| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
Since ticket #1273 has been fixed, the indirect members can be shown
using the regular association facet which supports paging.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1281
|
|
|
|
|
| |
The Makefile.am freeipa.spec.in have been updated according to the
recent file changes.
|
|
|
|
|
|
|
| |
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.
https://fedorahosted.org/freeipa/ticket/1321
|
|
|
|
|
|
|
|
| |
When user_add command is executed without uid parameter filled, user
account is created without 'krbprincipalname' attribute. This renders
the user account unusable.
https://fedorahosted.org/freeipa/ticket/1279
|
|
|
|
|
|
| |
7 is undefined as a revocation reason.
https://fedorahosted.org/freeipa/ticket/1318
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1255
|
|
|
|
|
|
|
| |
If a JSON decoding error was found we were still trying to call the
XML-RPC function, losing the original error.
https://fedorahosted.org/freeipa/ticket/1322
|
|
|
|
|
|
|
|
| |
Enhance Host plugin to provide not only "Managed By" list but also
a list of managed hosts. The new list is generated only when --all
option is passed.
https://fedorahosted.org/freeipa/ticket/993
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.
Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.
https://fedorahosted.org/freeipa/ticket/1261
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user migrates users/groups from an old DS instance, the
migration may fail on unsupported object classes and/or
relevant LDAP object attributes.
This patch implements a support for object class and attribute
ignore lists that can be used to suppress these migration issues.
Additionally, a redundant "dev/null" file is removed from git repo
(originally added in 26b0e8fc9809a4cd9f2f9a2281f0894e2e0f8db2).
https://fedorahosted.org/freeipa/ticket/1266
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the RA is about to submit a signing request to a CA, check
if the ca_host is actually a CA. If it isn't, and it isn't the
local host, check if the local host is a CA. If that doesn't
work, try to select a CA host at random. If there aren't any,
just give up and pretend the ca_host is a CA so that we can fail
to connect to it, as we would have before.
Ticket #1252.
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1269
https://fedorahosted.org/freeipa/ticket/1270
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support multiple direct maps we added description to the DN of
automount key entries. The downside of this is that to display a key
you had to know the information as well, which was rather pointless if
that is what you were trying to get.
So now both modes are supported. It will first look for just a key
in the description and fall back to including automountinformation
if it needs to.
Multiple direct maps are still supported and for those the info is
always required.
ticket 1229
|
|
|
|
|
|
|
|
| |
The buttons were previously skipped during tab navigation because
they do not have an href attribute. The IPA.button has been fixed
to always provide an href attribute.
Ticket #983
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Indirect membership is calculated by looking at each member and pulling
all the memberof out of it. What was missing was doing nested searches
on any members in that member group.
So if group2 was a member of group1 and group3 was a member of group2
we would miss group3 as being an indirect member of group1.
I updated the nesting test to do deeper nested testing. I confirmed
that this test failed with the old code and works with the new.
This also prevents duplicate indirect users and looping on circular
membership.
ticket https://fedorahosted.org/freeipa/ticket/1273
|
|
|
|
|
|
|
|
|
| |
The conditional used to determine if thd CA 389-ds instance was already
configured was rather poor so it was possible to pass command-line
arguments in to confuse it. This would cause it to not be installed at
all causing the dogtag installation to fail in a strange way.
https://fedorahosted.org/freeipa/ticket/1244
|
|
|
|
|
| |
A new facet has been added to show entitlement status and download
the registration certificate.
|
|
|
|
|
|
|
| |
A selectable option has been added to the table widget to show/hide
the checkbox column for selecting table rows. By default it's set
to true. The indirect association facet has been modified to hide
the column because it is non-editable.
|
|
|
|
|
|
|
|
|
|
| |
The UI has been modified to fix some resizing issues:
Previously the height of facet content was roughly calculated using
resize(). Now the height can be more accurately defined in CSS.
Previously the UI width was fixed. The HTML layout and background
images have been modified to support horizontal expansion if needed.
|
|
|
|
| |
ticket 1283, 1284
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The last step of a replication re-initiailization is to run the
memberof task. The current function would only authenticate using simple
auth to monitor the task but we may be doing this using admin GSSAPI
credentials so support that type of bind as well.
In short this fixes:
# kinit admin
# ipa-replica-manage re-initialize --from=master.example.com
https://fedorahosted.org/freeipa/ticket/1248
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was no point in limiting autobind root to just search cn=config since
it could always just modify its way out of the box, so remove the
restriction.
The upgrade log wasn't being created. Clearing all other loggers before
we calling logging.basicConfig() fixes this.
Add a global exception when performing updates so we can gracefully catch
and log problems without leaving the server in a bad state.
https://fedorahosted.org/freeipa/ticket/1243
https://fedorahosted.org/freeipa/ticket/1254
|
|
|
|
| |
Lists are sometimes marshalled as arrays. Before, we assumed they were CSV strings.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDAP search operation may return a search reference pointing to
an LDAP resource. As the framework does not handle search
references, skip these results to prevent result processing
failures.
Migrate operation crashed when the migrated DS contained search
references. Now, it correctly skips these records and prints the
failed references to user.
https://fedorahosted.org/freeipa/ticket/1209
|
|
|
|
|
|
|
|
|
|
|
|
| |
--no-host-dns option should allow installing IPA server on a host
without a DNS resolvable name.
Update parse_ip_address and verify_ip_address functions has been
changed not to return None and print error messages in case of
an error, but rather let the Exception be handled by the calling
routine.
https://fedorahosted.org/freeipa/ticket/1246
|
|
|
|
|
|
|
|
| |
When re-creating the CADS instance it needs to be more fully-populated
so we have enough information to create an SSL certificate and move
the principal to a real entry.
https://fedorahosted.org/freeipa/ticket/1245
|
|
|
|
| |
ticket https://fedorahosted.org/freeipa/ticket/1265
|
|
|
|
|
|
|
|
|
|
|
|
| |
When IPA replica is installed and the master machine record is not
in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer
a question about adding a host to this file.
This has, however, a potential to break automatic tests.
ipa-replica-conncheck should not require any further user interaction
when all mandatory options are filled.
https://fedorahosted.org/freeipa/ticket/1305
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Client installation with --no-sssd option was broken if the client
was based on a nss-pam-ldap instead of nss_ldap. The main issue is
with authconfig rewriting the nslcd.conf after it has been
configured by ipa-client-install.
This has been fixed by changing an order of installation steps.
Additionally, nslcd daemon needed for nss-pam-ldap function is
correctly started.
https://fedorahosted.org/freeipa/ticket/1235
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
|
|
|
|
|
|
|
| |
When a new forward zone is created in ipa-replica-prepare
the master DNS address gets corrupted by invalid A/AAAA record.
https://fedorahosted.org/freeipa/ticket/1260
|
|
|
|
|
|
|
| |
When MaxArgumentError si raised, the string localized by ngettext
is not printed properly.
https://fedorahosted.org/freeipa/ticket/1148
|
|
|
|
|
|
|
|
| |
Add Add tests for users, groups, hosts and hostgroups to verify membership
Update API to version 2.3
https://fedorahosted.org/freeipa/ticket/1170
|
|
|
|
| |
Tables on the dialog page need to have the scrolling set but should not resize with the main window, since their window is a JQuery UI dialog.
|
|
|
|
|
|
|
|
|
| |
Previously when an internal error occurs on the server the UI will
display a blank error dialog box. To fix the problem the string
message thrown by Ajax has been converted into an object containing
the error message.
Ticket #1280
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the group-show command doesn't return indirect members, the tabs
for group's indirect members have been reverted to call user-find with
the --in-groups parameter to get the entries.
However, this is only a temporary solution since the user-find command
returns both direct and indirect members (ticket #1273).
The Selenium test for groups has been modified to test nested groups
and verify indirect members. The verification currently will fail due
to the above issue.
|
|
|
|
|
|
|
|
|
|
| |
Turn off the side scroll bars for pages.
Resizes the table when the browser resizes
For stables, the rows scroll, but not the header.
For details, the content area scrolls.
Reserves 400 picesl for the header/ footer. Resize is only done on reload
|
|
|
|
|
|
|
|
|
|
|
|
| |
Interactive mode for commands manipulating with DNS records
(dnsrecord-add, dnsrecord-del) is not usable. This patch enhances
the server framework with new callback for interactive mode, which
can be used by commands to inject their own interactive handling.
The callback is then used to improve aforementioned commands'
interactive mode.
https://fedorahosted.org/freeipa/ticket/1018
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
indirect automount maps
code review changes for automount:
Removed: fields for mount and parentmap in maps details since they are not present in show or mod
Hid undo link for adder dialog
set up click handler for checkboxes when row does not have primary key
removed add override in automountmap_adder_dialog
moved 'var input...' in automount.js line 158 to start of method.
changed logic in if statmenet ,dialog.js line 628 it if (!first) as suggested
|
|
|
|
| |
so it can be called from both details and assocaiton facets.
|
| |
|
|
|
|
| |
The association table needs to be emptied if there is no entries.
|
|
|
|
|
|
|
|
|
| |
The association facet has been modified to support pagination. The
UI will show 20 members per page. There are buttons to go to a
previous or next page. There is also an input text to jump directly
to a certain page.
Ticket #1011
|
|
|
|
| |
ticket 1213
|
|
|
|
| |
ticket 910
|