| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
Facet-related code has been moved from entity.js into a new facet.js
because the file is getting too big.
|
|
|
|
|
|
|
|
|
| |
The details page compares the old and the new primary keys to determine
if the page needs to be reloaded. The Kerberos Ticket Policy and Config
pages do not use primary keys, so they are never loaded/updated with
data. A parameter has been added to force update on these pages.
Ticket #1459
|
|
|
|
|
| |
See:
https://fedorahosted.org/freeipa/ticket/2038
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2057
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/602
SOA class is an enumerated field. Changing input field to combobox with options allows inserting only valid value.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current Answer Cache storing mechanism is not ideal for storing
non-trivial Python types like arrays, custom classes, etc.
RawConfigParser just translates values to string, which
are not correctly decoded when the Answer Cache is parsed and
restored in the installer.
This patch replaces RawConfigParser with Python's standard pickle
module, which is a recommended way for serialization in Python.
https://fedorahosted.org/freeipa/ticket/2054
|
| |
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1459
Changes:
* added clear method to widgets, section, search, details, association facets
* clear and refresh method in facet are called only if key/filter was changed
* added id generator for widgets
|
|
|
|
|
|
| |
First step to solving
https://fedorahosted.org/freeipa/ticket/1977
|
|
|
|
|
|
|
| |
The user adder dialog has been modified to provide optional fields
to specify password during user creation.
Ticket #1646
|
|
|
|
|
|
|
| |
The details facet validation has been moved out of update() such
that all subclasses perform consistent validation.
Ticket #1455
|
|
|
|
|
|
|
|
|
|
|
|
| |
New option --pkey-only is available for all LDAPSearch based classes
with primary key visible in the output. This option makes LDAPSearch
commands search for primary attribute only.
This may be useful when manipulating large data sets. User can at
first retrieve all primary keys in a relatively small data package
and then run further commands with retrieved primary keys.
https://fedorahosted.org/freeipa/ticket/1262
|
|
|
|
|
|
|
| |
The images have been renamed to be more consistent and moved into
the "images" directory to mimic the original jQuery UI structure.
Ticket #1613
|
|
|
|
|
| |
The validation code in details facet, dialog, and sections have
been modified to work more consistently.
|
|
|
|
|
|
|
| |
The metadata and param_info attributes in widget have been merged
because they are redundant.
Ticket #1436
|
|
|
|
|
|
|
|
|
|
| |
Labels using the word "enroll" (except for host enrollment) have
been modified to use more relevant words.
The IPA.add_dialog has been renamed into IPA.entity_adder_dialog
for clarity.
Ticket #1642
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2028
|
|
|
|
|
|
| |
The IPA.checkboxes_widget has been modified such that it performs
validation when the checkboxes are clicked. This will also clear any
validation errors.
|
|
|
|
|
|
|
| |
The Enrolled column in the host search page has been added back
to show the host enrollment status based on has_keytab attribute.
Ticket #2020
|
|
|
|
|
|
|
| |
The HBAC deny rule is no longer supported so it's no longer necessary
to show the warning.
Ticket #1444
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1913
|
|
|
|
|
|
|
|
|
|
|
| |
Do at least a basic validation of DNS zone manager mail address.
Do not require '@' to be in the mail address as the SOA record
stores this value without it and people may be used to configure
it that way. '@' is always removed by the installer/dns plugin before
the DNS zone is created.
https://fedorahosted.org/freeipa/ticket/1966
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2023
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1696
Changes:
* in details table facet '*' don't break colon alignment
* bolder, bigger (-> IMHO nicer) asteriks
* float (visual style) moved to css file
|
|
|
|
|
|
|
|
|
| |
The dialogs and details pages have been modified to use the * symbol
to mark required fields. The automount map and the DNS zone dialogs
have been modified to update the required fields according to the
input type.
Ticket #1696, #1973
|
|
|
|
|
|
| |
We don't have a value in the API that accuratly reflects the enrollment data.
https://fedorahosted.org/freeipa/ticket/2020
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were spinning for socket connection if attempt to connect returned errno 111
(connection refused). However, it is not enough for local AF_UNIX sockets as
heavy applications might not be able to start yet and therefore the whole path
might be missing. So spin for errno 2 (no such file or directory) as well.
Partial fix for
https://fedorahosted.org/freeipa/ticket/1990
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1192
|
|
|
|
|
|
|
|
|
|
| |
Fixes 3 issues:
- If a topic has all its commands disabled, it should be disabled
- If a command is disabled its help should be disabled
- The show-mappings help was missing a doc string so no help was displayed
https://fedorahosted.org/freeipa/ticket/1998
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certificates are passed through the IPA XML-RPC and JSON as binary
data in DER X509 format. Queries peformed against the LDAP server
also return binary DER X509 format. In all cases the binary DER
data is base-64 encoded.
PEM is standard text format for certificates. It also uses base64 to
encode the binary DER data, but had specific formatting
requirements. The base64 data must be wrapped inside PEM delimiters
and the base64 data must be line wrapped at 64 characters.
Most external software which accepts certificates as input will only
accept DER or PEM format (e.g. openssl & NSS). Although base64 is
closely related to PEM it is not PEM unless the PEM delimters are
present and the base64 data is line wrapped at 64 characters.
We already convert binary DER certificates which have been passed as
base64 in other parts of the IPA code. However this conversion has not
been available in the web UI. When the web UI presented certificates
it did so by filling a dialog box with a single line of base64 data. A
user could not copy this data and use it as input to openssl or NSS
for example.
We resolve this problem by introducing new javascript functions in
certificate.js. IPA.cert.pem_cert_format(text) will examine the text
input and if it's already in PEM format just return it unmodified,
otherwise it will line wrap the base64 data and add the PEM
delimiters. Thus it is safe to call on either a previously formated
PEM cert or a binary DER cert encoded as base64. This applies to
pem_csr_format() as well for CSR's.
Because pem_cert_format() is safe to call on either format the web UI
will see the use of the flag add_pem_delimiters was eliminated except
in the one case where the IPA.cert.download_dialog() was being abused
to display PKCS12 binary data (pkcs12 is neither a cert nor a cert
request). Because of the abuse of the cert.download_dialog() for
pkcs12 it was necessary to retain the flag which in effect said "do
not treat the data as PEM".
Modify the CSR (Certificate Signing Request) dialog box to accept a
PEM formatted CSR. Remove the artifical PEM delimiters above and below
the dialog box which were used to suggest the input needed to be sans
the delimiters. The dialog box continues to accept bare base64 thus
allowing either text format.
Also note this solves the display of certificate data in the UI
without touching anything existing code in the server or command line,
thus it's isolated.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1988
|
|
|
|
|
|
|
|
|
|
|
| |
Add Kerberos mapping for clients outside of server domain. Otherwise
certmonger had problems issuing the certificate. Also make sure that
client DNS records on the server are set before certmonger is started
and certificate is requested.
Based on Lars Sjostrom patch.
https://fedorahosted.org/freeipa/ticket/2006
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1531
It's a fix for regression introduced by previous patch.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1565
The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems.
Additional changes:
* fixed whitespaces in ipa.css
* unified headings in config pages
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1531
Each entity is created together with its dependent objects (e.g. facets and dialog boxes). This causes a circular dependency problem because some of the objects need to obtain a reference to another entity that has not been created.
Currently this is handled by storing only the other entity name and resolve it when needed (e.g. during rendering stage). In IPA.search_facet this delays the creation of the table widget, making it more difficult to customize.
One solution is to do the object creation in 2 steps:
* create all entity objects only
* create the dependent objects in each entity
Implemented solution:
* all entities are created on application start
* dependant objects (facets and dialogs) are created at once on their first use in entity.
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1987
There is no way to add root or any external user as a RunAs User for a Sudo
Rule.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the NGP plugin is enabled, a managed netgroup is created for
every hostgroup. We already check that netgroup with the same
name does not exist and provide a meaningful error message.
However, this error message was also printed when a duplicate
hostgroup existed.
This patch checks for duplicate hostgroup existence first and
netgroup on the second place. It also makes sure that when NGP
plugin is (temporarily) disabled, a colliding netgroup cannot
be created.
https://fedorahosted.org/freeipa/ticket/1914
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1982
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1989
|
|
|
|
|
|
|
| |
LDAP can be configured in any number of places, we need to update everything
we find.
https://fedorahosted.org/freeipa/ticket/1986
|
| |
|
|
|
|
|
|
|
|
|
| |
This would blow up if you tried to append a value to an entry that looked
like:
NAME=
https://fedorahosted.org/freeipa/ticket/1983
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add documentation about --preserve-sssd, an ipa-client-install's option to
honor previously available SSSD configuration in case it is not possible to
merge it cleanly with the new one. In this case ipa-client-install will fail
and ask user to fix SSSD config before continuing.
Additional fix for
https://fedorahosted.org/freeipa/ticket/1750
https://fedorahosted.org/freeipa/ticket/1769
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1946
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1871
|
|
|
|
|
|
|
|
| |
There may already be a record in /etc/hosts for chosen IP address
which may not be detected under some circumstances. Make sure
that /etc/hosts is checked properly.
https://fedorahosted.org/freeipa/ticket/1923
|