summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* DNSSEC: add ipapk11helper moduleMartin Basti2014-10-218-1/+2306
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: schemaMartin Basti2014-10-215-4/+62
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: dependenciesMartin Basti2014-10-211-2/+13
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Add mask, unmask methods for serviceMartin Basti2014-10-212-0/+59
| | | | | | | This patch allows mask and unmask services in IPA Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* spec: Bump SSSD requires to 1.12.2Tomas Babej2014-10-211-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: update combobox input on list clickPetr Vobornik2014-10-211-3/+7
| | | | | | | | Change event of combobox is not triggered when there is only one value. Calling it's handler even for option's 'click' event makes sure that value of input gets always updated. https://fedorahosted.org/freeipa/ticket/4655 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: do not show closed dialogPetr Vobornik2014-10-211-0/+18
| | | | | | | | | | | | | | Fixes issues when dialog is not removed from `IPA.opened_dialogs` registry when dialog.close() is called while the dialog is not shown, i.e., while other dialog is shown. Without it, the dialog is could be incorrectly displayed. New dialog's property `opened` handles whether dialog is intended to be opened. How to test: Add new host with IP address outside of managed reverse zones to get error 4304. https://fedorahosted.org/freeipa/ticket/4656 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* extdom: remove unused dependency to libsss_idmapSumit Bose2014-10-212-5/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* extdom: add support for sss_nss_getorigbyname()Sumit Bose2014-10-212-33/+136
| | | | | | https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
* Change ipaOverrideTarget OID to avoid conflict with DNSSEC featureAlexander Bokovoy2014-10-211-1/+1
|
* Remove ipaContainer, ipaOrderedContainer objectclassMartin Basti2014-10-202-74/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4646 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support idviews in compat treeAlexander Bokovoy2014-10-207-0/+58
| | | | Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Bump 4.2 development version to 4.1.99Tomas Babej2014-10-201-2/+2
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: do not offer ipa users to Default Trust ViewPetr Vobornik2014-10-205-4/+63
| | | | | | https://fedorahosted.org/freeipa/ticket/4616 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: hide (un)apply buttons for Default Trust ViewPetr Vobornik2014-10-201-1/+12
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: hide applied to hosts tab for Default Trust ViewPetr Vobornik2014-10-202-2/+29
| | | | | | | | because applying Default Trust view on hosts is not allowed https://fedorahosted.org/freeipa/ticket/4615 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: change order of idview's facet groupsPetr Vobornik2014-10-201-4/+4
| | | | | | Applied to hosts facet should not be default because, e.g., for Default Trust View it shouldn't be even visible(o use). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: make Evented a part of base IPA.objectPetr Vobornik2014-10-207-22/+15
| | | | | | | 1. All framework objects to use event interface 2. Framework objects can be part of specification objects but they are not deep-cloned as the rest of specification objects - usually it would cause infinite loop. This make easier to add context as a $pre-op object without a need for $pre-op function. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow --force in dnszone-mod and dnsrecord-addPetr Vobornik2014-10-203-5/+71
| | | | | | | | | | Allow to use --force when changing authoritative nameserver address in DNS zone. Same for dnsrecord-add for NS record. https://fedorahosted.org/freeipa/ticket/4573 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Configure IPA OTP Last Token plugin on upgradeNathaniel McCallum2014-10-204-23/+15
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: management of keytab permissionsPetr Vobornik2014-10-205-3/+193
| | | | | | https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Create ipa-otp-counter 389DS pluginNathaniel McCallum2014-10-2011-3/+824
| | | | | | | | | | | | | | | This plugin ensures that all counter/watermark operations are atomic and never decrement. Also, deletion is not permitted. Because this plugin also ensures internal operations behave properly, this also gives ipa-pwd-extop the appropriate behavior for OTP authentication. https://fedorahosted.org/freeipa/ticket/4493 https://fedorahosted.org/freeipa/ticket/4494 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Display token type when viewing tokenNathaniel McCallum2014-10-203-5/+28
| | | | | | | | | When viewing a token from the CLI or UI, the type of the token should be displayed. https://fedorahosted.org/freeipa/ticket/4563 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update contributorsMartin Kosek2014-10-202-28/+68
| | | | | | | | | Add missing developers contributing to project git. Cancel "Past and Occcasional" section and merge the people in the right categories. Update .mailmap so that the Developer list can be easily re-generated. Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* webui: add new iduseroverride fieldsPetr Vobornik2014-10-171-1/+12
| | | | | | | | - add gecos, gidnumber, loginshell, sshkeys fields https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add link to OTP token appPetr Vobornik2014-10-173-1/+11
| | | | | | | | | - display info message which points user to FreeOTP project page - the link or the text can be easily changed by a plugin if needed https://fedorahosted.org/freeipa/ticket/4469 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: error out if appling Default Trust View on hostsPetr Vobornik2014-10-171-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4615 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* tests: management of keytab permissionsPetr Vobornik2014-10-172-0/+730
| | | | | | https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* keytab manipulation permission managementPetr Vobornik2014-10-176-11/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new API: ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR these methods add or remove user or group DNs in `ipaallowedtoperform` attr with `read_keys` and `write_keys` subtypes. service|host-mod|show outputs these attrs only with --all option as: Users allowed to retrieve keytab: user1 Groups allowed to retrieve keytab: group1 Users allowed to create keytab: user1 Groups allowed to create keytab: group1 Adding of object class is implemented as a reusable method since this code is used on many places and most likely will be also used in new features. Older code may be refactored later. https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: fix privileges' memberof during dns installPetr Vobornik2014-10-171-0/+30
| | | | | | | | | | Permissions with member attrs pointing to privileges are created before the privileges. Run memberof plugin task to fix other ends of the relationships. https://fedorahosted.org/freeipa/ticket/4637 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-1716-65/+144
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not fix trust flags in the DS NSS DB in ipa-upgradeconfigJan Cholasta2014-10-171-6/+5
| | | | | | | | | It is necessary to fix trust flags only in the HTTP NSS DB, as it is used as a source in the upload_cacrt update plugin. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfigJan Cholasta2014-10-171-1/+5
| | | | | | | | This fixes upgrade from CA-less to CA-full after IPA upgrade. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove changetype attribute from update pluginMartin Kosek2014-10-171-1/+0
| | | | The attribute addition had no effect, but it should not be there.
* Add ipa-client-install switch --request-cert to request cert for the hostJan Cholasta2014-10-162-12/+97
| | | | | | | | | The certificate is stored in /etc/ipa/nssdb under the nickname "Local IPA host". https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix certmonger.request_certJan Cholasta2014-10-161-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix CA cert validity check for CA-less and external CA installer optionsJan Cholasta2014-10-161-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4612 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove token vendor, model and serial defaultsNathaniel McCallum2014-10-163-13/+7
| | | | | | | | | These defaults are pretty useless and cause more confusion than they are worth. The serial default never worked anyway. And now that we are displaying the token type separately, there is no reason to doubly record these data points. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove token ID from self-service UINathaniel McCallum2014-10-161-6/+2
| | | | | | Also, fix labels to properly use i18n strings for token types. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Raise better error message for permission added to generated treeMartin Kosek2014-10-161-1/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4523 Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-ca-installJan Cholasta2014-10-162-2/+12
| | | | | | | | | The --ca-signing-algorithm option is available in ipa-server-install, make it available in ipa-ca-install as well. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix typo causing certmonger is provided with wrong path to ipa-submit.David Kupka2014-10-161-3/+4
| | | | | | | | | Using strip() instead split() caused that only first character of path was specified. Also using shlex for more robust parsing. https://fedorahosted.org/freeipa/ticket/4624 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix printing of reverse zones in ipa-dns-install.David Kupka2014-10-161-2/+2
| | | | | | | This was forgotten in patch for ticket https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Stop dogtag when updating its configuration in ipa-upgradeconfig.David Kupka2014-10-152-23/+30
| | | | | | | | | Modifying CS.cfg when dogtag is running may (and does) result in corrupting this file. https://fedorahosted.org/freeipa/ticket/4569 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-143-4/+9
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-144-0/+157
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ignore irrelevant subtrees in schema compat pluginLudwig Krispenz2014-10-141-0/+14
| | | | | | | | | | For changes in cn=changelog or o=ipaca the scheam comapat plugin doesn't need to be executed. It saves many internal searches and reduces contribution to lock contention across backens in DS. https://fedorahosted.org/freeipa/ticket/4586 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Set IPA CA for freeipa certificates.David Kupka2014-10-141-1/+5
| | | | | | | | | | In previous versions (before moving certmonger.py to DBus) it was set and some tools and modules depends on it. For example: ipa-getcert uses this to filter freeipa certificates. https://fedorahosted.org/freeipa/ticket/4618 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-136-4/+41
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Require slapi-nis 0.54 or later for ID views supportAlexander Bokovoy2014-10-131-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
generated by cgit (git 2.34.1) at 2024-10-02 05:19:42 +0000