| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Regression test for: https://fedorahosted.org/freeipa/ticket/3866
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3893
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
With 389 DS 1.3.3 upwards we can leverage the nsslapd-return-default-opattr
attribute to enumerate the list of attributes that should be returned
even if not specified explicitly. Use the behaviour to get the same attributes
returned from searches on rootDSE as in 1.3.1.
https://fedorahosted.org/freeipa/ticket/4288
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4536
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4533
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4532
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4547
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
| |
This makes managing multiple backups & logs easier.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The /etc/passwd and /etc/group files are not saved and restored.
The DS user is always created on restore, and the PKI user is created
if a CA is being restored.
https://fedorahosted.org/freeipa/ticket/3866
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Make a proper list from the comma-separated string found in
the config.
The only current use of backup_services is in run:
if 'CA' in self.backup_services:
Without this change, this picked up the 'CA' from 'MEMCACHE'.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sytem users and their groups are always created together.
Also, users & groups should never be removed once they exist
on the system (see comit a5a55ce).
Use a single function for generic user creation, and specific
funtions in dsinstance and cainstance.
Remove code left over from when we used to delete the DS user.
Preparation for: https://fedorahosted.org/freeipa/ticket/3866
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
Dogtag 10.2 is required due to support a Vault feature
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The host-del command did not accept --continue option, since the
takes_options was overriden and did not take the options from LDAPDelete.
Fix the behaviour.
https://fedorahosted.org/freeipa/ticket/4473
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The underlying Dogtag issue (Dogtag ticket 1113) has been fixed.
We can therefore re-enable the uninstall option for ipa-kra-install.
Also, fixes an incorrect path in the ipa-pki-proxy.conf, and adds
a debug statement to provide status to the user when an uninstall
is done. Also, re-added the no_host_dns option which is used when
unpacking a replica file.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3872
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4534
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The attributes entryusn, createtimestamp, and modifytimestamp
should be readable whenever thir entry is, i.e. when we allow reading
the objectclass.
Automatically add them to every read permission that includes objectclass.
https://fedorahosted.org/freeipa/ticket/4534
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hisorically DS provided defaults for the referential
integrity plugin in nsslapd-pluginArg*:
nsslapd-pluginarg3: member
nsslapd-pluginarg4: uniquemember
nsslapd-pluginarg5: owner
nsslapd-pluginarg6: seeAlso
In 389-ds 1.3.3, the multi-valued referint-membership-attr
is used instead.
The old way still works, but it requires that the values
are numbered consecutively, so IPA's defaults that started
with 7 were not taken into account.
Convert IPA defaults to use referint-membership-attr.
https://fedorahosted.org/freeipa/ticket/4537
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
use configuration parameters to enable ciphers provided by NSS
and not considered weak.
This requires 389-ds version 1.3.3.2 or later
https://fedorahosted.org/freeipa/ticket/4395
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
|
|
|
|
|
|
|
| |
- uses hide empty feature
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
hide widgets if associated field had received attribute level rights
without 'r' right.
Explicit rights are required to avoid hiding of special widgets which
are not associated with any LDAP attribute.
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Hide widgets without a value. Must be explicitly turned on. In widget by
`hidden_if_empty` flag. Or globally by `hide_empty_widgets` flag. Global
hiding can be individually turned off by `ignore_empty_hiding` flag.
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- used `ctor_init` instead of `init` to avoid name collision with
existing logic
- `ctor_init` is called right after widget instantiation. Basically support
better inheritance for the old class system which doesn't have proper
contructors
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
- widget save() save method should try to always return value even if read only
- report value-change event with actual value to allow processing of the value
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
- in adder dialog
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add 'Add OTP Token' action to user action menu.
This option is disabled in self-service when viewing other users.
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
Replace 'post-certsave-command' by 'cert-postsave-command'.
https://fedorahosted.org/freeipa/ticket/4529
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This substantially reduces the FreeIPA dependencies and allows
QR codes to fit in a standard terminal.
https://fedorahosted.org/freeipa/ticket/4430
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
We don't want to copy the extension from master to replica because the
replica may use newer version of FreeIPA and therefore the extension
code might be obsolete. Same reason for upgrades.
https://fedorahosted.org/freeipa/ticket/4478
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4478
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
- Migrate hardcoded tmpfiles.d paths to %{_tmpfilesdir} macro in spec file
https://fedorahosted.org/freeipa/ticket/4528
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Requires fix for <https://bugzilla.redhat.com/show_bug.cgi?id=1122110>, bump
selinux-policy in the spec file.
https://fedorahosted.org/freeipa/ticket/4005
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Remove internaldb password from password.conf after switching over to
client certificate authentication. The password is no longer needed.
https://fedorahosted.org/freeipa/ticket/4005
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Password change initiated from header menu notified success twice.
First one in `dialogs.password.dialog` and second one in a success
callback. The second notification was removed.
Caused by:
https://fedorahosted.org/freeipa/changeset/870db2f677dff01750aeec104c90fce3ca0e54be/
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make association auto-magic little bit less stupid. Now it supports
adding of new attribute member with add_member and remove_member
methods only on one side of the relationship.
https://fedorahosted.org/freeipa/ticket/4507
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
| |
Errors should reflect only a result of last operation.
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- bounce url param was renamed from 'redirect' to 'url'
- support for 'delay' param added
Behavior:
- "Continue to next page" link is shown if 'url' is present
- page is no longer automatically redirected if 'url' is present
- automatic redirect is controlled by 'delay' param - it specifies
number of seconds until redirection
- info message 'You will be redirected in Xs' is show to notify
the user that something will happen. It's useful even if delay
is 0 or negative because redirection might be slow.
- counter is decremented every second
- delay is ignored if parsed as NaN
https://fedorahosted.org/freeipa/ticket/4440
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4449
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4166
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bfbe13cea694a7b862cafe35c703f660
ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17
ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7
Thanks to Alexander Bokovoy for contributions
https://fedorahosted.org/freeipa/ticket/4521
|
|
|
|
|
|
|
|
|
|
| |
DNS zone 'Add and Edit' failed because of new DNS name encoding.
This patch makes sure that keys are extracted properly.
https://fedorahosted.org/freeipa/ticket/4520
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
User can set realm not matching one resolved from DNS. This is useful especially
when DNS is missconfigured.
https://fedorahosted.org/freeipa/ticket/4444
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.
Document --root-ca-file in ipa-server-install man page.
https://fedorahosted.org/freeipa/ticket/4457
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4521
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4352
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make validation more strict
* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
bind-dyndb-ldap's bug caused test failure
https://fedorahosted.org/bind-dyndb-ldap/ticket/123
Owners with NS record works with the bug
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|