summaryrefslogtreecommitdiffstats
path: root/ipa-python
Commit message (Collapse)AuthorAgeFilesLines
* Fix the case where domain != lower(REALM)Simo Sorce2008-05-291-16/+41
| | | | | add the domain to the ipa.conf file for apps that need to know This should fix a bug in the replica setup
* Enforce the maximum username length set by IPA PolicyRob Crittenden2008-05-141-0/+5
| | | | 439891
* Fix existence check, default_server is an array so we need toSimo Sorce2008-05-101-2/+2
| | | | check its length to determine if it is empty
* Don't allow the IPA server service principals to be removed.Rob Crittenden2008-05-081-0/+5
| | | | 440282
* Second half of the redoing how the version is managed.Rob Crittenden2008-05-071-1/+1
|
* Fix a bug in our dns library, do not return the query as a reply if 0 ↵Simo Sorce2008-05-071-7/+5
| | | | replies were returned.
* Refine our web space some more so that everything we reference is in /ipaRob Crittenden2008-05-071-1/+1
| | | | | | | | | | | | | | | UI: /ipa/ui XML-RPC: /ipa/xml errors: /ipa/errors config: /ipa/config I had to hardcode that URI into the CSS pages but TurboGears handles the rest of the translations with tg.url(). Added a version to ipa.conf and ipa-rewrite.conf so we can update them in the future if needed with ipa-upgradeconfig 440443
* Redo the way versioning works in freeIPA.Rob Crittenden2008-05-052-82/+0
| | | | | | | | | | | | | | | | | The file VERSION is now the sole-source of versioning. The generated .spec files will been removed in the maintainer-clean targets and have been removed from the repository. By default a GIT build is done. To do a non-GIT build do: $ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no When updating the version you can run this to regenerate the version: $ make version-update The version can be determined in Python by using ipaserver.version.VERSION
* Fix the client-side search size limit.Rob Crittenden2008-04-252-20/+20
| | | | | | | | | | | | | | I've changed the variable name searchlimit to sizelimit to match the name in python-ldap (and hopefully therefore be more readable). The big change was changing the default value from 0 to -1. As 0 we were never using the value from cn=ipaconfig python-ldap expects this to be an int type In the UI sizelimit was hardcoded at 0 for users 439880
* Add --verbose option so the HTTP headers and XML request/response can be seen.Rob Crittenden2008-04-252-5/+9
| | | | | | | Also re-do the way modules are imported. I was attemping to have ^C handled gracefully but the way I did it could mask other problems. 443987
* Become version 1.0.0release-1-0-0Rob Crittenden2008-04-162-1/+7
|
* Make sure we use the configured server in ipa.conf first, andSimo Sorce2008-04-091-28/+23
| | | | fallback to the discovered ones only if that's not available
* Don't allow the admin user to be removed from the admins group.Rob Crittenden2008-04-041-0/+5
| | | | 439281
* Add missing normalizeDN() when removing members from a group.Rob Crittenden2008-04-041-0/+5
| | | | 438387
* Sysrestore fixes.Simo Sorce2008-03-311-44/+42
| | | | | | | Latest patch used the wrong path and all files where actually going to /tmp even if a different path was specified. Makes also StateFile behave the same as FileStore, and be a public class, this way a common path can be used too.
* Fix account activation.Rob Crittenden2008-03-311-0/+25
| | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230
* Move sysrestore to ipa-python so it can be used by client scripts too.Simo Sorce2008-03-271-0/+319
| | | | | | Change backup format so files are all in a single directory (no dir hierarchies) and use an index file so we can save also ownership and permission info for the restore (and eventually other data later on).
* Don't allow the admin user to be removed using the XML-RPC Interface.Rob Crittenden2008-03-281-0/+5
| | | | | | If a site really wants it gone then can delete it via LDAP. 439281
* When getting members let user indicate what type of member they want.Rob Crittenden2008-03-272-4/+4
| | | | | | | | | | The memberOf attribute includes members that are directly in the group via the "member" attribute and those that are included as a result of being in a group that is in the group. The UI needs to be able to distinguish between the two. 438706
* Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml.Rob Crittenden2008-03-241-1/+1
| | | | 438021
* Allow the realm to be included in the name passed to add_service_principal()Rob Crittenden2008-03-171-0/+5
| | | | | | | This is more kerberos-like and it doesn't hurt anything, we just won't allow realms other than our own to be used. 437566
* Don't define bogus realm/server in configuration file by defaultRob Crittenden2008-03-172-4/+4
| | | | | | | Add default exception handler to avoid backtraces in cmdline tools Enhance error message when the IPA server or realm can't be found 437565
* Require that the hostname is a DNS A record and that the forward and reverseRob Crittenden2008-03-031-0/+1
| | | | | | match. 433515
* Close all fds when running another program. This fixes the SELinux AVCs.Rob Crittenden2008-03-031-1/+1
| | | | | | Put installation log files into /var/log. 430024
* Do argument type checking in the XML-RPC interfaceRob Crittenden2008-02-291-0/+5
| | | | | Fix error in service principals where the service wasn't being removed before doing the DNS lookup.
* - Centralize try/except so the entire program is covered. This make itRob Crittenden2008-02-271-0/+12
| | | | | | | possible to catch KeyboardInterrupt during the import process. - Add function for handling python differences with GSSError 434798
* The admins group cannot be renamed.Rob Crittenden2008-02-271-0/+5
| | | | 433880
* Require that service principals resolve to a DNS A record.Rob Crittenden2008-02-263-4/+9
| | | | | | There is a --force option for those who know what they are doing. 433483
* Add failover to the XML-RPC clientRob Crittenden2008-02-222-10/+31
| | | | 433506
* Don't allow a group to be a member of itself.Rob Crittenden2008-02-221-0/+5
| | | | 434542
* Command-line utility to manage password policyRob Crittenden2008-02-251-1/+1
| | | | 432814
* Become freeipa-0.99.0Rob Crittenden2008-02-212-3/+9
|
* Handle input range properly and catch KeyboardInterrupt and exit gracefullyRob Crittenden2008-02-201-7/+16
| | | | 433496
* Use ldap_explode_dn instead of ldap_str2dn so we can use python-ldap 2.2.0Rob Crittenden2008-02-111-5/+4
|
* Don't set blank values so we don't end up with empty attributesRob Crittenden2008-01-301-0/+21
| | | | Resolves 429895
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-0417-14/+81
|
* Marked with wrong license. IPA is GPLv2.Rob Crittenden2008-01-312-8/+14
|
* Fix not so random random passwordsMark McLoughlin2008-01-221-4/+2
| | | | | | | | | | | | | | If you run ipa_generate_password() multiple times, one after the other, then you get the same password each time. This is because it uses the current time to seed the pseudo random number generator. The easiest solution is to just use the default method which seeds itself from /dev/urandom if available, and uses a fractional time value otherwise. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Use Fedora package names for PyKerberos (python-kerberos) and pyasn1Rob Crittenden2008-01-242-6/+12
| | | | (python-pyasn1) for the specfile Requires.
* Add a copy of the LICENSE and populate some README'sRob Crittenden2008-01-231-0/+30
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-185-18/+17
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Add service.is_enabled() helperMark McLoughlin2008-01-111-0/+2
| | | | | | Add a simple helper to check whether a service is enabled. Signed-off-by: Mark McLoughlin <markmc@redhat.com>
* Service principal deletionRob Crittenden2008-01-112-0/+15
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-042-0/+22
| | | | easier to use.
* Update versions for release.Karl MacMillan2007-12-213-3/+9
|
* Merge.Karl MacMillan2007-12-188-44/+16
|\
| * Fix ipa-python packagingMark McLoughlin2007-12-133-9/+3
| | | | | | | | | | | | | | | | | | | | | | Latest Fedora 9 python distutils generates .egg-info files; follow the recommendation at: http://fedoraproject.org/wiki/Packaging/Python/Eggs and just package everything under %{python_sitelib}/ Signed-off-by: Mark McLoughlin <markmc@redhat.com>
| * Move radius server components into a separate package.Karl MacMillan2007-12-122-1/+2
| |
| * Make the old entry option in update_*, check for empty parameters andRob Crittenden2007-12-113-34/+11
| | | | | | | | fix some problems reported by pychecker.
* | Cleanup from radius merge.Karl MacMillan2007-12-111-1/+1
|/
generated by cgit (git 2.34.1) at 2024-05-18 17:28:28 +0000