| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/857
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/856
|
|
|
|
| |
First part of: https://fedorahosted.org/freeipa/ticket/855
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When more than one plugin produce ACIs, they share common namespace
of ACI name. This may lead to name collisions between the ACIs
from different plugins.
This patch introduces a mandatory "prefix" attribute for non-find
ACI operations which allow plugins to use their own prefixes
(i.e. namespaces) which is then used when a name of the ACI is
generated.
Permission, Delegation and Selfservice plugins has been updated
to use their own prefixes thus avoiding name collisions by using
their own namespaces. Default ACIs in LDIFs has been updated to
follow this new policy.
Permission plugin now uses its CN (=primary key) instead of
description in ACI names as Description may not be unique.
This change requires an IPA server reinstall since the default ACI
set has been changed.
https://fedorahosted.org/freeipa/ticket/764
|
| |
|
|
|
|
|
| |
Target section had radio buttonsreversed, and a few other style changes
Note that this has the styling removed for the aci-target dl items
|
|
|
|
| |
Ticket 834
|
|
|
|
| |
Iassociation entities should look differnt than Details when they are selected
|
|
|
|
| |
Ticket #845
|
|
|
|
|
|
|
| |
ldap2.get_allowed_attribute(['posixuser'])
returns a list of unicode all lower case attribute names allowed
for the object class 'posixuser'
|
| |
|
|
|
|
|
|
| |
use the result of the is_dns_enabled command to show or hid the dns tab
Also, Javascript lint cleanup from recent patches.
|
|
|
|
| |
the dns records page was adding controls to the wrong tag. This pushes everything down one level, fixing the formatting.
|
|
|
|
|
|
|
| |
Makes the values for the Top level tabs internationizable, and no longer just
passes through their names
Also uses the I18N values for SUDO and HBAC as the static text in the Action p[anel title
|
|
|
|
|
|
|
| |
So far the only flag to enforce asking in interactive mode was the
alwaysask attribute, which is not sufficient any more. This patch adds
the ability to control for which actions the atrribute shall be asked
for.
|
| |
|
|
|
|
| |
ticket 832
|
| |
|
|
|
|
| |
modifying the directories so they find the assets in the right locations
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/581
|
|
|
|
|
|
|
|
|
|
| |
Re-arrange doc and defattr to clean up rpmlint warnings
Remove conditionals on older releases
Move some man pages into admintools subpackage
Remove some explicit Requires in client that aren't needed
Consistent use of buildroot vs RPM_BUILD_ROOT
Ticket 804
|
| |
|
|
|
|
|
|
| |
Avoids ipa-replica-manage to throw up errors.
Fixes: https://fedorahosted.org/freeipa/ticket/807
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/833
|
|
|
|
|
|
|
| |
Even if the replica is not running a DNS server other replicas might.
So if the DNS container is present, then try to add DNS records.
Fixes: https://fedorahosted.org/freeipa/ticket/824
|
| |
|
|
|
|
| |
indicating that they were sselected
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/293
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/820
|
|
|
|
|
|
|
| |
There is no use for return value of Py_InitModule3. Removing it
in this patch.
https://fedorahosted.org/freeipa/ticket/710
|
|
|
|
| |
Ticket #825
|
|
|
|
|
|
|
|
| |
So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/836
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/817
|
| |
|
|
|
|
|
|
| |
In the host plugin we may change the default objectclasses based on
the options selected. This was affecting it globally and causing
subsequent calls to fail.
|
|
|
|
|
|
|
| |
In Python 2.7 the API for time.utcoffset() changed.
We do more automatic conversions of strings so need to loosen the tests
a bit.
|
|
|
|
|
|
|
|
| |
Prevents an unauthenticated user from accessing HBAC and role
information as well as memberof which could disclose roles,
memberships in HBAC, etc.
ticket 811
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
This was from an unpushed patch I had in my tree.
|
| |
|
|
|
|
|
|
|
| |
Either one of type, filter, subtree, targetgroup, attrs or memberof is
required.
https://fedorahosted.org/freeipa/ticket/819
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth
and will potentially fail the bind altogether.
On a successful bind it will zero krbLoginFailedCount and set
krbLastSuccessfulAuth.
This will also enforce locked-out accounts.
See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on
kerberos lockout.
ticket 343
|