summaryrefslogtreecommitdiffstats
path: root/install
Commit message (Collapse)AuthorAgeFilesLines
* Add replication related acis to all replicasSimo Sorce2010-12-213-12/+12
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/617
* populate the group select upon initial creationAdam Young2010-12-211-1/+1
| | | | Fixes the delegation add dialog
* In meta data make ACI attributes lower-case, sorted. Add possible attributes.Rob Crittenden2010-12-211-2/+2
| | | | | | | | | | | | The metadata contains a list of possible attributes that an ACI for that object might need. Add a new variable to hold possible objectclasses for optional elements (like posixGroup for groups). To make the list easier to handle sort it and make it all lower-case. Fix a couple of missed camel-case attributes in the default ACI list. ticket 641
* sudo: treat mepOriginEntry hostgroups differently - if a hostgroup named by ↵Nalin Dahyabhai2010-12-211-1/+2
| | | | the memberHost attribute is not also a mepOriginEntry, proceed as before - if a hostgroup named by the memberHost attribute is also a mepOriginEntry, read its "cn" attribute, prepend a "+" to it, and call it done
* sudo and netgroup schema compat updates - fix quoting of netgroup entries - ↵Nalin Dahyabhai2010-12-212-11/+32
| | | | don't bother looking for members of netgroups by looking for entries which list "memberOf: $netgroup" -- the netgroup should list them as "member" values - use newer slapi-nis functionality to produce cn=sudoers - drop the real cn=sudoers container to make room for the compat container
* additions to patch 118Adam Young2010-12-202-10/+1
|
* aci uiAdam Young2010-12-2041-370/+3156
| | | | | | | | | | | | | | | | | | | | | | | | | | | Implements the role, privilege, permission, delegation and selfservice entities ui. Targetgroup has been added to the object types. The groups lists need to be filter. The filter is currently hidden, with a hyperlink that reads 'filter' to unhide it. Each keystroke in this filter performs an AJAX request to the server. There are bugs on the server side that block some of the functionality from completing Creating a Permission requires one of 4 target types. The add dialog in this version assumes the user will want to create a filter type. They can change this on the edit page. Most search results come back with the values as arrays, but ACIs seem not to. Search and details both required special code to handle non-arrays. The unit tests now make use of the 'module' aspect of QUnit. This means that future unit test will also need to specify the module. The advantage is that multiple tests can share a common setup and teardown. Bugs that need to be fixed before this works 100% are https://fedorahosted.org/freeipa/ticket/634 https://fedorahosted.org/freeipa/ticket/633
* cusor pointer for undo linkAdam Young2010-12-202-1/+5
|
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-2059-298/+338
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Clarify ipa-replica-install error messageJakub Hrozek2010-12-201-2/+2
|
* Make the IPA installer IPv6 friendlyJakub Hrozek2010-12-203-28/+41
| | | | | | | | | Notable changes include: * parse AAAA records in dnsclient * also ask for AAAA records when verifying FQDN * do not use functions that are not IPv6 aware - notably socket.gethostbyname() The complete list of functions was taken from http://www.akkadia.org/drepper/userapi-ipv6.html section "Interface Checklist"
* Fix delegation.ldif typoJakub Hrozek2010-12-201-1/+1
|
* Don't use camel-case LDAP attributes in ACI and don't clear enrolledByRob Crittenden2010-12-172-24/+17
| | | | | | | | | | | | We keep LDAP attributes lower-case elsewhere in the API we should do the same with all access controls. There were two ACIs pointing at the manage_host_keytab permission. This isn't allowed in general and we have decided separately to not clear out enrolledBy when a host is unenrolled so dropping it is the obvious thing to do. ticket 597
* Verify that the replication plugin exists before setting up replicas.Rob Crittenden2010-12-172-0/+6
| | | | ticket 502
* Move automount, default HBAC services, netgroup and hostgroup bootstrapping.Rob Crittenden2010-12-176-121/+135
| | | | | There is no need for these to be done as updates, just add these entries to the bootstrapping.
* Fix the change_password permissions and the DNS access controls.Rob Crittenden2010-12-172-5/+29
| | | | | | | | | | The change_password permission was too broad, limit it to users. The DNS access controls rolled everything into a single ACI. I broke it out into separate ACIs for add, delete and add. I also added a new dns type for the permission plugin. ticket 628
* Fix a slew of tests.Rob Crittenden2010-12-171-2/+2
| | | | | | | - Skip the DNS tests if DNS isn't configured - Add new attributes to user entries (displayname, cn and initials) - Make the nsaccountlock value consistent - Fix the cert subject for cert tests
* kinit typoAdam Young2010-12-171-1/+1
| | | | Was origially KInit but the command is kinit
* error linkAdam Young2010-12-171-2/+2
| | | | Change the link in the error message to the one that will actually fix the problem
* type prevented rendering on firefox4Adam Young2010-12-171-1/+1
|
* Add krb5-pkinit-openssl as a Requires on ipa-server packageRob Crittenden2010-12-162-14/+0
| | | | ticket 599
* Use nsContainer and not extensibleObject for masters entriesSimo Sorce2010-12-151-1/+1
|
* Account activation adjustmentEndi S. Dewata2010-12-147-118/+126
| | | | | | | | | | The user details facet has been modified such that when the account is activated/deactivated the page will be reloaded. Some methods in the framework have been changed: - The ipa_widget.clear() has been removed because it can be replaced by existing reset(). - The ipa_widget.set_values() has been renamed into update().
* managed entry hostgroup netgroup support ↵Jr Aquino2010-12-137-1/+290
| | | | https://fedorahosted.org/freeipa/ticket/543
* Pass the DM password when trying to delete a replica.Rob Crittenden2010-12-111-1/+1
| | | | | | | If the ticket is expired or otherwise unusable it should fall back to the DM password. It was prompted for correctly but wasn't being passed on. ticket 549
* Fixes for ipactl scriptSimo Sorce2010-12-101-20/+64
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/613
* Fix Install using dogtag.Simo Sorce2010-12-102-2/+14
| | | | | | | The CA is installed before DS so we need to wait until DS is actually installed to be able to ldap_enable the CA instance. Fixes: https://fedorahosted.org/freeipa/ticket/612
* Set labels on all attributes in the config object.Rob Crittenden2010-12-101-1/+1
| | | | | | | Make the cert subject base read-only. This is here only so replicated servers know their base. ticket 466
* Move Selfsigned CA creation out of dsinstanceSimo Sorce2010-12-104-15/+15
| | | | | | | | This allows us to have the CA ready to serve out certs for any operation even before the dsinstance is created. The CA is independent of the dsinstance anyway. Also fixes: https://fedorahosted.org/freeipa/ticket/544
* Introduce ipa control script that reads configuration off ldapSimo Sorce2010-12-102-107/+211
| | | | | | | | | | | This replace the former ipactl script, as well as replace the current way ipa components are started. Instead of enabling each service in the system init scripts, enable only the ipa script, and then let it start all components based on the configuration read from the LDAP tree. resolves: https://fedorahosted.org/freeipa/ticket/294
* Split dsinstance configurationSimo Sorce2010-12-101-34/+25
| | | | | This is so that master and replica creation can perform different operations as they need slightly diffeent settings to be applied.
* button and table stylingKyle Baker2010-12-109-55/+204
| | | | | | replaced expand contract +- with icons removed background for action buttons and gave them their own class Major css cleanup
* Section header prefix updateEndi S. Dewata2010-12-091-115/+105
| | | | | | | | | The '+' and '-' signs before the section headers in details facet are now enclosed in square brackets. The section content is now hidden/shown using slideToggle(). The ipa_details_create() and ipa_details_setup() have been moved into ipa_details_facet.
* SUDO adjustmentsEndi S. Dewata2010-12-0914-255/+1575
| | | | | | | | | | | | | | | | | | | | | | | | | The SUDO rule details facet has been updated to support the latest UI spec. The facet consists of 5 sections: general, users, hosts, commands, and run-as. The general section contains the SUDO rule description and status. If the status is changed, the sudorule-enable/disable will be invoked. The other sections contain radio buttons for the association category and tables for the members. When a member is added or removed, the category will be adjusted appropriately. If the category is changed to 'all', 'allow', or 'deny', all members will be removed. The last section is currently not working because backend support is not yet available. The adder dialog boxes for users, groups, and hosts has been modified to accept external identities. The layout for the base adder dialog was updated. The base dialog class was updated to support templates. The SUDO dialog boxes were implemented using templates. New CSS classes were added to ipa.css. The HBAC rule details facet has been updated as well.
* Move ntp configuration up top.Simo Sorce2010-12-091-9/+10
| | | | | | | Also move down some dsinstance related operation close to other dsinstance operations. Fixes: https://fedorahosted.org/freeipa/ticket/595
* ipaHomesRootDir was changes to an IA5 string, change the matching rule tooRob Crittenden2010-12-081-1/+1
|
* remove URL from error messages.Adam Young2010-12-081-1/+0
| | | | URL was always ipa/json. This means nothing to the end user.
* Make pkinit setup optional in ipa-replica-prepare too.Simo Sorce2010-12-082-5/+15
| | | | | | Also add fixes for ipa-replica-install as that had issues too. Fixes: https://fedorahosted.org/freeipa/ticket/527
* Navigation updatesEndi S. Dewata2010-12-078-86/+89
| | | | | | | | | | | | | | | The entity.default_facet has been removed, instead the first facet registered to the entity will be considered as the default facet. So, the 'setup' parameter has been removed from tab definitions because it's no longer necessary. The ipa_details_only_setup() has been removed as well. An 'entity' parameter has been added to tab definitions to specify which entity corresponds to a tab item. The tab label has been changed to use entity label if available. Some hard-coded labels have been removed. The unit tests have been updated.
* Add new parameter type IA5Str and use this to enforce the right charset.Rob Crittenden2010-12-071-1/+1
| | | | ticket 496
* nested entity navigation Made the mechanism for caluculating nested eneties ↵Adam Young2010-12-071-3/+5
| | | | more general, so that we don't have to hard code for SUDO and HBAC, and now to support ACI
* Give back smaller and more readable ranges by default.Simo Sorce2010-12-071-5/+6
| | | | | | | Instead of allocating a completely random start between 1M and 2G and a range of 1M values, give 10000 possible 200k ranges. They all start at a 200k boundary so they generate more readable IDs, at least until there arent't too many users/replicas involved.
* Dialog i18nEndi S. Dewata2010-12-0617-137/+74
| | | | | | | | | | The ipa_add_dialog has been fixed to initialize the fields which will get the labels from metadata. Hard-coded labels have been removed from field declarations. The superior() method has been removed because it doesn't work with multi-level inheritance. Superclass method for now is called using <class name>_<method> (e.g. widget_init).
* SUDO Command Groups adjustmentsEndi S. Dewata2010-12-062-12/+18
| | | | | The association facet for SUDO Command Groups has been removed and replaced with an association table in the details page.
* Column i18nEndi S. Dewata2010-12-0613-127/+1932
| | | | | | | | | | The ipa_column has been modified to get the label from metadata during initialization. The ipa_table_widget has been modified to initialize the columns. Hard-coded labels have been removed from column declarations. The ipa_adder_dialog has been modified to execute a search at the end of setup.
* HBAC Service Groups adjustmentsEndi S. Dewata2010-12-0612-377/+403
| | | | | | | | | | | | | | The association facet for HBAC Service Groups has been removed and replaced with an association table in the details page. The ipa_association_table_widget has been modified to support multiple columns in the table itself and in the adder dialog. The ipa_association_adder_dialog and ipa_association_facet have been refactored. The ipa_sudorule_association_widget and ipa_rule_association_widget has been removed because their functionalities have been merged into ipa_association_table_widget.
* entity i18nAdam Young2010-12-0611-226/+375
| | | | | | | | | | | Updated the user,group,host, hostgroup, netgroup, service, and all policy entities to use the newer framework functions, in order to replaced the old array style definitions which did not support i18n. update a few of the newer framerwork functions to get the lables from the meta data. Fixed the unit tests which were expecting a details facet for users, no longer automatically created
* Provide list of available attributes for use in ACI UI.Rob Crittenden2010-12-031-1/+0
| | | | | | | Also include flag indicating whether the object is bindable. This will be used to determine if the object can have a selfservice ACI. ticket 446
* Fixed association linksEndi S. Dewata2010-12-037-9/+30
| | | | | | | | | | | | | | | | | | | The create_association_facets() has been modified such that it does not generate duplicate links. This is done by assigning the proper labels and hiding non-assignable associations. Each association will get a label based on the attribute used: - memberof: Membership in <entity name> - member.*: <entity name> Members - managedby: Managed by <entity name> The following associations will be hidden: - memberindirect - enrolledby The internal.py was modified to return localized labels. The test data has been updated.
* Removed HBAC Access TimeEndi S. Dewata2010-12-031-14/+2
| | | | | The interface for access time has been removed from HBAC details page. The code has been commented out, but not removed.
generated by cgit (git 2.34.1) at 2024-05-19 07:49:18 +0000