summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server
Commit message (Collapse)AuthorAgeFilesLines
* Limit the mod_rewrite rules to just /ipaRob Crittenden2008-08-211-4/+4
| | | | 459209
* Make Proxy directive wildcard match more specific so we can play nicer with ↵Rob Crittenden2008-08-141-3/+3
| | | | | | other apps. 459061
* Shift search base for users and groups to "cn=accounts, baseDN"Rob Crittenden2008-07-291-16/+18
| | | | 450552
* Change Title label to Job Title for clarityRob Crittenden2008-07-291-1/+1
| | | | 453780
* Catch correct exception when trying to find the default IPA users group and ↵Rob Crittenden2008-07-231-2/+2
| | | | | | return a more detailed error message. 455092
* Don't make the search criteria lower-case so one can do case-sensitive ↵Rob Crittenden2008-06-041-1/+0
| | | | | | searches (such as looking for HTTP principals) 449975
* Move version.py to the common ipa directory instead of being server-based so ↵Rob Crittenden2008-06-031-3/+3
| | | | | | it can be used by the client tool. Fix the client tool imports to fail more gracefully.
* Fix typo in log statementRob Crittenden2008-05-291-1/+1
| | | | 448948
* Set default logging level to INFO (still logs to Apache)Rob Crittenden2008-05-282-24/+63
| | | | Add function entry log for the core IPA XML-RPC functions.
* Ensure hostnames are lower during installation and when adding service princsRob Crittenden2008-05-201-14/+26
| | | | 447381
* Remove broken link for IE configuration and replace sample domain/realm. ↵Rob Crittenden2008-05-201-4/+7
| | | | | | | | | | Also fix some HTML errors: missing DOCTYPE, title, head. The web page actually comes up as a link in a search on Microsoft's site but the content is gone. It is possible it will come back at some point, who knows. 447445
* Enforce the maximum username length set by IPA PolicyRob Crittenden2008-05-141-0/+25
| | | | 439891
* Add a version API to the server so it knows what version it is.Rob Crittenden2008-05-082-0/+6
| | | | 435019
* Don't allow the IPA server service principals to be removed.Rob Crittenden2008-05-081-0/+3
| | | | 440282
* Refine our web space some more so that everything we reference is in /ipaRob Crittenden2008-05-073-16/+18
| | | | | | | | | | | | | | | UI: /ipa/ui XML-RPC: /ipa/xml errors: /ipa/errors config: /ipa/config I had to hardcode that URI into the CSS pages but TurboGears handles the rest of the translations with tg.url(). Added a version to ipa.conf and ipa-rewrite.conf so we can update them in the future if needed with ipa-upgradeconfig 440443
* Fix the client-side search size limit.Rob Crittenden2008-04-251-24/+24
| | | | | | | | | | | | | | I've changed the variable name searchlimit to sizelimit to match the name in python-ldap (and hopefully therefore be more readable). The big change was changing the default value from 0 to -1. As 0 we were never using the value from cn=ipaconfig python-ldap expects this to be an int type In the UI sizelimit was hardcoded at 0 for users 439880
* Catch all errors when obtaining an LDAP connection.Rob Crittenden2008-04-151-0/+2
| | | | 442582
* Don't quit trying to lock a user if they aren't in the activated group.Rob Crittenden2008-04-141-1/+5
| | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470
* Don't allow the admin user to be removed from the admins group.Rob Crittenden2008-04-041-0/+10
| | | | 439281
* Add missing normalizeDN() when removing members from a group.Rob Crittenden2008-04-041-4/+11
| | | | 438387
* Fix typo in python directive. Fixes marking a group active.Rob Crittenden2008-04-011-1/+1
| | | | 440142
* Fix crash when creating new groups. You can't iterate over a None variable.Rob Crittenden2008-04-011-0/+2
| | | | 440081
* Fix account activation.Rob Crittenden2008-03-311-6/+53
| | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230
* Don't allow the admin user to be removed using the XML-RPC Interface.Rob Crittenden2008-03-281-0/+2
| | | | | | If a site really wants it gone then can delete it via LDAP. 439281
* Do case-less comparisons when considering objectclass but store theRob Crittenden2008-03-281-3/+3
| | | | | | | | | | current value to prevent unnecessary LPAP updates (and failed writes) Don't check against these lists on updates, only add them on new entries. Disable the ability to configure in the UI these values for now. 438256
* Normalize member DN's when determining whether they are in a groupRob Crittenden2008-03-261-1/+5
| | | | | | as a direct or indirect member. 438387
* When getting members let user indicate what type of member they want.Rob Crittenden2008-03-271-4/+44
| | | | | | | | | | The memberOf attribute includes members that are directly in the group via the "member" attribute and those that are included as a result of being in a group that is in the group. The UI needs to be able to distinguish between the two. 438706
* Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml.Rob Crittenden2008-03-242-18/+14
| | | | 438021
* We are really changing the kerberos principal key and not the password whenRob Crittenden2008-03-241-4/+4
| | | | | | | | | | we do updates, so use the right terminology internally. Also fix the actual field we update (and grant permission appropriately in delegations). The DS password handles updating userPassword and any Samba passwords as necessary. 438256
* Allow the realm to be included in the name passed to add_service_principal()Rob Crittenden2008-03-171-3/+6
| | | | | | | This is more kerberos-like and it doesn't hurt anything, we just won't allow realms other than our own to be used. 437566
* Adding items to the set needs to be lower case to prevent duplicates.Rob Crittenden2008-03-101-1/+1
| | | | | | | This function was assuming that the target list was all lower-case so the set could end up with duplicate values which would get kicked out by LDAP. 433680
* Filter out K/M and krbtgt principals from the service principals list.Rob Crittenden2008-03-031-2/+3
| | | | 435713
* Do argument type checking in the XML-RPC interfaceRob Crittenden2008-02-291-60/+149
| | | | | Fix error in service principals where the service wasn't being removed before doing the DNS lookup.
* In the UI we don't want to display Edit links unless someone can actuallyRob Crittenden2008-02-271-1/+8
| | | | | | | | | | | | edit things. We use the 'editors' group for this. This group itself grants no permission other than displaying certain things in the UI. In order to be in the editors group a user must be a member of a group that is the source group in a delegation. The memberof plugin will do all the hard work to be sure that a user's memberof contains cn=editors if they are in a delegated group. 432874
* The admins group cannot be renamed.Rob Crittenden2008-02-271-0/+3
| | | | 433880
* Require that service principals resolve to a DNS A record.Rob Crittenden2008-02-261-2/+21
| | | | | | There is a --force option for those who know what they are doing. 433483
* Add failover to the XML-RPC clientRob Crittenden2008-02-222-1/+7
| | | | 433506
* Don't allow a group to be a member of itself.Rob Crittenden2008-02-221-1/+5
| | | | 434542
* Syntax error, ')' in the worng place throws nasty 500 errors on ldap errors :)Simo Sorce2008-02-211-1/+1
|
* Redirect users when they don't use the FQDN on both SSL and non-SSL portsRob Crittenden2008-02-213-12/+14
| | | | | | | We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054
* Fix bug that prevented single-character fieldsRob Crittenden2008-02-112-4/+10
| | | | | | | | | | Fix bug in exception handling where we were sending the wrong thing as detail. Basically we were catching an LDAP error, generating an IPAError from it, catching that, then setting the detail of the 2nd exception to another IPAError rather than the root exception. This caused anything looking at e.detail to crap out Resolves 432136
* Switch 'below' to 'above' to point to the right location of the CA on the pageRob Crittenden2008-02-071-1/+1
|
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-043-6/+3
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-183-7/+8
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Service principal deletionRob Crittenden2008-01-112-0/+21
|
* Remove registration of get_keytabRob Crittenden2008-01-031-1/+0
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-042-0/+8
| | | | easier to use.
* In add_service_principal() don't let the user pass in the realm.Rob Crittenden2008-01-071-0/+4
| | | | This could result in a principal of the form: service/host@something@REALM
* Finishe removing previous code to fetch keytabsSimo Sorce2007-12-211-33/+0
|
* Fix minor typo in unauthorized page.Karl MacMillan2007-12-121-1/+1
|
generated by cgit (git 2.34.1) at 2024-05-09 09:53:21 +0000