summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add userClass attribute for usersAna Krivokapic2013-11-195-11/+71
| | | | | | | | | This new freeform user attribute will allow provisioning systems to add custom tags for user objects which can be later used for automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems https://fedorahosted.org/freeipa/ticket/3588
* Unify capitalization of attribute names in schema filesPetr Viktorin2013-11-183-19/+19
| | | | | | | | | | | Due to a bug[0], python-ldap doesn't parse schema LDIF files correctly if they use inconsistent capitalization. This patch works around the bug in IPA schema files. [0] https://bugzilla.redhat.com/show_bug.cgi?id=1007820 Note: git's --word-diff option is recommended for viewing these changes
* Add formerly update-only schemaPetr Viktorin2013-11-185-2/+45
| | | | | | Some schema was only delivered in updates. Add it back as ldif files. https://fedorahosted.org/freeipa/ticket/3454
* Make schema files conform to new updaterPetr Viktorin2013-11-187-20/+20
| | | | | | | | | | | | | | | | | The new schema updater only compares textual representations of schema elements, as formatted by python-ldap. This works well, but it is too strict for the current schema files in two ways: - For attribute names in MAY and MUST, the correct letter case must be used - AttributeTypes must specify explicit EQUALITY and SYNTAX fields even if they are the same as its supertype's. When these restrictions are not followed, the updater will always overwrite the schema element. This is harmless but it fills up the log unnecessarily. Modify the schema files to conform to these restrictions. Part of the work for https://fedorahosted.org/freeipa/ticket/3454 Note: git's --word-diff option is recommended for viewing these changes
* Remove schema special-casing from the LDAP updaterPetr Viktorin2013-11-182-130/+12
| | | | | | | Now that there's a dedicated schema updater, we do not need the code in ldapupdate. https://fedorahosted.org/freeipa/ticket/3454
* Remove schema modifications from update filesPetr Viktorin2013-11-1813-532/+1
| | | | | | | As schema is now handled by the schema updater, these entries are superfluous. https://fedorahosted.org/freeipa/ticket/3454
* Update the man page for ipa-ldap-updaterPetr Viktorin2013-11-181-8/+20
|
* Add schema updater based on IPA schema filesPetr Viktorin2013-11-184-5/+180
| | | | | | | | | | | | The new updater is run as part of `ipa-ldap-updater --upgrade` and `ipa-ldap-updater --schema` (--schema is a new option). The --schema-file option to ipa-ldap-updater may be used (multiple times) to select a non-default set of schema files to update against. The updater adds an X-ORIGIN tag with the current IPA version to all elements it adds or modifies. https://fedorahosted.org/freeipa/ticket/3454
* dsinstance: Move the list of schema filenames to a constantPetr Viktorin2013-11-181-9/+14
| | | | Preparation for: https://fedorahosted.org/freeipa/ticket/3454
* ldapupdate: Factor out connection codePetr Viktorin2013-11-181-40/+36
| | | | | | | The connection code will be the same for both the LDAP updater and the new schema updater. Preparation for: https://fedorahosted.org/freeipa/ticket/3454
* Removed old firefox configuration scriptsMartin Basti2013-11-159-191/+0
| | | | Part of ticket https://fedorahosted.org/freeipa/ticket/3821
* ipa-client-install: Added options to configure firefoxMartin Basti2013-11-155-4/+122
| | | | | | | | | Option --configure-firefox configures firefox to use Kerberos credentials within IPA domain Optional option --firefox-dir=DIR allows to user to specify non-standard path where firefox install directory is placed. Part of ticket: https://fedorahosted.org/freeipa/ticket/3821
* Add web UI integration tests for automember rebuildAna Krivokapic2013-11-151-0/+197
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3928
* Web UI integration test driver enhancementAna Krivokapic2013-11-151-0/+2
| | | | | | Handle selecting an option from a select box. https://fedorahosted.org/freeipa/ticket/3928
* Add automember rebuild command to the web UIAna Krivokapic2013-11-155-11/+87
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3928
* Fix error message when adding duplicate automember ruleAna Krivokapic2013-11-154-8/+9
| | | | | | Also fix object_name and object_name_plural for automember rules. https://fedorahosted.org/freeipa/ticket/2708
* Add unit tests for automember rebuild commandAna Krivokapic2013-11-151-13/+540
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3752
* Add a privilege and a permission needed for automember rebuild commandAna Krivokapic2013-11-151-0/+19
| | | | | Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3752
* Add automember rebuild commandAna Krivokapic2013-11-153-11/+143
| | | | | | | | | | | Add a new command to IPA CLI: ipa automember-rebuild The command integrates the automember rebuild membership task functionality into IPA CLI. It makes it possible to rebuild automember membership for groups/hostgroups. Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership https://fedorahosted.org/freeipa/ticket/3752
* Use EXTERNAL auth mechanism in ldapmodifyAna Krivokapic2013-11-141-10/+10
| | | | | | Default to using the EXTERNAL authorization mechanism in calls to ldapmodify https://fedorahosted.org/freeipa/ticket/3895
* Map NT_STATUS_INVALID_PARAMETER to most likely error cause: clock skewAlexander Bokovoy2013-11-131-0/+3
| | | | | | | | When we get NT_STATUS_INVALID_PARAMETER in response to establish DCE RPC pipe with Kerberos, the most likely reason is clock skew. Suggest that it is so in the error message. https://fedorahosted.org/freeipa/ticket/4024
* Fix regression which prevents creating a winsync agreementAna Krivokapic2013-11-131-1/+2
| | | | | | | A regression, which prevented creation of a winsync agreement, was introduced in the original fix for ticket #3989. https://fedorahosted.org/freeipa/ticket/3989
* Server does not detect different server and IPA domainMartin Kosek2013-11-111-7/+11
| | | | | | | | | | | | | | Server installer does not properly recognize a situation when server fqdn is not in a subdomain of the IPA domain, but shares the same suffix. For example, if server FQDN is ipa-idm.example.com and domain is idm.example.com, server's FQDN is not in the main domain, but installer does not recognize that. proper Kerberos realm-domain mapping is not created in this case and server does not work (httpd reports gssapi errors). https://fedorahosted.org/freeipa/ticket/4012
* Remove unused utf8_encode_value functionsPetr Viktorin2013-11-081-12/+0
| | | | | The utf8_encode_value/_values functions from ipautil are no longer used. Remove them.
* Add tests for user auth type managementPetr Viktorin2013-11-082-0/+102
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Add support for managing user auth typesNathaniel McCallum2013-11-085-10/+32
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Turn LDAPEntry.single_value into a dictionary-like property.Jan Cholasta2013-11-0522-146/+152
| | | | | | This change makes single_value consistent with the raw property. https://fedorahosted.org/freeipa/ticket/3521
* Guard import of adtrustinstance for case without trustsAlexander Bokovoy2013-11-041-2/+8
| | | | https://fedorahosted.org/freeipa/ticket/4011
* Fix debug output in integration testPetr Viktorin2013-11-041-1/+1
| | | | | | Recent ipaldap work has made LDAPEntry incompatible with python-ldap's LDIFWriter. Convert entry to dict before printing debug output.
* ipatests: test_trust: use domain name instead of realm for user lookupsTomas Babej2013-11-011-3/+6
|
* ipatests: Add integration tests for legacy clientsTomas Babej2013-11-011-0/+261
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Use command -v instead of which in legacy client adviceTomas Babej2013-11-011-2/+2
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* Remove deprecated AllowLMhash configMartin Kosek2013-11-011-1/+1
| | | | | | | Remove this ipaConfigString value as LM hash is deprecated and in fact even insecure. https://fedorahosted.org/freeipa/ticket/3795
* Remove generation and handling of LM hashesSumit Bose2013-11-017-250/+74
| | | | https://fedorahosted.org/freeipa/ticket/3795
* Remove AllowLMhash from the allowed IPA config stringsSumit Bose2013-11-015-5/+3
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3795
* Use encoded values from entry objects directly when adding new entries.Jan Cholasta2013-10-311-7/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Use encoded values from entry objects directly when generating modlists.Jan Cholasta2013-10-311-33/+6
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Store encoded attribute values from search results directly in entry objects.Jan Cholasta2013-10-311-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Remove legacy toDict and origDataDict methods of LDAPEntry.Jan Cholasta2013-10-313-33/+9
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Make sure attributeTypes updates are done before objectClasses updates.Jan Cholasta2013-10-311-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/3521
* Decode and encode attribute values in LDAPEntry on demand.Jan Cholasta2013-10-312-28/+234
| | | | | | | | | | | This is achieved by storing both decoded and encoded attribute values in LDAPEntry and synchronizing changes between them whenever an attribute is accessed. Added a new property "raw" to LDAPEntry. It provides a dictionary-like object which can be used to directly access encoded attribute values. https://fedorahosted.org/freeipa/ticket/3521
* Always use lists for values in LDAPEntry internally.Jan Cholasta2013-10-312-2/+30
| | | | | | | Outside of LDAPEntry, it is still possible to use non-lists. Once we enforce lists for attribute values, this will be removed. https://fedorahosted.org/freeipa/ticket/3521
* Introduce IPASimpleLDAPObject.decode method for decoding LDAP values.Jan Cholasta2013-10-311-27/+31
| | | | | | | This method is intended as a counterpart of IPASimpleLDAPObject.encode and replaces IPASimpleLDAPObject.convert_value_list. https://fedorahosted.org/freeipa/ticket/3521
* Make LDAPEntry a wrapper around dict rather than a dict subclass.Jan Cholasta2013-10-311-68/+83
| | | | https://fedorahosted.org/freeipa/ticket/3521
* ipatests: Add support for extra roles referenced by a keywordTomas Babej2013-10-316-40/+158
| | | | | | | | | | | | | | | | | | Adds support for host definition by a environment variables of the following form: ROLE_<keyword>_envX, where X is the number of the environment for which host referenced by a role <keyword> should be defined. Adds a required_extra_roles attribute to the IntegrationTest class, which can test developer use to specify the extra roles that this particular test requires. If not all required extra roles are available, the test will be skipped. All extra (and static) roles are accessible to the IntegrationTests via the host_by_role method, which returns a host of given role. Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Do not use /usr/bin hardcoded pathsTomas Babej2013-10-311-6/+7
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Restore SELinux context after restoring files from backupTomas Babej2013-10-311-0/+12
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Extend clear_sssd_cache to support non-systemd platformsTomas Babej2013-10-311-6/+16
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* advice: Add legacy client configuration script using nss-ldapTomas Babej2013-10-311-1/+36
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* Remove ipa-pwd-extop and ipa-enrollment duplicate error stringsMartin Kosek2013-10-303-16/+22
| | | | | | | Some error strings were duplicate which makes it then harder to see what is the real root cause of it. https://fedorahosted.org/freeipa/ticket/3988
generated by cgit (git 2.34.1) at 2024-11-12 05:04:49 +0000