summaryrefslogtreecommitdiffstats
path: root/API.txt
Commit message (Collapse)AuthorAgeFilesLines
* Add plugin to manage service constraint delegationsRob Crittenden2015-06-031-0/+153
| | | | | | | | | | Service Constraints are the delegation model used by ipa-kdb to grant service A to obtain a TGT for a user against service B. https://fedorahosted.org/freeipa/ticket/3644 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Support multiple host and service certificatesFraser Tweedale2015-06-021-5/+5
| | | | | | | | | | | | | | | | | | | | | | Update the framework to support multiple host and service certificates. host-mod and service-mod revoke existing certificates that are not included in the modified entry. Using addattr=certificate=... will result in no certificates being revoked. The existing behaviour of host-disable, host-del, service-disable and service-del (revoke existing certificate) is preserved but now applies to all certificates in the host or service entry. Also update host-show and service-show to write all the principal's certificates to the file given by the ``--out=FILE`` option. Part of: http://www.freeipa.org/page/V4/User_Certificates https://fedorahosted.org/freeipa/ticket/4238 Reviewed-By: Martin Basti <mbasti@redhat.com>
* server-find and server-show commandsPetr Vobornik2015-05-261-0/+27
| | | | | | | | | | | ipa server-find ipa server-show FQDN These commands display a list of IPA servers stored in cn=masters,cn=ipa,cn=etc,$SUFFIX https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add Domain Level featureTomas Babej2015-05-261-0/+9
| | | | | | | https://fedorahosted.org/freeipa/ticket/5018 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Added vault plugin.Endi S. Dewata2015-05-251-0/+74
| | | | | | | | | A new plugin has been added to manage vaults. Test scripts have also been added to verify the functionality. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* User life cycle: Stage user Administrators permission/priviledgeThierry Bordaz2015-05-181-3/+9
| | | | | | | | Creation of stage user administrator https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: support of user-undelThierry Bordaz2015-05-181-0/+7
| | | | | | | | | add user plugin commands : user-undel user-undel: moves a user from delete container to the active container https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: user-find support finding delete usersThierry Bordaz2015-05-181-1/+2
| | | | | | | | | change user plugin commands : user-find user-find support of --preserved option to show preserved (aka deleted) users https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: user-del supports --permanently, --preserve options and ↵Thierry Bordaz2015-05-181-1/+3
| | | | | | | | | | | | | ability to delete deleted user change user plugin commands : user-del - --permanently: deletes permanently an Active user (DEL) - --preserve: move an Active user to Delete user (MODRDN) - allows to delete Active user and Delete user https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: new stageuser commands activateThierry Bordaz2015-05-181-0/+10
| | | | | | | | | Add plugin commands to stageuser plugin: stageuser_activate: activate entries created by IPA CLIs https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* User life cycle: new stageuser commands del/mod/find/showThierry Bordaz2015-05-181-0/+128
| | | | | | | | | | | | Add plugin commands to stageuser plugin: stageuser_del stageuser_mod stageuser_find stageuser_show https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>
* migrate-ds: skip default group optionPetr Vobornik2015-05-121-1/+2
| | | | | | | | | | | | | New option --use-default-group=False could be used to disable adding of migrated users into default group. By default, the default group is no longer POSIX therefore it doesn't fulfill the original idea of providing GID and therefore it could be skipped during migration. https://fedorahosted.org/freeipa/ticket/4950 Reviewed-By: Martin Basti <mbasti@redhat.com>
* User life cycle: stageuser-add verbThierry bordaz (tbordaz)2015-04-081-0/+49
| | | | | | | | | | | | | | | Add a accounts plugin (accounts class) that defines variables and methods common to 'users' and 'stageuser'. accounts is a superclass of users/stageuser Add the stageuser plugin, with support of stageuser-add verb. Reviewed By: David Kupka, Martin Basti, Jan Cholasta https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNS: remove NSEC3PARAM from recordsMartin Basti2015-03-091-8/+4
| | | | | | | | NSEC3PARAM is configurable only from zone commands. This patch removes this record type from DNS records. Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* permission-add does not prompt for ipapermright in interactive modeGabe2015-02-161-1/+1
| | | | | | | | | - Add flag "ask_create" to ipalib/plugins/permission.py - Bump API version https://fedorahosted.org/freeipa/ticket/4872 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Expose the disabled User Auth TypeNathaniel McCallum2015-02-121-1/+1
| | | | | | | | | Additionally, fix a small bug in ipa-kdb so that the disabled User Auth Type is properly handled. https://fedorahosted.org/freeipa/ticket/4720 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* hosts: Display assigned ID view by default in host-find and show commandsTomas Babej2014-12-051-3/+3
| | | | | | | | | | Makes ipaassignedidview a default attribute and takes care about the conversion from the DN to the proper ID view name. https://fedorahosted.org/freeipa/ticket/4774 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make token auth and sync windows configurableNathaniel McCallum2014-12-051-0/+25
| | | | | | | | | | | This introduces two new CLI commands: * otpconfig-show * otpconfig-mod https://fedorahosted.org/freeipa/ticket/4511 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* add --hosts and --hostgroup options to allow/retrieve keytab methodsPetr Vobornik2014-12-031-8/+24
| | | | | | | | | | | | | | | | | | `--hosts` and `--hostgroup` options added to: * service-allow-create-keytab * service-allow-retrieve-keytab * service-disallow-create-keytab * service-disallow-retrieve-keytab * host-allow-create-keytab * host-allow-retrieve-keytab * host-disallow-create-keytab * host-disallow-retrieve-keytab in order to allow hosts to retrieve keytab of their services or related hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval design page https://fedorahosted.org/freeipa/ticket/4777 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable QR code display by default in otptoken-addNathaniel McCallum2014-11-191-1/+2
| | | | | | | | | | This is possible because python-qrcode's output now fits in a standard terminal. Also, update ipa-otp-import and otptoken-add-yubikey to disable QR code output as it doesn't make sense in these contexts. https://fedorahosted.org/freeipa/ticket/4703 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Display token type when viewing tokenNathaniel McCallum2014-10-201-2/+2
| | | | | | | | | When viewing a token from the CLI or UI, the type of the token should be displayed. https://fedorahosted.org/freeipa/ticket/4563 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* keytab manipulation permission managementPetr Vobornik2014-10-171-0/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new API: ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR these methods add or remove user or group DNs in `ipaallowedtoperform` attr with `read_keys` and `write_keys` subtypes. service|host-mod|show outputs these attrs only with --all option as: Users allowed to retrieve keytab: user1 Groups allowed to retrieve keytab: group1 Users allowed to create keytab: user1 Groups allowed to create keytab: group1 Adding of object class is implemented as a reusable method since this code is used on many places and most likely will be also used in new features. Older code may be refactored later. https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-171-0/+6
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove token vendor, model and serial defaultsNathaniel McCallum2014-10-161-5/+5
| | | | | | | | | These defaults are pretty useless and cause more confusion than they are worth. The serial default never worked anyway. And now that we are displaying the token type separately, there is no reason to doubly record these data points. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow override of gecos field in ID viewsAlexander Bokovoy2014-10-131-3/+6
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify GID of the userAlexander Bokovoy2014-10-131-3/+6
| | | | | | Resolves https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify SSH public keysAlexander Bokovoy2014-10-131-2/+4
| | | | | | | | | | | | | Overrides for users can have SSH public keys. This, however, will not enable SSH public keys from overrides to be actually used until SSSD gets fixed to pull them in. SSSD ticket for SSH public keys in overrides: https://fedorahosted.org/sssd/ticket/2454 Resolves https://fedorahosted.org/freeipa/ticket/4509 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Support overridding user shell in ID viewsAlexander Bokovoy2014-10-131-3/+6
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* idviews: Make description optional for the ID View objectTomas Babej2014-09-301-2/+2
| | | | | | | | | | Description of any object should not be required. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaOriginalUidTomas Babej2014-09-301-3/+6
| | | | | | | | | | | For slapi-nis plugin, we need to cache the original uid value of the user in the override object. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Split the idoverride commands into iduseroverride and idgroupoverrideTomas Babej2014-09-301-12/+77
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Extend idview-show command to display assigned idoverrides and hostsTomas Babej2014-09-301-1/+2
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipa idview-apply and idview-unapply commandsTomas Babej2014-09-301-0/+19
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Create basic idview plugin structureTomas Babej2014-09-301-0/+140
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaAssignedIDVIew reference to the host objectTomas Babej2014-09-301-3/+6
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Do not require description in UI.David Kupka2014-09-291-7/+7
| | | | | | | | | Description attribute is not required in LDAP schema so there is no reason to require it in UI. Modified tests to reflect this change. https://fedorahosted.org/freeipa/ticket/4387 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNS: autofill admin emailMartin Basti2014-09-251-3/+3
| | | | | | | | | Admins email (SOA RNAME) is autofilled with value 'hostmaster'. Bind will automaticaly append zone part. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Deprecation of --name-server and --ip-address option in DNSMartin Basti2014-09-251-3/+3
| | | | | | | | | | | | | Option --name-server is changing only SOA MNAME, this option has no more effect to NS records Option --ip-addres is just ignored A warning message is sent after use these options Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib: host_del: Extend LDAPDelete's takes_options instead of overridingTomas Babej2014-09-171-1/+2
| | | | | | | | | | | The host-del command did not accept --continue option, since the takes_options was overriden and did not take the options from LDAPDelete. Fix the behaviour. https://fedorahosted.org/freeipa/ticket/4473 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Support delegating RBAC roles to service principalsPetr Viktorin2014-08-211-2/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/3164 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update API.txtPetr Viktorin2014-07-281-2/+2
| | | | Additional fix for https://fedorahosted.org/freeipa/ticket/4323
* Allow to add managed permission for reverse zonesMartin Basti2014-07-041-7/+7
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4422 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib: Use DateTime parameter class for OTP token timestamp attributesTomas Babej2014-07-041-8/+8
| | | | | | | | For ipatokennotbefore and ipatokennotafter attributes use DateTime parameter class instead of Str, since these are represented as LDAP Generalized Time in LDAP. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add NSEC3PARAM to zone settingsMartin Basti2014-07-021-3/+6
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove NSEC3PARAM recordMartin Basti2014-07-021-10/+2
| | | | | | | Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: add TLSA record typeMartin Basti2014-07-011-4/+16
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add otptoken-sync commandNathaniel McCallum2014-06-261-0/+9
| | | | | | | | | This command calls the token sync HTTP POST call in the server providing the CLI interface to synchronization. https://fedorahosted.org/freeipa/ticket/4260 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add the otptoken-add-yubikey commandNathaniel McCallum2014-06-261-0/+12
| | | | | | | | This command behaves almost exactly like otptoken-add except: 1. The new token data is written directly to a YubiKey 2. The vendor/model/serial fields are populated from the YubiKey Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipa-passwd: add OTP supportPetr Vobornik2014-06-261-1/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* sudorule: Allow using hostmasks for setting allowed hostsTomas Babej2014-06-251-2/+4
| | | | | | | | | Adds a new --hostmasks option to sudorule-add-host and sudorule-remove-host commands, which allows setting a range of hosts specified by a hostmask. https://fedorahosted.org/freeipa/ticket/4274 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-19 21:03:43 +0000