| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Warning: this lacks any sort of authorization.
|
| |
|
|
|
|
|
|
| |
specific version check on freeradius. Packages aren't
available and the freeradius support isn't ready
anyway.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
|
| |
|
| |
|
|
|
|
| |
Add -a option to ipa-findgroup to print all attributes
|
| |
|
|
|
|
|
| |
Add secretary to the list of indexes otherwise RDN changing could be slow
Port --addattr, --setattr and --delattr from usermod to groupmod
|
|
|
|
| |
default remains to inactivate them.
|
|
|
|
|
|
| |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|
|
|
|
|
|
|
| |
The current manpage installation gzips the files in
place and requests confirmation before overwriting
existing files. Add -f to prevent prompting. We
should consider not gzipping the files in place.
|
| |
|
| |
|
|
|
|
|
| |
Calling --add multiple times will accomplish the same
thing without the need for handling splits on ",".
|
| |
|
|
|
|
|
|
| |
Allow the --set/add/del options to be called multiple
times during the same invocation. Also add more robust
checking of errors.
|
|
|
|
| |
Make find-groups use memberOf to have a prettier dispaly of members
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Make sure we don't print out binary data
Remvoe any trailing white space when printing to avoid extra newlines
|
| |
|
|
|
|
| |
Also a couple double-escaping fixes I missed in the last patch.
|
|
|
|
|
| |
Add new class of errors for connections
Raise an exception if a connection cannot be made due to missing ccache
|
|
|
|
|
|
|
| |
Don't read ipa.conf to get the realm, the kerberos libs do that for you.
Use the krbPrincipalName to change passwords
Make it possible to specify the principal at user creation.
Mail is not a required attribute so far, don't require it.
|
|
|
|
|
|
|
| |
Add ipa-passwd tool
Add simple field validation package
This patch adds a package requirement, python-krbV. This is needed to
determine the current user based on their kerberos ticket.
|
| |
|
|\ |
|
| |
| |
| |
| | |
Use the filter generation code to search on multiple fields.
|
|/
|
|
| |
Remove some unused calls to retrieve the current realm
|
|
|
|
| |
field before the packet data, address the problem.
|
| |
|
| |
|
|
|
|
| |
Updated installation instructions
|
|
|
|
|
|
| |
Handle both SASL auth and proxied authentication
Refactor LDAP connection code to be simpler
Other small bug fixes
|
| |
|
|
|
|
|
|
| |
Implement adding a group to a group
Some other small fixups
Add new cmd-line tool ipa-delgroup
|
|
|
|
|
|
|
|
|
| |
Create separate object for Users and Groups (using same base class)
Check for uniqueness before adding new users and groups
Remove user_container from everything but add operations
Abstract out a number of functions that are common across users and groups
Make sure all strings passed in to be in a filter are checked
Add new error message: No modifications specified
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcclient.py must call XML-RPC functions with all arguments.
Removed encode_args and decode_args. They were the source of most of the
argument pain. Now opts is alwyas appended to the end of the arguments
so MUST be the last argument in any server-side function (can be None)
Allow the User object to handle unicode data
Small fixes to command-line tools to be friendlier
Broke out get_user() into get_user_by_dn() and get_user_by_uid()
Need to request more than just 'nsAccountLock' attribute when trying to
see if a user is already marked deleted. If it is blank the record
coming back is empty. Add 'uid' to the list to guarantee something coming
back (dn is handled specially)
Added user_container attribute to get_user_* and add_user so the caller
can specify where in the tree the user will be searched for/added.
Added global default value for user_container
|
| |
|
|
|
|
|
| |
object. Based on rcrit's original patch.
Push scalar to list value conversion inside funcs.py.
|
| |
|
| |
|