summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Support initializing memberof during replication re-init using GSSAPIRob Crittenden2011-06-131-1/+4
| | | | | | | | | | | | | The last step of a replication re-initiailization is to run the memberof task. The current function would only authenticate using simple auth to monitor the task but we may be doing this using admin GSSAPI credentials so support that type of bind as well. In short this fixes: # kinit admin # ipa-replica-manage re-initialize --from=master.example.com https://fedorahosted.org/freeipa/ticket/1248
* Remove root autobind search restriction, fix upgrade logging & error handling.Rob Crittenden2011-06-134-37/+35
| | | | | | | | | | | | | | | There was no point in limiting autobind root to just search cn=config since it could always just modify its way out of the box, so remove the restriction. The upgrade log wasn't being created. Clearing all other loggers before we calling logging.basicConfig() fixes this. Add a global exception when performing updates so we can gracefully catch and log problems without leaving the server in a bad state. https://fedorahosted.org/freeipa/ticket/1243 https://fedorahosted.org/freeipa/ticket/1254
* JSON marshalling listAdam Young2011-06-101-1/+1
| | | | Lists are sometimes marshalled as arrays. Before, we assumed they were CSV strings.
* Handle LDAP search referencesMartin Kosek2011-06-102-5/+14
| | | | | | | | | | | | | LDAP search operation may return a search reference pointing to an LDAP resource. As the framework does not handle search references, skip these results to prevent result processing failures. Migrate operation crashed when the migrated DS contained search references. Now, it correctly skips these records and prints the failed references to user. https://fedorahosted.org/freeipa/ticket/1209
* IPA installation with --no-host-dns failsMartin Kosek2011-06-104-30/+42
| | | | | | | | | | | | --no-host-dns option should allow installing IPA server on a host without a DNS resolvable name. Update parse_ip_address and verify_ip_address functions has been changed not to return None and print error messages in case of an error, but rather let the Exception be handled by the calling routine. https://fedorahosted.org/freeipa/ticket/1246
* Fix external CA installationRob Crittenden2011-06-092-6/+7
| | | | | | | | When re-creating the CADS instance it needs to be more fully-populated so we have enough information to create an SSL certificate and move the principal to a real entry. https://fedorahosted.org/freeipa/ticket/1245
* Add UID, GID and e-mail to the user default attributes.Rob Crittenden2011-06-088-3/+60
| | | | ticket https://fedorahosted.org/freeipa/ticket/1265
* Skip know_host check for ipa-replica-conncheckMartin Kosek2011-06-081-1/+3
| | | | | | | | | | | | When IPA replica is installed and the master machine record is not in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer a question about adding a host to this file. This has, however, a potential to break automatic tests. ipa-replica-conncheck should not require any further user interaction when all mandatory options are filled. https://fedorahosted.org/freeipa/ticket/1305
* Fix support for nss-pam-ldapdMartin Kosek2011-06-081-14/+45
| | | | | | | | | | | | | Client installation with --no-sssd option was broken if the client was based on a nss-pam-ldap instead of nss_ldap. The main issue is with authconfig rewriting the nslcd.conf after it has been configured by ipa-client-install. This has been fixed by changing an order of installation steps. Additionally, nslcd daemon needed for nss-pam-ldap function is correctly started. https://fedorahosted.org/freeipa/ticket/1235
* Connection check program for replica installationMartin Kosek2011-06-089-0/+583
| | | | | | | | | | | | | | | | | | | | | | | | | | When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107
* Fix forward zone creation in ipa-replica-prepareMartin Kosek2011-06-081-2/+3
| | | | | | | When a new forward zone is created in ipa-replica-prepare the master DNS address gets corrupted by invalid A/AAAA record. https://fedorahosted.org/freeipa/ticket/1260
* Localization fails for MaxArgumentErrorMartin Kosek2011-06-061-1/+4
| | | | | | | When MaxArgumentError si raised, the string localized by ngettext is not printed properly. https://fedorahosted.org/freeipa/ticket/1148
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-068-15/+103
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* dialog scrolling tableAdam Young2011-06-036-20/+29
| | | | Tables on the dialog page need to have the scrolling set but should not resize with the main window, since their window is a JQuery UI dialog.
* Fixed blank dialog box on internal error.Endi S. Dewata2011-06-031-12/+16
| | | | | | | | | Previously when an internal error occurs on the server the UI will display a blank error dialog box. To fix the problem the string message thrown by Ajax has been converted into an object containing the error message. Ticket #1280
* Temporary fix for indirect member tabs.Endi S. Dewata2011-06-029-25/+612
| | | | | | | | | | | | | Since the group-show command doesn't return indirect members, the tabs for group's indirect members have been reverted to call user-find with the --in-groups parameter to get the entries. However, this is only a temporary solution since the user-find command returns both direct and indirect members (ticket #1273). The Selenium test for groups has been modified to test nested groups and verify indirect members. The verification currently will fail due to the above issue.
* scrollable content areasAdam Young2011-06-028-139/+2673
| | | | | | | | | | Turn off the side scroll bars for pages. Resizes the table when the browser resizes For stables, the rows scroll, but not the header. For details, the content area scrolls. Reserves 400 picesl for the header/ footer. Resize is only done on reload
* Improve interactive mode for DNS pluginMartin Kosek2011-06-023-20/+225
| | | | | | | | | | | | Interactive mode for commands manipulating with DNS records (dnsrecord-add, dnsrecord-del) is not usable. This patch enhances the server framework with new callback for interactive mode, which can be used by commands to inject their own interactive handling. The callback is then used to improve aforementioned commands' interactive mode. https://fedorahosted.org/freeipa/ticket/1018
* automount delete keyAdam Young2011-06-017-18/+185
| | | | | | | | | | | | | | | | | | indirect automount maps code review changes for automount: Removed: fields for mount and parentmap in maps details since they are not present in show or mod Hid undo link for adder dialog set up click handler for checkboxes when row does not have primary key removed add override in automountmap_adder_dialog moved 'var input...' in automount.js line 158 to start of method. changed logic in if statmenet ,dialog.js line 628 it if (!first) as suggested
* redirect on error Code for redirecting on error has been moved to IPA.facet ↵Adam Young2011-06-013-23/+21
| | | | so it can be called from both details and assocaiton facets.
* redirect on show error.Adam Young2011-05-311-3/+14
|
* Fixed pagination problem.Endi S. Dewata2011-05-311-0/+1
| | | | The association table needs to be emptied if there is no entries.
* Added pagination for associations.Endi S. Dewata2011-05-314-95/+210
| | | | | | | | | The association facet has been modified to support pagination. The UI will show 20 members per page. There are buttons to go to a previous or next page. There is also an input text to jump directly to a certain page. Ticket #1011
* Do stricter checking of IP addressed passed to server install.Jan Cholasta2011-05-302-0/+20
| | | | ticket 1213
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-306-45/+98
| | | | ticket 910
* Parse netmasks in IP addresses passed to server install.Jan Cholasta2011-05-3010-53/+213
| | | | ticket 1212
* Do a lazy retrieval of the LDAP schema rather than at module load.Rob Crittenden2011-05-302-18/+27
| | | | | | | | | | Attempt to retrieve the schema the first time it is needed rather than when Apache is started. A global copy is cached for future requests for performance reasons. The schema will be retrieved once per Apache child process. ticket 583
* Fixed problem deleting value in text field.Endi S. Dewata2011-05-277-113/+143
| | | | | | | | | | | | Previously deleting a value in a text field did not work because the field is not included in the modify operation when the value is empty. The details facet's update() method has been modified to update only dirty fields. The section lists in details facet and dialog have been converted into ordered maps. Ticket #1256
* Include the word 'member' with autogenerated optional member labels.Rob Crittenden2011-05-272-77/+77
| | | | | | | There were reports of confusion over what was being prompted for, hopefully adding member will make things clearer. ticket 1062
* Add option to limit the attributes allowed in an entry.Rob Crittenden2011-05-275-0/+197
| | | | | | | | | | | | | | | | Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744
* Added Update and Reset buttons into Dirty dialog.Endi S. Dewata2011-05-2711-166/+142
| | | | | | | | | | | | The Dirty dialogs have been combined into IPA.dirty_dialog. It provides the Update and Reset buttons with customizable callback. Previously the widget's dirty status is computed by comparing the old values with the new values. This method is sometimes inaccurate, so the is_dirty() method has been modified to simply return a flag which is set to true if the widget is changed. Ticket #896.
* Fix reverse zone creation in ipa-replica-prepareMartin Kosek2011-05-276-67/+37
| | | | | | | | | When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223
* Fixed URL parameter parsing.Endi S. Dewata2011-05-2610-74/+71
| | | | | | | The $.bbq.getState() invocations have been modified not to coerce URL parameter values to avoid parsing error. Ticket #1208
* Fix migration to work between v2 servers and remove search/size limits.Rob Crittenden2011-05-261-6/+14
| | | | | | | | | | | | Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124
* automount UIAdam Young2011-05-2626-292/+6145
| | | | | | | | | | | | | | | | | | | | | | automount implemented using standard facets and containing_entity pkey generation sample data fixtures for automount. messages for automount and HBAC. modified form of the search facet used to nest the automount entities Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin. All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title. update ipa_init sample data add redirect logic for pages without pkeys. add and delete link to appropriate entities for nested search facet. Using on demand entities. Fixed breadcrumbs.
* Document that deleting and re-adding a replica requires a dirsrv restart.Rob Crittenden2011-05-261-10/+16
| | | | | | | | If you install a replica, delete the replica, then re-add it and then try to re-initialize the agreement it will fail because the remote master has the old service principals cached. It needs to be restarted to work. ticket 1077
* Configure Managed Entries on replicas.Rob Crittenden2011-05-256-0/+34
| | | | | | | | | | | The Managed Entries plugin configurations weren't being created on replica installs. The templates were there but the cn=config portions were not. This patch adds them as updates. The template portion will be added in the initial replication. ticket 1222
* 28 One Liner: Typo in host_nis_groups has been creating 2 CN'sJr Aquino2011-05-251-1/+1
|
* A new flag to disable creation of UPGMartin Kosek2011-05-257-15/+92
| | | | | | | | Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131
* Fixed Selenium tests.Endi S. Dewata2011-05-246-9/+19
| | | | Fixed some validation and synchronization problems in Selenium tests.
* Fixed Add and Edit without primary key.Endi S. Dewata2011-05-241-4/+10
| | | | | | | | The IPA.add_dialog has been modified such that if the user clicks the Add and Edit button it will read the primary key returned by the add operation and use it to open the details page. Ticket #1108
* Fixed adder dialog title.Endi S. Dewata2011-05-244-34/+41
| | | | | | | The IPA.entity_builder has been fixed to use the correct title for the entity's adder dialog. Ticket #1239
* Fixed details tests.Endi S. Dewata2011-05-231-1/+1
|
* create entities on demand.Adam Young2011-05-235-26/+18
| | | | | | fixed changes from code review Fixed unit tests for entity on demand changes.
* Fixed Ajax error handling.Endi S. Dewata2011-05-208-16/+5
| | | | | | | The IPA.command has been modified not to insert a title into the error object thrown by Ajax operation because the object could be immutable. Ticket #1240
* Fixed problem disabling HBAC and SUDO rules.Endi S. Dewata2011-05-202-2/+2
| | | | | | The method names for disabling HBAC and SUDO rules have been fixed. Ticket #1237.
* jQuery ordered map.Endi S. Dewata2011-05-2028-190/+427
| | | | | | | | | The ordered map is a jQuery extension for creating a collection which can be accessed both as an ordered list and as a map. This collection can be used to store various objects including entities, fields, columns, and dialogs. A test suite for this class has been added as well. Ticket #1232
* Enable 389-ds SSL host checking by defauiltRob Crittenden2011-05-204-8/+58
| | | | | | | | | | | | | Enforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. This also changes the way the ldapupdater modlist is generated to be more like the framework. Single-value attributes are done as replacements and there is a list of force-replacement attributes. ticket 1069
* Properly configure nsswitch.conf when using the --no-sssd option.Rob Crittenden2011-05-181-3/+4
| | | | | | | | | | | Even with --no-sssd authconfig was setting nsswitch.conf to use sssd for users, groups, shadow and netgroups. We need to pass in the --enableforcelegacy option hwen configuring nss_ldap. Also always back up and restore sssd.conf. It still gets configured for kerberos. ticket 1142
* Test for forwarded Kerberos credentials cache in wsgi code.Rob Crittenden2011-05-182-2/+16
| | | | | | | | | We should more gracefully handle if the TGT has not been forwarded than returning a 500 error. Also catch and display KerberosErrors from ping() in the client better. ticket 1101
generated by cgit (git 2.34.1) at 2024-06-07 03:43:33 +0000