summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Add NT domain GUID attribute.Simo Sorce2011-11-211-1/+2
| | | | | We need this to be able to re-set it, as ipaUniqueID cannot be arbitraily set to a value. Only needed for the domain object.
* Fixed entity definition in test cases.Endi Sukma Dewata2011-11-184-69/+106
| | | | | | | The test cases have been updated to use the new extensible mechanism for defining and registering entities. Ticket #2043
* Don't check for 389-instances.Rob Crittenden2011-11-162-48/+2
| | | | | | | | | | We no longer need to enforce that no 389-ds instances exist on an IPA server. Checking that the ports exist should be enough. This used to be one mechanism we used to check to see if IPA was already installed. We have a better mechanism now. https://fedorahosted.org/freeipa/ticket/1735
* Fix ipa-managed-entries bind procedureMartin Kosek2011-11-161-7/+13
| | | | | | | | | Make sure that when Directory Manager password is entered, we directly do a simple bind instead of trying binding via GSSAPI. Also capture ldap.INVALID_CREDENTIALS exception and provide nice error message than crash. https://fedorahosted.org/freeipa/ticket/1927
* Replication: Adjust replica installation to omit processing memberof ↵JR Aquino2011-11-142-1/+1
| | | | | | | | | | | | | computations https://fedorahosted.org/freeipa/ticket/1794 If the master does not yet support the total update list feature we still run the memberof fixup task and not fail to replicate due to the new attribute not being settable. Jointly-developed-with: Simo Sorce <ssorce@redhat.com> Jointly-developed-with: Nathank Kinder <nkinder@redhat.com>
* Removed develop.js.Endi S. Dewata2011-11-1416-91/+76
| | | | | | | | | | The develop.js is no longer necessary because the code in it has been merged into the main code. An empty extension.js has been added to provide a place for UI customization. Ticket #2099
* Refactored permission target section.Endi S. Dewata2011-11-148-343/+246
| | | | | | | The permission target section has been modified to use widgets to create the target selection and handle multiple fields. Ticket #2098
* Hosts file not updated when IP is passed as optionMartin Kosek2011-11-101-2/+4
| | | | | | | | | | | When an IPA server with unresolvable hostname is being installed, a hostname record must be inserted to /etc/hosts or the installation will fail. However, it is not inserted when IP address is passed as an option (--ip-address) and not interactively. This patch fixes this so that /etc/hosts record is inserted in both cases. https://fedorahosted.org/freeipa/ticket/2074
* Added paging on search facet.Endi S. Dewata2011-11-118-324/+335
| | | | | | | | | | | | | | | The search facet has been modified to support paging on most entities using the --pkey-only option to get the primary keys and a batch command to get the complete records. Paging on DNS records is not supported because a record may appear as multiple rows. The following entities do not have --pkey-only option: Automount Key, Self-Service Permissions, Delegation. The search and association facet have been refactored to reuse the common code from the table facet base class. Ticket #981
* Updated sample data.Endi S. Dewata2011-11-11106-1479/+6839
| | | | | | | | New sample data files have been added for search facet paging. Unused files have been removed. The names used in the files have been updated for consistency. Ticket #981
* Fixed problem changing page in association facet.Endi S. Dewata2011-11-072-4/+12
| | | | | | | The association facet has been modified to detect page change to determine whether the facet needs to be updated. Ticket #1459
* Added current password field.Endi S. Dewata2011-11-072-6/+30
| | | | | | | | The reset password dialog for user has been modified to provide a field to specify the current password when changing the user's own password. Ticket #2065
* Extending facet's mechanism of gathering changesPetr Vobornik2011-11-043-63/+286
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/2041 Adding option to gathering changes for update from widgets, sections, details facet. Changes are represented by update_info { fields [] ((field_info)), commands [] ((command_info)) } object. * On calling get_update_info() method widget, section and facet returns update_info object which represents all changes in nested objects. Thus usually widgets are creating update_infos, their containers are merging them. * This object can be then used in details facet update method. In order to use it command_mode = 'init' has to be set. Command mode was introduced to support backward compatibility. * command_info consists of command and priority. Priority can be set to specify exact exectuting order of commands. It can be defined on facet level by setting widget's priority. When widgit is creating command_info it should pas its priority to it.
* Added extensible UI framework.Endi S. Dewata2011-11-0417-198/+355
| | | | | | | | | The entity definitions have been converted into classes. The entity init() method will use the builder to construct the facets and dialogs. The UI can be customized by creating a subclass of the original entity in extension.js and then overriding the init() method. Ticket #2043
* Moved facet code into facet.js.Endi S. Dewata2011-11-0425-579/+615
| | | | | Facet-related code has been moved from entity.js into a new facet.js because the file is getting too big.
* Fixed blank krbtpolicy and config pages.Endi S. Dewata2011-11-045-10/+22
| | | | | | | | | The details page compares the old and the new primary keys to determine if the page needs to be reloaded. The Kerberos Ticket Policy and Config pages do not use primary keys, so they are never loaded/updated with data. A parameter has been added to force update on these pages. Ticket #1459
* Fix ipa-replica-conncheck port labelsMartin Kosek2011-11-041-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/2057
* Field for DNS SOA class changed to combobox with optionsPetr Vobornik2011-11-041-9/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/602 SOA class is an enumerated field. Changing input field to combobox with options allows inserting only valid value.
* Fix ipa-server-install answer cacheMartin Kosek2011-11-031-39/+26
| | | | | | | | | | | | | Current Answer Cache storing mechanism is not ideal for storing non-trivial Python types like arrays, custom classes, etc. RawConfigParser just translates values to string, which are not correctly decoded when the Answer Cache is parsed and restored in the installer. This patch replaces RawConfigParser with Python's standard pickle module, which is a recommended way for serialization in Python. https://fedorahosted.org/freeipa/ticket/2054
* Page is cleared before it is visiblePetr Vobornik2011-11-029-28/+173
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/1459 Changes: * added clear method to widgets, section, search, details, association facets * clear and refresh method in facet are called only if key/filter was changed * added id generator for widgets
* Add priority to pwpolicy listAdam Young2011-11-011-1/+1
| | | | | | First step to solving https://fedorahosted.org/freeipa/ticket/1977
* Added password field in user adder dialog.Endi S. Dewata2011-10-272-5/+54
| | | | | | | The user adder dialog has been modified to provide optional fields to specify password during user creation. Ticket #1646
* Fixed inconsistent details facet validation.Endi S. Dewata2011-10-274-15/+25
| | | | | | | The details facet validation has been moved out of update() such that all subclasses perform consistent validation. Ticket #1455
* Fixed inconsistent image names.Endi S. Dewata2011-10-2768-116/+131
| | | | | | | The images have been renamed to be more consistent and moved into the "images" directory to mimic the original jQuery UI structure. Ticket #1613
* Refactored validation code.Endi S. Dewata2011-10-276-50/+37
| | | | | The validation code in details facet, dialog, and sections have been modified to work more consistently.
* Merged widget's metadata and param_info.Endi S. Dewata2011-10-2711-148/+135
| | | | | | | The metadata and param_info attributes in widget have been merged because they are redundant. Ticket #1436
* Fixed "enroll" labels.Endi S. Dewata2011-10-2710-22/+21
| | | | | | | | | | Labels using the word "enroll" (except for host enrollment) have been modified to use more relevant words. The IPA.add_dialog has been renamed into IPA.entity_adder_dialog for clarity. Ticket #1642
* Fix nis netgroup config entry so users appear in netgroup triple.Rob Crittenden2011-10-273-1/+5
| | | | https://fedorahosted.org/freeipa/ticket/2028
* Fixed problem clearing validation error on checkboxes.Endi S. Dewata2011-10-261-0/+1
| | | | | | The IPA.checkboxes_widget has been modified such that it performs validation when the checkboxes are clicked. This will also clear any validation errors.
* Fixed host Enrolled column.Endi S. Dewata2011-10-262-25/+40
| | | | | | | The Enrolled column in the host search page has been added back to show the host enrollment status based on has_keytab attribute. Ticket #2020
* Removed HBAC deny rule warning.Endi S. Dewata2011-10-2610-199/+29
| | | | | | | The HBAC deny rule is no longer supported so it's no longer necessary to show the warning. Ticket #1444
* Fix ipa-managed-entries password option long formMartin Kosek2011-10-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1913
* Add --zonemgr/--admin-mail validatorMartin Kosek2011-10-262-13/+3
| | | | | | | | | | | Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966
* Minor visual enhancement of required indicatorPetr Vobornik2011-10-252-1/+12
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/1696 Changes: * in details table facet '*' don't break colon alignment * bolder, bigger (-> IMHO nicer) asteriks * float (visual style) moved to css file
* Fixed inconsistent required/optional attributes.Endi S. Dewata2011-10-2514-272/+313
| | | | | | | | | The dialogs and details pages have been modified to use the * symbol to mark required fields. The automount map and the DNS zone dialogs have been modified to update the required fields according to the input type. Ticket #1696, #1973
* remove enrolled columnAdam Young2011-10-241-6/+1
| | | | | | We don't have a value in the API that accuratly reflects the enrollment data. https://fedorahosted.org/freeipa/ticket/2020
* Add support for systemd environments and use it to support Fedora 16Alexander Bokovoy2011-10-241-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/1192
* Ticket 1201 - Unable to Download Certificate with BrowserJohn Dennis2011-10-212-15/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certificates are passed through the IPA XML-RPC and JSON as binary data in DER X509 format. Queries peformed against the LDAP server also return binary DER X509 format. In all cases the binary DER data is base-64 encoded. PEM is standard text format for certificates. It also uses base64 to encode the binary DER data, but had specific formatting requirements. The base64 data must be wrapped inside PEM delimiters and the base64 data must be line wrapped at 64 characters. Most external software which accepts certificates as input will only accept DER or PEM format (e.g. openssl & NSS). Although base64 is closely related to PEM it is not PEM unless the PEM delimters are present and the base64 data is line wrapped at 64 characters. We already convert binary DER certificates which have been passed as base64 in other parts of the IPA code. However this conversion has not been available in the web UI. When the web UI presented certificates it did so by filling a dialog box with a single line of base64 data. A user could not copy this data and use it as input to openssl or NSS for example. We resolve this problem by introducing new javascript functions in certificate.js. IPA.cert.pem_cert_format(text) will examine the text input and if it's already in PEM format just return it unmodified, otherwise it will line wrap the base64 data and add the PEM delimiters. Thus it is safe to call on either a previously formated PEM cert or a binary DER cert encoded as base64. This applies to pem_csr_format() as well for CSR's. Because pem_cert_format() is safe to call on either format the web UI will see the use of the flag add_pem_delimiters was eliminated except in the one case where the IPA.cert.download_dialog() was being abused to display PKCS12 binary data (pkcs12 is neither a cert nor a cert request). Because of the abuse of the cert.download_dialog() for pkcs12 it was necessary to retain the flag which in effect said "do not treat the data as PEM". Modify the CSR (Certificate Signing Request) dialog box to accept a PEM formatted CSR. Remove the artifical PEM delimiters above and below the dialog box which were used to suggest the input needed to be sans the delimiters. The dialog box continues to accept bare base64 thus allowing either text format. Also note this solves the display of certificate data in the UI without touching anything existing code in the server or command line, thus it's isolated.
* Fixing infinite loop in UI navigation unit test.Petr Vobornik2011-10-201-3/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/1531 It's a fix for regression introduced by previous patch.
* Fixed dependency problem in UI test.Endi S. Dewata2011-10-201-0/+2
|
* Fixed: Duplicate CSS definitionsPetr Vobornik2011-10-1910-1704/+144
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1565 The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems. Additional changes: * fixed whitespaces in ipa.css * unified headings in config pages
* Circular entity dependencyPetr Vobornik2011-10-184-104/+275
| | | | | | | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1531 Each entity is created together with its dependent objects (e.g. facets and dialog boxes). This causes a circular dependency problem because some of the objects need to obtain a reference to another entity that has not been created. Currently this is handled by storing only the other entity name and resolve it when needed (e.g. during rendering stage). In IPA.search_facet this delays the creation of the table widget, making it more difficult to customize. One solution is to do the object creation in 2 steps: * create all entity objects only * create the dependent objects in each entity Implemented solution: * all entities are created on application start * dependant objects (facets and dialogs) are created at once on their first use in entity.
* Fixed: Unable to add external user for RunAs User for Sudo rulesPetr Vobornik2011-10-171-0/+2
| | | | | | | https://fedorahosted.org/freeipa/ticket/1987 There is no way to add root or any external user as a RunAs User for a Sudo Rule.
* Add explicit instructions to ipa-replica-manage for winsync replicationRob Crittenden2011-10-141-2/+29
| | | | https://fedorahosted.org/freeipa/ticket/1946
* Check /etc/hosts file in ipa-server-installMartin Kosek2011-10-131-0/+22
| | | | | | | | There may already be a record in /etc/hosts for chosen IP address which may not be detected under some circumstances. Make sure that /etc/hosts is checked properly. https://fedorahosted.org/freeipa/ticket/1923
* Hostname used by IPA must be a system hostnameMartin Kosek2011-10-132-1/+24
| | | | | | | | | | | Make sure that the hostname IPA uses is a system hostname. If user passes a non-system hostname, update the network settings and system hostname in the same way that ipa-client-install does. This step should prevent various services failures which may not be ready to talk to IPA with non-system hostname. https://fedorahosted.org/freeipa/ticket/1931
* Check hostname resolution sanityMartin Kosek2011-10-131-1/+1
| | | | | | | | | Always check (even with --setup-dns or --no-host-dns) that if the host name or ip address resolves, it resolves to sane value. Otherwise report an error. Misconfigured /etc/hosts causing these errors could harm the installation later. https://fedorahosted.org/freeipa/ticket/1923
* Fix dynamic display of UI tabs based on rightsAdam Young2011-10-121-2/+2
| | | | | | | | | | | | | Fixes the webui for the case wherea user is not admin but has a role. In that case, the UI should show the full administrative tabset, but was instead limited to the selfservice tabset. The problem was rolegroup had been renamed to role but the UI hadn't been updated to reflect this. Addresses https://bugzilla.redhat.com/show_bug.cgi?id=745957 https://fedorahosted.org/freeipa/ticket/1970
* updates: Change default limits on ldap searchesSimo Sorce2011-10-121-0/+20
| | | | | Fixes: https://fedorahosted.org/freeipa/ticket/1867 https://fedorahosted.org/freeipa/ticket/1888
* Ticket 1718 - Fix Spanish po translation fileJohn Dennis2011-10-111-540/+429
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were quite errors in es.po, it was difficult or impossible to track down where they came from, Transifex does not have good revision history. I fixed about 20% of the msgstr's in the file that had obvious problems which could be spotted by a non-Spanish speaking person. Spurious backslashes and backslash-newlines had been introduced. I tracked this particular problem down to a bug in polib. polib is a Python library which can read/write po/mo files. In Fedora it's packaged as python-polib. polib is used by the Transifex instance to read/write po files. We don't currently use polib in IPA (that will change soon though) but I wrote utilities using polib to help fix the bad po file and analyze what had gone wrong. I discovered that if one simply uses polib to read a po file into memory and they write that po file back out from memory you don't end up with the same contents if there are backslashed escapes in the file. I tracked this down to the escape() and unescape() functions in polib. This caused me to look to see if upstream polib had been fixed. It had. Therefore I think the spurious backslashes were introduced when Transifex was using an older broken version of polib. I filed this Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=744419 to get the fixes into python-polib. I manually corrected all the backslash errors. I compared all 1329 translations from a known good version of es.po with the current version and generated a new es.po by taking the translation (e.g. msgstr) from the two po files which was obviously correct. In those instances where neither msgstr was obviosuly correct the deleted the translation entirely. I also wrote utilities to validate any "substitution" variables appearing in the text. I discovered a number of instances where the substitution variable had been malformed by the translator such that it was syntactically invalid. This is how we originally discovered problems with the translation, it was throwing Python exceptions. I fixed all those errors. I also found approximately 80 translations where the leading whitespace had been altered by the translator. Those also were fixed. I cannot verify that the remaining translations are a correct Spanish translation of the original text (in fact a number of them I looked at seemed dubious to me, for example it omitted recongnizable keywords). But I do believe that the obvious errors are fixed and we shouldn't be throwing any more Python exceptions because of malformed substitution variables.