freeipa.git/tests/test_xmlrpc/objectclasses.py, branch hbactest FreeIPA project Optionally wait for 389-ds postop plugins to complete 2011-07-19T11:06:16+00:00 Rob Crittenden rcritten@redhat.com 2011-07-01T19:32:31+00:00 1dd9e1407361bdd6ed337c70dcb1d209ce034cb6 Add a new command that lets you wait for an attribute to appear in a value. Using this you can do things like wait for a managed entry to be created, adding a new objectclass to the parent entry. This is controlled by a new booleon option, wait_for_attr, defaulting to False. https://fedorahosted.org/freeipa/ticket/1144 
Add a new command that lets you wait for an attribute to appear in
a value. Using this you can do things like wait for a managed entry
to be created, adding a new objectclass to the parent entry.

This is controlled by a new booleon option, wait_for_attr, defaulting
to False.

https://fedorahosted.org/freeipa/ticket/1144
Add handling for indirect memberof other entries. 2011-02-21T16:21:23+00:00 Rob Crittenden rcritten@redhat.com 2011-02-20T04:09:03+00:00 2f82112bb3fdb02801fb1cb71c169dc77786cf39 This creates a new custom attribute, memberofindirect_[plugin]. Using this you can tell the difference between being an actual memberof another entry and being a memberof as the result if inheritence. This is particularly useful when trying to remove members of an entry, you can only remove direct members. I had to add a couple of short sleep calls to make things work a little better. The memberof plugin runs as a postop and we have no way of knowing when it has done its work. If we don't pause we may show some stale data that memberof hasn't updated yet. .3 seconds is an arbitrary choice. ticket 966 
This creates a new custom attribute, memberofindirect_[plugin].
Using this you can tell the difference between being an actual memberof
another entry and being a memberof as the result if inheritence. This is
particularly useful when trying to remove members of an entry, you can
only remove direct members.

I had to add a couple of short sleep calls to make things work a little
better. The memberof plugin runs as a postop and we have no way of knowing
when it has done its work. If we don't pause we may show some stale
data that memberof hasn't updated yet. .3 seconds is an arbitrary choice.

ticket 966
Add new schema to store information about permissions. 2011-02-01T21:00:41+00:00 Rob Crittenden rcritten@redhat.com 2011-02-01T16:57:18+00:00 c6ef39b2c04c7b09848226d7454c983924cbdfed There are some permissions we can't display because they are stored outside of the basedn (such as the replication permissions). We are adding a new attribute to store extra information to make this clear, in this case SYSTEM. ticket 853 
There are some permissions we can't display because they are stored
outside of the basedn (such as the replication permissions). We
are adding a new attribute to store extra information to make this
clear, in this case SYSTEM.

ticket 853
Change FreeIPA license to GPLv3+ 2010-12-20T22:19:53+00:00 Jakub Hrozek jhrozek@redhat.com 2010-12-09T12:59:11+00:00 7493d781dfcaa7995f7864a09ad39ba6a89f1a9c The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239 
The changes include:
 * Change license blobs in source files to mention GPLv3+ not GPLv2 only
 * Add GPLv3+ license text
 * Package COPYING not LICENSE as the license blobs (even the old ones)
   mention COPYING specifically, it is also more common, I think

 https://fedorahosted.org/freeipa/ticket/239
Properly handle multi-valued attributes when using setattr/addattr. 2010-12-10T18:42:47+00:00 Rob Crittenden rcritten@redhat.com 2010-12-08T18:26:27+00:00 e8e274c9e0a9fb9d2ef775f99c763d97b23050b1 The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565 
The problem was that the normalizer was returning each value as a tuple
which we were then appending to a list, so it looked like
[(u'value1',), (u'value2',),...]. If there was a single value we could
end up adding a tuple to a list which would fail. Additionally python-ldap
doesn't like lists of lists so it was failing later in the process as well.

I've added some simple tests for setattr and addattr.

ticket 565
Re-implement access control using an updated model. 2010-12-02T01:42:31+00:00 Rob Crittenden rcritten@redhat.com 2010-12-01T16:23:52+00:00 4ad8055341b9f12c833abdf757755ed95f1b375e The new model is based on permssions, privileges and roles. Most importantly it corrects the reverse membership that caused problems in the previous implementation. You add permission to privileges and privileges to roles, not the other way around (even though it works that way behind the scenes). A permission object is a combination of a simple group and an aci. The linkage between the aci and the permission is the description of the permission. This shows as the name/description of the aci. ldap:///self and groups granting groups (v1-style) are not supported by this model (it will be provided separately). This makes the aci plugin internal only. ticket 445 
The new model is based on permssions, privileges and roles.
Most importantly it corrects the reverse membership that caused problems
in the previous implementation. You add permission to privileges and
privileges to roles, not the other way around (even though it works that
way behind the scenes).

A permission object is a combination of a simple group and an aci.
The linkage between the aci and the permission is the description of
the permission. This shows as the name/description of the aci.

ldap:///self and groups granting groups (v1-style) are not supported by
this model (it will be provided separately).

This makes the aci plugin internal only.

ticket 445
Implement nested netgroups and include summaries for the commands. 2010-10-29T18:03:15+00:00 Rob Crittenden rcritten@redhat.com 2010-10-29T15:32:03+00:00 03de1b89ca4be1c178ef044a912a30c4626a9917 Replace the existing netgroup test cases with Declarative tests. This triples the number of tests we were doing. ticket 209 
Replace the existing netgroup test cases with Declarative tests. This triples
the number of tests we were doing.

ticket 209
Add plugins for Sudo Commands, Command Groups and Rules 2010-09-28T02:38:06+00:00 Jr Aquino jr.aquino@citrixonline.com 2010-09-27T20:51:28+00:00 af48654cbcd6c0bdb3c5c6f5b35a4e69fbde77b5 






Add ipaUniqueID to HBAC services and service groups
2010-05-27T14:51:02+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-21T20:27:40+00:00

e123fa66719c7f71587383406d3205d17e60f669

Also fix the memberOf attribute for the HBAC services





Also fix the memberOf attribute for the HBAC services







Remove local get_dn() from hbacsvcgroup and add tests for hbacsvcgroup
2010-05-20T17:53:02+00:00

Rob Crittenden
rcritten@redhat.com

2010-05-17T17:38:00+00:00

71738f91774236cb08c36beaece3663868c6248d