summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server/ipaxmlrpc.py
Commit message (Collapse)AuthorAgeFilesLines
* Set default logging level to INFO (still logs to Apache)Rob Crittenden2008-05-281-12/+19
| | | | Add function entry log for the core IPA XML-RPC functions.
* Add a version API to the server so it knows what version it is.Rob Crittenden2008-05-081-0/+1
| | | | 435019
* Add failover to the XML-RPC clientRob Crittenden2008-02-221-0/+5
| | | | 433506
* Syntax error, ')' in the worng place throws nasty 500 errors on ldap errors :)Simo Sorce2008-02-211-1/+1
|
* Fix bug that prevented single-character fieldsRob Crittenden2008-02-111-2/+2
| | | | | | | | | | Fix bug in exception handling where we were sending the wrong thing as detail. Basically we were catching an LDAP error, generating an IPAError from it, catching that, then setting the detail of the 2nd exception to another IPAError rather than the root exception. This caused anything looking at e.detail to crap out Resolves 432136
* Fix issues reported by rpmlint.Rob Crittenden2008-01-181-3/+1
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Service principal deletionRob Crittenden2008-01-111-0/+1
|
* Remove registration of get_keytabRob Crittenden2008-01-031-1/+0
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-041-0/+1
| | | | easier to use.
* Tie the logging module to 'PythonOption IPADebug' in /etc/httpd/conf.d/ipa.confRob Crittenden2007-12-111-5/+9
|
* Merge.Karl MacMillan2007-12-111-0/+1
|\
| * Add UI for service principal creation and keytab retrievalRob Crittenden2007-12-051-0/+1
| |
* | merged radius work with latest mainline tipJohn Dennis2007-11-281-10/+20
|\|
| * Add xml-rpc interface for getting keytabs.Karl MacMillan2007-11-211-0/+2
| | | | | | | | Warning: this lacks any sort of authorization.
| * Enable group inactivation by using the Class of Service plugin.Rob Crittenden2007-11-201-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active.
| * Implement the password policy UI and finish IPA policy UIRob Crittenden2007-11-161-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization.
| * Don't continue if a kerberos credentials cache is not availableRob Crittenden2007-11-091-8/+8
| | | | | | | | | | forked-model detection was incorrect. Both of these return an error instead of raising one
* | Add radius profile implementations:John Dennis2007-11-211-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | get_radius_profile_by_uid add_radius_profile update_radius_profile delete_radius_profile find_radius_profiles Rewrite command line arg handling, now support pair entry, interactive mode with auto completion, reading pairs from a file, better handling of mandatory values, better help, long arg names now match attribute name in pairs Establish mappings for all attributes and names used in clients and profiles Add notion of containers to radius clients and profiles in LDAP Move common code, variables, constants, and strings into the files radius_client.py, radius_util.py, ipautil.py to eliminate redundant elements which could get out of sync if modified and to provide access to other code which might benefit from using these items in the future. Add utility functions: format_list() parse_key_value_pairs() Add utility class: AttributeValueCompleter Unify attribute usage in radius ldap schema
* | add ipa-findradiusclient searchJohn Dennis2007-11-141-0/+1
| |
* | radius client modify and delete workJohn Dennis2007-11-141-0/+3
| |
* | ipa-addradiusclient now workingJohn Dennis2007-11-131-0/+1
|/
* Rename memberOf to group_members in xml-rpc interface.Karl MacMillan2007-10-311-1/+1
|
* Add memberOf API call to the XML-RPC interfaceRob Crittenden2007-10-301-0/+1
| | | | Make find-groups use memberOf to have a prettier dispaly of members
* Add an LDAP attribute -> label mapping function to XML-RPC layerRob Crittenden2007-10-221-0/+1
| | | | Move some ACI functions around in preparation for cli delegation
* Finish the email autosuggest.Kevin McCarthy2007-10-181-0/+1
| | | | | For now I've added a new API call. The field-specific searching is a ways off.
* Creates an update_entry api call, aliases update_user and update_group to it.Kevin McCarthy2007-10-151-0/+1
|
* Adds delegation listing and creation to the GUI.Kevin McCarthy2007-10-121-0/+1
|
* Combine get_user/group by dn/cn into get_entry_by_cn/dn.Kevin McCarthy2007-10-091-3/+2
| | | | Also a couple double-escaping fixes I missed in the last patch.
* Rely more on kerberos.Simo Sorce2007-10-011-0/+1
| | | | | | | Don't read ipa.conf to get the realm, the kerberos libs do that for you. Use the krbPrincipalName to change passwords Make it possible to specify the principal at user creation. Mail is not a required attribute so far, don't require it.
* Add group management to the user edit page.Kevin McCarthy2007-09-281-0/+2
| | | | Added a couple more API calls to make the inverse operations easier.
* Don't include opts in any public argument lists. It is used internally only.rcritten@redhat.com2007-10-011-0/+3
|
* Adds methods to manipulate groups by dns.Kevin McCarthy2007-09-261-0/+4
| | | | | Renamed some of the user_group parameters to be self-evident. Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
* Fix a couple of XML-RPC functions that were missing the opts argumentrcritten@redhat.com2007-09-261-4/+4
| | | | Include a kerberized XML-RPC client that will list the XML-RPC API
* Adds manager and direct reports to usershow page.Kevin McCarthy2007-09-251-0/+1
| | | | Fixes a bug with the group by member where is wasn't trapping not found errors.
* Show the list of groups a user belongs to.Kevin McCarthy2007-09-251-0/+1
|
* Print the request environment for debugging purposes.rcritten@redhat.com2007-09-241-0/+11
|
* Enable LDAP debugging using the mod_python Apache configuration directivercritten@redhat.com2007-09-211-0/+4
| | | | PythonOption IPADebug On/Off
* Use ticket forwarding with TurboGears. mod_proxy forwards the principalrcritten@redhat.com2007-09-141-1/+1
| | | | | | name and location of the keytab. In order for this keytab to be usable TurboGears and Apache will need to run as the same user. We will also need to listen only on localhost in TG.
* Add function to allow user's to set/reset their kerberos passwordrcritten@redhat.com2007-09-111-0/+1
| | | | Remove some unused calls to retrieve the current realm
* Enable LDAP SASL authentication using a forwarded kerberos ticketrcritten@redhat.com2007-09-051-3/+9
| | | | | | Handle both SASL auth and proxied authentication Refactor LDAP connection code to be simpler Other small bug fixes
* Implement delete users and groupsrcritten@redhat.com2007-08-281-0/+3
| | | | | | Implement adding a group to a group Some other small fixups Add new cmd-line tool ipa-delgroup
* This patch wraps binary data in an xmlrpclib Binary object. ThisKarl MacMillan2007-08-281-3/+3
| | | | | | | | removes the need for LDIF conversion. It will make TurboGears direct code faster, but should keep xmlrpc about the same speed. The patch also swaps out ldap.cidict for the IPA CIDict class. IPA code should only use the CIDict class now.
* Fix minor error in previous patch.Karl MacMillan2007-08-281-1/+1
|
* Include any LDAP error strings in XML-RPC Fault exceptionsrcritten@redhat.com2007-08-271-1/+7
| | | | Put a try/except around attempts to determine user uniqueness
* Initial support for Groupsrcritten@redhat.com2007-08-241-0/+9
| | | | | | | | | Create separate object for Users and Groups (using same base class) Check for uniqueness before adding new users and groups Remove user_container from everything but add operations Abstract out a number of functions that are common across users and groups Make sure all strings passed in to be in a filter are checked Add new error message: No modifications specified
* Handle optional arguments by using the value __NONE__ over XML-RPC.rcritten@redhat.com2007-08-231-5/+12
| | | | | | | | | | | | | | | | | rpcclient.py must call XML-RPC functions with all arguments. Removed encode_args and decode_args. They were the source of most of the argument pain. Now opts is alwyas appended to the end of the arguments so MUST be the last argument in any server-side function (can be None) Allow the User object to handle unicode data Small fixes to command-line tools to be friendlier Broke out get_user() into get_user_by_dn() and get_user_by_uid() Need to request more than just 'nsAccountLock' attribute when trying to see if a user is already marked deleted. If it is blank the record coming back is empty. Add 'uid' to the list to guarantee something coming back (dn is handled specially) Added user_container attribute to get_user_* and add_user so the caller can specify where in the tree the user will be searched for/added. Added global default value for user_container
* Create ipaerror module.Kevin McCarthy2007-08-221-2/+4
| | | | | | Move LDAPError trapping/conversion into the ipaldap module. Fix xmlrpc layer to encode/decode ipaerrors properly. Also, implement mid-air collision exception for updates.
* Implement user inactivationrcritten@redhat.com2007-08-171-0/+1
| | | | | Comment some functions Add attribute argument to get_user()
* Ensure that the Apache server is in forked modercritten@redhat.com2007-08-141-0/+6
| | | | | Add ability to update existing users Try to prevent fetching and setting empty strings
* Basic LDAP connection poolingrcritten@redhat.com2007-08-131-0/+1
| | | | Implement user search
generated by cgit (git 2.34.1) at 2024-06-11 01:25:56 +0000