| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is part of the schema at
<http://www.freeipa.org/page/V4/PKCS11_in_LDAP/Schema>.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
This is a no longer used nickname for CA certificate on CA-less server
installs.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
| |
This prevents SELinux denials when accessing the ldapi socket.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
This prevents SELinux denials when the sysupgrade module is imported in a
confined process.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3737
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
| |
Allow checking and setting CA renewal master for non-local CA instances.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The ipagetkeytab command recently changed its failure output
to accomodate pre-4.0 servers.
Update the test to reflect this.
Related: https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
ipa-client-install runs anonymous search in non-rootdse space which
may raise UNWILLING_TO_PERFORM error. This case was only covered for
BIND, but not for the actual LDAP queries.
https://fedorahosted.org/freeipa/ticket/4459
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When creating or modifying otptoken check that token validity start is not after
validity end.
https://fedorahosted.org/freeipa/ticket/4244
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
Related to https://fedorahosted.org/freeipa/ticket/4448
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4448
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4371
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
| |
Remove the file on uninstall.
https://fedorahosted.org/freeipa/ticket/4303
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
| |
Fortunately this cause no error, because dnszone-find doesnt raise
exception if there is no DNS container
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Additional fix for https://fedorahosted.org/freeipa/ticket/4323
|
| |
|
|
|
|
|
|
|
|
| |
The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to
pass the validation tests, however, they are not implemented nor
checked by the 389 server plugin.
https://fedorahosted.org/freeipa/ticket/4323
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
reset_password.html now redirects browser to URL specified in 'redirect'
uri component (if present).
The component has to be URI encoded. ie (in browser console):
$ encodeURIComponent('http://pvoborni.fedorapeople.org/doc/#!/guide/Debugging')
-->
"http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging"
-->
https://my.freeipa.server/ipa/ui/reset_password.html?redirect=http%3A%2F%2Fpvoborni.fedorapeople.org%2Fdoc%2F%23!%2Fguide%2FDebugging
https://fedorahosted.org/freeipa/ticket/4440
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
| |
Buttons in hbactest check for 'action-button-disabled' but it's never set.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Detach/attach facet nodes when switching facets instead of
hiding/showing.
Keeps dom-tree more simple.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Fixed:
1. IE doesn't support value 'initial' in CSS rule.
2. setting innerHTML='' also destroys content of child nodes in
LoginScreen in IE -> reattached buttons have no text.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
Items nested in other items were created in root list instead of nested list.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Reproduction:
* add 'extensibleObject' object class to target object
https://fedorahosted.org/freeipa/ticket/4380
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Returning non-unicode causes serialization into base64 which causes havoc
in Web UI.
https://fedorahosted.org/freeipa/ticket/4454
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents the reuse of TOTP tokens by recording the last token
interval that was used. This will be replicated as normal. However,
this patch does not increase the number of writes to the database
in the standard authentication case. This is because it also
eliminates an unnecessary write during authentication. Hence, this
patch should be write-load neutral with the existing code.
Further performance enhancement is desired, but is outside the
scope of this patch.
https://fedorahosted.org/freeipa/ticket/4410
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Without nsslapd-allow-hashed-passwords being turned on, user password
migration fails.
https://fedorahosted.org/freeipa/ticket/4450
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Also, make the error messages for this fallback case less scary and
clean up some indentation issues in the nearby code which made this
code difficult to read.
https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
| |
Allow use of characters that no longer cause troubles. Check for
leading and trailing characters in case of 389 Direcory Manager password.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Theme package is contains resources for PKI web interface. This interface
is not needed by FreeIPA as it rather utilizes it's API. As recommended in
https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard
dependency.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
| |
LDAPRemoveReverseMember
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
