[Freeipa-devel] [PATCH] 091 Improve long integer type validation
Passing a number of long type to IPA Int parameter invokes user-unfriendly error message about incompatible types. This patch improves Int parameter with user understandable message along with maximum value he can pass. https://fedorahosted.org/freeipa/ticket/1346 From a1f70026b2424cf07a0b497c1edd2e9134dcfdfc Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 14 Jul 2011 09:14:07 +0200 Subject: [PATCH] Improve long integer type validation Passing a number of long type to IPA Int parameter invokes user-unfriendly error message about incompatible types. This patch improves Int parameter with user understandable message along with maximum value he can pass. https://fedorahosted.org/freeipa/ticket/1346 --- ipalib/parameters.py | 25 + 1 files changed, 25 insertions(+), 0 deletions(-) diff --git a/ipalib/parameters.py b/ipalib/parameters.py index da3b05cf731578a70f32f5b3d922c670c74cb898..a20d0e6d253644f5b2e83386e34b1e0a57006ad9 100644 --- a/ipalib/parameters.py +++ b/ipalib/parameters.py @@ -100,6 +100,7 @@ a more detailed description for clarity. import re +import sys from types import NoneType from util import make_repr from text import _ as ugettext @@ -1066,6 +1067,30 @@ class Int(Number): maxvalue=self.maxvalue, ) +def _validate_scalar(self, value, index=None): +if type(value) is long: +# too big number for int type to hold +if self.maxvalue is not None: +raise ValidationError( +name=self.name, +value=value, +index=index, +error=_('can be at most %(maxvalue)d') % dict( +maxvalue=self.maxvalue, +) +) +else: +raise ValidationError( +name=self.name, +value=value, +index=index, +error=_('can be at most %(maxvalue)d') % dict( +maxvalue=sys.maxint, +) +) +super(Int, self)._validate_scalar(value, index) + + class Float(Number): A parameter for floating-point values (stored in the ``float`` type). -- 1.7.6 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 30 Fix exit status of ipa-nis-manage-enable
https://fedorahosted.org/freeipa/ticket/1247 Honza -- Jan Cholasta From d59876c8f55e42bb17ecb9a637f9a7a4478143f3 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Thu, 14 Jul 2011 09:07:41 +0200 Subject: [PATCH] Fix exit status of ipa-nis-manage enable. ticket 1247 --- install/tools/ipa-nis-manage | 13 + 1 files changed, 5 insertions(+), 8 deletions(-) diff --git a/install/tools/ipa-nis-manage b/install/tools/ipa-nis-manage index 2c0936b..f61610a 100755 --- a/install/tools/ipa-nis-manage +++ b/install/tools/ipa-nis-manage @@ -154,19 +154,16 @@ def main(): # The cn=config entry for the plugin may already exist but it # could be turned off, handle both cases. -if (entry is None or - entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off'): -# Already configured, just enable the plugin +if entry is None: print Enabling plugin ld = LDAPUpdate(dm_password=dirman_password, sub_dict={}, ldapi=True) if ld.update(files) != True: retval = 1 +elif entry.get('nsslapd-pluginenabled', [''])[0].lower() == 'off': +print Enabling plugin +# Already configured, just enable the plugin mod = {'nsslapd-pluginenabled': 'on'} -try: -conn.update_entry(nis_config_dn, mod, normalize=False) -except errors.EmptyModlist: -# plugin is already enabled, silently continue -pass +conn.update_entry(nis_config_dn, mod, normalize=False) else: print Plugin already Enabled retval = 2 -- 1.7.4.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 093 Add new dnszone-find test
Implement a test for new dnszone-find option --forward-only. Fix example for reverse zone (zone was not fully qualified and DNS plugin would forbid adding PTR records). https://fedorahosted.org/freeipa/ticket/1473 From 00e4c005b08b58f88ffa8f59724b644179e5bf15 Mon Sep 17 00:00:00 2001 From: Martin Kosek mko...@redhat.com Date: Thu, 14 Jul 2011 11:14:14 +0200 Subject: [PATCH] Add new dnszone-find test Implement a test for new dnszone-find option --forward-only. Fix example for reverse zone (zone was not fully qualified and DNS plugin would forbid adding PTR records). https://fedorahosted.org/freeipa/ticket/1473 --- ipalib/plugins/dns.py|2 +- tests/test_xmlrpc/test_dns_plugin.py | 80 ++ 2 files changed, 81 insertions(+), 1 deletions(-) diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e7a0a05a3c5b989fc7125492530c1deccae27f0c..426a3289834af6da54f26465b3bd161c05451d64 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -41,7 +41,7 @@ EXAMPLES: ipa dnsrecord-add example.com www --a-rec 80.142.15.2 Add new PTR record for www.example.com - ipa dnsrecord-add 15.142.80.in-addr.arpa 2 --ptr-rec www.example.com. + ipa dnsrecord-add 15.142.80.in-addr.arpa. 2 --ptr-rec www.example.com. Add new SRV records for LDAP servers. Three quarters of the requests should go to fast.example.com, one quarter to slow.example.com. If neither diff --git a/tests/test_xmlrpc/test_dns_plugin.py b/tests/test_xmlrpc/test_dns_plugin.py index 4a149db2efbb61194a34d038ac5ddbeb140b53f2..ce5908d5367f5e3fb133c0a621be19a7a2b1406a 100644 --- a/tests/test_xmlrpc/test_dns_plugin.py +++ b/tests/test_xmlrpc/test_dns_plugin.py @@ -27,6 +27,7 @@ from xmlrpc_test import Declarative, fuzzy_digits, fuzzy_uuid dnszone1 = u'dnszone.test' dnszone2 = u'dnszone2.test' +revdnszone1 = u'15.142.80.in-addr.arpa.' dnsres1 = u'testdnsres' class test_dns(Declarative): @@ -214,10 +215,78 @@ class test_dns(Declarative): dict( +desc='Create reverse zone %r' % revdnszone1, +command=( +'dnszone_add', [revdnszone1], { +'idnssoamname': u'ns1.%s' % dnszone1, +'idnssoarname': u'root.%s' % dnszone1, +'ip_address' : u'1.2.3.4', +} +), +expected={ +'value': revdnszone1, +'summary': None, +'result': { +'dn': u'idnsname=%s,cn=dns,%s' % (revdnszone1, api.env.basedn), +'idnsname': [revdnszone1], +'idnszoneactive': [u'TRUE'], +'idnssoamname': [u'ns1.%s.' % dnszone1], +'nsrecord': [u'ns1.%s.' % dnszone1], +'idnssoarname': [u'root.%s.' % dnszone1], +'idnssoaserial': [fuzzy_digits], +'idnssoarefresh': [fuzzy_digits], +'idnssoaretry': [fuzzy_digits], +'idnssoaexpire': [fuzzy_digits], +'idnssoaminimum': [fuzzy_digits], +'idnsallowdynupdate': [u'FALSE'], +'objectclass': [u'top', u'idnsrecord', u'idnszone'], +}, +}, +), + + +dict( desc='Search for zones with name server %r' % (u'ns1.%s.' % dnszone1), command=('dnszone_find', [], {'idnssoamname': u'ns1.%s.' % dnszone1}), expected={ 'summary': None, +'count': 2, +'truncated': False, +'result': [{ +'dn': u'idnsname=%s,cn=dns,%s' % (revdnszone1, api.env.basedn), +'idnsname': [revdnszone1], +'idnszoneactive': [u'TRUE'], +'nsrecord': [u'ns1.%s.' % dnszone1], +'idnssoamname': [u'ns1.%s.' % dnszone1], +'idnssoarname': [u'root.%s.' % dnszone1], +'idnssoaserial': [fuzzy_digits], +'idnssoarefresh': [fuzzy_digits], +'idnssoaretry': [fuzzy_digits], +'idnssoaexpire': [fuzzy_digits], +'idnssoaminimum': [fuzzy_digits], +}, +{ +'dn': u'idnsname=%s,cn=dns,%s' % (dnszone1, api.env.basedn), +'idnsname': [dnszone1], +'idnszoneactive': [u'TRUE'], +'nsrecord': [u'ns1.%s.' % dnszone1], +'idnssoamname': [u'ns1.%s.' % dnszone1], +'idnssoarname': [u'root.%s.' % dnszone1], +'idnssoaserial': [fuzzy_digits], +'idnssoarefresh': [u'5478'], +'idnssoaretry': [fuzzy_digits], +'idnssoaexpire': [fuzzy_digits], +'idnssoaminimum': [fuzzy_digits], +}], +}, +), + + +
Re: [Freeipa-devel] [PATCH] 23 Add ability to specify DNS reverse zone name by IP network address
On 28.6.2011 20:08, Rob Crittenden wrote: Jan Cholasta wrote: On 21.6.2011 14:15, Jan Cholasta wrote: This patch adds a new option name_from_ip to dnszone commands. Default value of idnsname is created from this option. Honza Fixed the API version number, added usage example to dns plugin help. https://fedorahosted.org/freeipa/ticket/1045 Honza Had quickie code review in IRC this morning. I asked for a comment around the while loop, Honza suggested: This is to make chained default_from work - idnssoarname default is created from idnsname and idnsname default is created from name_from_ip - without this change, idnssoarname default value isn't created when only name_from_ip is specified. Would also be nice to have a test case for this new usage. rob Added the test case. The original ticket is now for the UI part, new ticket was opened for the server-side part: https://fedorahosted.org/freeipa/ticket/1474 Honza -- Jan Cholasta From 6daa2674216e01b4cd017a3a31ee72342c204cd9 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Tue, 21 Jun 2011 14:07:19 +0200 Subject: [PATCH] Add ability to specify DNS reverse zone name by IP network address. In order for this to work, chaining of parameters through default_from is made possible. ticket 1474 --- API.txt| 23 +-- VERSION|2 +- ipalib/frontend.py |6 +- ipalib/plugins/dns.py | 30 ++ tests/test_ipalib/test_frontend.py | 27 +++ 5 files changed, 76 insertions(+), 12 deletions(-) diff --git a/API.txt b/API.txt index 44292a9..827b44d 100644 --- a/API.txt +++ b/API.txt @@ -737,8 +737,9 @@ output: Output('summary', (type 'unicode', type 'NoneType'), 'User-friendly output: Entry('result', type 'dict', Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', type 'unicode', The primary_key value of the entry, e.g. 'jdoe' for a user) command: dnszone_add -args: 1,18,3 -arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, required=True) +args: 1,19,3 +arg: Str('idnsname', attribute=True, cli_name='name', default_from=DefaultFrom(lambda, 'name_from_ip'), label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, required=True) +option: Str('name_from_ip', _validate_ipnet, attribute=True, cli_name='name_from_ip', label=Gettext('Reverse zone IP network', domain='ipa', localedir=None), multivalue=False, required=False) option: Str('idnssoamname', attribute=True, cli_name='name_server', label=Gettext('Authoritative nameserver', domain='ipa', localedir=None), multivalue=False, required=True) option: Str('idnssoarname', attribute=True, cli_name='admin_email', default_from=DefaultFrom(lambda, 'idnsname'), label=Gettext('Administrator e-mail address', domain='ipa', localedir=None), multivalue=False, normalizer=_rname_normalizer, required=True) option: Int('idnssoaserial', attribute=True, autofill=True, cli_name='serial', create_default=_create_zone_serial, label=Gettext('SOA serial', domain='ipa', localedir=None), minvalue=1, multivalue=False, required=False) @@ -762,27 +763,28 @@ output: Entry('result', type 'dict', Gettext('A dictionary representing an LDA output: Output('value', type 'unicode', The primary_key value of the entry, e.g. 'jdoe' for a user) command: dnszone_del args: 1,1,3 -arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=True, normalizer=lambda, primary_key=True, query=True, required=True) +arg: Str('idnsname', attribute=True, cli_name='name', default_from=DefaultFrom(lambda, 'name_from_ip'), label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=True, normalizer=lambda, primary_key=True, query=True, required=True) option: Flag('continue', autofill=True, cli_name='continue', default=False) output: Output('summary', (type 'unicode', type 'NoneType'), 'User-friendly description of action performed') output: Output('result', type 'dict', 'list of deletions that failed') output: Output('value', type 'unicode', The primary_key value of the entry, e.g. 'jdoe' for a user) command: dnszone_disable args: 1,0,3 -arg: Str('idnsname', attribute=True, cli_name='name', label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, query=True, required=True) +arg: Str('idnsname', attribute=True, cli_name='name', default_from=DefaultFrom(lambda, 'name_from_ip'), label=Gettext('Zone name', domain='ipa', localedir=None), multivalue=False, normalizer=lambda, primary_key=True, query=True, required=True) output: Output('summary', (type 'unicode', type 'NoneType'), 'User-friendly description of action
Re: [Freeipa-devel] [PATCH] 809 entitle_register using uuid unsupported
On 27.6.2011 20:42, Rob Crittenden wrote: Document registering to an entitlement server with a UUID as not implemented. It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. I've filed an RFE to get this added but for now this is a way to not do major surgery to the API and still be at least somewhat user-friendly. https://fedorahosted.org/freeipa/ticket/1216 rob ACK Honza -- Jan Cholasta ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 207 Fixed label capitalization
On 07/14/2011 09:57 AM, Endi Sukma Dewata wrote: The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK. Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] certificate DN's
In the conference call this morning the issue came up as to what are valid DN's in certificates (used for subject names and issuer names). RFC 2459 says this: (note 'type' as it used below means the attribute name, e.g. cn is a type, I realize it's confusing, welcome to the world of RFC's :-) - As noted above, distinguished names are composed of attributes. This specification does not restrict the set of attribute types that may appear in names. However, conforming implementations MUST be prepared to receive certificates with issuer names containing the set of attribute types defined below. This specification also recommends support for additional attribute types. Standard sets of attributes have been defined in the X.500 series of specifications.[X.520] Implementations of this specification MUST be prepared to receive the following standard attribute types in issuer names: country, organization, organizational-unit, distinguished name qualifier, state or province name, and common name (e.g., Susan Housley). In addition, implementations of this specification SHOULD be prepared to receive the following standard attribute types in issuer names: locality, title, surname, given name, initials, and generation qualifier (e.g., Jr., 3rd, or IV). The syntax and associated object identifiers (OIDs) for these attribute types are provided in the ASN.1 modules in Appendices A and B. In addition, implementations of this specification MUST be prepared to receive the domainComponent attribute, as defined in [RFC 2247]. The Domain (Nameserver) System (DNS) provides a hierarchical resource labeling system. This attribute provides is a convenient mechanism for organizations that wish to use DNs that parallel their DNS names. This is not a replacement for the dNSName component of the alternative name field. Implementations are not required to convert such names into DNS names. The syntax and associated OID for this attribute type is provided in the ASN.1 modules in Appendices A and B. But for what it's worth this what NSS supports (from alg1485.c) and since we're mostly based on NSS we should enforce this: The columns are: name, max_length, format max_length is number of UTF-8 octests format DS is Directory String, e.g. UTF-8, other formats should be self obvious. CN, 64,DS ST, 128, DS O, 64,DS OU, 64,DS dnQualifier,32767, PRINTABLE_STRING C, 2, PRINTABLE_STRING serialNumber, 64,PRINTABLE_STRING L, 128, DS title, 64,DS SN, 64,DS givenName, 64,DS initials, 64,DS generationQualifier,64,DS DC, 128, IA5_STRING MAIL, 256, IA5_STRING UID,256, DS postalAddress, 128, DS postalCode, 40,DS postOfficeBox, 40,DS houseIdentifier,64,DS E, 128, IA5_STRING STREET, 128, DS pseudonym, 64,DS incorporationLocality, 128, DS incorporationState, 128, DS incorporationCountry, 2, PRINTABLE_STRING businessCategory, 64,DS -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin
https://fedorahosted.org/freeipa/ticket/1272 * Added new container in etc to hold the automembership configs. * Modified constants to point to the new container * Modified dsinstance to create the container * Modified hostgroup.py to add the new commands * Added xmlrpc test to verify functionality binfWm24aLDHv.bin Description: freeipa-jraquino-0034-Create-FreeIPA-CLI-Plugin-for-the-389-Auto-Membershi.patch ~ Jr Aquino, GCIH | Information Security Specialist Citrix Online | 7408 Hollister Avenue | Goleta, CA 93117 T: +1 805.690.3478 jr.aqu...@citrixonline.com http://www.citrixonline.com ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin
On Jul 14, 2011, at 11:55 AM, wrote: https://fedorahosted.org/freeipa/ticket/1272 * Added new container in etc to hold the automembership configs. * Modified constants to point to the new container * Modified dsinstance to create the container * Modified hostgroup.py to add the new commands * Added xmlrpc test to verify functionality Minor adjustment: Auto Membership Plugin isn't available until 1.2.9-0.2+ Modified freeipa.spec.in: BuildRequires: 389-ds-base-devel = 1.2.9-0.2 bin5faXeU99Xs.bin Description: freeipa-jraquino-0034-Create-FreeIPA-CLI-Plugin-for-the-389-Auto-Membershi.patch ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 29/29] Remove sudorule_mod, ticket 1307
sudorule_mod was ill-conceived, it does not respect the logic surrounding external users. Suggested to use sudorule_add and sudorule_del for modification. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ From dc724c5f5baee84d252cbc8994e2462a6c8ae995 Mon Sep 17 00:00:00 2001 From: John Dennis jden...@redhat.com Date: Thu, 14 Jul 2011 21:00:52 -0400 Subject: [PATCH 29/29] Remove sudorule_mod, ticket 1307 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit sudorule_mod was ill-conceived, it does not respect the logic surrounding external users. Suggested to use sudorule_add and sudorule_del for modification. --- ipalib/plugins/sudorule.py|9 - tests/test_xmlrpc/test_sudorule_plugin.py | 15 ++- 2 files changed, 2 insertions(+), 22 deletions(-) diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index a1d05a8..349b16b 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -195,15 +195,6 @@ class sudorule_del(LDAPDelete): api.register(sudorule_del) -class sudorule_mod(LDAPUpdate): - -Modify Sudo Rule. - -msg_summary = _('Modified sudo rule %(value)s') - -api.register(sudorule_mod) - - class sudorule_find(LDAPSearch): Search for Sudo Rule. diff --git a/tests/test_xmlrpc/test_sudorule_plugin.py b/tests/test_xmlrpc/test_sudorule_plugin.py index 88c608d..90d7950 100644 --- a/tests/test_xmlrpc/test_sudorule_plugin.py +++ b/tests/test_xmlrpc/test_sudorule_plugin.py @@ -32,7 +32,6 @@ class test_sudorule(XMLRPC_test): rule_name = u'testing_sudorule1' rule_command = u'/usr/bin/testsudocmd1' rule_desc = u'description' -rule_desc_mod = u'description modified' test_user = u'sudorule_test_user' test_external_user = u'external_test_user' @@ -83,28 +82,18 @@ class test_sudorule(XMLRPC_test): assert_attr_equal(entry, 'cn', self.rule_name) assert_attr_equal(entry, 'description', self.rule_desc) -def test_3_sudorule_mod(self): - -Test modifying a Sudo rule using `xmlrpc.sudorule_mod`. - -ret = api.Command['sudorule_mod']( -self.rule_name, description=self.rule_desc_mod -) -entry = ret['result'] -assert_attr_equal(entry, 'description', self.rule_desc_mod) - def test_6_sudorule_find(self): Test searching for Sudo rules using `xmlrpc.sudorule_find`. ret = api.Command['sudorule_find']( name=self.rule_name, -description=self.rule_desc_mod +description=self.rule_desc ) assert ret['truncated'] is False entries = ret['result'] assert_attr_equal(entries[0], 'cn', self.rule_name) -assert_attr_equal(entries[0], 'description', self.rule_desc_mod) +assert_attr_equal(entries[0], 'description', self.rule_desc) def test_7_sudorule_init_testing_data(self): -- 1.7.4.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 825 add dogtag replication management
Add a separate tool for now to do dogtag replication agreement management. The syntax is the same for IPA agreements with the exception that the DM password is always required and it isn't possible to delegate the management of this. ticket https://fedorahosted.org/freeipa/ticket/1250 rob From eebffc5a9718321ada78a5baddfc34743f001aed Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: Thu, 14 Jul 2011 23:35:01 -0400 Subject: [PATCH] Create tool to manage dogtag replication agreements For the most part the existing replication code worked with the following exceptions: - Added more port options - It assumed that initial connections were done to an SSL port. Added ability to use startTLS - It assumed that the name of the agreement was the same on both sides. In dogtag one is marked as master and one as clone. A new option is added, master, the determines which side we're working on or None if it isn't a dogtag agreement. - Don't set the attribute exclude list on dogtag agreements - dogtag doesn't set a schedule by default (which is actually recommended by 389-ds). This causes problems when doing a force-sync though so if one is done we set a schedule to run all the time. Otherwise the temporary schedule can't be removed (LDAP operations error). https://fedorahosted.org/freeipa/ticket/1250 --- freeipa.spec.in |7 +- install/tools/Makefile.am|1 + install/tools/ipa-csreplica-manage | 445 ++ install/tools/man/Makefile.am|1 + install/tools/man/ipa-csreplica-manage.1 | 92 ++ ipaserver/install/dsinstance.py |4 +- ipaserver/install/replication.py | 77 -- 7 files changed, 602 insertions(+), 25 deletions(-) create mode 100755 install/tools/ipa-csreplica-manage create mode 100644 install/tools/man/ipa-csreplica-manage.1 diff --git a/freeipa.spec.in b/freeipa.spec.in index e4aa0f6265d37dd250bfdb0d9ea80023744223aa..fc539ca7b5c74995de476892835832317672ae6b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -365,6 +365,7 @@ fi %{_sbindir}/ipa-replica-install %{_sbindir}/ipa-replica-prepare %{_sbindir}/ipa-replica-manage +%{_sbindir}/ipa-csreplica-manage %{_sbindir}/ipa-server-certinstall %{_sbindir}/ipa-ldap-updater %{_sbindir}/ipa-compat-manage @@ -437,6 +438,7 @@ fi %{_mandir}/man1/ipa-replica-conncheck.1.gz %{_mandir}/man1/ipa-replica-install.1.gz %{_mandir}/man1/ipa-replica-manage.1.gz +%{_mandir}/man1/ipa-csreplica-manage.1.gz %{_mandir}/man1/ipa-replica-prepare.1.gz %{_mandir}/man1/ipa-server-certinstall.1.gz %{_mandir}/man1/ipa-server-install.1.gz @@ -504,7 +506,10 @@ fi %ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf %changelog -* Wed Jul 6 2011 Adam Young ayo...@redhat.com - 2.0.90-5 +* Thu Jul 14 2011 Rob Crittenden rcrit...@redhat.com - 2.0.90-6 +- Add ipa-csreplica-manage tool. + +* Wed Jul 6 2011 Adam Young ayo...@redhat.com - 2.0.90-5 - Add HTML file describing issues with HBAC deny rules * Fri Jun 17 2011 Rob Crittenden rcrit...@redhat.com - 2.0.90-4 diff --git a/install/tools/Makefile.am b/install/tools/Makefile.am index c6ecd92876adb5ba5dd5eef041502c27e56bb811..fc615ec04f324c2d9c98dc8cf674938e1064bec6 100644 --- a/install/tools/Makefile.am +++ b/install/tools/Makefile.am @@ -12,6 +12,7 @@ sbin_SCRIPTS = \ ipa-replica-install \ ipa-replica-prepare \ ipa-replica-manage \ + ipa-csreplica-manage \ ipa-server-certinstall \ ipactl \ ipa-compat-manage \ diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage new file mode 100755 index ..6267d304269ceafe3120fa2b97f54a3bcdfadef1 --- /dev/null +++ b/install/tools/ipa-csreplica-manage @@ -0,0 +1,445 @@ +#! /usr/bin/python -E +# Authors: Rob Crittenden rcrit...@redhat.com +# +# Based on ipa-replica-manage by Karl MacMillan kmacmil...@mentalrootkit.com +# +# Copyright (C) 2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +import sys +import os + +import getpass, ldap, krbV +import logging + +from ipapython import ipautil +from ipaserver.install import replication, installutils +from ipaserver import ipaldap +from ipapython import version +from ipalib import api, errors, util +from