| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
| |
user assocaitions had been removed. This adds them back in.
|
|
|
|
|
|
|
|
|
|
|
|
| |
TAKE 1
- Enrollement links in the action panel are now sorted by relationships.
- You can only enroll members.
(The webUI made the impression you can enroll parents as well, but it was
broken.)
- When enrolling new members, you can choose not to display already enrolled
ones. (On by default.)
- Couple cosmetic changes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is required for effective filtering of enrollments search
results in the webUI and also gives an edge to the CLI.
After this patch, each LDAPObject can define its relationships
to other LDAPObjects. For now, this is used only for filtering
search results by enrollments, but there are probably more
benefits to come.
You can do this for example:
# search for all users not enrolled in group admins
ipa user-find --not-in-groups=admins
# search for all groups not enrolled in group global with user Pavel
ipa group-find --users=Pavel --not-in-groups=global
# more examples:
ipa group-find --users=Pavel,Jakub --no-users=Honza
ipa hostgroup-find --hosts=webui.pzuna
|
|
|
|
|
|
|
|
|
|
| |
To support group-based account disablement we created a Class of Service
where group membership controlled whether an account was active or not.
Since we aren't doing group-based account locking drop that and use
nsaccountlock directly.
ticket 568
|
|
|
|
|
|
|
| |
This will prevent certmonger failures. On very minimal installs it seems
that messagebus is not always started.
ticket 528
|
|
|
|
|
|
| |
For some reason it was inheriting LDAPCreate.options...
ticket 652
|
|
|
|
| |
ticket 578
|
|
|
|
| |
Fix #685
|
|
|
|
|
|
| |
Don't close the dialog if the add fails and the user clickes
add and edit
fixes. https://fedorahosted.org/freeipa/ticket/663
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/653
|
|
|
|
| |
Change the label for the account status field IAW https://fedorahosted.org/freeipa/ticket/677
|
|
|
|
|
|
| |
This field does not exist
https://fedorahosted.org/freeipa/ticket/677
|
|
|
|
| |
The way we store the user object returned from user-find --whoami changed, and this code was not updated
|
|
|
|
| |
since automount is not yet implemented, remove it from the menu
|
| |
|
|
|
|
|
|
| |
The filter field on aci add is hidden, and prefilled with an object class that doesn't exist.
Fixed the error where the other fields were removed
|
| |
|
|
|
|
| |
Ticket #436
|
|
|
|
| |
ticket 638
|
| |
|
| |
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/627
|
|
|
|
|
|
|
| |
Currently the code depends on using a password to create replication
agreements. so this patch forces the request of the dirmgr password until we
can fix the internal issues that prevent using the amdin user with SASL/GSSAPI
to create replication agreements.
|
|
|
|
|
|
|
|
| |
The previous code was removing only one agreement, leaving all other in place.
This would leave dangling replication agreements once the replica is
uninstalled.
Fixes: https://fedorahosted.org/freeipa/ticket/624
|
| |
|
|
|
|
| |
is a one liner to fix.
|
|
|
|
|
|
|
|
| |
These commands can now be run exclusively o the replica that needs to be
resynced or reinitialized and the --from command must be used to tell from
which other replica it can will pull data.
Fixes: https://fedorahosted.org/freeipa/ticket/626
|
|
|
|
|
|
|
|
|
| |
Part of this fix requires also giving proper permission to change the
replication agreements root.
While there also fix replica-related permissions to have the classic
add/modify/remove triplet of permissions.
Fixes: https://fedorahosted.org/freeipa/ticket/630
|
|
|
|
|
|
|
| |
if ipa-replica-manage list is given a master name as argument then the tool
has the old behavior of listing that specific master replication agreements
Fixes: https://fedorahosted.org/freeipa/ticket/625
|
|
|
|
|
|
| |
This change also improves command syntax parsing
Fixes: https://fedorahosted.org/freeipa/ticket/623
|
|
|
|
|
|
|
|
| |
Can remove replication agreements between 2 replicas as long as it is
not the last agreement (except for Ad replication agreements, which can
always be removed).
Fixes: https://fedorahosted.org/freeipa/ticket/551
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/550
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/617
|
|
|
|
| |
Fixes the delegation add dialog
|
|
|
|
|
|
|
|
|
|
|
|
| |
The metadata contains a list of possible attributes that an ACI for that
object might need. Add a new variable to hold possible objectclasses for
optional elements (like posixGroup for groups).
To make the list easier to handle sort it and make it all lower-case.
Fix a couple of missed camel-case attributes in the default ACI list.
ticket 641
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Print the attribute CLI name instead of its 'real' name.
The real name is usually the name of the corresponding LDAP
attribute, which is confusing to the user.
This way we get:
Invalid 'login': blablabla
instead of:
Invalid 'uid': blablabla
Another example:
Invalid 'hostname': blablabla
instead of:
Invalid 'fqdn': blablabla
Ticket #435
|
|
|
|
|
|
|
| |
Field idnszoneactive is marked as optional, because it is set to true by
default (see class dnszone_add).
https://fedorahosted.org/freeipa/ticket/601
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/570
|
|
|
|
| |
the memberHost attribute is not also a mepOriginEntry, proceed as before - if a hostgroup named by the memberHost attribute is also a mepOriginEntry, read its "cn" attribute, prepend a "+" to it, and call it done
|
|
|
|
| |
don't bother looking for members of netgroups by looking for entries which list "memberOf: $netgroup" -- the netgroup should list them as "member" values - use newer slapi-nis functionality to produce cn=sudoers - drop the real cn=sudoers container to make room for the compat container
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/640
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements the role, privilege, permission, delegation and selfservice entities ui.
Targetgroup has been added to the object types.
The groups lists need to be filter. The filter is currently hidden, with a
hyperlink that reads 'filter' to unhide it. Each keystroke in this filter
performs an AJAX request to the server.
There are bugs on the server side that block some of the functionality from
completing
Creating a Permission requires one of 4 target types. The add dialog in this
version assumes the user will want to create a filter type. They can change
this on the edit page.
Most search results come back with the values as arrays, but ACIs seem not to.
Search and details both required special code to handle non-arrays.
The unit tests now make use of the 'module' aspect of QUnit. This means that
future unit test will also need to specify the module. The advantage is that
multiple tests can share a common setup and teardown.
Bugs that need to be fixed before this works 100% are
https://fedorahosted.org/freeipa/ticket/634
https://fedorahosted.org/freeipa/ticket/633
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The changes include:
* Change license blobs in source files to mention GPLv3+ not GPLv2 only
* Add GPLv3+ license text
* Package COPYING not LICENSE as the license blobs (even the old ones)
mention COPYING specifically, it is also more common, I think
https://fedorahosted.org/freeipa/ticket/239
|
|
|
|
|
|
| |
Drop filter from the output, it is superfluous.
ticket 634
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDAPSearch base class has now the ability to generate additional
options for objects with member attributes. These options are
used to filter search results - search only for objects without
the specified members.
Example:
ipa group-find --no-users=admin
Only direct members are taken into account.
Ticket #288
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/397
|
| |
|