| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unenrollment means that the host keytab is disabled on the server making
it possible to re-install on the client. This host principal is how we
distinguish an enrolled vs an unenrolled client machine on the server.
I added a --unroll option to ipa-join that binds using the host credentials
and disables its own keytab.
I fixed a couple of other unrelated problems in ipa-join at the same time.
I also documented all the possible return values of ipa-getkeytab and
ipa-join. There is so much overlap because ipa-join calls ipa-getkeytab
and it returns whatever value ipa-getkeytab returned on failure.
ticket 242
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing domain and server on the command-line used to be considered as
DNS autodiscovery worked. This was problematic if there was in fact no
SRV records because krb5.conf would be configured without a specific KDC
causing all Kerberos ops to fail.
Now if you pass in a domain/server it still tries to see if they are
discoverable and if so won't hardcode a server, but will fall back to doing
so if necessary.
Also be a lot more aggressive on looking for the SRV records. Use the
search and domain values from /etc/resolv.conf on the chance that the
SRV records aren't in the domain of the hostname of the machine.
An example of this would be if your laptop is in dhcp.example.com and
your company's SRV records are in corp.example.com. Searching
dhcp.example.com and example.com won't find the SRV records but the user
is likely to have corp.redhat.com in the search list, at least.
ticket 234
|
| |
|
|
|
|
| |
We don't want admins messing with this value.
ticket 231
|
| |
|
|
| |
tickets 130 and 131
|
| |
|
|
| |
Enables the icons in the links and in the facets lists
|
| |
|
|
| |
Place holder icons to show how things should be layed out. THese will be replaced by the real icons once we get them from UXD
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The add.js has been modified to support adding new entry with
dynamically generated pkey.
The index.xhtml has been modified to include service.js.
The service.js has been modified to use the new API to define
the search, add, and details fields. Callbacks are used to
add quick links and generate pkey dynamically.
The webui.js has been modified to add the Services tab.
|
| |
|
|
|
|
|
|
| |
The render_call() signature has been modified to pass the entry_attrs
so each callback function can construct the appropriate quick links
using any attributes from the search results.
The callback function has been implemented for user and group entities.
|
| | |
|
| |
|
|
| |
Site looks much better. It is not currently meeting the specs of UXD, but it is a t least presentable.
|
| | |
|
| |
|
|
|
| |
Adding an images subdir was proliferating changes throught the build system
this seemed easier
|
| |
|
|
| |
includes Makfile changes to get images to deploy
|
| |
|
|
| |
Use customized theme and images that is closer to the UX suggested look and feel
|
| |
|
|
| |
URL needs to be relative, not absolute in order for in tree development
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Quick summary:
- use jQuery UI and jQuery BBQ libraries
- code restructuring
The patch has so many changes they can't be listed here. Many parts
of the code have been rewritten from scrach.
See freeipa-devel mailing list:
webUI code restructuring [wall of text, diagrams, ... you've been warned!]
2010-09-07
|
| |
|
|
|
|
|
| |
This should avoid conflicts with any other certs that might be installed
there.
ticket 49
|
| |
|
|
|
|
|
| |
This addresses some problems trying to build on non-Fedora/RHEL
distributions, notably Gentoo and Ubuntu/Debian.
Patch contributed by Ian Kumlien <pomac@vapor.com>
|
| | |
|
| |
|
|
|
|
|
| |
The server installer has this option, the replica installer should have
it too.
ticket 146
|
| |
|
|
|
|
|
|
| |
We used to check for these one at a time so you'd run it once and find
out you're missing the bind package. Install that and run the installer
again and you'd discover you're missing bind-dyndb-ldap.
ticket 140
|
| |
|
|
|
|
|
|
|
|
|
| |
* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema
No SUDO rules are created by default by this patch.
|
| |
|
|
|
|
| |
Now no longer breaks user-find with a filter
Uses the corrected Params for getting option
printf style strings
|
| |
|
|
| |
This reverts commit bef0690a2ff9cccf7de132e5e64b4ba631482764.
|
| |
|
|
| |
Added a whoami option to the user, allows the user to query their own information based on their Kerberos principal
|
| |
|
|
|
|
|
|
|
|
|
| |
Make two krbV imports conditional. These aren't used during a client
install so should cause no problems.
Also fix the client installer to use the new env option in ipautil.run.
We weren't getting the krb5 configuration set in the environment because
we were overriding the environment to set the PATH.
ticket 136
|
| |
|
|
|
|
|
|
| |
Also do the following:
- Remove conflicts on mod_ssl
- Remove a lot of version checking for EOL'd Fedora versions
- Add a few conditionals for rhel6
- Add Requires of nss-tools on ipa-client
|
| |
|
|
|
|
| |
We dropped the schema for ipaContainer so use nsContainer instead.
ticket 121
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The EntityBuilder has been modified to obtain the pkey value by
invoking getPKey(). This function can be overriden for different
entities.
The addOptionsFunction() has been renamed to getOptions() and it
can be overriden for different entities. Each entity that uses this
function has been modified accordingly.
The addEdit(), addAnother(), add_fail() has been moved into the
EntityBuilder class. The global builders is no longer needed because
a reference to the builder object can be obtained via enclosure.
The ServiceForms has been modified to take service name and
hostname and combine them to generate the service principal by
overriding the getPKey().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.
This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.
I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.
ticket 142
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use certmonger to get certificates during installation because
of the chicken-and-egg problem. This means that the IPA web and ldap
certs aren't being tracked for renewal.
This requires some manual changes to the certmonger request files once
tracking has begun because it doesn't store a subject or principal template
when a cert is added via start-tracking.
This also required some changes to the cert command plugin to allow a
host to execute calls against its own service certs.
ticket 67
|
| |
|
|
|
|
|
| |
netgroup->user,group,host,hostgroup
-- Added facets to netgroup
-- added links into lists for associations
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When making LDAP calls via api.Backend.ldap2 the ldap2 object will already
be locked by the api.finalize() call. So the first time that
api.Backend.ldap2.connect() is called an error would be thrown that
self.schema cannot be set because the object is ReadOnly. This uses the
documented procedure for working around this lock.
This was preventing the DNS installation to proceed.
ticket #188
|
| |
|
|
|
| |
adds the Service tab: search, details, add, associations
It also contains the sample data for some service operations
|
| |
|
|
| |
ticket 138
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the user-private group caching code out of the global config and
determine the value the first time it is needed.
Renamed global_init() back to get_schema() and make it take an optional
connection. This solves the problem of being able to do all operations
with a simple bind instead of GSSAPI.
Moved the global get_syntax() into a class method so that a schema
can be passed in.
If a schema wasn't loaded during the module import then it is loaded
when the connection is created (so we have the credntials needed for
binding).
ticket 63
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
-Refactored the associations code into a set of objects that are configured by the entities
-Added support for associations that can be done in a single rpc
-hostgroup to host and group to user associations working
-Restructed sampledata so that the file is matched automatically by the RPC method name
-The new ipa_cmd/sampledata scheme insists on there being sample data for any commands or the ipa_command fails.
-Added sampledata files for all the calls we make
-renamed several of the sampledata files to match their rpc calls
-Started a pattern of refactoring where all the forms for the entity fall under a single object
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fedora 14 introduced the following incompatiblities:
- the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin
- the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6
Also, when moving the installed host service principals:
- don't assume that krbticketflags is set
- allow multiple values for krbextradata
ticket 155
|
| |
|
|
|
|
|
|
|
|
|
| |
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.
This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.
ticket 156
|
| |\ |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
Correction for previous comit. 'group' not group.
|
| | |
| |
| |
| | |
Enroll was broken due to the missing obj.
|
| |/ |
|
