summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Connection check program for replica installationMartin Kosek2011-06-089-0/+583
| | | | | | | | | | | | | | | | | | | | | | | | | | When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107
* Fix forward zone creation in ipa-replica-prepareMartin Kosek2011-06-081-2/+3
| | | | | | | When a new forward zone is created in ipa-replica-prepare the master DNS address gets corrupted by invalid A/AAAA record. https://fedorahosted.org/freeipa/ticket/1260
* Localization fails for MaxArgumentErrorMartin Kosek2011-06-061-1/+4
| | | | | | | When MaxArgumentError si raised, the string localized by ngettext is not printed properly. https://fedorahosted.org/freeipa/ticket/1148
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-068-15/+103
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* dialog scrolling tableAdam Young2011-06-036-20/+29
| | | | Tables on the dialog page need to have the scrolling set but should not resize with the main window, since their window is a JQuery UI dialog.
* Fixed blank dialog box on internal error.Endi S. Dewata2011-06-031-12/+16
| | | | | | | | | Previously when an internal error occurs on the server the UI will display a blank error dialog box. To fix the problem the string message thrown by Ajax has been converted into an object containing the error message. Ticket #1280
* Temporary fix for indirect member tabs.Endi S. Dewata2011-06-029-25/+612
| | | | | | | | | | | | | Since the group-show command doesn't return indirect members, the tabs for group's indirect members have been reverted to call user-find with the --in-groups parameter to get the entries. However, this is only a temporary solution since the user-find command returns both direct and indirect members (ticket #1273). The Selenium test for groups has been modified to test nested groups and verify indirect members. The verification currently will fail due to the above issue.
* scrollable content areasAdam Young2011-06-028-139/+2673
| | | | | | | | | | Turn off the side scroll bars for pages. Resizes the table when the browser resizes For stables, the rows scroll, but not the header. For details, the content area scrolls. Reserves 400 picesl for the header/ footer. Resize is only done on reload
* Improve interactive mode for DNS pluginMartin Kosek2011-06-023-20/+225
| | | | | | | | | | | | Interactive mode for commands manipulating with DNS records (dnsrecord-add, dnsrecord-del) is not usable. This patch enhances the server framework with new callback for interactive mode, which can be used by commands to inject their own interactive handling. The callback is then used to improve aforementioned commands' interactive mode. https://fedorahosted.org/freeipa/ticket/1018
* automount delete keyAdam Young2011-06-017-18/+185
| | | | | | | | | | | | | | | | | | indirect automount maps code review changes for automount: Removed: fields for mount and parentmap in maps details since they are not present in show or mod Hid undo link for adder dialog set up click handler for checkboxes when row does not have primary key removed add override in automountmap_adder_dialog moved 'var input...' in automount.js line 158 to start of method. changed logic in if statmenet ,dialog.js line 628 it if (!first) as suggested
* redirect on error Code for redirecting on error has been moved to IPA.facet ↵Adam Young2011-06-013-23/+21
| | | | so it can be called from both details and assocaiton facets.
* redirect on show error.Adam Young2011-05-311-3/+14
|
* Fixed pagination problem.Endi S. Dewata2011-05-311-0/+1
| | | | The association table needs to be emptied if there is no entries.
* Added pagination for associations.Endi S. Dewata2011-05-314-95/+210
| | | | | | | | | The association facet has been modified to support pagination. The UI will show 20 members per page. There are buttons to go to a previous or next page. There is also an input text to jump directly to a certain page. Ticket #1011
* Do stricter checking of IP addressed passed to server install.Jan Cholasta2011-05-302-0/+20
| | | | ticket 1213
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-306-45/+98
| | | | ticket 910
* Parse netmasks in IP addresses passed to server install.Jan Cholasta2011-05-3010-53/+213
| | | | ticket 1212
* Do a lazy retrieval of the LDAP schema rather than at module load.Rob Crittenden2011-05-302-18/+27
| | | | | | | | | | Attempt to retrieve the schema the first time it is needed rather than when Apache is started. A global copy is cached for future requests for performance reasons. The schema will be retrieved once per Apache child process. ticket 583
* Fixed problem deleting value in text field.Endi S. Dewata2011-05-277-113/+143
| | | | | | | | | | | | Previously deleting a value in a text field did not work because the field is not included in the modify operation when the value is empty. The details facet's update() method has been modified to update only dirty fields. The section lists in details facet and dialog have been converted into ordered maps. Ticket #1256
* Include the word 'member' with autogenerated optional member labels.Rob Crittenden2011-05-272-77/+77
| | | | | | | There were reports of confusion over what was being prompted for, hopefully adding member will make things clearer. ticket 1062
* Add option to limit the attributes allowed in an entry.Rob Crittenden2011-05-275-0/+197
| | | | | | | | | | | | | | | | Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744
* Added Update and Reset buttons into Dirty dialog.Endi S. Dewata2011-05-2711-166/+142
| | | | | | | | | | | | The Dirty dialogs have been combined into IPA.dirty_dialog. It provides the Update and Reset buttons with customizable callback. Previously the widget's dirty status is computed by comparing the old values with the new values. This method is sometimes inaccurate, so the is_dirty() method has been modified to simply return a flag which is set to true if the widget is changed. Ticket #896.
* Fix reverse zone creation in ipa-replica-prepareMartin Kosek2011-05-276-67/+37
| | | | | | | | | When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223
* Fixed URL parameter parsing.Endi S. Dewata2011-05-2610-74/+71
| | | | | | | The $.bbq.getState() invocations have been modified not to coerce URL parameter values to avoid parsing error. Ticket #1208
* Fix migration to work between v2 servers and remove search/size limits.Rob Crittenden2011-05-261-6/+14
| | | | | | | | | | | | Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124
* automount UIAdam Young2011-05-2626-292/+6145
| | | | | | | | | | | | | | | | | | | | | | automount implemented using standard facets and containing_entity pkey generation sample data fixtures for automount. messages for automount and HBAC. modified form of the search facet used to nest the automount entities Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin. All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title. update ipa_init sample data add redirect logic for pages without pkeys. add and delete link to appropriate entities for nested search facet. Using on demand entities. Fixed breadcrumbs.
* Document that deleting and re-adding a replica requires a dirsrv restart.Rob Crittenden2011-05-261-10/+16
| | | | | | | | If you install a replica, delete the replica, then re-add it and then try to re-initialize the agreement it will fail because the remote master has the old service principals cached. It needs to be restarted to work. ticket 1077
* Configure Managed Entries on replicas.Rob Crittenden2011-05-256-0/+34
| | | | | | | | | | | The Managed Entries plugin configurations weren't being created on replica installs. The templates were there but the cn=config portions were not. This patch adds them as updates. The template portion will be added in the initial replication. ticket 1222
* 28 One Liner: Typo in host_nis_groups has been creating 2 CN'sJr Aquino2011-05-251-1/+1
|
* A new flag to disable creation of UPGMartin Kosek2011-05-257-15/+92
| | | | | | | | Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131
* Fixed Selenium tests.Endi S. Dewata2011-05-246-9/+19
| | | | Fixed some validation and synchronization problems in Selenium tests.
* Fixed Add and Edit without primary key.Endi S. Dewata2011-05-241-4/+10
| | | | | | | | The IPA.add_dialog has been modified such that if the user clicks the Add and Edit button it will read the primary key returned by the add operation and use it to open the details page. Ticket #1108
* Fixed adder dialog title.Endi S. Dewata2011-05-244-34/+41
| | | | | | | The IPA.entity_builder has been fixed to use the correct title for the entity's adder dialog. Ticket #1239
* Fixed details tests.Endi S. Dewata2011-05-231-1/+1
|
* create entities on demand.Adam Young2011-05-235-26/+18
| | | | | | fixed changes from code review Fixed unit tests for entity on demand changes.
* Fixed Ajax error handling.Endi S. Dewata2011-05-208-16/+5
| | | | | | | The IPA.command has been modified not to insert a title into the error object thrown by Ajax operation because the object could be immutable. Ticket #1240
* Fixed problem disabling HBAC and SUDO rules.Endi S. Dewata2011-05-202-2/+2
| | | | | | The method names for disabling HBAC and SUDO rules have been fixed. Ticket #1237.
* jQuery ordered map.Endi S. Dewata2011-05-2028-190/+427
| | | | | | | | | The ordered map is a jQuery extension for creating a collection which can be accessed both as an ordered list and as a map. This collection can be used to store various objects including entities, fields, columns, and dialogs. A test suite for this class has been added as well. Ticket #1232
* Enable 389-ds SSL host checking by defauiltRob Crittenden2011-05-204-8/+58
| | | | | | | | | | | | | Enforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. This also changes the way the ldapupdater modlist is generated to be more like the framework. Single-value attributes are done as replacements and there is a list of force-replacement attributes. ticket 1069
* Properly configure nsswitch.conf when using the --no-sssd option.Rob Crittenden2011-05-181-3/+4
| | | | | | | | | | | Even with --no-sssd authconfig was setting nsswitch.conf to use sssd for users, groups, shadow and netgroups. We need to pass in the --enableforcelegacy option hwen configuring nss_ldap. Also always back up and restore sssd.conf. It still gets configured for kerberos. ticket 1142
* Test for forwarded Kerberos credentials cache in wsgi code.Rob Crittenden2011-05-182-2/+16
| | | | | | | | | We should more gracefully handle if the TGT has not been forwarded than returning a 500 error. Also catch and display KerberosErrors from ping() in the client better. ticket 1101
* KDC autodiscovery may fail when domain is not realmMartin Kosek2011-05-172-15/+26
| | | | | | | | | | | | | When ipa-client-install autodiscovers IPA server values it doesn't fill the fixed KDC address to Kerberos configuration file. However, when realm != domain or the autodiscovered values are overridden, installation may fail because it cannot find the KDC. This patch adds a failover to use static KDC address in case when such an issue occurs. https://fedorahosted.org/freeipa/ticket/1100
* Read-only association facet.Endi S. Dewata2011-05-1610-74/+84
| | | | | | | | | The IPA.association_facet has been modified to take a read_only parameters. If the parameter is set to true, the Enroll and Delete buttons will not be shown. All facets under the memberindirect and memberofindirect facet groups are marked as read-only. Ticket #1030
* Customizable facet groups.Endi S. Dewata2011-05-1613-224/+329
| | | | | | | | The IPA.entity has been modified to support customizable facet groups. The default list of facet groups is defined in IPA.entity_header and can be overriden in the entity definition. Ticket #1219
* Assume ipa help for plugins.Jan Cholasta2011-05-131-0/+6
| | | | ticket 914
* Return copy of config from ipa_get_config()Jr Aquino2011-05-131-2/+2
| | | | | | | | | It was discovered that using the batch plugin it was possible to store duplicate data in parts of the ipa_config during iterations. This was causing a cascading exec failures if any one of the batch executions failed. https://fedorahosted.org/freeipa/ticket/1220
* Update min nvr for selinux-policy and pki-ca for F-15+Rob Crittenden2011-05-131-2/+15
| | | | | | Done with conditionals so still installable on F-14. ticket 1200
* Running ipa-replica-manage as non-root cause errorsMartin Kosek2011-05-131-1/+8
| | | | | | | | Logging errors are printed out when ipa-replica-manage is run as a non-root user. Log has been disabled in such case to prevent such messages. https://fedorahosted.org/freeipa/ticket/1046
* Improve service manipulation in client installMartin Kosek2011-05-133-111/+124
| | | | | | | | Remove redundant ipa-client-install error message when optional nscd daemon was not installed. Additionally, use standard IPA functions for service manipulation and improve logging. https://fedorahosted.org/freeipa/ticket/1207
* Remove doc from API.txtMartin Kosek2011-05-132-318/+317
| | | | | | | | | | | | | Doc parts are not removed from the API completely. This leads to unnecessary updates to API.txt when the option/argument documentation is changed. This patch replaces unreliable doc stripping function with a regular expression. It works for all current doc strings (simple string or GetText). The only limitation is that the RE supports only up to 2 levels of nested parentheses in doc string. https://fedorahosted.org/freeipa/ticket/1057
generated by cgit (git 2.34.1) at 2024-09-27 20:54:11 +0000