summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fail when adding a trust with a different rangeAna Krivokapic2013-06-242-72/+160
| | | | | | | | When adding a trust, if an id range already exists for this trust, and options --base-id/--range-size are provided with the trust-add command, trust-add should fail. https://fedorahosted.org/freeipa/ticket/3635
* Do not redirect ipa/crl to HTTPSTomas Babej2013-06-201-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3713
* Improve handling of options in ipa-client-installAna Krivokapic2013-06-201-0/+9
| | | | | | | | | | | Improve handling of command line options related to forced client re-enrollment in ipa-client-install: * Make --keytab and --principal options mutually exclusive. * Warn that using --force-join together with --keytab provides no additional functionality. https://fedorahosted.org/freeipa/ticket/3686
* Return ipaRangeType as a list in idrange commandsTomas Babej2013-06-191-1/+1
| | | | | | | To be consistent with the rest of the LDAP commands, return ipaRangeType as a list of unicode strings. Regression caused by https://fedorahosted.org/freeipa/ticket/3647
* Remove hardcoded values from idrange plugin testsTomas Babej2013-06-191-31/+59
| | | | | | | | | | | | Hardcoded values for range parameters such as base RID or range size could be the reason the tests produced incorrect results, as the ranges could get in conflict with already existing ranges on the server. Patch dynamically chooses ID and RID range space at the end of all ranges already present on the server. https://fedorahosted.org/freeipa/ticket/3662
* Fix location of service.crt in .gitignoreAna Krivokapic2013-06-181-1/+1
|
* Add Nose plugin for BeakerLib integrationPetr Viktorin2013-06-173-16/+206
| | | | | | | | | | | The plugin hooks into the Nose runner and IPA's logging infrastructure and calls the appropriate BeakerLib functions (rl*). IPA's log_manager is extended to accept custom Handler classes. The ipa-run-tests helper now loads the plugin. Patr of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Add ipa-run-tests commandPetr Viktorin2013-06-173-0/+39
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
* Make an ipa-tests packagePetr Viktorin2013-06-17105-93/+237
| | | | | | | Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM containing the test suite Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
* Drop redundant directory /var/cache/ipa/sessionsMartin Kosek2013-06-172-6/+1
| | | | This directory is no longer used as session storage.
* Drop SELinux subpackageMartin Kosek2013-06-1711-353/+7
| | | | | | | | | All SELinux policy needed by FreeIPA server is now part of the global system SELinux policy which makes the subpackage redundant and slowing down the installation. This patch drops it. https://fedorahosted.org/freeipa/ticket/3683 https://fedorahosted.org/freeipa/ticket/3684
* Fix displaying of success messageAna Krivokapic2013-06-132-26/+31
| | | | | | | Make sure that the success message is properly populated with actual number of items that were successfully added/removed. https://fedorahosted.org/freeipa/ticket/3708
* Regression fix: rule table with ext. member support doesn't offer any itemsPetr Vobornik2013-06-131-1/+9
| | | | | | | | | | There is a JS error. Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error. This patch creates proper exclude array before passing it to adder dialog. https://fedorahosted.org/freeipa/ticket/3711
* Do not track DS certificate in CA-less setup.Jan Cholasta2013-06-121-2/+0
| | | | https://fedorahosted.org/freeipa/ticket/3675
* Do not allow installing CA replicas in CA-less setup.Jan Cholasta2013-06-122-0/+8
| | | | | https://fedorahosted.org/freeipa/ticket/3673 https://fedorahosted.org/freeipa/ticket/3674
* Skip empty lines when parsing pk12util output.Jan Cholasta2013-06-121-1/+1
|
* Handle exceptions gracefully when verifying PKCS#12 files.Jan Cholasta2013-06-122-2/+11
| | | | https://fedorahosted.org/freeipa/ticket/3667
* Remove stray error condition in ipa-server-install.Jan Cholasta2013-06-121-3/+0
|
* Use the correct PKCS#12 file for HTTP server.Jan Cholasta2013-06-121-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3665
* Flush stream after writing service messagesPetr Viktorin2013-06-111-0/+1
| | | | | | sys.stdout is buffered by default if redirected to a file. This may causes automated installation to appear hung. Flush the stream so that messages are written immediately.
* PEP8 fixes in idrange.pyTomas Babej2013-06-101-8/+17
|
* Extend idrange commands to support new range origin typesTomas Babej2013-06-102-18/+57
| | | | | | | | | | | | | | Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647
* Add update plugin to fill in ipaRangeType attributeTomas Babej2013-06-102-0/+117
| | | | | | | | | | | | | | Previously, we deduced the range type from the range objectclass and filled in virtual attribute in post_callback phase. Having a ipaRangeType attributeType in schema, we need to fill the attribute values to ranges created in previous IPA versions. The plugin follows the same approach, setting ipa-local or ipa-ad-trust value to the ipaRangeType attribute according to the objectclass of the range. Part of https://fedorahosted.org/freeipa/ticket/3647
* Add ipaRangeType attribute to LDAP SchemaTomas Babej2013-06-103-1/+5
| | | | | | | | | | This adds a new LDAP attribute ipaRangeType with OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema. ObjectClass ipaIDrange has been altered to require ipaRangeType attribute. Part of https://fedorahosted.org/freeipa/ticket/3647
* Fix type of printf argumentSumit Bose2013-06-101-1/+2
|
* Prevent error when running IPA commands with su/sudoAna Krivokapic2013-06-071-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/3685
* Manage ipa-otpd.socket by IPATomas Babej2013-06-066-22/+68
| | | | | | | | Adds a new simple service called OtpdInstance, that manages ipa-otpd.socket service. Added to server/replica installer and ipa-upgradeconfig script. https://fedorahosted.org/freeipa/ticket/3680
* Do not check userPassword with 7-bit pluginTomas Babej2013-06-062-0/+7
| | | | | | | | Default list of attributes that are checked with 7-bit plugin for being 7-bit clean includes userPassword. Consecutively, one is unable to set passwords that contain non-ascii characters. https://fedorahosted.org/freeipa/ticket/3640
* Remove redundant u'' characterMartin Kosek2013-06-062-2/+2
| | | | | | One Python's unicode marking character was being printed by RPC plugin which then appeared in ipa-client-install output. This patch removes it.
* Fix regression: missing facet tab group labelsPetr Vobornik2013-06-052-10/+15
| | | | | | | | Currently there is only empty space between facet tabs and facet title. It's a regression caused by recent refactoring. https://fedorahosted.org/freeipa/ticket/3688
* Incorporate interactive prompts in idrange-addTomas Babej2013-06-051-3/+38
| | | | | | | | | | | In idrange-add command, ensure that RID base is prompted for in the interactive mode if domain SID or domain name was specified. If domain name nor SID was specified, make sure rid base is prompted for if secondary rid base was specified and vice versa. https://fedorahosted.org/freeipa/ticket/3602
* Add prompt_param method to avoid code duplicationTomas Babej2013-06-053-42/+55
| | | | | | | | | | Extracted common code from ipalib/plugins/cli.py and ipalib/plugins/dns.py that provided way to prompt user for the value of specific attribute. Added prompt_param method to Command class in ipalib/frontend.py Done as part of https://fedorahosted.org/freeipa/ticket/3602
* Remove redundant check for env.interactiveTomas Babej2013-06-051-1/+0
| | | | | Fixed as part of https://fedorahosted.org/freeipa/ticket/3602
* Use private ccache in ipa install toolsTomas Babej2013-06-055-16/+44
| | | | | | | | All installers that handle Kerberos auth, have been altered to use private ccache, that is ipa-server-install, ipa-dns-install, ipa-replica-install, ipa-ca-install. https://fedorahosted.org/freeipa/ticket/3666
* Make ssbrowser.html work in IE 10Petr Vobornik2013-06-041-3/+9
| | | | | | | | Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed. This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail. https://fedorahosted.org/freeipa/ticket/3645
* Fix format string typoSumit Bose2013-06-031-1/+1
|
* Fix log format not a string literal.Diane Trout2013-06-031-1/+1
| | | | | | | | This was to resolve a -Werror=format-security error. ipa_extdom_extop.c: In function 'ipa_extdom_extop': ipa_extdom_extop.c:144:9: error: format not a string literal and no format arguments [-Werror=format-security]
* Regression fix: missing control buttons in nested search facetsPetr Vobornik2013-06-031-16/+24
| | | | | | Regression introduced by 6e90920233cc9a7c9feb040dea22cda837715c39 - 'Move spec modifications from facet factories to pre_ops'. https://fedorahosted.org/freeipa/ticket/3605
* Deprecate options --dom-sid and --dom-name in idrange-modAna Krivokapic2013-05-313-10/+13
| | | | https://fedorahosted.org/freeipa/ticket/3636
* Do not allow removal of ID range of an active trustTomas Babej2013-05-312-11/+152
| | | | | | | | | | When removing an ID range using idrange-del command, validation in pre_callback ensures that the range does not belong to any active trust. In such case, ValidationError is raised. Unit tests to cover the functionality has been added. https://fedorahosted.org/freeipa/ticket/3615
* Ignore files generated by buildAna Krivokapic2013-05-311-0/+5
|
* Remove code to install Dogtag 9Petr Viktorin2013-05-318-218/+22
| | | | | | | | | Since we depend on Dogtag 10 now, there is no need to keep code that installs a Dogtag 9 CA. Support for upgraded Dogtag-9-style instances is left in. https://fedorahosted.org/freeipa/ticket/3529
* Fix cldap parser to work with a single equality filter (NtVer=...)Alexander Bokovoy2013-05-301-12/+14
| | | | https://fedorahosted.org/freeipa/ticket/3639
* Support multiple local domain ranges with RID base setTomas Babej2013-05-301-16/+34
| | | | | | | | | | | | | | | In ip-adtrust-install, "adding RID bases" step would fail if there was more than one local range defined. This can be a common case if e.g. there are users that migrated from previous IdM solution. With this patch, we fail only if there are multiple local ranges that do not have RID bases set. Keep in mind that overlap checking is ensured by ipa-range-check DS plugin. https://fedorahosted.org/freeipa/ticket/3498
* Do not translate trust type and direction with --raw in trust_show and ↵Tomas Babej2013-05-291-6/+28
| | | | | | | | | | | trust-find In trust_show command, make sure that --raw flag is honoured. Attributes ipanttrusttype and ipanttrustdirection are no longer translated to strings from their raw ldap values when --raw is used. https://fedorahosted.org/freeipa/ticket/3525
* CLDAP: Return empty reply on non-fatal errorsSimo Sorce2013-05-281-6/+18
| | | | | | | | | | | | | | | Windows DCs return an empty reply when a legal request cannot satisfied. If we get EINVAL or ENOENT it means the information requested could not be found or input parameters were bogus. Always return an empty reply in these cases. On any other internal error just return, the request may have been legit but we can't really handle it right now, pretend we never saw it and hope the next attempt will succeed. Fixes: https://fedorahosted.org/freeipa/ticket/3639 Signed-off-by: Simo Sorce <simo@redhat.com>
* CLDAP: Fix domain handling in netlogon requestsSimo Sorce2013-05-281-28/+39
| | | | | | | | | | | | | 1. Stop using getdomainname() as it is often not properly initialized 2. The code using getdomainname() was not working anyway it was trying to look at the function call output in hostname which is always empty at that point. 3. Always check the requested domain matches our own, we cannot reply to anything else anyway. Pre-requisite to fix: https://fedorahosted.org/freeipa/ticket/3639 Signed-off-by: Simo Sorce <simo@redhat.com>
* Avoid exporting KRB5_KTNAME in dirsrv envMartin Kosek2013-05-242-2/+0
| | | | | The variable is already defined, exporting in dirsrv systemd environment is not needed and produces a (benign) error.
* Handle DIR type CCACHEs in test_cmdline properlyMartin Kosek2013-05-222-2/+2
| | | | | | Pass a whole krbV.CCache object to ldap2 connect() method so that it can properly detect both type and name of a CCAHE. Otherwise the test fails on systems with default DIR type CCACHE.
* Relax getkeytab test to allow additional messages on stderrPetr Viktorin2013-05-221-1/+3
| | | | https://fedorahosted.org/freeipa/ticket/3633
generated by cgit (git 2.34.1) at 2024-06-10 19:45:54 +0000