Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Fix incorrect form label | Rob Crittenden | 2008-02-14 | 1 | -1/+1 | |
| | | | | Resolves 432731 | |||||
* | Generate the multi-value entries needed when redirecting to the edit_user | Rob Crittenden | 2008-02-08 | 1 | -24/+39 | |
| | | | | | | page. This avoids a Nonetype error. Resolves 432106 | |||||
* | Install principalshow.kid | Rob Crittenden | 2008-02-08 | 1 | -0/+1 | |
| | ||||||
* | Don't set blank values so we don't end up with empty attributes | Rob Crittenden | 2008-01-30 | 1 | -70/+70 | |
| | | | | Resolves 429895 | |||||
* | Set the license uniformly to GPLv2 only. | Rob Crittenden | 2008-02-04 | 62 | -7/+1046 | |
| | ||||||
* | Create /var/run/<process>.pid to play nicers with the start scripts | Rob Crittenden | 2008-02-06 | 2 | -2/+23 | |
| | | | | Need to start ipa_webgui as root and drop privs in order to write in /var/run | |||||
* | Use orig_user_dict to get krbprincipalname when changing passwords. | Rob Crittenden | 2008-01-31 | 1 | -1/+6 | |
| | | | | Add an extra exception handler so we don't return a 500 on errors. | |||||
* | Enable logging so we can catch startup errors either in the console or | Rob Crittenden | 2008-01-30 | 1 | -3/+51 | |
| | | | | | | the error log. Add a foreground and debug flag Resolves 430011 | |||||
* | Listen only on the localhost interface | Rob Crittenden | 2008-01-25 | 1 | -0/+4 | |
| | | | | Resolves bz 430191 | |||||
* | Dropped the last 's' in the sessions cache directory | Rob Crittenden | 2008-01-24 | 1 | -1/+1 | |
| | ||||||
* | Major mistake on my part by adding sessions to the wrong place. This broke | Rob Crittenden | 2008-01-24 | 1 | -1/+1 | |
| | | | | ipa_webgui. | |||||
* | Enable server-side sessions. It is currently using files for sessions. | Rob Crittenden | 2008-01-23 | 4 | -1/+25 | |
| | ||||||
* | Fix issues reported by rpmlint. | Rob Crittenden | 2008-01-18 | 4 | -18/+24 | |
| | | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python | |||||
* | Service principal deletion | Rob Crittenden | 2008-01-11 | 3 | -2/+102 | |
| | ||||||
* | Run ipa-webgui as apache and not as root | Rob Crittenden | 2008-01-11 | 1 | -1/+3 | |
| | ||||||
* | Make button test consistent with rest of page | Rob Crittenden | 2008-01-07 | 1 | -1/+1 | |
| | ||||||
* | Finishe removing previous code to fetch keytabs | Simo Sorce | 2007-12-21 | 2 | -32/+1 | |
| | ||||||
* | Allow for direct entry of group names when creating delegations. | Rob Crittenden | 2007-12-13 | 2 | -2/+28 | |
| | | | | | | | | | This requires a bit of trickery. I use the onblur() javascript function to note when the field is left and store whatever was entered there. Then when the page is submitted if a dn doesn't exist for that field but they did enter something, do a lookup to see if there is a group by that name. | |||||
* | Fix the UI indicators for mandatory fields. | Rob Crittenden | 2007-12-12 | 3 | -4/+12 | |
| | | | | | The source and target groups weren't highlighted but the entire block of checkboxes was and it looked absolutely horrible. | |||||
* | Return a proper error code from ipa-webgui so that | Karl MacMillan | 2007-12-12 | 1 | -31/+38 | |
| | | | | | the init script can indicate when the service fails to start. | |||||
* | Change from "Common Name" to "Full Name" | Rob Crittenden | 2007-12-11 | 1 | -2/+2 | |
| | ||||||
* | Prompt user before downloading a keytab that this will create a new secret, | Rob Crittenden | 2007-12-06 | 1 | -1/+9 | |
| | | | | breaking any existing keytabs for that principal. | |||||
* | Use more common names for first and last name labels | Rob Crittenden | 2007-12-10 | 1 | -2/+2 | |
| | ||||||
* | Move the sort arrow to the left of the column title and don't overlap the text | Rob Crittenden | 2007-12-10 | 1 | -2/+2 | |
| | ||||||
* | Use title case for field labels | Rob Crittenden | 2007-12-10 | 1 | -5/+5 | |
| | ||||||
* | Fix delegation in the UI and add a missing aci that allows writes. | Rob Crittenden | 2007-12-07 | 1 | -1/+1 | |
| | | | | Make ipa-deldelegation more user-friendly. | |||||
* | Add default e-mail domain to the IPA configuration | Rob Crittenden | 2007-12-10 | 5 | -4/+31 | |
| | ||||||
* | Add principal management templates | Rob Crittenden | 2007-12-10 | 1 | -0/+4 | |
| | ||||||
* | Install principal edit page files. | Karl MacMillan | 2007-12-08 | 2 | -0/+2 | |
| | ||||||
* | Add back in some CSS that was removed in the big UI update. | Rob Crittenden | 2007-12-05 | 1 | -0/+17 | |
| | | | | This adds back required field colors and colored error and warning msgs. | |||||
* | The uid_hidden field needs to be retained until after validation succeeds | Rob Crittenden | 2007-12-06 | 1 | -6/+6 | |
| | | | | | otherwise if it ever fails, uid_hidden will be lost which can cause uid to not be set which cascades into lots of other errors. | |||||
* | Make uid an editable field in the Edit UI so we can do RDN changes | Rob Crittenden | 2007-12-06 | 6 | -17/+43 | |
| | | | | | | | Fix group RDN changes Remove a copy/paste error in the group UI update that caused 2 updates Fix variable name so groups don't get user objectclasses Remove color CSS for field backgrounds as they override disabled field display | |||||
* | Add some javascript so we can put focus on the first field of the page. | Rob Crittenden | 2007-12-06 | 4 | -0/+18 | |
| | ||||||
* | Add 'Edit Policy' button at top of page. | Rob Crittenden | 2007-12-06 | 1 | -0/+3 | |
| | ||||||
* | Always show the edit link on your own record | Rob Crittenden | 2007-12-06 | 1 | -2/+2 | |
| | ||||||
* | Add UI for service principal creation and keytab retrieval | Rob Crittenden | 2007-12-05 | 8 | -1/+393 | |
| | ||||||
* | Phase 1 of allowing admins to set the default object classes for users & groups | Rob Crittenden | 2007-12-04 | 6 | -53/+198 | |
| | | | | | | | This adds the UI and does error checking of the selected object classes but it doesn't actually use the values yet. It also generalizes some functions for doing multi-valued fields. | |||||
* | Groups may be iterated over so should be an empty list, not None | Rob Crittenden | 2007-12-05 | 1 | -1/+1 | |
| | ||||||
* | Convert krbmaxpwdlife and krbminpwdlife from seconds into days and hours | Rob Crittenden | 2007-12-03 | 1 | -2/+2 | |
| | ||||||
* | Compatibility changes to work on RHEL 5 with python 2.4 | rcritten@redhat.com | 2007-11-30 | 4 | -5/+5 | |
| | ||||||
* | Require that the default users group exists | Rob Crittenden | 2007-11-30 | 1 | -2/+2 | |
| | | | | Fix some copy-paste errors from the password policy update | |||||
* | Change the password expiration message to be more precise. | Rob Crittenden | 2007-11-29 | 2 | -4/+4 | |
| | ||||||
* | Add ipa-python to maintainer-clean and clean up .pyc files | Rob Crittenden | 2007-11-28 | 13 | -0/+13 | |
| | ||||||
* | Use same tzinfo as the time parser to avoid TypeError from being thrown | Rob Crittenden | 2007-11-21 | 1 | -1/+1 | |
| | ||||||
* | Enable group inactivation by using the Class of Service plugin. | Rob Crittenden | 2007-11-20 | 7 | -14/+82 | |
| | | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active. | |||||
* | Implement the password policy UI and finish IPA policy UI | Rob Crittenden | 2007-11-16 | 6 | -86/+328 | |
| | | | | | | | | | | | | | | | | | | This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization. | |||||
* | Replace references to Person and People with User and Users | Rob Crittenden | 2007-11-15 | 9 | -25/+25 | |
| | ||||||
* | Make the group cn an editable field though protected by default. | Rob Crittenden | 2007-11-14 | 3 | -26/+26 | |
| | | | | Fix some issues with the multi-value to single-value reversion. | |||||
* | Include multi-value fields on the Add Person page | Rob Crittenden | 2007-11-14 | 7 | -117/+241 | |
| | | | | Remove multi-valued cn from groups | |||||
* | Add an editors group. This is used to generally grant access for users | Rob Crittenden | 2007-11-14 | 9 | -47/+52 | |
| | | | | | | | | to edit other users (the Edit link won't appear otherwise). Additional delegation is need to grant permission to individual attributes. Update the failed login page to indicate that it is a permission issue. Don't allow access to policy at all for non-admins. By default users can only edit themselves. |