| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
http://fedorahosted.org/freeipa/ticket/1605
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1605
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1605
|
| |
|
|
|
|
|
|
|
| |
Refactor FreeIPA code to allow abstracting all calls to external processes and
dependencies on modification of system-wide configuration. A platform provider
would give its own implementation of those methods and FreeIPA would use it
based on what's built in packaging process.
https://fedorahosted.org/freeipa/ticket/1605
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The optional uid field in user's adder dialog did not appear when
the link is clicked to show the field. This is a regression introduced
in the patch for ticket #1648.
The click handler for the link field has been moved into a new closure
so that the variables point to the correct elements.
Note: the duplicate code in IPA.details_table_section.create() and
IPA.dialog.create() will be addressed separately in ticket #1394.
|
| |
|
|
| |
Fixes https://fedorahosted.org/freeipa/ticket/1740
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1741
HBAC rules address PAM services, thus service names should correspond to proper PAM names.
|
| |
|
|
|
|
| |
Setting a password invalidates the existing keytab
https://fedorahosted.org/freeipa/ticket/1719
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1640
On the HBAC Rules page, where the rules are listed, if no rule is selected, the "Delete" button is not enabled, and cannot be clicked on.
But edit a Rule, and Delete button is enabled in the available sections - regardless of, if an object is selected to be deleted or not, or even if there is no object to be selected to delete.
One can click on this button...but then - there is no message indicating that something should be selected for deletion for this button to do anything.
Notes:
* fixed association_table_widget and association_facet
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The adder dialog for the user and host tables in sudo rule details
page have been fixed to use --not-in-sudorules to avoid showing
entries that are already added into the rule either directly or
indirectly via groups.
This does not apply to the command and run-as tables because they
do not support such option.
Ticket #1768
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In order to maintain consistent layout between details page and dialog
boxes the IPA.details_list_section has been replaced with
IPA.details_table_section which is based on table.
The IPA.target_section and other subclasses of IPA.details_list_section
have been converted to use IPA.details_table_section as well.
The unit tests have been updated accordingly.
Ticket #1648
|
| |
|
|
|
|
|
|
| |
This is a soft dependency, min nvr version will only be required
when bind/bind-dyndb-ldap are installed.
https://fedorahosted.org/freeipa/ticket/1121
https://fedorahosted.org/freeipa/ticket/1573
|
| |
|
|
|
| |
The unit test for IPA.entity_select_widget has been fixed to check
the options after loading the record.
|
| |
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1767
Opening IPA Server/Entitlements causes: "Uncaught TypeError: Cannot call method 'addClass' of undefined" error - Details.js:489
Introduced by patch for #1697
Cause: Details facet of entitlements doesn't contain Reset and Update buttons
|
| |
|
|
|
|
| |
Fix "The the" and "classses" in FreeIPA code and messages.
https://fedorahosted.org/freeipa/ticket/1480
|
| |
|
|
|
|
| |
Remove executable bit added by /usr/bin/signtool
https://fedorahosted.org/freeipa/ticket/1644
|
| |
|
|
|
|
|
|
| |
Fix permissions for (configuration) files produced by
ipa-server-install or ipa-client-install. This patch is needed
when root has a umask preventing files from being world readable.
https://fedorahosted.org/freeipa/ticket/1644
|
| |
|
|
|
|
| |
Make it clear in man pages that ipa-join -u does not remove keytab.
https://fedorahosted.org/freeipa/ticket/1317
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are too many options in ipa-*-install scripts which makes it
difficult to read. This patch adds subsections to install script
online help and man pages to improve readability. No option has
been changed.
To further improve man pages:
1) All man pages were changed to have the same header and top-center
title to provide united look.
2) Few typos in man pages have been fixed
https://fedorahosted.org/freeipa/ticket/1687
|
| |
|
|
| |
rtag was set but never checked which resulted in a compilation warning
|
| | |
|
| |
|
|
|
|
|
| |
The IPA.combobox_widget has been temporarily fixed to support automation
using Sahi.
Ticket #1754
|
| |
|
|
|
|
|
|
| |
Due to a recent change, all dialog boxes are now reset initially. The
IPA.target_section has been modified to show the default target (i.e.
filter) and the fields properly when reset.
Ticket #1748
|
| |
|
|
|
|
|
| |
The hard-coded label in IPA.facet has been moved into internal.py to
allow translation.
Ticket #1701
|
| |
|
|
|
|
|
|
|
| |
We need to check all Kerberos ports both TCP and UDP transports.
Since we have the PKI proxy configuration all communication with the CA happens
on the standard 80/443 ports so we need to check them always.
We do not need to leave the old CA ports open. These ports are still used
locally but not over the network.
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1739
The attributes table (IPA.attributes_widget) used in Permissions, Self-Service Permissions, and Delegations is supposed to be short but scrollable. In Firefox 3.6 it works fine, but in Firefox 6.0 it appears as a long non-scrollable table which makes it more difficult to use.
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1576
|
| |
|
|
|
|
| |
We were still using the caRAserverCert profile during installation.
https://fedorahosted.org/freeipa/ticket/1744
|
| |
|
|
|
|
|
| |
The entity select widget has been modified to handle timing issue
in both dialog box and details page.
Ticket #1736
|
| |
|
|
|
|
|
|
| |
The memberof_netgroup association facet for hostgroup has been
explicitly defined to use the serial associator so it will invoke
the right methods.
Ticket #1737
|
| |
|
|
|
|
|
|
|
|
|
| |
Some hard-coded messages in ipa.js have been moved into internal.py.
The messages in internal.py have been rearranged to match the output
(ipa_init.json).
A new method IPA.get_message() has been added to take a message ID and
return the translated message or a default message if not found.
Ticket #1701
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrate new bind-dyndb-ldap features to automatically track
DNS data changes:
1) Zone refresh
Set --zone-refresh in installation to define number of seconds
between bind-dyndb-ldap polls for new DNS zones. User now
doesn't have to restart name server when a new zone is added.
2) New zone notifications
Use LDAP persistent search mechanism to immediately get
notification when any new DNS zone is added. Use --zone-notif
install option to enable. This option is mutually exclusive
with Zone refresh.
To enable this functionality in existing IPA installations,
update a list of arguments for bind-dyndb-ldap in /etc/named.conf.
An example when zone refresh is disabled and DNS data change
notifications (argument psearch of bind-dyndb-ldap) are enabled:
dynamic-db "ipa" {
...
arg "zone_refresh 0";
arg "psearch yes";
};
This patch requires bind-dyndb-ldap-1.0.0-0.1.b1 or later.
https://fedorahosted.org/freeipa/ticket/826
|
| |
|
|
|
|
|
| |
By design these managed netgroups are not supposed to show unless you
specifically want to see them.
https://fedorahosted.org/freeipa/ticket/1738
|
| |
|
|
| |
Related to https://fedorahosted.org/freeipa/ticket/1272
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added new container in etc to hold the automembership configs.
Modified constants to point to the new container
Modified dsinstance to create the container
Created automember.py to add the new commands
Added xmlrpc test to verify functionality
Added minor fix to user.py for constant behavior between memberof
and automember
https://fedorahosted.org/freeipa/ticket/1272
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1697
Original problem:
WEBUI: Update automount location refer to unknown command
Update name of the automount location (Policy -> Automount ->
custom_location -> Settings -> Update) in the WEBUI refer to an unknown command.
Solution:
Tracking dirty state in field -> section -> details facet.
'Reset' and 'Updates' in details facet are enabled only if facet is dirty.
Removes the problem above and 'no modification to be performed' annoyance.
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1563
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Add sudorule docstring headline
2) Fix naming inconsistency in Sudo plugins help and summaries,
especially capitalization of Sudo objects - Sudo Rule, Sudo
Command and Sudo Command Group
3) Add missing summaries for sudorule-add-option and
sudorule-remove-option. To keep backward compatibility with
older clients, just print the missing summary with
output_for_cli(), don't expand Output.
https://fedorahosted.org/freeipa/ticket/1595
https://fedorahosted.org/freeipa/ticket/1596
|
| |
|
|
|
|
|
| |
The DNS zone widget for host adder dialog has been modified not to
provide an empty option, so it will show the first available zone.
Ticket #1685
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the client installer fails for some reason and --force was not used
then roll back the configuration.
This is needed because we touch /etc/sysconfig/network early in the
configuration and if it fails due to any number of issues (mostly related
to authentication) it will not be reset. We may as well run through the
entire uninstall process to be sure the system has been reset.
https://fedorahosted.org/freeipa/ticket/1704
|
| |
|
|
|
|
|
|
| |
When adding/removing source hosts if the host isn't found in IPA it is
considered external. The attribute externalhost is used to store
external hosts.
ticket https://fedorahosted.org/freeipa/ticket/1574
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dogtag is going to be proxied through httpd. To make this work, it has to support renegotiation of the SSL
connection. This patch enables renegotiate in the nss configuration file during during apache configuration,
as well as modifies libnss to set the appropriate optins on the ssl connection in order to renegotiate.
The IPA install uses the internal ports instead of proxying through
httpd since httpd is not set up yet.
IPA needs to Request the certificate through a port that uses authentication. On the Dogtag side, they provide an additional mapping for this: /ca/eeca/ca as opposed tp /ca/ee/ca just for this purpose.
https://fedorahosted.org/freeipa/ticket/1334
add flag to pkicreate in order to enable using proxy.
add the proxy file in /etc/http/conf.d/
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The installer and ipactl used two different methods to determine
whether IPA was configured, unify them.
When uninstalling report any thing that looks suspicious and warn
that a re-install may fail. This includes any remaining 389-ds instances
and any state or files that remains after all the module uninstallers
are complete.
Add wrappers for removing files and directories to log failures.
https://fedorahosted.org/freeipa/ticket/1715
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1686
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1689
Currently adding or deleting sudo options will refresh the entire page. It's not a problem but the code could be optimized to refresh only the sudo options table
|
| |
|
|
|
|
|
|
|
| |
Do not forget to add new line in updated /etc/sysconfig/network
configuration. Move the actual change of the hostname after the
user confirmation about proceeding with installation. It confused
users when the hostname change occurred before this prompt.
https://fedorahosted.org/freeipa/ticket/1724
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we perform an upgrade 389-ds is set to listen only on its
ldapi port. Theoretically it should be restored to the previous
state regardless of whether the upgrades were successful or not.
To be sure that a subsequent re-install will be successful go ahead
and remove the state for these options. Think of it as wearing a
belt and suspenders. Otherwise a re-install could return an error
message that IPA is already configured.
https://fedorahosted.org/freeipa/ticket/1667
|
| |
|
|
|
|
|
| |
We were orphaning a few files/directories when uninstalling 389-instances
both for IPA and dogtag. This should remove everything but the logs.
ticket https://fedorahosted.org/freeipa/ticket/1700
|
| |
|
|
|
|
| |
This prevents broken DNS from causing enrollment problems.
https://fedorahosted.org/freeipa/ticket/1693
|
| |
|
|
|
|
|
| |
The host details page has been modified to update the keytab status
based on the data returned by the host-mod command for setting OTP.
Ticket #1710
|
