| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
ticket 867
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
This option is only used when configuring an IPA client on an IPA server.
Describing it on the command-line will only confuse people so don't
list it as an option.
Ticket 1050
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The root user cannot use ldapi because of the autobind configuration.
Fall back to a standard GSSAPI sasl bind if the external bind fails.
With --ldapi a regular user may be trying this as well, catch that
and report a reasonable error message.
This also gives priority to the DM password if it is passed in.
Also require the user be root to run the ipa-nis-manage command.
We enable/disable and start/stop services which need to be done as root.
Add a new option to ipa-ldap-updater to prompt for the DM password.
Remove restriction to be run as root except when doing an upgrade.
Ticket 1157
|
|
|
|
| |
The Selenium tests have been updated to improve robustness.
|
| |
|
|
|
|
|
| |
To simplify customization, the add(), remove(), and refresh() methods
have been moved from IPA.search_widget into IPA.search_facet.
|
|
|
|
|
|
|
| |
The IPA.entity_builder has been modified to take a 'factory' parameter
in custom facet's and custom dialog's spec. The IPA.dialog has been
modified to take an array of fields in the spec. The IPA.search_facet
has been modified to take an array of columns in the spec.
|
|
|
|
|
|
|
| |
To improve code readability and extensibility the containers for action
panel and client area are now created in IPA.entity.setup(). The 'client area'
has been renamed into 'content'. The IPA.facet.create() has been renamed to
IPA.facet.create_content().
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current PTR validation is unclear and may misled the user. This
patch improves the validation process so that the eventual exception
is clearer. New check that the PTR record is fully qualified has
been added to ensure that the reverse zone resolution behaves as
expected.
Additionally, several strings in the DNS plugin were prepared for
localization.
https://fedorahosted.org/freeipa/ticket/1129
|
|
|
|
|
|
|
|
|
| |
Most of the pwpolicy_* commands do include cospriority in the result
and potentially in the attribute rights (--all --rights). Especially
when --raw output is requested. This patch fixes it for all
pwpolicy commands.
https://fedorahosted.org/freeipa/ticket/1103
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1138
|
|
|
|
|
|
|
| |
This commit accidentaly slipped in (it was not ready for the
upstream).
This reverts commit 9915b93737fe5e31a53f2fdb169427a0b4d7e002.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Doc parts are not removed from the API completely. This leads to
unnecessary updates to API.txt when the option/argument documentation
is changed.
This patch replaces unreliable doc stripping function with a regular
expression. It works for all current doc strings (simple string or
GetText). The only limitation is that the RE supports only up to
2 levels of nested parentheses in doc string.
https://fedorahosted.org/freeipa/ticket/1057
|
|
|
|
|
|
|
|
|
|
|
|
| |
postalCode is defined as an Int. This means you can't define one that has
a leading zero nor can you have dashes, letters, etc.
This changes the data type on the server. It will still accept an int
value if provided and convert it into a string.
Bump the API version to 2.1.
ticket 1150
|
|
|
|
|
|
|
|
|
|
|
| |
Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.
This requires 389-ds-base-1.2.8.0-1+
ticket 1153
|
| |
|
|
|
|
| |
ticket 1146
|
|
|
|
| |
http://www.freeipa.org/page/Selenium
|
|
|
|
| |
this version includes using spec for detail_facets
|
|
|
|
| |
no longer default to all: true for searches, only specify it for user searches
|
|
|
|
|
|
| |
merged hbac and sudo in to single files
associaton facet and table supports linking
|
| |
|
| |
|
|
|
|
| |
ticket 1082
|
|
|
|
|
|
|
|
| |
There are some operations that fetch the configuration multiple times.
This will return a cached value instead of getting it from LDAP over
and over.
ticket 1023
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1140
|
|
|
|
| |
ticket 1135
|
|
|
|
|
|
|
|
|
| |
If the host has a one-time password but krbPrincipalName wasn't set yet
then the enrollment would fail because writing the principal is not
allowed. This creates an ACI that only lets it be written if it is not
already set.
ticket 1075
|
|
|
|
|
|
|
| |
When IPA server was configured as self-signed (--selfsign option)
the replica always failed to install.
https://fedorahosted.org/freeipa/ticket/1122
|
|
|
|
|
|
|
| |
The IPA.rights_widget was fixed to invoke the base init() method
to load the i18n labels properly.
Ticket 1113
|
|
|
|
|
|
|
|
| |
When duplicate user is added an inconsistent error message to the rest
of the framework is printed. This patch changes this to standard
duplicate error message.
https://fedorahosted.org/freeipa/ticket/1116
|
|
|
|
| |
ticket 1009
|
|
|
|
| |
Ticket #1127
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/1119
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1118
|
|
|
|
|
|
|
|
|
| |
This patch fixes a stacktrace that is printed out when a IPv6
AAAA record with subnet prefix length (e.g. /64) is added.
The same error message as when IPv4 record with subnet prefix
length is used.
https://fedorahosted.org/freeipa/ticket/1115
|
|
|
|
|
|
|
|
|
|
|
| |
When Directory Server operation is run right after the server restart
the listening ports may not be opened yet. This makes the installation
fail.
This patch fixes this issue by waiting for both secure and insecure
Directory Server ports to open after every restart.
https://fedorahosted.org/freeipa/ticket/1076
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.
This also:
* corrects the ipa-ldap-updater man page
* remove automatic --realm, --server, --domain options
* handle upgrade errors properly
* saves a copy of dse.ldif before we change it so it can be recovered
* fixes an error discovered by pylint
ticket 1087
|
|
|
|
|
|
|
|
|
| |
Nested role is not supported in 2.0.x, so the association facet
for it should be removed from the UI. The attribute_members in
role.py needs to be fixed because it is used to generate the
association facet automatically.
Ticket 1092.
|
|
|
|
|
|
| |
Priority is now a required field in order to add a new password policy. Thus, not having the field present means we cannot create one.
https://fedorahosted.org/freeipa/ticket/1102
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1086
Add Sylvain Baubeau to Contributors.txt
|
|
|
|
| |
ticket 1080
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
|
|
|
|
|
|
|
|
|
| |
When not on master we weren't passing in the user-supplied domain and
server. Because of changes made that require TLS on the LDAP calls
we always need the server name early in the process to retrieve the IPA
CA certificate.
ticket 1090
|