| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Reference was removed from ipa-server-install(1) man page.
Ticket: #330
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This lets the KDC count password failures and can lock out accounts for
a period of time. This only works for KDC >= 1.8.
There currently is no way to unlock a locked account across a replica. MIT
Kerberos 1.9 is adding support for doing so. Once that is available unlock
will be added.
The concept of a "global" password policy has changed. When we were managing
the policy using the IPA password plugin it was smart enough to search up
the tree looking for a policy. The KDC is not so smart and relies on the
krbpwdpolicyreference to find the policy. For this reason every user entry
requires this attribute. I've created a new global_policy entry to store
the default password policy. All users point at this now. The group policy
works the same and can override this setting.
As a result the special "GLOBAL" name has been replaced with global_policy.
This policy works like any other and is the default if a name is not
provided on the command-line.
ticket 51
|
|
|
|
| |
meta data for testing and developmemt
|
|
|
|
|
|
|
| |
Uses code very similar to the search code for deleting associations
Had to modify how we were configuring for bulk so that the logic for delete matched the logic for enroll
Fixed unit test and removed the 'new' from the associator call
|
|
|
|
| |
ticket 389
|
|
|
|
|
|
|
| |
This should make renamed users able to keep using old credentials as the salt
is not derived from the principal name but is always a random quantity.
https://fedorahosted.org/freeipa/ticket/412
|
|
|
|
|
|
|
| |
The ipa_cmd() has been modified to identity the type of the error
it has received and display the error using the right dialog box.
The dialog box can be customized further to display the appropriate
amount of information for each type of error.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new framework for implementing custom UI.
It consists of the following classes:
Main:
- IPA: global namespace and object repository
- ipa_entity: base class for entities
- ipa_facet: base class for facets
Add dialog:
- ipa_add_dialog: default add dialog
- ipa_add_field: the fields used in the dialog
Search facet:
- ipa_search_facet: default search facet
- ipa_search_column: the columns in the search result
Details facet:
- ipa_details_facet: default details facet
- ipa_details_section: the sections in the details facet
- ipa_details_field: the fields in the details facet
Association facet:
- ipa_association_facet: default association facet
- ipa_association_config: the association configurations
To use this framework, create a class extending the ipa_entity (e.g.
ipa_hbac). Use the create_* methods to create add dialog, search facet,
details facet, and association facet. The fields/columns for the dialog
and facets can be specified using the init() function. Custom UI can be
defined by overwriting the base methods (e.g. setup, save, load).
The entity must be added into the repository using IPA.add_entity().
The original ipa_entity_setup() has been generalized by moving facet-
specific codes into the corresponding facet. Some facet names are still
hard-coded. This will be fixed in follow-up patches.
Some global variables have been removed because their function has been
replaced by the object repository:
- ipa_entity_add_list
- ipa_entity_search_list
- ipa_entity_details_list
- window_hash_cache
Some functions and variables have been moved into IPA namespace:
- ipa_json_url -> IPA.json_url
- ipa_use_static_files -> IPA.use_static_files
- ipa_ajax_options -> IPA.ajax_options
- ipa_objs -> IPA.metadata
- ipa_messages -> IPA.messages
- ipa_dialog -> IPA.error_dialog
- ipa_init() -> IPA.init()
Initially the HBAC and Service entities have been rewritten to use the
new framework. The DNS is partially converted, the ipa_records_facet
is used to define custom records facet.
Other entities can still work using the old framework. The old framework
has been modified to be a wrapper for the new framework. Eventually all
entities will be converted to use the new framework.
Some unit tests have been modified to use the new framework.
|
|
|
|
| |
merge in remove uuid
|
| |
|
|
|
|
|
|
| |
for a given field is valid. If not, displays a red box with the contents of pattern_msg
To test this, I artificially modified the meta data for the Group description field
|
|
|
|
| |
header was missing on the association pages.
|
|
|
|
|
|
| |
* Fixed comments
* Added attribute
* Fixed objectclass
|
|
|
|
|
|
|
|
| |
without the details change
including changes from Reviewboard https://fedorahosted.org/reviewboard/r/96/
Fixed pages that use unspecified (krb ticket policy, config)
Facet name comes out of the facet, not hard coded.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
serverHostName because this is tied to the FQDN so should only be changed
on a host rename (which we don't do).
memberOf because the plugin should do this. Directly manging this attribute
would be pretty dangerous and confusing.
Also remove a redundant aci granting the admins group write access to
users and groups. They have it with through the "admins can modify any
entry" aci.
tickets 300, 304
|
|
|
|
|
| |
Strikethrough is now a toggle
undo resets value to blank for new entries.
|
| |
|
|
|
|
|
| |
added a modal dialog for resetting the password.
Made the whoami varaible global, as anything dependant on the principal will require access to it.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.
The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.
The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
|
|
|
|
| |
Now use the system wide settings instead of hardcoded size limits.
|
|
|
|
|
| |
We'll later replace them with a new scheme. For now, this is the simplest UI
The intention is to look unfinished, so people don't comment on how poor it looks.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service details page has been modified to show certificate
status using bullets. It will also show the revocation reason,
and display the restore button only if the certificate is on
hold. The buttons action handlers have been moved into
service_usercertificate_load() so they can update the bullets.
A test data file for cert-show operation has been added. Other
test data files containing certificate info has been updated for
consistency.
The certificate_confirmation_dialog() has been removed because
it's no longer used.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service.py has been modified to include certificate info in
the service-show result if the service contains usercertificate.
A new file certificate.js has been added to store codes related
to certificates (e.g. revocation reasons, dialog boxes). The
service.js has been modified to provide the UI for certificate
management. The certificate.js can also be used for host
certificate management.
The Makefile.am and index.xhtml has been modified to include
certificate.js. New test data files have been added for certificate
operations.
To test revoke and restore operations the server needs to be
installed with dogtag CA instead of self-signed CA.
The certificate status and revocation reason in the details page
will be implemented in subsequent patches. Unit tests will also
be added in subsequent patches.
|
|
|
|
|
|
|
|
|
|
|
|
| |
metadata for phone numbers
test date for users
Undo works for multivalue
JQuery UI buttons have custom classes
inputs/fields are now managed inside of objects
removed the use of .call. as it was confusing the issue of
mismatched parameter lists.
Fixed the parameter lists, too.
|
| |
|
| |
|
|
|
|
| |
ticket 247
|
| |
|
|
|
|
|
|
|
|
| |
Add automatic creation of python an C file lists for potfiles
Deletes useless copy of Makefile in install/po
Remove duplicate maintainer-clean target
Add debug target that prints file lists
Unbreak update-po target, merges in patch from John
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.
On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.
On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.
The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.
All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
|
| |
|
|
|
|
|
|
|
| |
ipa-dns-manage could fail in very odd ways depending on the current
configuration of the server. Handle things a bit better.
ticket 210
|
|
|
|
| |
Populate the entity search pages with the results of a search with a blank filter even if no filter has been specified
|
| |
|
|
|
|
|
|
|
|
| |
Population of the policy and entites tabs.
DNS and ACI are broken due to PLugin issues
Fix for entities without search
Added new files to Makefile.am
used rolegroup.js file as the start point, renamed to serverconfig.js
|
|
|
|
|
|
|
|
| |
When we uninstall we wipe out the entire LDAP database, so it doesn't really
make mush sense to try to also remove single entries from it.
This avoids the --uninstall procedure to fail because the DM password is not
available or the LDAP server is down, and we are just trying to cleanup
everything.
|
|
|
|
|
|
|
| |
One typo was mis-spelling the admins group name
The second was an extraneous 'aci' in the name of two acis.
ticket 335
|
|
|
|
| |
This also corrects a duplication problem in acis.
|
|
|
|
|
|
| |
The ipa_error_handler() has been modified to display the AJAX URL
that is having a problem. The ipa_cmd() error handler is now invoked
using call() to pass 'this' object which contains the URL.
|
|
|
|
| |
Ticket #326
|
|
|
|
|
| |
A README file for the UI Unit Test has been added. It contains a link
to the online documentation: http://www.freeipa.org/page/UI_Unit_Tests
|
|
|
|
|
|
| |
By default LM hash is disabled.
Of course generation still depends on whether the SamAccount objectclass is
present in the user object.
|
|
|
|
|
|
| |
Helps when you need to add random snippets of config that really do not deserve
a full atttribute, but are still something you want to put in LDAP and have
replicated.
|