| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
This is so that master and replica creation can perform different operations as
they need slightly diffeent settings to be applied.
|
|
|
|
|
|
| |
replaced expand contract +- with icons
removed background for action buttons and gave them their own class
Major css cleanup
|
|
|
|
|
|
|
|
|
| |
The '+' and '-' signs before the section headers in details facet
are now enclosed in square brackets. The section content is now
hidden/shown using slideToggle().
The ipa_details_create() and ipa_details_setup() have been moved
into ipa_details_facet.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SUDO rule details facet has been updated to support the latest UI
spec. The facet consists of 5 sections: general, users, hosts, commands,
and run-as.
The general section contains the SUDO rule description and status. If
the status is changed, the sudorule-enable/disable will be invoked.
The other sections contain radio buttons for the association category
and tables for the members. When a member is added or removed, the
category will be adjusted appropriately. If the category is changed to
'all', 'allow', or 'deny', all members will be removed.
The last section is currently not working because backend support is
not yet available.
The adder dialog boxes for users, groups, and hosts has been modified
to accept external identities. The layout for the base adder dialog
was updated. The base dialog class was updated to support templates.
The SUDO dialog boxes were implemented using templates. New CSS
classes were added to ipa.css.
The HBAC rule details facet has been updated as well.
|
|
|
|
| |
ticket 604
|
|
|
|
| |
ticket 539
|
|
|
|
|
|
|
| |
Also move down some dsinstance related operation close to other dsinstance
operations.
Fixes: https://fedorahosted.org/freeipa/ticket/595
|
| |
|
| |
|
|
|
|
| |
URL was always ipa/json. This means nothing to the end user.
|
|
|
|
|
| |
Search filters generated from attributes with multiple values
were incorrect when the NOT operator was used (ldap.MATCH_NONE).
|
|
|
|
|
|
|
|
|
| |
This is just a thin wrapper around the aci plugin, controlling what
types of ACIs can be added.
Right now only ACIs in the basedn can be managed with this plugin.
ticket 531
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/570 This patch Addresses items: 1. The UI needs a rule status with values active & inactive. The CLI doesn't have this attribute. HBAC has ipaenabledflag attribute which can be managed using hbac-enable/disable operations. 2. The UI needs a user category for the "Who" section. The CLI doesn't have this attribute. HBAC has usercategory attribute which can be managed using hbac-add/mod operations. 3. The UI needs a host category for the "Access this host" section. The CLI doesn't have this attribute. HBAC has hostcategory attribute which can be managed using hbac-add/mod operations.
|
|
|
|
|
|
| |
Also add fixes for ipa-replica-install as that had issues too.
Fixes: https://fedorahosted.org/freeipa/ticket/527
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The entity.default_facet has been removed, instead the first facet
registered to the entity will be considered as the default facet.
So, the 'setup' parameter has been removed from tab definitions
because it's no longer necessary. The ipa_details_only_setup() has
been removed as well.
An 'entity' parameter has been added to tab definitions to specify
which entity corresponds to a tab item. The tab label has been
changed to use entity label if available.
Some hard-coded labels have been removed. The unit tests have been
updated.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/580
|
|
|
|
| |
Ticket #573
|
|
|
|
| |
ticket 496
|
|
|
|
| |
more general, so that we don't have to hard code for SUDO and HBAC, and now to support ACI
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/455
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds new options to the migration plugin:
* the option to fine-tune the objectclass of users or groups being imported
* the option to select the LDAP schema (RFC2307 or RFC2307bis)
Also makes the logic that decides whether an entry is a nested group or user
(for RFC2307bis) smarter by looking at the DNS. Does not hardcode primary keys
for migrated entries.
https://fedorahosted.org/freeipa/ticket/429
|
|
|
|
|
|
|
| |
Instead of allocating a completely random start between 1M and 2G and a range
of 1M values, give 10000 possible 200k ranges. They all start at a 200k
boundary so they generate more readable IDs, at least until there arent't too
many users/replicas involved.
|
|
|
|
|
|
|
|
|
|
| |
The ipa_add_dialog has been fixed to initialize the fields which
will get the labels from metadata. Hard-coded labels have been
removed from field declarations.
The superior() method has been removed because it doesn't work with
multi-level inheritance. Superclass method for now is called using
<class name>_<method> (e.g. widget_init).
|
|
|
|
|
| |
The association facet for SUDO Command Groups has been removed and
replaced with an association table in the details page.
|
|
|
|
|
|
|
|
|
|
| |
The ipa_column has been modified to get the label from metadata
during initialization. The ipa_table_widget has been modified to
initialize the columns. Hard-coded labels have been removed from
column declarations.
The ipa_adder_dialog has been modified to execute a search at the
end of setup.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The association facet for HBAC Service Groups has been removed
and replaced with an association table in the details page.
The ipa_association_table_widget has been modified to support
multiple columns in the table itself and in the adder dialog.
The ipa_association_adder_dialog and ipa_association_facet have
been refactored.
The ipa_sudorule_association_widget and ipa_rule_association_widget
has been removed because their functionalities have been merged into
ipa_association_table_widget.
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the user,group,host, hostgroup, netgroup, service, and all policy
entities to use the newer framework functions, in order to
replaced the old array style definitions which did not support i18n.
update a few of the newer framerwork functions to get the lables from the
meta data.
Fixed the unit tests which were expecting a details facet for users,
no longer automatically created
|
| |
|
|
|
|
| |
ticket 310
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes search where we were asking for the member attribute 10 or more
times.
When retrieving indirect members make sure we always pass around the
size and time limits so we don't have to look it up with every call to
find_entries()
ticket 557
|
|
|
|
| |
ticket 545
|
|
|
|
|
|
|
|
| |
When setting default group, we should check if the group exists.
If not, it could lead to some issues with adding new users after
the new default group is set.
https://fedorahosted.org/freeipa/ticket/504
|
|
|
|
|
|
|
|
|
| |
After calling ipa config --defaultgroup=xxx with nonexistent group xxx,
the result will be that no new user can be added. The operation will
always fail in the middle because it is not possible to add the new user
to desired default group.
https://bugzilla.redhat.com/show_bug.cgi?id=654117#c4
|
|
|
|
| |
ticket 561
|
|
|
|
| |
ticket 523
|
|
|
|
|
|
|
| |
Also include flag indicating whether the object is bindable. This will
be used to determine if the object can have a selfservice ACI.
ticket 446
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The create_association_facets() has been modified such that it
does not generate duplicate links. This is done by assigning the
proper labels and hiding non-assignable associations.
Each association will get a label based on the attribute used:
- memberof: Membership in <entity name>
- member.*: <entity name> Members
- managedby: Managed by <entity name>
The following associations will be hidden:
- memberindirect
- enrolledby
The internal.py was modified to return localized labels.
The test data has been updated.
|
|
|
|
|
| |
The interface for access time has been removed from HBAC details
page. The code has been commented out, but not removed.
|
|
|
|
| |
attribute permissions and all other benefits of building on the baseldap plugin
|
|
|
|
|
|
|
| |
Some fields were missing from user object, this change adds them
along with their l10n
https://fedorahosted.org/freeipa/ticket/305
|
|
|
|
|
| |
The Find, Add, and Remove buttons in the enrollment dialog have
been replaced with ipa_buttons.
|
| |
|
|
|
|
|
|
|
| |
Prompt for creation of reverse zone, with the default for unattended
installations being False.
https://fedorahosted.org/freeipa/ticket/418
|
|
|
|
|
|
|
|
|
|
|
| |
Passwords didn't have internationalizable labels.
Exceptions that occured during required input weren't printed as unicode
so weren't being translated properly.
Don't use output_for_cli() directly in the passwd plugin, use output.Output.
ticket 352
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
re-based got pushed for some reason.
Use better description for group names in help and always prompt for members
When running <foo>-[add|remove]-member completely interactively it didn't
prompt for managing membership, it just reported that 0 members were
handled which was rather confusing.
This will work via a shell if you want to echo too:
$ echo "" | ipa group-add-member g1
This returns 0 members because nothing is read for users or group members.
$ echo -e "g1\nadmin\n" | ipa group-add-member
This adds the user admin to the group g1. It adds it as a user because
user membership is prompted for first.
ticket 415
|
|
|
|
| |
ticket 420
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running <foo>-[add|remove]-member completely interactively it didn't
prompt for managing membership, it just reported that 0 members were
handled which was rather confusing.
This will work via a shell if you want to echo too:
$ echo "" | ipa group-add-member g1
This returns 0 members because nothing is read for users or group members.
$ echo -e "g1\nadmin\n" | ipa group-add-member
This adds the user admin to the group g1. It adds it as a user because
user membership is prompted for first.
ticket 415
|
|
|
|
|
|
|
|
| |
Some attributes weren't included in the output of hbac-show command.
This patch fixes it.
https://fedorahosted.org/freeipa/ticket/494
https://fedorahosted.org/freeipa/ticket/495
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/555
|