freeipa.git/VERSION, branch adwork FreeIPA project Fill new DNS zone update policy by default 2012-06-05T06:41:46+00:00 Martin Kosek mkosek@redhat.com 2012-06-04T15:53:34+00:00 c06cbb12ac2080e75578645b5e74adf7496de1fa For security reasons, dynamic updates are not enabled for new DNS zones. In order to enable the dynamic zone securely, user needs to allow dynamic updates and create a zone update policy. The policy is not easy to construct for regular users, we should rather fill it by default and let users just switch the policy on or off. https://fedorahosted.org/freeipa/ticket/2441 
For security reasons, dynamic updates are not enabled for new DNS
zones. In order to enable the dynamic zone securely, user needs to
allow dynamic updates and create a zone update policy.

The policy is not easy to construct for regular users, we should
rather fill it by default and let users just switch the policy
on or off.

https://fedorahosted.org/freeipa/ticket/2441
Add rename option for DNS records 2012-05-31T10:45:47+00:00 Martin Kosek mkosek@redhat.com 2012-05-29T13:58:36+00:00 5b465811ce15e26d4c05c589601eebee1b9e984d This option will make renaming DNS records much easier. Add a unit test for this new functionality. https://fedorahosted.org/freeipa/ticket/2600 
This option will make renaming DNS records much easier.
Add a unit test for this new functionality.

https://fedorahosted.org/freeipa/ticket/2600
Disallow setattr on no_update/no_create params 2012-05-29T07:23:26+00:00 Petr Viktorin pviktori@redhat.com 2012-05-21T09:03:21+00:00 1af36da933cd3c788e3a48257e2f5c286e985e22 Make --{set,add,del}attr fail on parameters with the no_update/no_create flag for the respective command. For attributes that can be modified, but we just don't want to display in the CLI, use the 'no_option' flag. These are "locking" attributes (ipaenabledflag, nsaccountlock) and externalhost. Document the 'no_option' flag. Add some tests. https://fedorahosted.org/freeipa/ticket/2580 
Make --{set,add,del}attr fail on parameters with the no_update/no_create
flag for the respective command.

For attributes that can be modified, but we just don't want to display
in the CLI, use the 'no_option' flag. These are "locking" attributes
(ipaenabledflag, nsaccountlock) and externalhost.

Document the 'no_option' flag. Add some tests.

https://fedorahosted.org/freeipa/ticket/2580
permission-mod prompts for all parameters 2012-05-17T08:12:10+00:00 Ondrej Hamada ohamada@redhat.com 2012-05-16T11:36:35+00:00 677ea8cbfab8aadbd89ca479ed4453776f65fd30 ipa permission-mod was prompting for all parameters because they had specified flag 'ask_update'. The flag was removed. Additionally the exec_callback for permission-mod was updated to unify the behaviour with other ipa commands (raise exception when no modification was specified). https://fedorahosted.org/freeipa/ticket/2280 
ipa permission-mod was prompting for all parameters because they had
specified flag 'ask_update'. The flag was removed. Additionally the
exec_callback for permission-mod was updated to unify the behaviour with
other ipa commands (raise exception when no modification was specified).

https://fedorahosted.org/freeipa/ticket/2280
Limit permission and selfservice names to alphanumerics, -, _, space 2012-04-10T00:56:29+00:00 Petr Viktorin pviktori@redhat.com 2012-04-06T08:56:46+00:00 6e5c8b25bffa2b62a2233c0347c2ed3dd081d4a9 The DN and ACI code doesn't always escape special characters properly. Rather than trying to fix it, this patch takes the easy way out and enforces that the names are safe. https://fedorahosted.org/freeipa/ticket/2585 
The DN and ACI code doesn't always escape special characters properly.
Rather than trying to fix it, this patch takes the easy way out and
enforces that the names are safe.

https://fedorahosted.org/freeipa/ticket/2585
Make revocation_reason required when revoking a certificate. 2012-04-05T06:51:30+00:00 Rob Crittenden rcritten@redhat.com 2012-04-04T18:57:22+00:00 51b34d5c4249e540510993fe600d222f22fcda16 This will prevent errors if an empty reason is provided and it is set by default one doesn't have to always set it on the command-line. https://fedorahosted.org/freeipa/ticket/2597 
This will prevent errors if an empty reason is provided and it is
set by default one doesn't have to always set it on the command-line.

https://fedorahosted.org/freeipa/ticket/2597
Netgroup nisdomain and hosts validation 2012-03-28T14:23:37+00:00 Ondrej Hamada ohamada@redhat.com 2012-03-27T13:15:20+00:00 5cfee2338d548035151926c5c235f3426fca0499 nisdomain validation: Added pattern to the 'nisdomain' parameter to validate the specified nisdomain name. According to most common use cases the same pattern as for netgroup should fit. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2448 'add_external_pre_callback' function was created to allow validation of all external members. Validation is based on usage of objects primary key parameter. The 'add_external_pre_callback' fucntion has to be called directly from in the 'pre_callback' function. This change affects netgroup, hbacrule and sudorule commands. For hostname, the validator allows non-fqdn and underscore characters. validate_hostname function in ipalib.util was modified and contains additional option that allows hostname to contain underscore characters. This option is disabled by default. Unit-tests added. https://fedorahosted.org/freeipa/ticket/2447 
nisdomain validation:
Added pattern to the 'nisdomain' parameter to validate the specified
nisdomain name. According to most common use cases the same pattern as
for netgroup should fit. Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2448

'add_external_pre_callback' function was created to allow validation of
all external members. Validation is based on usage of objects primary
key parameter. The 'add_external_pre_callback' fucntion has to be called
directly from in the 'pre_callback' function. This change affects
netgroup, hbacrule and sudorule commands.

For hostname, the validator allows non-fqdn and underscore characters.
validate_hostname function in ipalib.util was modified and contains
additional option that allows hostname to contain underscore characters.
This option is disabled by default.

Unit-tests added.

https://fedorahosted.org/freeipa/ticket/2447
Add missing global options in dnsconfig 2012-03-20T14:40:08+00:00 Martin Kosek mkosek@redhat.com 2012-03-07T14:54:38+00:00 9b562f7377e2efe26742740108a398f4ebb3df64 Add a support for new global options in bind-dyndb-ldap, that is: * idnsforwardpolicy: Default policy for conditional forwarding * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic updates * idnszonerefresh: Default interval between regular polls of the name server for new DNS zones https://fedorahosted.org/freeipa/ticket/2439 
Add a support for new global options in bind-dyndb-ldap, that is:
 * idnsforwardpolicy: Default policy for conditional forwarding
 * idnsallowsyncptr: Allow globaly PTR synchronization for dynamic
   updates
 * idnszonerefresh: Default interval between regular polls of the
   name server for new DNS zones

https://fedorahosted.org/freeipa/ticket/2439
Fix API.txt and VERSION to reflect new sudoOrder option. 2012-03-02T03:24:26+00:00 Rob Crittenden rcritten@redhat.com 2012-03-02T20:31:25+00:00 763265f28e645cfa592514b6ac26ccc6f42ef229 






Migration warning when compat enabled
2012-02-29T23:30:03+00:00

Ondrej Hamada
ohamada@redhat.com

2012-03-01T10:41:53+00:00

73249140fce64e56ddf5cd70441804a627b0cc34

Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--with-compat'.

'--with-compat' is new flag. If it is set, the compat status is ignored.

https://fedorahosted.org/freeipa/ticket/2274





Added check into migration plugin to warn user when compat is enabled.
If compat is enabled, the migration fails and user is warned that he
must turn the compat off or run the script with (the newly introduced)
option '--with-compat'.

'--with-compat' is new flag. If it is set, the compat status is ignored.

https://fedorahosted.org/freeipa/ticket/2274