| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.
https://fedorahosted.org/freeipa/ticket/4382
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
New param type for domain names
Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
Part of ticket:
IPA should allow internationalized domain names
https://fedorahosted.org/freeipa/ticket/3169
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a parameter that represents a DateTime format using datetime.datetime
object from python's native datetime library.
In the CLI, accepts one of the following formats:
Accepts LDAP Generalized time without in the following format:
'%Y%m%d%H%M%SZ'
Accepts subset of values defined by ISO 8601:
'%Y-%m-%dT%H:%M:%SZ'
'%Y-%m-%dT%H:%MZ'
'%Y-%m-%dZ'
Also accepts above formats using ' ' (space) as a separator instead of 'T'.
As a simplification, it does not deal with timezone info and ISO 8601
values with timezone info (+-hhmm) are rejected. Values are expected
to be in the UTC timezone.
Values are saved to LDAP as LDAP Generalized time values in the format
'%Y%m%d%H%SZ' (no time fractions and UTC timezone is assumed). To avoid
confusion, in addition to subset of ISO 8601 values, the LDAP generalized
time in the format '%Y%m%d%H%M%SZ' is also accepted as an input (as this is the
format user will see on the output).
Part of: https://fedorahosted.org/freeipa/ticket/3306
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add a new Param kwarg, deprecated_cli_aliases, that lists
deprecated aliases.
The aliases will appear in a "Deprecated options" in the help,
and otherwise act as the normal variant.
Preparation for: https://fedorahosted.org/freeipa/ticket/4231
|
| |
|
|
|
|
|
|
|
|
| |
In the parameters system, we have been checking for a positive list of values
which get converted to None. The problem is that this method can in some
cases throw warnings when type coercion doesn't work (particularly, string
to unicode). Instead, any values that evaluate to False that are neither
numeric nor boolean should be converted to None.
Reviewed-By: Jan Pazdziora <jpazdziora@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for managed permissions. The attribute list
of these is computed from the "default" (modifiable only internally),
"allowed", and "excluded" lists. This makes it possible to cleanly
merge updated IPA defaults and user changes on upgrades.
The default managed permissions are to be added in a future patch.
For now they can only be created manually (see test_managed_permissions).
Tests included.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4033
Design: http://www.freeipa.org/page/V3/Managed_Read_permissions
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Lists and tuples are already allowed for convenience; it is easier to write
(1, 2, 3) or [1, 2, 3] than frozenset([1, 2, 3]).
This allows the set literal syntax, {1, 2, 3}, as well.
|
| | |
|
| |
|
|
|
| |
Int already needed to take both int and long. This makes the functionality
available for all Param classes.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Hide the commands and options listed below from the CLI,
but keep them in the API. When called directly from the API,
raise appropriate exceptions informing the user that the
functionality has been deprecated.
Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost.
Affected options: sourcehostcategory, sourcehost_host and
sourcehost_hostgroup (hbacrule); sourcehost (hbactest).
https://fedorahosted.org/freeipa/ticket/3528
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3352
Design: http://freeipa.org/page/V3/Drop_CSV
|
| |
|
|
|
|
| |
These were never set to anything but the defaults.
Part of work for https://fedorahosted.org/freeipa/ticket/3352
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3323
|
| |
|
|
|
|
|
| |
Add more dynamic attribute info to IPATypeChecker in make-lint. Remove
unnecessary pylint comments. Fix false positivies introduced by Pylint 0.26.
https://fedorahosted.org/freeipa/ticket/3379
|
| |
|
|
|
|
|
|
|
|
|
| |
This switch drops the preceding 'u' from strings within Public error messages.
This patch also addresses the related unfriendly 'u' from re-raising errors from netaddr.IPAddress by passing a bytestring through the function.
Also switched ValidationError to TypeError in validate_scalar per jcholast@redhat.com.
Ticket: https://fedorahosted.org/freeipa/ticket/3121
Ticket: https://fedorahosted.org/freeipa/ticket/2588
|
| |
|
|
|
|
|
|
| |
Do not print list of possible values as "%r" but simply as a list
of quoted values which should make it easier to read for users.
Also add a special case when there is just one allowed value.
https://fedorahosted.org/freeipa/ticket/2869
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Public keys in the old format (raw RFC 4253 blob) are automatically
converted to OpenSSH-style public keys. OpenSSH-style public keys are now
stored in LDAP.
Changed sshpubkeyfp to be an output parameter, as that is what it actually
is.
Allow parameter normalizers to be used on values of any type, not just
unicode, so that public key blobs (which are str) can be normalized to
OpenSSH-style public keys.
ticket 2932, 2935
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Numeric parameters in ipalib were limited by XMLRPC boundaries for
integer (2^31-1) which is too low for some LDAP attributes like DNS
SOA serial field.
Transfer numbers which are not in XMLRPC boundary as a string and not
as a number to workaround this limitation. Int parameter had to be
updated to also accept Python's long type as valid int type.
https://fedorahosted.org/freeipa/ticket/2568
|
| |
|
|
|
|
|
|
| |
There were following problems:
1. DNs and Decimals weren't properly serialized. Serialization output was object with empty __base64__ attribute. It was fixed by converting them to string.
2. numberical values equal to 0 were excluded from metadata. It broke many of minvalue checks in Web UI. Now excluding only None and False values as initally intended.
https://fedorahosted.org/freeipa/ticket/3052
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently, we throw many public exceptions without proper i18n.
Wrap natural-language error messages in _() so they can be translated.
In the service plugin, raise NotFound errors using handle_not_found helper
so the error message contains the offending service.
Use ScriptError instead of NotFoundError in bindinstance install.
https://fedorahosted.org/freeipa/ticket/1953
|
| |
|
|
|
|
| |
fails in Bytes parameters.
ticket 2962
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Convert every string specifying a DN into a DN object
* Every place a dn was manipulated in some fashion it was replaced by
the use of DN operators
* Add new DNParam parameter type for parameters which are DN's
* DN objects are used 100% of the time throughout the entire data
pipeline whenever something is logically a dn.
* Many classes now enforce DN usage for their attributes which are
dn's. This is implmented via ipautil.dn_attribute_property(). The
only permitted types for a class attribute specified to be a DN are
either None or a DN object.
* Require that every place a dn is used it must be a DN object.
This translates into lot of::
assert isinstance(dn, DN)
sprinkled through out the code. Maintaining these asserts is
valuable to preserve DN type enforcement. The asserts can be
disabled in production.
The goal of 100% DN usage 100% of the time has been realized, these
asserts are meant to preserve that.
The asserts also proved valuable in detecting functions which did
not obey their function signatures, such as the baseldap pre and
post callbacks.
* Moved ipalib.dn to ipapython.dn because DN class is shared with all
components, not just the server which uses ipalib.
* All API's now accept DN's natively, no need to convert to str (or
unicode).
* Removed ipalib.encoder and encode/decode decorators. Type conversion
is now explicitly performed in each IPASimpleLDAPObject method which
emulates a ldap.SimpleLDAPObject method.
* Entity & Entry classes now utilize DN's
* Removed __getattr__ in Entity & Entity clases. There were two
problems with it. It presented synthetic Python object attributes
based on the current LDAP data it contained. There is no way to
validate synthetic attributes using code checkers, you can't search
the code to find LDAP attribute accesses (because synthetic
attriutes look like Python attributes instead of LDAP data) and
error handling is circumscribed. Secondly __getattr__ was hiding
Python internal methods which broke class semantics.
* Replace use of methods inherited from ldap.SimpleLDAPObject via
IPAdmin class with IPAdmin methods. Directly using inherited methods
was causing us to bypass IPA logic. Mostly this meant replacing the
use of search_s() with getEntry() or getList(). Similarly direct
access of the LDAP data in classes using IPAdmin were replaced with
calls to getValue() or getValues().
* Objects returned by ldap2.find_entries() are now compatible with
either the python-ldap access methodology or the Entity/Entry access
methodology.
* All ldap operations now funnel through the common
IPASimpleLDAPObject giving us a single location where we interface
to python-ldap and perform conversions.
* The above 4 modifications means we've greatly reduced the
proliferation of multiple inconsistent ways to perform LDAP
operations. We are well on the way to having a single API in IPA for
doing LDAP (a long range goal).
* All certificate subject bases are now DN's
* DN objects were enhanced thusly:
- find, rfind, index, rindex, replace and insert methods were added
- AVA, RDN and DN classes were refactored in immutable and mutable
variants, the mutable variants are EditableAVA, EditableRDN and
EditableDN. By default we use the immutable variants preserving
important semantics. To edit a DN cast it to an EditableDN and
cast it back to DN when done editing. These issues are fully
described in other documentation.
- first_key_match was removed
- DN equalty comparison permits comparison to a basestring
* Fixed ldapupdate to work with DN's. This work included:
- Enhance test_updates.py to do more checking after applying
update. Add test for update_from_dict(). Convert code to use
unittest classes.
- Consolidated duplicate code.
- Moved code which should have been in the class into the class.
- Fix the handling of the 'deleteentry' update action. It's no longer
necessary to supply fake attributes to make it work. Detect case
where subsequent update applies a change to entry previously marked
for deletetion. General clean-up and simplification of the
'deleteentry' logic.
- Rewrote a couple of functions to be clearer and more Pythonic.
- Added documentation on the data structure being used.
- Simplfy the use of update_from_dict()
* Removed all usage of get_schema() which was being called prior to
accessing the .schema attribute of an object. If a class is using
internal lazy loading as an optimization it's not right to require
users of the interface to be aware of internal
optimization's. schema is now a property and when the schema
property is accessed it calls a private internal method to perform
the lazy loading.
* Added SchemaCache class to cache the schema's from individual
servers. This was done because of the observation we talk to
different LDAP servers, each of which may have it's own
schema. Previously we globally cached the schema from the first
server we connected to and returned that schema in all contexts. The
cache includes controls to invalidate it thus forcing a schema
refresh.
* Schema caching is now senstive to the run time context. During
install and upgrade the schema can change leading to errors due to
out-of-date cached schema. The schema cache is refreshed in these
contexts.
* We are aware of the LDAP syntax of all LDAP attributes. Every
attribute returned from an LDAP operation is passed through a
central table look-up based on it's LDAP syntax. The table key is
the LDAP syntax it's value is a Python callable that returns a
Python object matching the LDAP syntax. There are a handful of LDAP
attributes whose syntax is historically incorrect
(e.g. DistguishedNames that are defined as DirectoryStrings). The
table driven conversion mechanism is augmented with a table of
hard coded exceptions.
Currently only the following conversions occur via the table:
- dn's are converted to DN objects
- binary objects are converted to Python str objects (IPA
convention).
- everything else is converted to unicode using UTF-8 decoding (IPA
convention).
However, now that the table driven conversion mechanism is in place
it would be trivial to do things such as converting attributes
which have LDAP integer syntax into a Python integer, etc.
* Expected values in the unit tests which are a DN no longer need to
use lambda expressions to promote the returned value to a DN for
equality comparison. The return value is automatically promoted to
a DN. The lambda expressions have been removed making the code much
simpler and easier to read.
* Add class level logging to a number of classes which did not support
logging, less need for use of root_logger.
* Remove ipaserver/conn.py, it was unused.
* Consolidated duplicate code wherever it was found.
* Fixed many places that used string concatenation to form a new
string rather than string formatting operators. This is necessary
because string formatting converts it's arguments to a string prior
to building the result string. You can't concatenate a string and a
non-string.
* Simplify logic in rename_managed plugin. Use DN operators to edit
dn's.
* The live version of ipa-ldap-updater did not generate a log file.
The offline version did, now both do.
https://fedorahosted.org/freeipa/ticket/1670
https://fedorahosted.org/freeipa/ticket/1671
https://fedorahosted.org/freeipa/ticket/1672
https://fedorahosted.org/freeipa/ticket/1673
https://fedorahosted.org/freeipa/ticket/1674
https://fedorahosted.org/freeipa/ticket/1392
https://fedorahosted.org/freeipa/ticket/2872
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parameter Decimal does not have a sufficient value checks. Some values
cause Decimal parameter with a custom precision to crash with
an unhandled exception.
Improve parameter conversion and normalization operations to handle
decimal exceptions more gracefully. Decimal parameter now also has
new attributes enabling 2 new validation/normalization methods:
* exponential: when False, decimal number is normalized to its
non-exponential form
* numberclass: a set of allowed decimal number classes
(e.g. +Infinity, -Normal, ...) that are enforced
for every Decimal parameter value
https://fedorahosted.org/freeipa/ticket/2705
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
json_metadata command creates and sends metadata needed by Web UI. It uses __json__ method for serialization of commands, options, objects... . A lot of data sent was useless for Web UI and some usefull information were missing. We
* mostly CLI specific option attribues are not send.
* attributes evaluated to false or None are not send
* options which are send are not got from takes_aptions attribute but by get_options() method. It finally sends usefull option collection for commands part of metadata.
In the end the raw amount of data send is aproximately the same.
This patch is needed for Web UI to determine which option it can use in which commands.
https://fedorahosted.org/freeipa/ticket/2760
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Make --{set,add,del}attr fail on parameters with the no_update/no_create
flag for the respective command.
For attributes that can be modified, but we just don't want to display
in the CLI, use the 'no_option' flag. These are "locking" attributes
(ipaenabledflag, nsaccountlock) and externalhost.
Document the 'no_option' flag. Add some tests.
https://fedorahosted.org/freeipa/ticket/2580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPA has some unused code from abandoned features (Radius, ipa 1.x user
input, commant-line tab completion), as well as some duplicate utilities.
This patch cleans up the utility modules.
Duplicate code consolidated into ipapython.ipautil:
{ipalib.util,ipaserver.ipautil,ipapython.ipautil}.realm_to_suffix
{ipaserver,ipapython}.ipautil.CIDict
(with style improvements from the ipaserver version)
{ipapython.entity,ipaserver.ipautil}.utf8_encode_value
{ipapython.entity,ipaserver.ipautil}.utf8_encode_values
ipalib.util.get_fqdn was removed in favor of the same function in
ipaserver.install.installutils
Removed unused code:
ipalib.util:
load_plugins_in_dir
import_plugins_subpackage
make_repr (was imported but unused; also removed from tests)
ipapython.ipautil:
format_list
parse_key_value_pairs
read_pairs_file
read_items_file
user_input_plain
AttributeValueCompleter
ItemCompleter
ipaserver.ipautil:
get_gsserror (a different version exists in ipapython.ipautil)
ipaserver.ipautil ended up empty and is removed entirely.
https://fedorahosted.org/freeipa/ticket/2650
|
| |
|
|
|
|
|
| |
Move the code for encoding boolean values to LDAP boolean syntax from the
Parameter class to the Encoder class, where the rest of LDAP encoding takes
place. Remove encoding code from the Parameter class altogether, as all LDAP
encoding should be done in the Encoder class.
|
| |
|
|
| |
Missing documentation for commit 7cfc16c/c6e4372
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Attribute Patrams marked no_update never get cloned to Update commands,
and thus never receive the `attribute` flag. This makes their `encode`
method a no-op, which meant they don't get properly encoded when used
with --setattr, making the --setattr fail.
Introduce a `force` argument to encode, which overrides checking
for the attribute flag. Use this in set/add/delattr normalization,
where we know we are dealing with attributes.
https://fedorahosted.org/freeipa/ticket/2616
|
| |
|
|
|
|
|
| |
Feed individual lines of input into the CSV parser, and include all lines
in the output.
https://fedorahosted.org/freeipa/ticket/2402
|
| |
|
|
|
|
|
|
|
| |
Replace all occurences of create_default with equivalent default_from
and remove create_default from the framework. This is needed for
proper parameter validation, as there is no way to tell which
parameters to validate prior to calling create_default, because
create_default does not provide information about which parameters are
used for generating the default value.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Splitting on commas is not an idempotent operation:
'a,b\,c' -> ('a', 'b,c') -> ('a', 'b', 'c')
That means we can't do it when the call is forwarded, so this is only
done on the CLI. The UI already sends values as a tuple.
Replace escaping in the csv parser with quoting. Quoted strings can have
embedded commas instead of having to escape them. This prevents the csv
parser from eating all escape characters.
Also, document Param's csv arguments, and update tests.
https://fedorahosted.org/freeipa/ticket/2417
https://fedorahosted.org/freeipa/ticket/2227
|
| |
|
|
|
|
|
|
| |
For general command-line errors we want to use the cli_name on output.
The exception is when using *attr, we want to return that attribute name
in the exception.
https://fedorahosted.org/freeipa/ticket/1418
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The `required` parameter attribute didn't distinguish between cases
where the parameter is not given and all, and where the parameter is
given but empty. The case of updating a required attribute couldn't
be validated properly, because when it is given but empty, validators
don't run.
This patch introduces a new flag, 'nonempty', that specifies the
parameter can be missing (if not required), but it can't be None.
This flag gets added automatically to required parameters in CRUD
Update.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There may be cases, for whatever reason, that an otherwise illegal
entry gets created that doesn't match the criteria for a valid
user/host/group name. If this happens (i.e. migration) there is no way
to remove this using the IPA tools because we always applied the name
pattern. So you can't, for example, delete a user with an illegal name.
Primary keys are cloned with query=True in PKQuery which causes no
rules to be applied on mod/show/find. This reverts a change from commit
3a5e26a0 which applies class rules when query=True (for enforcing no
white space).
Replace rdnattr with rdn_is_primary_key. This was meant to tell us when
an RDN change was necessary to do a rename. There could be a disconnect
where the rdnattr wasn't the primary key and in that case we don't
need to do an RDN change, so use a boolean instead so that it is
clear that RDN == primary key.
Add a test to ensure that nowhitespace is actually enforced.
https://fedorahosted.org/freeipa/ticket/2115
Related: https://fedorahosted.org/freeipa/ticket/2089
Whitespace tickets:
https://fedorahosted.org/freeipa/ticket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix wrong handling of strings in --setattr/--addattr/--delattr.
These changes make it possible to use Bytes in --setattr/--addattr/
--delattr without errors.
Fixes managing SSH keys on command-line
https://fedorahosted.org/freeipa/ticket/754
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having float type as a base type for floating point parameters in
ipalib introduces several issues, e.g. problem with representation
or value comparison. Python language provides a Decimal type which
help overcome these issues.
This patch replaces a float type and Float parameter with a
decimal.Decimal type in Decimal parameter. A precision attribute
was added to Decimal parameter that can be used to limit a number
of decimal places in parameter representation. This approach fixes
a problem with API.txt validation where comparison of float values
may fail on different architectures due to float representation error.
In order to safely transfer the parameter value over RPC it is
being converted to string which is then converted back to
decimal.Decimal number on a server side.
https://fedorahosted.org/freeipa/ticket/2260
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Complex commands may have many options or non-standard output. This
patch adds 2 improvements to handle these commands better:
1) Add "option_group" parameter attribute
Make command help more readable by specifying an option group
for the parameter. All parameters in the same option group are
then placed to one named option group
2) Allow nested entries in the output
Current CLI output module cannot handle a list of nested entries
(dictionaries) contained in an entry attribute. Make sure they
are printed properly (with indentation)
https://fedorahosted.org/freeipa/ticket/2082
|
| |
|
|
|
|
|
| |
CSV values were not parsed in ipalib.parameters.normalize method
properly when passed as a list and not as a basestring.
Based on Jan Cholasta's contribution.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
enabled for a specific parameter by setting the "csv" option to True.
Remove "List" parameter type and replace all occurences of it with appropriate
multi-valued parameter ("Str" in most cases) with csv enabled.
Add new parameter type "Any", capable of holding values of any type. This is
needed by the "batch" command, as "Str" is not suitable type for the "methods"
parameter.
ticket 2007
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Parameters in LDAP objects missed an information if they are real
LDAP attributes or not. Real LDAP attributes are written to
entry_attrs dictionary in plugin callbacks and are being encoded.
This causes issues when plugin callbacks does not expect that
the parameters values are already encoded for submission to LDAP.
This patch introduces a new flag "noattribute" used to mark that
a parameter is not an LDAP attribute and thus should not be encoded
or added to entry_attrs. Param documentation is improved to describe
the meaning of this and other Param flags or attributes.
https://fedorahosted.org/freeipa/ticket/2097
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Server framework does not support encoding of native Python type
values stored in Param classes and sub-classes. When backend (LDAP)
value encoding differs from Python type value representation user
has to has to hard-code the encoders in his processing.
This patch introduces a method Param.encode which is used in server
context to encode native Python Param values. The new encode method
is used for Bool parameter to convert native Python bool type value
(True, False) to LDAP value ("TRUE", "FALSE").
https://fedorahosted.org/freeipa/ticket/2039
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new required parameter, current_password. In order to ask this
first I added a new parameter option, sortorder. The lower the value the
earlier it will be prompted for.
I also changed the way autofill works. It will attempt to get the default
and if it doesn't get anything will continue prompting interactively.
Since current_password is required I'm passing a magic value that
means changing someone else's password. We need to pass something
since current_password is required.
The python-ldap passwd command doesn't seem to use the old password at
all so I do a simple bind to validate it.
https://fedorahosted.org/freeipa/ticket/1808
|
| |
|
|
|
|
|
|
|
| |
A Password param always prompted to confirm the entered password.
This doesn't make sense if you want to prompt for a password to another
system like we do with entitlements. This adds a new boolean option to
control the Password prompt parameter.
https://fedorahosted.org/freeipa/ticket/1695
|
| |
|
|
| |
BZ https://bugzilla.redhat.com/show_bug.cgi?id=723969
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1505
|
