| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
459209
|
|
|
|
|
|
| |
other apps.
459061
|
|
|
|
| |
450552
|
|
|
|
| |
453780
|
|
|
|
|
|
| |
return a more detailed error message.
455092
|
|
|
|
|
|
| |
searches (such as looking for HTTP principals)
449975
|
|
|
|
|
|
| |
it can be used by the client tool.
Fix the client tool imports to fail more gracefully.
|
|
|
|
| |
448948
|
|
|
|
| |
Add function entry log for the core IPA XML-RPC functions.
|
|
|
|
| |
447381
|
|
|
|
|
|
|
|
|
|
| |
Also fix some HTML errors: missing DOCTYPE, title, head.
The web page actually comes up as a link in a search on Microsoft's site
but the content is gone. It is possible it will come back at some point, who
knows.
447445
|
|
|
|
| |
439891
|
|
|
|
| |
435019
|
|
|
|
| |
440282
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
UI: /ipa/ui
XML-RPC: /ipa/xml
errors: /ipa/errors
config: /ipa/config
I had to hardcode that URI into the CSS pages but TurboGears handles the
rest of the translations with tg.url().
Added a version to ipa.conf and ipa-rewrite.conf so we can update them
in the future if needed with ipa-upgradeconfig
440443
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).
The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig
python-ldap expects this to be an int type
In the UI sizelimit was hardcoded at 0 for users
439880
|
|
|
|
| |
442582
|
|
|
|
|
|
|
|
| |
Users are considered activated by default so don't need to be in the
activated group explicitly. Ignore the "not in group" error when trying
to remove them.
442470
|
|
|
|
| |
439281
|
|
|
|
| |
438387
|
|
|
|
| |
440142
|
|
|
|
| |
440081
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
|
|
|
|
|
|
| |
If a site really wants it gone then can delete it via LDAP.
439281
|
|
|
|
|
|
|
|
|
|
| |
current value to prevent unnecessary LPAP updates (and failed writes)
Don't check against these lists on updates, only add them on new entries.
Disable the ability to configure in the UI these values for now.
438256
|
|
|
|
|
|
| |
as a direct or indirect member.
438387
|
|
|
|
|
|
|
|
|
|
| |
The memberOf attribute includes members that are directly in the group
via the "member" attribute and those that are included as a result of
being in a group that is in the group.
The UI needs to be able to distinguish between the two.
438706
|
|
|
|
| |
438021
|
|
|
|
|
|
|
|
|
|
| |
we do updates, so use the right terminology internally. Also fix the actual
field we update (and grant permission appropriately in delegations).
The DS password handles updating userPassword and any Samba passwords
as necessary.
438256
|
|
|
|
|
|
|
| |
This is more kerberos-like and it doesn't hurt anything, we just won't
allow realms other than our own to be used.
437566
|
|
|
|
|
|
|
| |
This function was assuming that the target list was all lower-case so the
set could end up with duplicate values which would get kicked out by LDAP.
433680
|
|
|
|
| |
435713
|
|
|
|
|
| |
Fix error in service principals where the service wasn't being removed before
doing the DNS lookup.
|
|
|
|
|
|
|
|
|
|
|
|
| |
edit things. We use the 'editors' group for this. This group itself grants
no permission other than displaying certain things in the UI.
In order to be in the editors group a user must be a member of a group that
is the source group in a delegation. The memberof plugin will do all the
hard work to be sure that a user's memberof contains cn=editors if they
are in a delegated group.
432874
|
|
|
|
| |
433880
|
|
|
|
|
|
| |
There is a --force option for those who know what they are doing.
433483
|
|
|
|
| |
433506
|
|
|
|
| |
434542
|
| |
|
|
|
|
|
|
|
| |
We update the mod_nss configuration (nss.conf) during installation to include
ipa-rewrite.conf to handle the SSL side.
433054
|
|
|
|
|
|
|
|
|
|
| |
Fix bug in exception handling where we were sending the wrong thing as detail.
Basically we were catching an LDAP error, generating an IPAError from it,
catching that, then setting the detail of the 2nd exception to another IPAError
rather than the root exception. This caused anything looking at e.detail to
crap out
Resolves 432136
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
|
| |
|
| |
|
|
|
|
| |
easier to use.
|
|
|
|
| |
This could result in a principal of the form: service/host@something@REALM
|
| |
|
| |
|