summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Enforce class rules when query=True, continue to not run validators.ticket-hbac-testRob Crittenden2011-07-113-28/+43
| | | | | | | | | | | | | | | This started as a problem in allowing leading/trailing whitespaces on primary keys. In nearly every command other than add query is True so all rules were ignored on the primary key. This meant that to enforce whitespace we would need to define a validator for each one. I decided instead to set self.all_rules to just the class rules if query == True. So the minimum set of validators will be executed against each type but param-specific validators will only run on add. https://fedorahosted.org/freeipa/ticket/1285 https://fedorahosted.org/freeipa/ticket/1286 https://fedorahosted.org/freeipa/ticket/1287
* Added sudo options.Endi S. Dewata2011-07-117-80/+287
| | | | | | | A table has been added into sudo rule details page for managing sudo options. Ticket #1447
* indirect adminsAdam Young2011-07-111-3/+5
| | | | https://fedorahosted.org/freeipa/ticket/1465
* clear errors on resetAdam Young2011-07-083-4/+10
| | | | https://fedorahosted.org/freeipa/ticket/1446
* Fixed missing entitlement import button labelEndi S. Dewata2011-07-081-1/+1
| | | | Ticket #1456
* check required on addAdam Young2011-07-083-37/+46
| | | | | | | | | previsouly was checked on key down, but that does the check too soon. Next attempt was on blur, but that had numerous problems. This now checkes when the add button is clicked. works for entity_select widget, too Checks upon form submission https://fedorahosted.org/freeipa/ticket/1437
* Fixed test fixture file name.Endi S. Dewata2011-07-071-0/+0
|
* Fixed dirty dialog problems in HBAC/Sudo rules.Endi S. Dewata2011-07-075-110/+83
| | | | | | | The update() in HBAC/Sudo details facet has been fixed to call the callback function which will show the dirty dialog properly. Ticket #1439
* Fixed blank self-service page.Endi S. Dewata2011-07-061-0/+2
| | | | | | | The self-service navigation has been fixed to include the root of the navigation path. Ticket #1445
* HBAC deny warningAdam Young2011-07-0611-31/+261
| | | | | | | | shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red. Only shows up fro administrators, not for self service users. https://fedorahosted.org/freeipa/ticket/1421
* Fixed HBAC/Sudo rules associations.Endi S. Dewata2011-07-064-0/+50
| | | | | | | | The HBAC/Sudo rules associations in users, groups, hosts and host groups have been fixed to use the correct associator and method names. Ticket #1438
* password expiration labelAdam Young2011-07-053-12/+12
|
* validate intsAdam Young2011-07-051-33/+40
| | | | | | validate integers whether meta comes from metadata or param_info https://fedorahosted.org/freeipa/ticket/1415
* Fixed object_name usage.Endi S. Dewata2011-07-0510-85/+79
| | | | | | | | | | | The object_name attribute was used as both an identifier and a label which sometimes require different values (e.g. hbacrule vs. HBAC rule). The code that uses object_name as an identifier has been changed to use the 'name' attribute instead. The values of the object_name attribute have been fixed to become proper labels. Ticket #1217
* Add pwd expiration notif (ipapwdexpadvnotify) to config plugin def attr listRob Crittenden2011-07-051-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/1416
* Set the client auth callback after creating the SSL connection.Rob Crittenden2011-07-011-2/+2
| | | | | | | | | | If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket is created. There is no way to query for the callback in an existing socket. https://fedorahosted.org/freeipa/ticket/1349
* Added arrow icons for details sections.Endi S. Dewata2011-07-014-25/+20
| | | | | | | New arrow icons have been added to replace the plus/minus sign icons for expanding/collapsing details sections. Ticket #1422
* entity link for password policyAdam Young2011-07-012-2/+65
| | | | | | | https://fedorahosted.org/freeipa/ticket/1111 reset() now hides both the link and the label calucalating should_link is now a function that can be overloaded.
* Removed invalid associations.Endi S. Dewata2011-07-012-2/+2
| | | | | | | | | The following invalid associations have been removed: - group's memberindirect netgroup and role - hostgroup's memberofindirect host Ticket #1366 Ticket #1367
* Fixed button style in EntitlementsEndi S. Dewata2011-07-011-1/+1
| | | | | | | | The entitlement buttons are located serveral levels underneath facet-controls, so the CSS selector has been fixed to extend beyond facet-controls' immediate children. Ticket #1419
* Added confirmation dialog for user activation.Endi S. Dewata2011-07-013-59/+131
| | | | | | | | | The IPA.user_status_widget has been modified such that it checks the facet dirty status and asks the admin to either Update or Reset the changes. Then the widget shows a dialog to confirm whether the admin wants to activate/deactivate the user. Ticket #1395
* config widgets entity select default group checkbox for migrationAdam Young2011-06-305-14/+31
|
* Fixed hard-coded messages.Endi S. Dewata2011-06-309-116/+228
| | | | | | Hard-coded messages in the UI have been replaced with I18n messages. Ticket #1396
* Removed unused images.Endi S. Dewata2011-06-3014-8/+0
| | | | | | Images that are no longer used have been removed. Ticket #990
* ipadefaultemaildomainAdam Young2011-06-301-0/+1
|
* config fieldsAdam Young2011-06-303-215/+452
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1403 https://fedorahosted.org/freeipa/ticket/1404 https://fedorahosted.org/freeipa/ticket/1405 https://fedorahosted.org/freeipa/ticket/1406 fields and sections for config screen Using multivalue controls for object classes
* undefined pkeys https://fedorahosted.org/freeipa/ticket/1399Adam Young2011-06-292-1/+8
| | | | Thereis not metatdata defined pkey for config, so we need to short circuit the logic that uses the metatdata pkey to look up the key from the hashurl.
* containing entity pkeysAdam Young2011-06-292-6/+29
| | | | | | | | | Instead of looking for a match on the entity name, use the nesting structure of containing entites to grab their pkeys. Code review fixes https://fedorahosted.org/freeipa/ticket/674
* shorten url cache state in a javascript variable, and leave on information ↵Adam Young2011-06-2812-56/+95
| | | | | | | | | | | | | | about the current entity in the URL hash params https://fedorahosted.org/freeipa/ticket/674 decrement depth for hidden tabs. Initialize state from url useing delete for removing state stricter attribute matching not incrementing depth for all hidden tabs. whitespace cleanup
* Replace the 'private' option in netgroup-find with 'managed'.Jan Cholasta2011-06-283-7/+13
| | | | | | | The 'private' option is kept in to maintain API compatibility, but is hidden from the user. ticket 1120
* Remove redundant configuration values from krb5.conf.Jan Cholasta2011-06-282-6/+0
| | | | ticket 1358
* memory leak in ipa_winsync_get_new_ds_user_dn_cbRich Megginson2011-06-281-0/+1
| | | | | The new_dn_string passed into this function is malloc'd. It must be freed before we reassign the value.
* modify user deleted in AD crashes winsyncRich Megginson2011-06-281-1/+8
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL.
* winsync enables disabled users in ADRich Megginson2011-06-281-3/+5
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1379 winsync enables disabled users in AD when the AD entry changes This was likely broken when ipa switched from using CoS/groups for account inactivation to using nsAccountLock directly. The code that handled the account sync in the from AD direction was broken, but was never found before now because it had not been used. The fix is to correctly set or remove nsAccountLock.
* Allow recursion by defaultMartin Kosek2011-06-271-0/+3
| | | | | | | Update name server configuration file to allow any host to issue recursive queries (allow-recursion statement). https://fedorahosted.org/freeipa/ticket/1335
* Generate record type list from metadata ↵Adam Young2011-06-281-6/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/945 now matches record at the end of the string
* Minor typos in the examplesAlexander Bokovoy2011-06-271-2/+2
|
* Convert Bool to TRUE/FALSE when working with LDAP backend ↵Alexander Bokovoy2011-06-272-4/+7
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 According to RFC4517 the only valid values for a boolean in LDAP are TRUE or FALSE. This commit adds support to recognize TRUE and FALSE as valid Bool constants when converting from LDAP attribute values and enforces TRUE or FALSE string for account locking.
* Fixed undo all problem.Endi S. Dewata2011-06-271-23/+36
| | | | | | | The IPA.multivalued_text_widget has been modified such that the 'undo all' will appear only if at least one of the values is dirty. Ticket #1109
* validate required fields https://fedorahosted.org/freeipa/ticket/1329Adam Young2011-06-273-2/+12
| | | | overides required with optional.
* optional uidAdam Young2011-06-274-1/+29
| | | | Make the uid field optional
* Fixed DNS records page title.Endi S. Dewata2011-06-271-0/+1
| | | | | The DNS records are presented as a facet in the DNS zone details page, so the page title should say DNS Zone.
* identify target as section for permissionsAdam Young2011-06-271-0/+1
|
* Fixed entity labels.Endi S. Dewata2011-06-2718-427/+65
| | | | | | | | | | | | | | | | The entity labels in the following locations have been fixed: - search facet title: plural - details facet title: singular - association facet title: singular - breadcrumb: plural - adder dialog title: singular - deleter dialog title: plural Some entity labels have been changed into the correct plural form. Unused file install/ui/test/data/i18n_messages.json has been removed. Ticket #1249 Ticket #1387
* Added singular entity labels.Endi S. Dewata2011-06-2725-4/+57
| | | | | | | | | | | | | | | A new attribute label_singular has been added to all entities which contains the singular form of the entity label in lower cases except for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web UI, this label can be capitalized using CSS text-transform. The existing 'label' attribute is intentionally left unchanged due to inconsistencies in the current values. It contains mostly the plural form of capitalized entity label, but some are singular. Also, it seems currently there is no comparable capitalization method on the server-side. So more work is needed before the label can be changed. Ticket #1249
* oneliner correct typo in ipasudorunas_groupJr Aquino2011-06-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1326
* Verify that the hostname is fully-qualified before accessing the service ↵Jan Cholasta2011-06-242-8/+10
| | | | | | | | | information in ipactl. Fail gracefully if the supplied hostname isn't fully-qualified in ipa-server-install. ticket 1035
* Slight performance improvement by not doing some checking in production modeRob Crittenden2011-06-231-6/+12
| | | | | | These changes save a few hundred ms but every little bit helps. ticket 1023
* Added record count into association facet tabs.Endi S. Dewata2011-06-245-71/+88
| | | | | | The details and association facets have been modified to show the number of records in each association in the corresponding facet tab. Ticket #1386
* Make dogtag an optional (and default un-) installed component in a replica.Rob Crittenden2011-06-2312-133/+437
| | | | | | | | | | | | | | A dogtag replica file is created as usual. When the replica is installed dogtag is optional and not installed by default. Adding the --setup-ca option will configure it when the replica is installed. A new tool ipa-ca-install will configure dogtag if it wasn't configured when the replica was initially installed. This moves a fair bit of code out of ipa-replica-install into installutils and cainstance to avoid duplication. https://fedorahosted.org/freeipa/ticket/1251