| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().
This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.
This also tries to use variable names to indicate what format the certificate
is in at any given point:
dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format
ticket 32
|
| |
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1363
https://fedorahosted.org/freeipa/ticket/1361
|
| |
|
|
|
|
|
| |
It was possible to get to this point without a schema if the first
handled request resulted in a Kerberos error.
https://fedorahosted.org/freeipa/ticket/1354
|
| |
|
|
|
|
|
| |
The navigation have been fixed to show the correct active tabs after
browser reload.
Ticket #1362
|
| |
|
|
|
|
|
| |
Compare the configured interfaces with the supplied IP address and
optional netmask to determine if the interface is available.
https://fedorahosted.org/freeipa/ticket/1175
|
| |
|
|
|
|
|
|
| |
Otherwise it is possible for sssd to pick a different master to
communicate with via the DNS SRV records and if the remote master
goes down the local one will have problems as well.
ticket https://fedorahosted.org/freeipa/ticket/1187
|
| | |
|
| |
|
|
| |
updated label triggered an API change
|
| |
|
|
|
|
|
|
| |
jsl fixes
https://fedorahosted.org/freeipa/ticket/1043
remove redundant call to focus.
|
| |
|
|
|
|
|
|
| |
error, do not attempt to redirect.
this variation has a whitelist of errors on which to redirect.
https://fedorahosted.org/freeipa/ticket/1281
|
| |
|
|
|
|
|
|
| |
Create DNS domain for IPA server hostname first so that it's forward
record can be added. This results in 2 forward DNS zones created
when server hostname doesn't equal server domain.
https://fedorahosted.org/freeipa/ticket/1194
|
| |
|
|
|
|
|
| |
Tests for dirty after the RPC call has completed and the select has updated
Passes the original value to the RPC completion, so it isn't lost upon RPC completion
https://fedorahosted.org/freeipa/ticket/1340
|
| |
|
|
|
| |
The CSS files in install/html and install/migration have been
modified to use the Overpass font.
|
| | |
|
| |
|
|
|
|
| |
the tabs are required for natigation, but they should not be visible, as the breadcrub provides the navigation for them instead.
Moved the automount tabs up one level so that it uses the two level style
|
| | |
|
| |
|
|
|
|
|
| |
IP addresses are more strictly checked. Netmasks can be specified
and are used in DNS PTR record creation.
ticket 1234
|
| |
|
|
|
|
|
|
| |
Fix a problem when a target missed a version-update requirement.
This caused build problems, especially in a parallel build
environment.
https://fedorahosted.org/freeipa/ticket/1215
|
| |
|
|
|
|
|
|
|
|
|
| |
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.
Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.
https://fedorahosted.org/freeipa/ticket/1333
|
| |
|
|
|
|
|
|
| |
The association facet has been modified to store the current page
number in the browser's URL. This way page changes are stored in
browser's history allowing the back button to work properly.
Ticket #1264
|
| |
|
|
|
|
|
|
|
|
| |
The goal is to not import foreign certificates.
This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run make-testcert to
create a server certificate generated by the local CA to test against.
ticket 1134
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1339
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1276
https://fedorahosted.org/freeipa/ticket/1277
https://fedorahosted.org/freeipa/ticket/1308
Added new Exception: AttrValueNotFound
Fixed XML Test for Sudorule remove_option
1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule)
1277 (Raise DuplicateEntry Error when adding a duplicate sudo option)
1308 (Make sudooption a required option for sudorule_remove_option)
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1324
|
| |
|
|
|
|
|
|
| |
The direct and indirect associations are now displayed in the same
facet. The type of association to be displayed can be selected
using radio buttons.
Ticket #1338
|
| |
|
|
|
|
| |
instead of blindly setting dirty, check if the filed has a different value than it originally did.
https://fedorahosted.org/freeipa/ticket/1337
|
| |
|
|
| |
the undo link. https://fedorahosted.org/freeipa/ticket/1337
|
| |
|
|
| |
runs the testdirty check before setting the undo tag for a textarea
|
| |
|
|
|
|
| |
instead of always setting dirty, we do the original test, and then set the flag and show the link.
https://fedorahosted.org/freeipa/ticket/1337
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In self-service mode the user's association facets have been modified
such that the entries are not linked since the only available entity
is the user entity.
A 'link' parameter has been added to IPA.association_facet and
IPA.column to control whether to link the entries. The link_handler()
method can be used to define how to handle the link.
Ticket #1072
|
| | |
|
| |
|
|
|
| |
Since ticket #1273 has been fixed, the indirect members can be shown
using the regular association facet which supports paging.
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1281
|
| |
|
|
|
| |
The Makefile.am freeipa.spec.in have been updated according to the
recent file changes.
|
| |
|
|
|
|
|
| |
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.
https://fedorahosted.org/freeipa/ticket/1321
|
| |
|
|
|
|
|
|
| |
When user_add command is executed without uid parameter filled, user
account is created without 'krbprincipalname' attribute. This renders
the user account unusable.
https://fedorahosted.org/freeipa/ticket/1279
|
| |
|
|
|
|
| |
7 is undefined as a revocation reason.
https://fedorahosted.org/freeipa/ticket/1318
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1255
|
| |
|
|
|
|
|
| |
If a JSON decoding error was found we were still trying to call the
XML-RPC function, losing the original error.
https://fedorahosted.org/freeipa/ticket/1322
|
| |
|
|
|
|
|
|
| |
Enhance Host plugin to provide not only "Managed By" list but also
a list of managed hosts. The new list is generated only when --all
option is passed.
https://fedorahosted.org/freeipa/ticket/993
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.
Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.
https://fedorahosted.org/freeipa/ticket/1261
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user migrates users/groups from an old DS instance, the
migration may fail on unsupported object classes and/or
relevant LDAP object attributes.
This patch implements a support for object class and attribute
ignore lists that can be used to suppress these migration issues.
Additionally, a redundant "dev/null" file is removed from git repo
(originally added in 26b0e8fc9809a4cd9f2f9a2281f0894e2e0f8db2).
https://fedorahosted.org/freeipa/ticket/1266
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
When the RA is about to submit a signing request to a CA, check
if the ca_host is actually a CA. If it isn't, and it isn't the
local host, check if the local host is a CA. If that doesn't
work, try to select a CA host at random. If there aren't any,
just give up and pretend the ca_host is a CA so that we can fail
to connect to it, as we would have before.
Ticket #1252.
|
| |
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1269
https://fedorahosted.org/freeipa/ticket/1270
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support multiple direct maps we added description to the DN of
automount key entries. The downside of this is that to display a key
you had to know the information as well, which was rather pointless if
that is what you were trying to get.
So now both modes are supported. It will first look for just a key
in the description and fall back to including automountinformation
if it needs to.
Multiple direct maps are still supported and for those the info is
always required.
ticket 1229
|
| |
|
|
|
|
|
|
| |
The buttons were previously skipped during tab navigation because
they do not have an href attribute. The IPA.button has been fixed
to always provide an href attribute.
Ticket #983
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Indirect membership is calculated by looking at each member and pulling
all the memberof out of it. What was missing was doing nested searches
on any members in that member group.
So if group2 was a member of group1 and group3 was a member of group2
we would miss group3 as being an indirect member of group1.
I updated the nesting test to do deeper nested testing. I confirmed
that this test failed with the old code and works with the new.
This also prevents duplicate indirect users and looping on circular
membership.
ticket https://fedorahosted.org/freeipa/ticket/1273
|
