| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
The SUDO details page has been modified to support external users
and hosts. In the backend, the internal and external users are kept
in separate attributes, but in the UI they will be displayed as a
single list. The same thing is done for hosts.
The ipa_sudorule_association_adder_dialog() has been modified such
that it only displays the external field if there is an external
attribute for that field.
|
|
|
|
|
| |
The SUDO details page has been modified to match the attribute
names for run-as attributes.
|
|
|
|
|
| |
The dialog boxes for SUDO details page have been modified
to generate the HTML code by default.
|
| |
|
| |
|
|
|
|
| |
user assocaitions had been removed. This adds them back in.
|
|
|
|
|
|
|
|
|
|
|
|
| |
TAKE 1
- Enrollement links in the action panel are now sorted by relationships.
- You can only enroll members.
(The webUI made the impression you can enroll parents as well, but it was
broken.)
- When enrolling new members, you can choose not to display already enrolled
ones. (On by default.)
- Couple cosmetic changes.
|
|
|
|
|
|
|
|
|
|
| |
To support group-based account disablement we created a Class of Service
where group membership controlled whether an account was active or not.
Since we aren't doing group-based account locking drop that and use
nsaccountlock directly.
ticket 568
|
|
|
|
|
|
|
| |
This will prevent certmonger failures. On very minimal installs it seems
that messagebus is not always started.
ticket 528
|
|
|
|
| |
Fix #685
|
|
|
|
|
|
| |
Don't close the dialog if the add fails and the user clickes
add and edit
fixes. https://fedorahosted.org/freeipa/ticket/663
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/653
|
|
|
|
|
|
| |
This field does not exist
https://fedorahosted.org/freeipa/ticket/677
|
|
|
|
| |
The way we store the user object returned from user-find --whoami changed, and this code was not updated
|
|
|
|
| |
since automount is not yet implemented, remove it from the menu
|
|
|
|
|
|
| |
The filter field on aci add is hidden, and prefilled with an object class that doesn't exist.
Fixed the error where the other fields were removed
|
| |
|
|
|
|
| |
ticket 638
|
| |
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/627
|
|
|
|
|
|
|
| |
Currently the code depends on using a password to create replication
agreements. so this patch forces the request of the dirmgr password until we
can fix the internal issues that prevent using the amdin user with SASL/GSSAPI
to create replication agreements.
|
|
|
|
|
|
|
|
| |
The previous code was removing only one agreement, leaving all other in place.
This would leave dangling replication agreements once the replica is
uninstalled.
Fixes: https://fedorahosted.org/freeipa/ticket/624
|
|
|
|
| |
is a one liner to fix.
|
|
|
|
|
|
|
|
| |
These commands can now be run exclusively o the replica that needs to be
resynced or reinitialized and the --from command must be used to tell from
which other replica it can will pull data.
Fixes: https://fedorahosted.org/freeipa/ticket/626
|
|
|
|
|
|
|
|
|
| |
Part of this fix requires also giving proper permission to change the
replication agreements root.
While there also fix replica-related permissions to have the classic
add/modify/remove triplet of permissions.
Fixes: https://fedorahosted.org/freeipa/ticket/630
|
|
|
|
|
|
|
| |
if ipa-replica-manage list is given a master name as argument then the tool
has the old behavior of listing that specific master replication agreements
Fixes: https://fedorahosted.org/freeipa/ticket/625
|
|
|
|
|
|
| |
This change also improves command syntax parsing
Fixes: https://fedorahosted.org/freeipa/ticket/623
|
|
|
|
|
|
|
|
| |
Can remove replication agreements between 2 replicas as long as it is
not the last agreement (except for Ad replication agreements, which can
always be removed).
Fixes: https://fedorahosted.org/freeipa/ticket/551
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/550
|
|
|
|
| |
Fixes: https://fedorahosted.org/freeipa/ticket/617
|
|
|
|
| |
Fixes the delegation add dialog
|
|
|
|
|
|
|
|
|
|
|
|
| |
The metadata contains a list of possible attributes that an ACI for that
object might need. Add a new variable to hold possible objectclasses for
optional elements (like posixGroup for groups).
To make the list easier to handle sort it and make it all lower-case.
Fix a couple of missed camel-case attributes in the default ACI list.
ticket 641
|
|
|
|
| |
the memberHost attribute is not also a mepOriginEntry, proceed as before - if a hostgroup named by the memberHost attribute is also a mepOriginEntry, read its "cn" attribute, prepend a "+" to it, and call it done
|
|
|
|
| |
don't bother looking for members of netgroups by looking for entries which list "memberOf: $netgroup" -- the netgroup should list them as "member" values - use newer slapi-nis functionality to produce cn=sudoers - drop the real cn=sudoers container to make room for the compat container
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implements the role, privilege, permission, delegation and selfservice entities ui.
Targetgroup has been added to the object types.
The groups lists need to be filter. The filter is currently hidden, with a
hyperlink that reads 'filter' to unhide it. Each keystroke in this filter
performs an AJAX request to the server.
There are bugs on the server side that block some of the functionality from
completing
Creating a Permission requires one of 4 target types. The add dialog in this
version assumes the user will want to create a filter type. They can change
this on the edit page.
Most search results come back with the values as arrays, but ACIs seem not to.
Search and details both required special code to handle non-arrays.
The unit tests now make use of the 'module' aspect of QUnit. This means that
future unit test will also need to specify the module. The advantage is that
multiple tests can share a common setup and teardown.
Bugs that need to be fixed before this works 100% are
https://fedorahosted.org/freeipa/ticket/634
https://fedorahosted.org/freeipa/ticket/633
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The changes include:
* Change license blobs in source files to mention GPLv3+ not GPLv2 only
* Add GPLv3+ license text
* Package COPYING not LICENSE as the license blobs (even the old ones)
mention COPYING specifically, it is also more common, I think
https://fedorahosted.org/freeipa/ticket/239
|
| |
|
|
|
|
|
|
|
|
|
| |
Notable changes include:
* parse AAAA records in dnsclient
* also ask for AAAA records when verifying FQDN
* do not use functions that are not IPv6 aware - notably socket.gethostbyname()
The complete list of functions was taken from http://www.akkadia.org/drepper/userapi-ipv6.html
section "Interface Checklist"
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We keep LDAP attributes lower-case elsewhere in the API we should do the
same with all access controls.
There were two ACIs pointing at the manage_host_keytab permission. This
isn't allowed in general and we have decided separately to not clear out
enrolledBy when a host is unenrolled so dropping it is the obvious thing
to do.
ticket 597
|
|
|
|
| |
ticket 502
|
|
|
|
|
| |
There is no need for these to be done as updates, just add these entries
to the bootstrapping.
|
|
|
|
|
|
|
|
|
|
| |
The change_password permission was too broad, limit it to users.
The DNS access controls rolled everything into a single ACI. I broke
it out into separate ACIs for add, delete and add. I also added a new
dns type for the permission plugin.
ticket 628
|
|
|
|
|
|
|
| |
- Skip the DNS tests if DNS isn't configured
- Add new attributes to user entries (displayname, cn and initials)
- Make the nsaccountlock value consistent
- Fix the cert subject for cert tests
|
|
|
|
| |
Was origially KInit but the command is kinit
|
|
|
|
| |
Change the link in the error message to the one that will actually fix the problem
|
| |
|
|
|
|
| |
ticket 599
|