| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5018
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4302
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
| |
Implementation of ticket: https://fedorahosted.org/freeipa/ticket/4302
Design page: http://www.freeipa.org/page/V4/Manage_replication_topology
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Bad ordering of LDAP entries during replica removal resulted in a failure to
delete replica and its services from cn=masters,cn=ipa,cn=etc,$SUFFIX. This
patch enforces the correct ordering of entries resulting in proper removal of
services before the host entry itself.
https://fedorahosted.org/freeipa/ticket/5019
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This also prevent the script ipa-upgradeconfig execute upgrading.
Upgrade of services is called from ipa-server-upgrade
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This is a prerequisite to further refactoring of KRA install/uninstall
functionality in all IPA install scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
A new plugin has been added to manage vaults. Test scripts have
also been added to verify the functionality.
https://fedorahosted.org/freeipa/ticket/3872
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
Without this commit it is not possible to move user to staged area.
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Datetime widget was transform from a simple text input to 3 separate inputs:
- date with bootstrap-datepicker
- hour
- minute
e.g.:
Validity end [ 2015-05-18 ] [23]:[01] UTC
Vendor [ abc ]
Editation of seconds is not supported.
https://fedorahosted.org/freeipa/ticket/4347
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4347
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Web UI wa not able to create a user without a private group.
New field added to user adder dialog to allow that.
https://fedorahosted.org/freeipa/ticket/4986
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Ales 'alich' Marecek <amarecek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Firefox suffers from: https://bugzilla.mozilla.org/show_bug.cgi?id=409254
This is a workaround to fix it.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deleter dialog in search facet is now chosen in order as follows:
- facet's, defined as spec, e.g.:
deleter_dialog: { $factory: IPA.user.deleter_dialog }
- entity's, the same but it entity spec
- default, which is IPA.search_deleter_dialog
Previous didn't allow to override entity dialog with facet one and
also definition by spec was not allowed.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now also facets other than details facet can use facet policies.
Facet policies purpose is to extend facets behavior without
overriding base class. This shared behavior could be reused in
several other facets which may have completely different
base classes.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
basically implementation of #4625 but atm there is no time to properly
test #4625 in the whole UI, therefore, it will be limited only to
active/stage/preserved user search page.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring of facet groups. This new widget has an html structure which
could be used for current facet tabs but also for PatternFly two column
layout with either accordion or nav-category
- https://www.patternfly.org/wp-content/uploads/patternfly/tests/form.html
- https://www.patternfly.org/wp-content/uploads/patternfly/tests/tab.html
Will be useful for #4625.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Facets use to inherit facet groups from entity. There was no option to define
cross-entity facet groups for different facets which belong one entity.
In other words it was not possible to have 'user search' and 'stage user search'
tab in one facet group.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes issue where it is not possible to define under the same parent:
{ entity: 'bar', facet: 'baz' }
{ entity: 'foo', facet: 'baz' }
Error reporting of invalid menu item names was improved.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove behavior which navigated to previously selected child if navigating
to its parent.
It makes navigation more consistent.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While selecting menu item based on a facet which have an entity defined,
prefer entity fallback over facet name fallback.
It solves an issue which appears when a menu item of a different entity
has the same facet name specified. In such case this menu item was selected
instead of the desired one.
E.g.: there are menu items:
{ entity: 'foo' }
{ entity: 'bar', facet: 'search'}
Showing a foo's search facet resulted in selecting
{ entity: 'bar', facet: 'search'} item.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
| |
I.e. remove memory from bare entity navigation
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All entity facets are automatically registered as a new type in
reg.facet.
The type name is: <entity_name>_<facet_name>
The name of facets is kept same, mainly to support the same url routes.
This change allows to get facet instance by calling, e.g.:
reg.facet.get('user_details')
It allows to make declarative links to facet which are not yet instantiated.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
| |
Useful for declarative inheritance. E.g. base new facet on details
facet with all registered preops and default spec object.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A search facet could be defined with an option which is always applied
during entity-find command on facet refresh.
e.g.
ipa user-find --preserved
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Or in other words, move all objects which belong to user module to the module.
Therefore they no longer pollutes the main 'IPA' module.
Therefore:
require('freeipa/ipa').user == require('freeipa/user')
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
| |
Not all functionality is available. Mostly because IPA doesn't require them yet.
Missing: bootstrap combobox, datatables js, PF font with icons, spinner for old IEs
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is required modification to be able move to new installers.
DNS subsystem will be installed by functions in this module in each of
ipa-server-install, ipa-dns-install, ipa-replica-install install
scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When both 'mod_auth_kerb' and 'mod_auth_gssapi' are installed at the same
time, they use common directory for storing Apache ccache file. Uninstallation
of 'mod_auth_kerb' removes this directory leading to invalid CCache path for
httpd and authentication failure.
Using an IPA-specific directory for credential storage during apache runtime
avoids this issue.
https://fedorahosted.org/freeipa/ticket/4973
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* remove unneeded parts
* increase KSK key length to 3072
* increase KSK key lifetime to 2 years (see NIST SP 800-81-2 section 11.2)
Update is not required, as template contains just recommended values
which should by reviewed by administrators.
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due previous changes (in master branch only) the uniqueness plugins
became misconfigured.
After this patch:
* whole $SUFFIX will be checked by unique plugins
* just staged users are exluded from check
This reverts some changes in commit
52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb
Since 389-ds-base 1.3.4.a1 new attribute 'uniqueness-exclude-subtrees'
can be used.
https://fedorahosted.org/freeipa/ticket/4921
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ipa-ldap-updater is now just util which applies changes specified in update
files or schema files.
ipa-ldap-updater will not do overall server upgrade anymore, use
ipa-server-upgrade instead.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
Add the ability for 'Stage user provisioning' priviledge to add
stage users.
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of stage user administrator
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Set the DNAexcludescope on provisioning part of the DIT
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add plugin commands to stageuser plugin:
stageuser_activate: activate entries created by IPA CLIs
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5007
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
map attribute is redundant and not used.
Use `get` method instead.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of map with e.g. 30K values was very slow. Map checked if a value is
in in the map but it used Array's indexOf method therefore the complexity was
quadratic instead of linear.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows to use base64 encoded values in update files.
Double colon ('::') must be used as separator between attribute name
and base64 encoded value.
add:attr::<base64-value>
replace:attr::<old-base64-value>::<new-base64-value>
https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CSV values are not supported in upgrade files anymore
Instead of
add:attribute: 'first, part', second
please use
add:attribute: firts, part
add:attribute: second
Required for ticket: https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4936
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Option '-P' was used in older version of FreeIPA to set up KDC master password
during server install. This is no longer neccessary or desirable since the
password of sufficient strength can be generated automatically during
installation.
https://fedorahosted.org/freeipa/ticket/4516
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
