summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
Commit message (Collapse)AuthorAgeFilesLines
* webui: add i18n for the rest of QR code stringsPetr Vobornik2014-09-111-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add token from user pagePetr Vobornik2014-09-111-0/+1
| | | | | | | | | | Add 'Add OTP Token' action to user action menu. This option is disabled in self-service when viewing other users. https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: better otp token type labelPetr Vobornik2014-09-111-3/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Update qrcode support for newer python-qrcodeNathaniel McCallum2014-09-111-2/+2
| | | | | | | | | This substantially reduces the FreeIPA dependencies and allows QR codes to fit in a standard terminal. https://fedorahosted.org/freeipa/ticket/4430 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix: Add managed read permissions for compat tree and operational attrsPetr Viktorin2014-09-054-6/+6
| | | | | | | | | | | This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
* Add managed read permissions for compat treePetr Viktorin2014-09-054-0/+41
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* FIX DNS wildcard records (RFC4592)Martin Basti2014-09-051-0/+22
| | | | | | | | | | Make validation more strict * DS, NS, DNAME owners should not be a wildcard domanin name * zone name should not be a wildcard domain name Ticket: https://fedorahosted.org/freeipa/ticket/4488 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix NS record coexistence validatorMartin Basti2014-09-051-6/+17
| | | | | | | NS can coexistent only with A, AAAA, DS, NS record Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: fix DS record validationMartin Basti2014-09-051-36/+63
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3801 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix dnsrecord-mod raise error if last record attr is removedMartin Basti2014-09-051-0/+7
| | | | | | Removing last record attribute causes output type validation error Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Ensure ipaUserAuthTypeClass when needed on user creationNathaniel McCallum2014-09-031-13/+11
| | | | | | | | | Also, remove the attempt to load the objectClasses when absent. This never makes sense during an add operation. https://fedorahosted.org/freeipa/ticket/4455 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* permission plugin: Improve description of the target optionPetr Viktorin2014-09-031-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Make --target available in the CLIPetr Viktorin2014-09-031-1/+0
| | | | | | | This was left out by mistake when permissions were refactored. The API is already tested. https://fedorahosted.org/freeipa/ticket/4522
* pwpolicy-add: Added better error handlingThorsten Scherf2014-09-021-1/+6
| | | | | | | | | Make error message more meaningful when a password policy is added for a non existing group. https://fedorahosted.org/freeipa/ticket/4334 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa trust-add command should be interactiveGabe2014-08-251-1/+25
| | | | | | | | | - Make ipa trust-add command interactive for realm_admin and realm_passwd - Fix 'Active directory' typo to 'Active Directory' https://fedorahosted.org/freeipa/ticket/3034 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* service: Normalize service principal in get_dnPetr Viktorin2014-08-211-0/+3
| | | | | | This will make any lookup go through the normalization. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support delegating RBAC roles to service principalsPetr Viktorin2014-08-212-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/3164 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: better authentication types descriptionPetr Vobornik2014-08-211-0/+7
| | | | | | | | | | Tooltips were added to "User authentication types" and "Default user authentication types" to describe their relationship and a meaning of not-setting a value. https://fedorahosted.org/freeipa/ticket/4471 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improved info msgs on login/token sync/reset pwd pagesPetr Vobornik2014-08-201-2/+3
| | | | | | | | | | - add info icons to distinguish and classify the messages. - add info text for OTP fields - fix login instruction inaccuracy related to position of login button https://fedorahosted.org/freeipa/ticket/4470 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Verify otptoken timespan is validDavid Kupka2014-07-291-1/+30
| | | | | | | | | When creating or modifying otptoken check that token validity start is not after validity end. https://fedorahosted.org/freeipa/ticket/4244 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix group-remove-member crash when group is removed from a protected groupDavid Kupka2014-07-291-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4448 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Exclude attributelevelrights from --raw result processing in baseldap.Jan Cholasta2014-07-291-3/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/4371 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipalib: idrange: Make non-implemented range types fail the validationTomas Babej2014-07-281-2/+3
| | | | | | | | | | The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to pass the validation tests, however, they are not implemented nor checked by the 389 server plugin. https://fedorahosted.org/freeipa/ticket/4323 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* baseldap: return 'none' attr level right as unicode stringPetr Vobornik2014-07-251-1/+1
| | | | | | | | | Returning non-unicode causes serialization into base64 which causes havoc in Web UI. https://fedorahosted.org/freeipa/ticket/4454 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* baseldap: Remove redundant search from LDAPAddReverseMember and ↵Tomas Babej2014-07-231-6/+0
| | | | | | LDAPRemoveReverseMember Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: custom attr in attributes widgetPetr Vobornik2014-07-211-0/+2
| | | | | | | | | | Web UI doesn't always know what are the possible attributes for target object. This will allow to add custom attributes if necessary. https://fedorahosted.org/freeipa/ticket/4253 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add filter to attributes widgetPetr Vobornik2014-07-211-0/+1
| | | | | | | | | | | Adds filter field to attribute box in permissions for better user experience. User can then quickly find the desired attribute. Initial version of the patch authored by: Adam Misnyovszki https://fedorahosted.org/freeipa/ticket/4253 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Fix typos in dns.pyGabe2014-07-181-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4429 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* trusts: Validate missing trust secret properlyTomas Babej2014-07-141-4/+6
| | | | | | | | | Detect the situation if the user passes empty trust secret and error out properly. https://fedorahosted.org/freeipa/ticket/4266 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* baseldap: Return empty string when no effective rights are foundPetr Viktorin2014-07-091-0/+4
| | | | | | | | | | DS returns the string "none" when no rights were found. All clients would need to special-case this value when checking the rights. Return empty string instead. https://fedorahosted.org/freeipa/ticket/4359 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: capitalize labels of undo and undo all buttonsPetr Vobornik2014-07-081-2/+2
| | | | | | | Make the label of these buttons consistent with other buttons which have capital first letters. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
* webui: new navigation structurePetr Vobornik2014-07-041-0/+2
| | | | | | | | https://fedorahosted.org/freeipa/ticket/4418 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Allow to add managed permission for reverse zonesMartin Basti2014-07-041-2/+2
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4422 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add Modify Realm Domains permissionMartin Kosek2014-07-041-0/+8
| | | | | | | | | The permission is required for DNS Administrators as realm domains object is updated when a master zone is added. https://fedorahosted.org/freeipa/ticket/4423 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Non IDNA zonename should be normalized to lowercaseMartin Basti2014-07-041-0/+10
| | | | | | Before IDNA support zone was normalized. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* ipalib: Use DateTime parameter class for OTP token timestamp attributesTomas Babej2014-07-041-3/+3
| | | | | | | | For ipatokennotbefore and ipatokennotafter attributes use DateTime parameter class instead of Str, since these are represented as LDAP Generalized Time in LDAP. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix incompatible permission name *zone-delMartin Basti2014-07-031-14/+19
| | | | | | Fixes ticket: https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Split dns docstringMartin Basti2014-07-031-47/+47
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Help for forward zonesMartin Basti2014-07-031-12/+51
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Use documentation addresses in dns helpMartin Basti2014-07-031-15/+15
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add DNSSEC experimental support warning messageMartin Basti2014-07-031-0/+19
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add warning about semantic change for zonesMartin Basti2014-07-031-0/+23
| | | | | | | | | --forwarder have different semantic since forward zones support. Add warning if zone contains forwarders. Ticket: https://fedorahosted.org/freeipa/ticket/3210#comment:16 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add NSEC3PARAM to zone settingsMartin Basti2014-07-021-3/+47
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove NSEC3PARAM recordMartin Basti2014-07-021-45/+3
| | | | | | | Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix ACI in DNSMartin Basti2014-07-011-2/+2
| | | | | | | Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord, tlsarecord Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* DNSSEC: add TLSA record typeMartin Basti2014-07-011-15/+44
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* permission plugin: Ignore unparseable ACIsPetr Viktorin2014-07-011-1/+6
| | | | | | | | | | | | | When manipulating a permission for an entry that has an ACI that the parser cannot process, skip this ACI instead of failing. Add a test that manipulates permission in cn=accounts, where there are complex ipaAllowedOperation-based ACIs. Workaround for: https://fedorahosted.org/freeipa/ticket/4376 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Let Host Administrators use host-disable commandMartin Kosek2014-06-301-1/+1
| | | | | | | | | Host Administrators could not write to service keytab attribute and thus they could not run the host-disable command. https://fedorahosted.org/freeipa/ticket/4284 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: support unlock user commandPetr Vobornik2014-06-301-0/+2
| | | | | | | | | | Call user-unlock command from Web UI. It will unlock displayed user on current master. https://fedorahosted.org/freeipa/ticket/4407 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add link pointing to OTP sync page to loginPetr Vobornik2014-06-301-0/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-28 02:42:15 +0000