| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Add missing schema for GUI Config, and missing objectclass for cn=accounts
container
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
reach the xml-rpc server.
- Assume the kdc/ldap server == xml-rpc server for v1.
Initial code to read the Kerberos Master Key from the Directory
|
| | |
| |
| |
| |
| |
| |
| | |
password change.
- Fix some minor error
Initial code to read the Kerberos Master Key from the Directory
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Does not require dirsrv access to stash file
- Finalize password history support
- Fix strict password length default in pwd_extop (fix install sctript too)
- fix plugin configuration
- Introduce 3 kind of password change: normal, admin, and ds manager
- normal require adherence to policies
- admin does not but password is immediately expired
- ds manager can just change the password any way he likes.
Initial code to read the Kerberos Master Key from the Directory
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Add -a option to ipa-findgroup to print all attributes
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
reach the xml-rpc server.
- Assume the kdc/ldap server == xml-rpc server for v1.
Initial code to read the Kerberos Master Key from the Directory
|
| | |
| |
| |
| |
| |
| |
| | |
password change.
- Fix some minor error
Initial code to read the Kerberos Master Key from the Directory
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Does not require dirsrv access to stash file
- Finalize password history support
- Fix strict password length default in pwd_extop (fix install sctript too)
- fix plugin configuration
- Introduce 3 kind of password change: normal, admin, and ds manager
- normal require adherence to policies
- admin does not but password is immediately expired
- ds manager can just change the password any way he likes.
Initial code to read the Kerberos Master Key from the Directory
|
| | |
|
| |
|
|
| |
fail if the file it was to update didn't exist.
|
| |
|
|
|
|
| |
reordered them
Added python-tgexpandingformwidget as a dependency
Require at least fedora-ds-base 1.1
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix some issues with the multi-value to single-value reversion.
|
| |
|
|
| |
Remove multi-valued cn from groups
|
| |
|
|
|
|
|
|
| |
to edit other users (the Edit link won't appear otherwise). Additional
delegation is need to grant permission to individual attributes.
Update the failed login page to indicate that it is a permission issue.
Don't allow access to policy at all for non-admins.
By default users can only edit themselves.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch uses the kerberos schema policy, this is the same policy used by
kadmin.
While this patch allows for krbPwdPolicy objects anywhere the kldap module
will make the kdc fail to provide tickets if the "krbPwdPolicyReference"
points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=....
To let us set policies anywhere in the tree I enabled the code to actually
look at parent entries and the user entry itself and specify policies directly
on these objects by adding the krbPwdPolicy objectclass to them (I know its
structural but DS seem to allow multiple Structural classes on the same
entry).
The only side effect is that kadmin will not understand this, but we don't
want to use kadmin anyway as it does not understand way too many things about the
directory.
I've tested a few scenarios and all seem working as expected, but further
testing is welcome of course.
|
| | |
|
| | |
|
| |
|
|
|
| |
Set gid to the group "ipausers"
Add the user to this default group
|
| | |
|
| | |
|
| |
|
|
|
| |
Add secretary to the list of indexes otherwise RDN changing could be slow
Port --addattr, --setattr and --delattr from usermod to groupmod
|
| | |
|
| |
|
|
| |
default remains to inactivate them.
|
| |
|
|
|
| |
forked-model detection was incorrect.
Both of these return an error instead of raising one
|
| |
|
|
| |
Fix some error messages that were printing the entire detail message
|
| |
|
|
|
|
| |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|
| |
|
|
| |
Restore the CSS to display the up/down arrow on sort columns
|
| | |
|
| |
|
|
| |
More work is needed as the values are currently hardcoded and not saved
|
| |
|
|
|
| |
Better error reporting in the GUI
Include a document describing how multi-valued fields work
|
| |
|
|
|
|
| |
With this patch you will need to run:
make autogen LIBDIR=/usr/lib64
Also works for 'make all'.
|
| | |
|
| |
|
|
| |
add the radiusprofile to the list of objectclasses used when creating a user
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
1) Add a base class for all of the instance objects.
2) Normalize usage of logging.
3) General cleanups of ipa-server-install.
4) Make better use of httpinstance.
5) Add webguiinstance.
6) Improve progress reporting during installation.
Works Here (TM), but it would be nice to get someone else
to test since this moves code around a bit.
|
| |
|
|
|
|
|
| |
The current manpage installation gzips the files in
place and requests confirmation before overwriting
existing files. Add -f to prevent prompting. We
should consider not gzipping the files in place.
|
| |
|
|
|
|
|
|
|
| |
With the change to run autogen on make all if there
was no makefile present, it became impossible to
force the running of autogen when that is needed. Fix
that by adding a bootstrap-autogen target that checks
the existing of Makefiles and reverting the autogen
target to always run autogen.
|
| | |
|
| | |
|
