summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Change signature of LDAPSearch.pre_callback.Pavel Zuna2010-11-236-18/+30
| | | | Add the opportunity to change base DN and scope in the callback.
* Add ability to add/remove DNS records when adding/removing a host entry.Rob Crittenden2010-11-234-1/+165
| | | | | | | | | | | | | | | | | | A host in DNS must have an IP address so a valid IP address is required when adding a host. The --force flag will be needed too since you are adding a host that isn't in DNS. For IPv4 it will create an A and a PTR DNS record. IPv6 isn't quite supported yet. Some basic work in the DNS installer is needed to get this working. Once the get_reverse_zone() returns the right value then this should start working and create an AAAA record and the appropriate reverse entry. When deleting a host with the --updatedns flag it will try to remove all records it can find in the zone for this host. ticket 238
* Fix modrdn plugin crash bug.Simo Sorce2010-11-231-25/+10
| | | | | | | | | Constant values were assigned to variables gthat would later be freed with slapi_ch_free_string(). Make copies instead so the free doesn't blow. Also remove useless tests, as these functions already check for NULL on their own. Fixes: https://fedorahosted.org/freeipa/ticket/529
* ipa-client code cleanupJakub Hrozek2010-11-227-98/+73
| | | | | | | Fixes errors about implicit function declaration and moves duplicated gettext code into a common module. Also silences some warnings. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Silence compilation warnings in SLAPI pluginsJakub Hrozek2010-11-229-59/+54
| | | | Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Don't use deprecated ldap_bind_sJakub Hrozek2010-11-221-1/+11
| | | | | | ldap_bind_s is marked as deprecated in new libldap releases. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Use internal implementation of internal Kerberos functionsJakub Hrozek2010-11-227-6/+73
| | | | | | | | | | | Don't use KRB5_PRIVATE. The patch implements and uses the following krb5 functions that are otherwise private in recent MIT Kerberos releases: * krb5_principal2salt_norealm * krb5_free_ktypes Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Stricter compilation flagsJakub Hrozek2010-11-2211-0/+28
| | | | | | | Use a little stricter compilation flags, in particular -Wall and treat implicit function declarations as errors. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Common include file for SLAPI plugin loggingJakub Hrozek2010-11-2219-449/+332
| | | | | | | | | Consolidate the common logging macros into common/util.h and use them in SLAPI plugins instead of calling slapi_log_error() directly. https://fedorahosted.org/freeipa/ticket/408 Signed-off-by: Simo Sorce <ssorce@redhat.com>
* SUDO Commands and Command GroupsEndi S. Dewata2010-11-2221-31/+776
| | | | | | | | | | | | The SUDO Commands and Command Groups pages have been added under SUDO Rules tab. Similar to HBAC navigation issue, these entities do not have their own tab, so an exception has been added to the navigation code to read sudo-entity parameter to determine the entity being viewed. Fixing this issue will require framework changes. New test data for these operations have been added.
* Fixed action panel queriesEndi S. Dewata2010-11-2212-98/+215
| | | | | | | | | | | | | | | Previously the queries for action panel were done globally. Since each entity container has its own action panel, the queries will return multiple results. This is fixed by qualifying the query to run within the entity container. The query has also been moved into ipa_facet.get_action_panel(). Entities that do not have their own entity container (e.g. HBAC services and service groups) will need to override this method to get the action panel from the right entity container (e.g. HBAC rules). The facet.setup_views() has been renamed to facet.create_action_panel(). New test data for SUDO rules have been added.
* Don't use full pathnames for kerberos binaries, let PATH find them.Rob Crittenden2010-11-221-1/+1
| | | | | Kerberos binaries may be in /usr/kerberos/*bin or /usr/*bin, let PATH sort it out.
* Handle wget failures trying to retrieve the CA during the client installRob Crittenden2010-11-221-1/+5
| | | | ticket 405
* Autotune directory server to use a greater number of filesSimo Sorce2010-11-223-4/+75
| | | | | | | | This changes the system limits for the dirsrv user as well as configuring DS to allow by default 8192 max files and 64 reserved files (for replication indexes, etc..). Fixes: https://fedorahosted.org/freeipa/ticket/464
* Save and restore on uninstall ds related config filesSimo Sorce2010-11-222-1/+14
|
* id ranges: change DNA configurationSimo Sorce2010-11-229-72/+68
| | | | | | | | | | | | | Change the way we specify the id ranges to force uid and gid ranges to always be the same. Add option to specify a maximum id. Change DNA configuration to use shared ranges so that masters and replicas can actually share the same overall range in a safe way. Configure replicas so that their default range is depleted. This will force them to fetch a range portion from the master on the first install. fixes: https://fedorahosted.org/freeipa/ticket/198
* Ensure that Apache is running with MPM=PreforkJan Zeleny2010-11-221-1/+5
| | | | | | | Script wsgi.py checks if Apache is compiled with MPM=Prefork and if not, it refuses to run. https://fedorahosted.org/freeipa/ticket/252
* Configure KDC to use multiple workersSimo Sorce2010-11-221-0/+34
| | | | | Only if more than one CPU is available Only if supported by the installed krb5kdc
* Use sys.exit to quit scriptsJakub Hrozek2010-11-226-73/+45
| | | | | | | Instead of print and return, use sys.exit() to quit scripts with an error message and a non zero return code. https://fedorahosted.org/freeipa/ticket/425
* Multivalued email addressEndi S. Dewata2010-11-203-3/+3
|
* Automatically disable pkinit when not supportedSimo Sorce2010-11-191-0/+4
|
* Use provided domain name for the rest of installationJan Zeleny2010-11-191-1/+1
| | | | | | | | When installing IPA client, the install script used detected domain name of the machine instead of that given by administrator (in case one was given) https://fedorahosted.org/freeipa/ticket/363
* Improve the documentation of setattr/addattrJakub Hrozek2010-11-191-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/245
* Log interactive options in install scriptsJakub Hrozek2010-11-193-0/+18
|
* Give a detached group a full set of group objectclasses.Rob Crittenden2010-11-193-9/+26
| | | | | | | The UUID plugin handles adding ipaUniqueId for us as well as the access control for it. ticket 250
* Use radio buttons for HBAC rule typeEndi S. Dewata2010-11-192-3/+35
| | | | | To be consistent with the details page, the rule type in the HBAC add dialog box has been converted into radio buttons.
* Host Enrollment via OTPEndi S. Dewata2010-11-199-114/+421
| | | | | | | | | | | | | The support for host enrollment via one-time-password has been added. When submitted, the OTP will be used to set the host's userpassword. Previously each IPA command can only have one JSON test data file. The ipa_cmd() has been modifies to accept an optional command name. When used with static files, it will pull the test data whose name is the same as the command name. The batch.json has been renamed to ipa_init.json for UI initialization. Some test data have been added for operations against specific hosts.
* Fix returning effective rights for password policy.Rob Crittenden2010-11-192-2/+6
| | | | | | This also returns the rights for cospriority if the policy is for a group. ticket 449
* Sample data for service provisioningEndi S. Dewata2010-11-191-3/+47
|
* tab widthAdam Young2010-11-191-8/+5
| | | | fixes the spacing and width for the top and second row of tabs
* SUDO Rule Search and Details PagesEndi S. Dewata2010-11-1925-549/+1029
| | | | | | | | | | | | | | | | | | | | The search and details pages for SUDO Rule have been added. Codes that are shared with HBAC have been moved to rule.js. The following methods were renamed for consistency: - ipa_details_load() -> ipa_details_refresh() - ipa_details_display() -> ipa_details_load() The ipa_details_cache has been removed because the cache is now stored in each widget. The index.xhtml has been removed. All references to it has been changed to index.html. The Unselect All checkbox has been fixed. Unnecessary parameter 'container' has been removed. The unit test has been updated and new test data has been added.
* Add managedby to Host entriesRob Crittenden2010-11-196-6/+154
| | | | | | This will allow others to provision on behalf of the host. ticket 280
* Revoke a host's certificate (if any) when it is deleted or disabled.Rob Crittenden2010-11-195-96/+276
| | | | | | | | | Disable any services when its host is disabled. This also adds displaying the certificate attributes (subject, etc) a bit more universal and centralized in a single function. ticket 297
* Fix build error due to rename of index.xhtml to index.htmlRob Crittenden2010-11-192-2/+2
|
* add button the spec had three add buttons: this one is the basic, 'add and ↵Adam Young2010-11-191-0/+15
| | | | then close' https://fedorahosted.org/freeipa/ticket/471
* removed index.xhtmlAdam Young2010-11-192-59/+1
| | | | also removed language on html, as the same page should be used for all languages.
* Exclude Krb lockout attributes from replicationSimo Sorce2010-11-181-1/+8
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/440
* env init call the json rpc 'env' during ipa init and cache the resultAdam Young2010-11-182-44/+118
|
* Use distutil.version to check for min versionSimo Sorce2010-11-181-2/+8
|
* pkinit-replica: create certificates for replicas tooSimo Sorce2010-11-184-14/+117
| | | | | altough the kdc certificate name is not tied to the fqdn we create separate certs for each KDC so that renewal of each of them is done separately.
* add plugin to enable/disable anonymous pkinitSimo Sorce2010-11-181-0/+98
|
* anon-pkinit: add well known principalSimo Sorce2010-11-181-0/+18
| | | | | | leave it disabled for now we can change this default once we will have some restriction on what services this principal can get tickets for.
* pkinit: always configure pkinit_anchors in krb5.confSimo Sorce2010-11-181-0/+1
|
* Add support for configuring KDC certs for PKINITSimo Sorce2010-11-187-6/+214
| | | | | This patch adds support only for the selfsign case. Replica support is also still missing at this stage.
* Use Realm as certs subject base nameSimo Sorce2010-11-1812-39/+53
| | | | Also use the realm name as nickname for the CA certificate
* batch init this batches together the calls to json_metadata, i18n_messages, ↵Adam Young2010-11-186-559/+4505
| | | | and user-find [whoami] tostreamline the init process, and also allow us to add a call to enumerate the plugins.
* Service and Host ProvisioningEndi S. Dewata2010-11-1811-354/+790
| | | | | | | | | | | | | | | The service and host details pages have been modified to display Kerberos key provisioning status and to provide a way to unprovision. The host enrollment via OTP has not been implemented yet. The ipa_details_field has been modified to remove any old <dd> tags it created in the previous load operation. This is to support other widgets that need to perform load operation without removing <dd> tags. The certificate_status_panel has been converted into a widget. The host entity has been rewritten using the new framework. The unit tests has been updated.
* CSS cleanup post UXD discussionAdam Young2010-11-174-49/+79
|
* action selectAdam Young2010-11-177-39/+208
| | | | | if exactly one entity is selected, it enables the entity-facet links in the action panel, and sets the pkey in bbq to the pkey of the selected
* buttons to action panel puts the buttons as the top li in the action panelAdam Young2010-11-162-3/+3
|
generated by cgit (git 2.34.1) at 2024-11-12 02:15:16 +0000