after-free issue
Sumit Bose • 5 years ago  
181d254
ipasam: use more restrictive search filter for group lookup
Sumit Bose • 5 years ago  
6974302
ipasam: fix wrong usage of talloc_new()
Sumit Bose • 5 years ago  
f903fdf
Check if IPA is configured before attempting a winsync migration
Gabe • 5 years ago  
dbc442c
update idrange tests to reflect disabled modification of local ID ranges
Martin Babinsky • 5 years ago  
92e00d1
Avoid race condition caused by profile delete and recreate
Fraser Tweedale • 5 years ago  
a8a6664
TLS and Dogtag HTTPS request logging improvements
Fraser Tweedale • 5 years ago  
1874ccf
upgrade: fix migration of old dns forward zones
Martin Basti • 5 years ago  
68eef6c
client install: do not corrupt OpenSSH config with Match sections
Jan Cholasta • 5 years ago  
f3b04d5
fix caching in get_ipa_config
Martin Basti • 5 years ago  
0ca4c1d
suppress errors arising from adding existing LDAP entries during KRA install
Martin Babinsky • 5 years ago  
f2a7a3e
cert renewal: make renewal of ipaCert atomic
Jan Cholasta • 5 years ago  
f831cb6
install: export KRA agent PEM file in ipa-kra-install
Jan Cholasta • 5 years ago  
9d4f383
ipatests: Fix missed module import in ipaserver tests
Milan Kubík • 5 years ago  
af07652
fix error reporting when installer option is supplied with invalid choice
Martin Babinsky • 5 years ago  
dc0f2d1
Applied tier0 and tier1 marks on unit tests and xmlrpc tests
Milan Kubik • 5 years ago  
2f703e5
Incomplete ports for IPA AD Trust
Gabe • 5 years ago  
e76e866
install: fix command line option validation
Jan Cholasta • 5 years ago  
09d47c4
fix broken translations after last po update
Petr Vobornik • 5 years ago  
f6f1a21
spec file: depend on Dogtag 10.2.6-12 for tomcat 8 upgrade
Alexander Bokovoy • 5 years ago  
0c4342c
Become IPA 4.2.3
Petr Vobornik • 5 years ago  
6c5b65d
Update .po files
Petr Vobornik • 5 years ago  
a583344
KRA: fix check that CA is installed
Martin Basti • 5 years ago  
0f77745
ipatests: CA ACL and cert profile functional test
Milan Kubík • 5 years ago  
21fed03
ipatests: added unlock_principal_password and change_principal
Milan Kubík • 5 years ago  
f1414fe
ipatests: CA ACL - added config templates
Milan Kubík • 5 years ago  
b6193e8
tests: add test to check the default ACL
Milan Kubík • 5 years ago  
127b109
ipatests: Add initial CAACLTracker implementation
Milan Kubík • 5 years ago  
438a29f
ipatests: add fuzzy instances for CA ACL DN and RDN
Milan Kubík • 5 years ago  
5aba3c7
trustdomain: Perform validation of the trust domain first
Tomas Babej • 5 years ago  
b0aea24
trusts: Make trust_show.get_dn raise properly formatted NotFound
Tomas Babej • 5 years ago  
d0911de
always ask the resolver for the reverse zone when manipulating PTR records
Martin Babinsky • 5 years ago  
2d48544
DNSSEC: warn user if DNSSEC key master is not installed
Martin Basti • 5 years ago  
1c17374
DNSSEC: Remove service containers from LDAP after uninstalling
Martin Basti • 5 years ago  
ffd0e64
DNSSEC CI: wait until DS records is replicated
Martin Basti • 5 years ago  
edaf466
Warn if no installation found when running ipa-server-install --uninstall
Gabe • 5 years ago  
85dc0c2
fix class teardown in user plugin tests
Martin Babinsky • 5 years ago  
1573d3a
execute user-del pre-callback also during user preservation
Martin Babinsky • 5 years ago  
a85a8f3
Revert allow to customize dirsrv configuration during install
Martin Basti • 5 years ago  
a17936a
CI: installation with customized DS config
Martin Basti • 5 years ago  
94412b8
Add option to specify LDIF file that contains DS configuration changes
Martin Basti • 5 years ago  
9a6b224
Add method to read changes from LDIF
Martin Basti • 5 years ago  
23363ff
Make offline LDIF modify more robust
Martin Basti • 5 years ago  
fca082f
tests: Add tests for idoverride object integrity
Tomas Babej • 5 years ago  
cc085d2
idoverride: Ignore ValidationErrors when converting the anchor
Tomas Babej • 5 years ago  
52680a1
remove ID overrides when deleting a user
Martin Babinsky • 5 years ago  
bbe7d99
ipa-adtrust-install: Print complete SRV records
Petr Spacek • 5 years ago  
6b2dec8
Fixes disappearing automember expressions
Stanislav Laznicka • 5 years ago  
cbccec6
Replace tab with space in test_user_plugin.py
Martin Basti • 5 years ago  
8b66b6f
Remove bind configuration detected question
Gabe • 5 years ago  
1d78cbb
vault: fix private service vault creation
Jan Cholasta • 5 years ago  
285043e
comment: Add Documentation string to deduplicate function
David Kupka • 5 years ago  
9e3d0d6
CI Test: add setup_kra options into install scripts
Martin Basti • 5 years ago  
a23b1ca
upgrade: make sure ldap2 is connected in export_kra_agent_pem
Jan Cholasta • 5 years ago  
9182f40
schema: do not derive ipaVaultPublicKey from ipaPublicKey
Jan Cholasta • 5 years ago  
e92da55
CI TEST: Vault
Martin Basti • 5 years ago  
ad345b4
tests: Amend result assertions in realmdomains tests
Tomas Babej • 5 years ago  
291aa25
realmdomains: Do not fail due the ValidationError when adding _kerberos TXT record
Tomas Babej • 5 years ago  
31e7a7e
realmdomains: Issue a warning when automated management of realmdomains failed
Tomas Babej • 5 years ago  
01a75c6
realmdomains: Add validation that realmdomain being added is indeed from our realm
Tomas Babej • 5 years ago  
3bcd894
realmdomains: Minor style and wording improvements
Tomas Babej • 5 years ago  
a593abd
util: Add detect_dns_zone_realm_type helper
Tomas Babej • 5 years ago  
6248ae2
Fixed a timing issue with drill returning non-zero exitcode
Oleg Fayans • 5 years ago  
f076da9
Become IPA 4.2.2
Petr Vobornik • 5 years ago  
06cedee
client referral support for trusted domain principals
Alexander Bokovoy • 5 years ago  
47a8d4f
vault: select a server with KRA for vault operations
Jan Cholasta • 5 years ago  
0cfa434
install: always export KRA agent PEM file
Jan Cholasta • 5 years ago  
1002052
install: fix KRA agent PEM file permissions
Jan Cholasta • 5 years ago  
55a66cc
Avoid ipa-dnskeysync-replica & ipa-ods-exporter crashes caused by exceeding LDAP limits
Petr Spacek • 5 years ago  
5841d49
Update FreeIPA package description
Gabe • 5 years ago  
0667794
httpinstance: Replace a hardcoded path to password.conf with HTTPD_PASSWORD_CONF
Timo Aaltonen • 5 years ago  
181c814
paths: Add GENERATE_RNDC_KEY.
Timo Aaltonen • 5 years ago  
b8a2104
Include ipatests/test_xmlrpc/data directory into distribution.
Milan Kubík • 5 years ago  
c99e0aa
Fix import get_reverse_zone_default in tasks
Martin Basti • 5 years ago  
e7a33b7
ipatests: configure Network Manager not to manage resolv.conf
Milan Kubík • 5 years ago  
7a90baf
do not overwrite files with local users/groups when restoring authconfig
Martin Babinsky • 5 years ago  
d333a96
re-kinit after ipa-restore in backup/restore CI tests
Martin Babinsky • 5 years ago  
a5f6887
ipa-server-install: mark master_password Knob as deprecated
Martin Babinsky • 5 years ago  
63c8884
install: fix ipa-server-install fail on missing --forwarder
Jan Cholasta • 5 years ago  
75a8454
Added a proper workaround for dnssec test failures in Beaker environment
Oleg Fayans • 5 years ago  
c898c96
webui: improve performance of search in association dialog
Petr Vobornik • 5 years ago  
bf3121d
Fix an integer underflow bug in libotp
Nathaniel McCallum • 5 years ago  
7db0a8e
Replica inst. fix: do not require -r, -a, -p options in unattended mode
Martin Basti • 5 years ago  
ad28589
dnssec option missing in ipa-dns-install man page
Gabe • 5 years ago  
a5b1cb2
CI: backup and restore with KRA
Martin Basti • 5 years ago  
e87ae21
winsync-migrate: Properly handle collisions in the names of external groups
Tomas Babej • 5 years ago  
d639e93
winsync-migrate: Convert entity names to posix friendly strings
Tomas Babej • 5 years ago  
aac5f93
install: fix kdcproxy user home directory
Jan Cholasta • 5 years ago  
091b119
platform: add option to create home directory when adding user
Jan Cholasta • 5 years ago  
5750fbd
destroy httpd ccache after stopping the service
Martin Babinsky • 5 years ago  
23f1d4e
install: create kdcproxy user during server install
Jan Cholasta • 5 years ago  
4663625
ipa-backup: Add mechanism to store empty directory structure
Tomas Babej • 5 years ago  
210a425
install: Move unattended option to the general help section
Jan Cholasta • 5 years ago  
42d16b0
install: Add common base class for server and replica install
Jan Cholasta • 5 years ago  
61170a4
install: Support overriding knobs in subclasses
Jan Cholasta • 5 years ago  
8040a0e
Standardize minvalue for ipasearchrecordlimit and ipasesarchsizelimit for unlimited minvalue
Gabe • 5 years ago  
28d6ae0
webui: use manual Firefox configuration for Firefox >= 40
Petr Vobornik • 5 years ago  
f1b2b0f
Server Upgrade: addifnew should not create entry
Martin Basti • 5 years ago  
96003cb
Limit max age of replication changelog
Martin Basti • 5 years ago  
accc2b7
install: support KRA update
Jan Cholasta • 5 years ago  
b1587bf
vault: add permissions and administrator privilege
Jan Cholasta • 5 years ago  
500e0d1
vault: update access control
Jan Cholasta • 5 years ago  
b9615c8
vault: set owner to current user on container creation
Jan Cholasta • 5 years ago  
78f8906
vault: add vault container commands
Petr Vobornik • 5 years ago  
ad7325d
baseldap: make subtree deletion optional in LDAPDelete
Jan Cholasta • 5 years ago  
b393205
ipatests: Add basic tests for certificate profile plugin
Milan Kubík • 5 years ago  
223dc3d
ipatests: Add Certprofile tracker class implementation
Milan Kubík • 5 years ago  
5418c33
Add Chromium configuration note to ssbrowser
Gabe • 5 years ago  
7d5bc9f
backup CI: test DNS/DNSSEC after backup and restore
Martin Basti • 5 years ago  
c469f81
DNSSEC CI: test master migration
Martin Basti • 5 years ago  
773c02e
DNSSEC: improve CI test
Martin Basti • 5 years ago  
c1e9435
winsync: Add inetUser objectclass to the passsync sysaccount
Tomas Babej • 5 years ago  
ffb6765
config: allow user/host attributes with tagging options
Jan Cholasta • 5 years ago  
bbcbbf3
Updated number of legacy permission in ipatests
Abhijeet Kasurde • 5 years ago  
72e87e8
IPA Restore: allows to specify files that should be removed
Martin Basti • 5 years ago  
21f2a3d
Server Upgrade: backup CS.cfg when dogtag is turned off
Martin Basti • 5 years ago  
c3d8a13
Handle timeout error in ipa-httpd-kdcproxy
Christian Heimes • 5 years ago  
1464437
FIX vault tests
Martin Basti • 5 years ago  
72ba377
load RA backend plugins during standalone CA install on CA-less IPA master
Martin Babinsky • 5 years ago  
eef88c5
Become IPA 4.2.1
Petr Vobornik • 5 years ago  
60fe517
Using LDAPI to setup CA and KRA agents.
Endi S. Dewata • 5 years ago  
3973da5
ldap: Make ldap2 connection management thread-safe again
Jan Cholasta • 5 years ago  
fa15297
DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.
Petr Spacek • 5 years ago  
5ad806e
DNSSEC: Fix key metadata export
Petr Spacek • 5 years ago  
73058ca
DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master
Petr Spacek • 5 years ago  
e1101c2
DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
Petr Spacek • 5 years ago  
87c4945
DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
Petr Spacek • 5 years ago  
f8c637d
DNSSEC: remove ccache and keytab of ipa-ods-exporter
Martin Basti • 5 years ago  
8767fff
DNSSEC: backup and restore opendnssec zone list file
Martin Basti • 5 years ago  
a007a15
Installer: do not modify /etc/hosts before user agreement
Martin Basti • 5 years ago  
af10e86
certprofile: remove 'rename' option
Fraser Tweedale • 5 years ago  
b7386dc
Backup: back up the hosts file
Martin Basti • 5 years ago  
e6a0182
DNSSEC: remove "DNSSEC is experimental" warnings
Martin Basti • 5 years ago  
cdad393
Use %license instead of %doc for packaging the license
Rob Crittenden • 5 years ago  
30cfae7
cert renewal: Automatically update KRA agent PEM file
Jan Cholasta • 5 years ago  
cea6636
cert renewal: Include KRA users in Dogtag LDAP update
Jan Cholasta • 5 years ago  
a3310c3
Fix user tracker to reflect new user-del message
Lenka Doudova • 5 years ago  
f5dcb03
ipactl: Do not start/stop/restart single service multiple times
David Kupka • 5 years ago  
21cdcbd
vault: Limit size of data stored in vault
David Kupka • 5 years ago  
9fc82bc
vault: fix vault tests after default type change
Petr Vobornik • 5 years ago  
91de475
certprofile: prevent rename (modrdn)
Fraser Tweedale • 5 years ago  
d943bf0
Removed clear text passwords from KRA install log.
Endi S. Dewata • 5 years ago  
4e474c5
webui: add option to establish bidirectional trust
Petr Vobornik • 5 years ago  
b1f1dca
fix missing information in object metadata
Petr Vobornik • 5 years ago  
42e8ab8
vault: change default vault type to symmetric
Petr Vobornik • 5 years ago  
e247bab
spec file: Add Requires(post) on selinux-policy
Jan Cholasta • 5 years ago  
94adf09
Added support for changing vault encryption.
Endi S. Dewata • 5 years ago  
d4969ed
DNSSEC: fix forward zone forwarders checks
Martin Basti • 5 years ago  
32fedf0
Automated test for stageuser plugin
Lenka Doudova • 5 years ago  
b648d12
improve the usability of `ipa user-del --preserve` command
Martin Babinsky • 5 years ago  
361a4fb
Change internal rsa_(public|private)_key variable names
Christian Heimes • 5 years ago  
5f55768
Temporary fix for ticket 5240
Oleg Fayans • 5 years ago  
aa38174
Added a user-friendly output to an import error
Oleg Fayans • 5 years ago  
74c0bcc
trusts: format Kerberos principal properly when fetching trust topology
Alexander Bokovoy • 5 years ago  
e13a5ed
Add user-stage command
Martin Basti • 5 years ago  
6b86238
ipatests: Take otptoken import test out of execution
Milan Kubík • 5 years ago  
57b0707
Add flag to list all service and user vaults
Christian Heimes • 5 years ago  
89c9fea
Backup/resore authentication control configuration
David Kupka • 5 years ago  
4fe994b
client: Add description of --ip-address and --all-ip-addresses to man page
David Kupka • 5 years ago  
d0c41bd
cert-request: remove allowed extensions check
Fraser Tweedale • 5 years ago  
7723b3a
Server Upgrade: Start DS before CA is started.
Martin Basti • 5 years ago  
9cb6018
Add dependency to SSSD 1.13.1
Martin Basti • 5 years ago  
7924007
vault: Add container information to vault command results
Jan Cholasta • 5 years ago  
cb575e6
vault: Fix vault-find with criteria
Jan Cholasta • 5 years ago  
9d32bca
client: Add support for multiple IP addresses during installation.
David Kupka • 5 years ago  
ff34125
improve the handling of krb5-related errors in dnssec daemons
Martin Babinsky • 5 years ago  
a9f010f
Prohibit deletion of predefined profiles
Fraser Tweedale • 5 years ago  
9ca156c
user-undel: Fix error messages.
David Kupka • 5 years ago  
6005dfb
trusts: harden trust-fetch-domains oddjobd-based script
Alexander Bokovoy • 5 years ago  
c30baa9
install: Fix replica install with custom certificates
Jan Cholasta • 5 years ago  
bfe9377
ipa-restore: check whether DS is running before attempting connection
Martin Babinsky • 5 years ago  
e4b8cff
vault: validate vault type
Petr Vobornik • 5 years ago  
c34b288
vault: normalize service principal in service vault operations
Petr Vobornik • 5 years ago  
c38e8c3
Fixed vault container ownership.
Endi S. Dewata • 5 years ago  
e110f6d
vault: Fix param labels in output of vault owner commands
Jan Cholasta • 5 years ago  
f66d704
baseldap: Allow overriding member param label in LDAPModMember
Jan Cholasta • 5 years ago  
649a1a7
ipa-backup: archive DNSSEC zone file and kasp.db
Martin Babinsky • 5 years ago  
73ab485
fix typo in BasePathNamespace member pointing to ods exporter config
Martin Babinsky • 5 years ago  
f3c16ff
winsync-migrate: Expand the man page
Tomas Babej • 5 years ago  
5a9a8e2
winsync-migrate: Add warning about passsync
Tomas Babej • 5 years ago  
fc62c13
trusts: Detect missing Samba instance
Tomas Babej • 5 years ago  
91c9559
trusts: Detect domain clash with IPA domain when adding a AD trust
Tomas Babej • 5 years ago  
5fd2a89
spec file: Fix install with the server-dns subpackage
Jan Cholasta • 5 years ago  
5d5240b
Added CLI param and ACL for vault service operations.
Endi S. Dewata • 5 years ago  
f211747
Add permission for bypassing CA ACL enforcement
Fraser Tweedale • 5 years ago  
ef8f431
add permission: System: Manage User Certificates
Petr Vobornik • 5 years ago  
7a50998
ipa-client-install: warn when IP used in --server
Stanislav Laznicka • 5 years ago  
d55e10f
Asymmetric vault: validate public key in client
Christian Heimes • 5 years ago  
06d68b4
ULC: Prevent preserved users from being assigned membership
Jan Cholasta • 5 years ago  
cd81727
certprofile: add profile format explanation
Fraser Tweedale • 5 years ago  
5afe202
install: Fix server and replica install options
Jan Cholasta • 5 years ago  
8e1a9b4
idranges: raise an error when local IPA ID range is being modified
Martin Babinsky • 5 years ago  
5738cdb
validate mutually exclusive options in vault-add
Petr Vobornik • 5 years ago  
dc0d4f7
adjust search so that it works for non-admin users
Petr Vobornik • 5 years ago  
e37821a
Fix KRB5PrincipalName / UPN SAN comparison
Fraser Tweedale • 5 years ago  
58cf1cd
Fix default CA ACL added during upgrade
Fraser Tweedale • 5 years ago  
8685c0d
adtrust-install: Correctly determine 4.2 FreeIPA servers
Tomas Babej • 5 years ago  
ef192fb
Work around python-nss bug on unrecognised OIDs
Fraser Tweedale • 5 years ago  
190c7c0
Add profile for DNP3 / IEC 62351-8 certificates
Fraser Tweedale • 5 years ago  
2001e7b
Allow SAN extension for cert-request self-service
Fraser Tweedale • 5 years ago  
0e44568
Give more info on virtual command access denial
Fraser Tweedale • 5 years ago  
8cc61cc
Fix upgrade of sidgen and extdom plugins
Martin Basti • 5 years ago  
609abd5
webui: add LDAP vs Kerberos behavior description to user auth types
Petr Vobornik • 5 years ago  
dcd8a15
Fixed missing KRA agent cert on replica.
Endi S. Dewata • 5 years ago  
ad6a87e
dcerpc: Simplify generation of LSA-RPC binding strings
Tomas Babej • 5 years ago  
04bf609
Fix selector of protocol for LSA RPC binding string
Alexander Bokovoy • 5 years ago  
ef781dd
Fix incorrect type comparison in trust-fetch-domains
Tomas Babej • 5 years ago  
2812242
Fix otptoken-remove-managedby command summary
Fraser Tweedale • 5 years ago  
dc07456
store certificates issued for user entries as userCertificate;binary
Martin Babinsky • 5 years ago  
8b3ed42
test suite for user/host/service certificate management API commands
Martin Babinsky • 5 years ago  
d0db86f
user-show: add --out option to save certificates to file
Fraser Tweedale • 5 years ago  
3332a0a
certprofile-import: do not require profileId in profile data
Christian Heimes • 5 years ago  
d80e90f
tests: Allow Tracker.dn be an instance of Fuzzy
Milan Kubík • 5 years ago  
3b90044
Validate vault's file parameters
Christian Heimes • 5 years ago  
2d7565e
Require Dogtag PKI >= 10.2.6
Christian Heimes • 5 years ago  
b01dc89
webui: fix regressions failed auth messages
Petr Vobornik • 5 years ago  
2afe352
ULC: Fix stageused-add --from-delete command
Martin Basti • 5 years ago  
10e43f8
Use 'mv -Z' in specfile to restore SELinux context
Martin Basti • 5 years ago  
21d3122
ACI plugin: correctly parse bind rules enclosed in parentheses
Martin Babinsky • 5 years ago  
d85f92c
otptoken: use ipapython.nsslib instead of Python's ssl module
Christian Heimes • 5 years ago  
4fe3bd1
certprofile-import: improve profile format documentation
Christian Heimes • 5 years ago  
b4722be
Remove ico files from Makefile
Martin Basti • 5 years ago  
4ab9723
webui: add Kerberos configuration instructions for Chrome
Petr Vobornik • 5 years ago  
8e528db
replication: Fix incorrect exception invocation
Tomas Babej • 5 years ago  
b098005
idviews: Enforce objectclass check in idoverride*-del
Tomas Babej • 5 years ago  
a60f4ad
idviews: Restrict anchor to name and name to anchor conversions
Tomas Babej • 5 years ago  
68e00cf
dcerpc: Add get_trusted_domain_object_type method
Tomas Babej • 5 years ago  
fe74c83
fix broken search for users by their manager
Martin Babinsky • 5 years ago  
dae3d0e
dcerpc: Fix UnboundLocalError for ccache_name
Tomas Babej • 5 years ago  
fe3fa23
tests: test_cert: Services can have multiple certificates
Tomas Babej • 5 years ago  
1a5ada5
tests: test_rpc: Create connection for the current thread
Tomas Babej • 5 years ago  
86cc9c2
tests: vault_plugin: Skip tests if KRA not available
Tomas Babej • 5 years ago  
dafab2a
tests: Version is currently generated during command call
Tomas Babej • 5 years ago  
d66e5b7
tests: realmdomains_plugin: Add explanatory comment
Tomas Babej • 5 years ago  
4292641
tests: service_plugin: Make sure the cert is decoded from base64
Tomas Babej • 5 years ago  
0fe31fa
idviews: Check for the Default Trust View only if applying the view
Tomas Babej • 5 years ago  
bcb8278
dcerpc: Expand explanation for WERR_ACCESS_DENIED
Tomas Babej • 5 years ago  
0eec93e
tests: user_plugin: Add preserved flag when --all is used
Tomas Babej • 5 years ago  
e59127e
DNS: check if DNS package is installed
Martin Basti • 5 years ago  
eefe6dc
ipaplatform: Add constants submodule
Tomas Babej • 5 years ago  
9ecfd98
DNS: Consolidate DNS RR types in API and schema
Martin Basti • 5 years ago  
bb64985
ipa-client-install: Do not (re)start certmonger and DBus daemons.
David Kupka • 5 years ago  
d3f2fd4
cermonger: Use private unix socket when DBus SystemBus is not available.
David Kupka • 5 years ago  
2b56cb1
enable debugging of ntpd during client installation
Martin Babinsky • 5 years ago  
a637e21
Py3: replace tab with space
Martin Basti • 5 years ago  
7e5a0be
trusts: Check for AD root domain among our trusted domains
Tomas Babej • 5 years ago  
ddec450
Allow value 'no' for replica-certify-all attr in abort-clean-ruv subcommand
Martin Basti • 5 years ago  
58d0d33
Fix minor typos
Yuri Chornoivan • 5 years ago  
2cd77df
sysrestore: copy files instead of moving them to avoind SELinux issues
Martin Basti • 5 years ago  
92a73e8
Create server-dns sub-package.
Petr Spacek • 5 years ago  
f555fe9
migration: Use api.env variables.
David Kupka • 5 years ago  
6587782
Validate adding privilege to a permission
Martin Basti • 5 years ago  
652eb08
fix selinuxusermap search for non-admin users
Martin Basti • 5 years ago  
c10de0a
fix hbac rule search for non-admin users
Petr Vobornik • 5 years ago  
6ead80d
ipa-ca-install: print more specific errors when CA is already installed
Martin Babinsky • 5 years ago  
f5fa383
webui: fix user reset password dialog
Petr Vobornik • 5 years ago  
cc5be14
Fix selinux denial during kdcproxy user creation
Christian Heimes • 5 years ago  
9c3368a
oddjob: avoid chown keytab to sssd if sssd user does not exist
Alexander Bokovoy • 5 years ago  
d7f91dc
selinux: enable httpd_run_ipa to allow communicating with oddjobd services
Alexander Bokovoy • 5 years ago  
5b9ea32
do not import memcache on client
Petr Vobornik • 5 years ago  
6275d94
spec file: Update minimum required version of krb5
Jan Cholasta • 5 years ago  
5678e21
spec file: Move /etc/ipa/kdcproxy to the server subpackage
Jan Cholasta • 5 years ago  
3fa581a
copy-schema-to-ca: allow to overwrite schema files
Martin Basti • 5 years ago  
cbdeba7
Stageusedr-activate: show username instead of DN
Martin Basti • 5 years ago  
49802bf
Prevent to rename certprofile profile id
Martin Basti • 5 years ago  
62e30d0
spec file: update the python package names for libipa_hbac and libsss_nss_idmap
Milan Kubík • 5 years ago  
9c8d23a
Fix DNS records installation for replicas
Simo Sorce • 5 years ago  
97f099b
Start dirsrv for kdcproxy upgrade
Christian Heimes • 5 years ago  
d98aa76
ipalib: pass api instance into textui in doctest snippets
Milan Kubík • 5 years ago  
c210b3d
ipalib: Fix missing format for InvalidDomainLevelError
Tomas Babej • 5 years ago  
fe69b2c
Become IPA 4.2.0
Petr Vobornik • 5 years ago  
2e1ab0b
Keep NSS trust flags of existing certificates
Tomas Krizek • 4 years ago  
202ab87
ipa-kdb: simplify trusted domain parent search
Alexander Bokovoy • 4 years ago  
ac62484
trust: make sure ID range is created for the child domain even if it exists
Alexander Bokovoy • 4 years ago  
0dfd570
cert-revoke: fix permission check bypass (CVE-2016-5404)
Fraser Tweedale • 4 years ago  
e26ec4c
DNS: Fix tests for realm domains integration with DNS zone add
Petr Spacek • 4 years ago  
864cc69
mod_auth_gssapi: enable unique credential caches names
Petr Vobornik • 4 years ago  
6683442
DNS: Fix realm domains integration with DNS zone add.
Petr Spacek • 4 years ago  
8d57d3b
installer: index() raises ValueError
David Kupka • 4 years ago  
46802c8
installer: positional_arguments must be tuple or list of strings
David Kupka • 4 years ago  
48aa3be
Translations: remove deprecated locale configuration
Martin Basti • 4 years ago  
776ef9a
Set proper zanata project-version
Martin Basti • 4 years ago  
c404d65
replica install: do not set CA renewal master flag
Jan Cholasta • 4 years ago  
9d39d5e
spec file: bump minimum required pki-core version
Jan Cholasta • 4 years ago  
bd5abb4
Detect and repair incorrect caIPAserviceCert config
Fraser Tweedale • 4 years ago  
f116e51
Prevent replica install from overwriting cert profiles
Fraser Tweedale • 4 years ago  
c72993b
Batch command: avoid accessing potentially undefined context.principal
Petr Spacek • 4 years ago  
da06be4
spec: Add python-sssdconfig dependency for freeipa-tests package
Milan Kubík • 4 years ago  
492c1cb
ipatests: Add test case for requesting a certificate with full principal.
Milan Kubík • 4 years ago  
ffd6703
ipatests: fix for change_principal context manager
Milan Kubík • 4 years ago  
eadd47e
caacl: correctly handle full user principal name
Fraser Tweedale • 4 years ago  
8a8ee89
Become IPA 4.2.4
Petr Vobornik • 4 years ago  
a1d3baf
Fix broken trust warnings
Martin Basti • 4 years ago  
fb11384
certdb: never use the -r option of certutil
Jan Cholasta • 4 years ago  
00097c1
pylint: supress false positive no-member errors
Martin Basti • 4 years ago  
aaad91d
fix incorrect name of ipa-winsync-migrate command in help
Petr Vobornik • 4 years ago  
7151ea3
Fix connections to DS during installation
Martin Basti • 4 years ago  
0af8191
Insure the admin_conn is disconnected on stop
Simo Sorce • 4 years ago  
e2ef561
cookie parser: do not fail on cookie with empty value
Petr Vobornik • 4 years ago  
09de449
use LDAPS during standalone CA/KRA subsystem deployment
Martin Babinsky • 4 years ago  
c7c126f
advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins
Petr Vobornik • 4 years ago  
6111a30
slapi-nis: update configuration to allow external members of IPA groups
Alexander Bokovoy • 4 years ago  
dbea05e
spec: Bump required sssd version to 1.13.3-5
Tomas Babej • 4 years ago  
fea62ea
ipa-adtrust-install: Allow dash in the NETBIOS name
Tomas Babej • 4 years ago  
6578384
Make PTR records check optional for IPA installation
Martin Basti • 4 years ago  
e66ce1a
fix permission: Read Replication Agreements
Martin Basti • 4 years ago  
de7ec77
Pylint: add missing attributes of errors to definitions
Martin Basti • 4 years ago  
a27f7df
CI tests: use old schema when testing hostmask-based sudo rules
Martin Babinsky • 4 years ago  
6147563
fix upgrade: wait for proper DS socket after DS restart
Martin Basti • 4 years ago  
63d8caf
Warn user if trust is broken
Martin Basti • 4 years ago  
4338161
trusts: use ipaNTTrustPartner attribute to detect trust entries
Martin Basti • 4 years ago  
10ca4df
upgrade: fix config of sidgen and extdom plugins
Martin Basti • 4 years ago  
0ac22cf
Disable new pylint checks
Martin Basti • 4 years ago  
9136d72
upgrade: unconditional import of certificate profiles into LDAP
Martin Babinsky • 4 years ago  
704319c
Do not decode HTTP reason phrase from Dogtag
Fraser Tweedale • 4 years ago  
0aedaf1
make lint: use config file and plugin for pylint
Martin Basti • 4 years ago  
f224590
Tests: DNS replace 192.0.2.0/24 with 198.18.0.0/15 range
Martin Basti • 4 years ago  
32b7ba7
ipa-kdb: map_groups() consider all results
Sumit Bose • 4 years ago  
d70c86f
always start certmonger during IPA server configuration upgrade
Martin Babinsky • 4 years ago  
3664efa
replica install: validate DS and HTTP server certificates
Jan Cholasta • 4 years ago  
c2ade68
fix standalone installation of externally signed CA on IPA master
Martin Babinsky • 5 years ago  
2438462
CA install: explicitly set dogtag_version to 10
Jan Cholasta • 5 years ago  
7c78a1f
  • « Newer
  • page 1 of 175
  • » Older
Powered by Pagure 5.12.1
Documentation • File an Issue • About • SSH Hostkey/Fingerprint
© Red Hat, Inc. and others.