Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Deleting a non-fully-qualified hostname should still delete its services | Rob Crittenden | 2010-03-30 | 1 | -3/+9 |
| | | | | | We were being left with orphan services if the host entry was not removed using the FQDN. | ||||
* | Fix cut-and-paste error in pwpolicy plugin | Rob Crittenden | 2010-03-23 | 1 | -2/+2 |
| | |||||
* | Do a better query so we can optimize seeing if a cospriority is unique | Rob Crittenden | 2010-03-23 | 1 | -7/+11 |
| | |||||
* | Use ldap2.make_*dn* methods in pwpolicy plugin. | Pavel Zuna | 2010-03-22 | 1 | -1/+5 |
| | | | | Fixes #572423. | ||||
* | Raise an error if no modifications were performed in an update. | Rob Crittenden | 2010-03-19 | 1 | -2/+0 |
| | | | | | | | This will alert the user that nothing was done and is handy when used with --attr=''. This can be used to delete a non-required attribute but can be set to any valid attribute, present or not. We should alert the user if they attempt to delete a non-existant value. | ||||
* | Ensure that the group policy priority is unique. | Rob Crittenden | 2010-03-19 | 1 | -10/+54 |
| | | | | | | We use CoS to determine the order in which group policy is applied. The behavior in CoS is undefined for multiple entries with the same cospriority. | ||||
* | Fix a number of bugs in the pwpolicy plugin | Rob Crittenden | 2010-03-19 | 1 | -8/+22 |
| | | | | | | | | | | This fixes: - Consistent usage of priority vs cospriority in options - Fixes bug introduced with recent patch where global policy couldn't be updated - Doesn't allow cospriority to be removed for groups (#570536) - returns the priority with group policy so it can be displayed - Properly unicode encode group names for display | ||||
* | Catch modifications with no updates and raise an error | Rob Crittenden | 2010-03-17 | 2 | -2/+11 |
| | | | | 569848 | ||||
* | Retrieve the LDAP schema using kerberos credentials. | Rob Crittenden | 2010-03-17 | 1 | -1/+2 |
| | | | | This is required so we can disable anonymous access in 389-ds. | ||||
* | Fix typo in automount doc message. | Rob Crittenden | 2010-03-16 | 1 | -1/+1 |
| | | | | | | Update the po to pick up this change too. 573979 | ||||
* | Provide more detailed NotFound error messages from baseldap classes. | Pavel Zuna | 2010-03-09 | 1 | -7/+55 |
| | |||||
* | localize doc strings | John Dennis | 2010-03-08 | 10 | -36/+40 |
| | | | | | | | | | | | | A number of doc strings were not localized, wrap them in _(). Some messages were not localized, wrap them in _() Fix a couple of failing tests: The method name in RPC should not be unicode. The doc attribute must use the .msg attribute for comparison. Also clean up imports of _() The import should come from ipalib or ipalib.text, not ugettext from request. | ||||
* | Don't calculate min/max lifetime if None is passed in. | Rob Crittenden | 2010-03-07 | 1 | -2/+2 |
| | | | | | | | | None is passed if the option is set with --minlife=''. This is a valid use case to delete a non-required attribute. In this case we simply don't do the math on None and things work as expected. 569847 | ||||
* | Code cleanup: remove unused stuff, take 1. | Pavel Zuna | 2010-03-01 | 13 | -245/+12 |
| | |||||
* | Don't try to revoke a cert that is already revoked. | Rob Crittenden | 2010-02-26 | 2 | -5/+22 |
| | | | | | We get a bit of an unusual error message back from dogtag when trying to revoke a revoked cert so check its status first. | ||||
* | Make the --all option work in Add/Remove Member commands. | Pavel Zuna | 2010-02-24 | 1 | -2/+18 |
| | |||||
* | Translatable Param.label, Param.doc | Jason Gerard DeRose | 2010-02-24 | 19 | -250/+268 |
| | |||||
* | Complete netgroup attributes. | Pavel Zuna | 2010-02-23 | 1 | -1/+22 |
| | |||||
* | Replace incorrect use of str.index with str.find in host plugin. | Pavel Zuna | 2010-02-23 | 1 | -1/+1 |
| | |||||
* | Make error message in migration plugin unicode. | Pavel Zuna | 2010-02-17 | 1 | -2/+2 |
| | |||||
* | Expand the types of groups that can be migrated to support IPA v1 migrations | Rob Crittenden | 2010-02-17 | 1 | -1/+1 |
| | |||||
* | Convert password policy integer values to unicode instead of str. | Pavel Zuna | 2010-02-17 | 1 | -2/+2 |
| | |||||
* | Auto-generate --all and --raw for commands, that return entries. | Pavel Zuna | 2010-02-17 | 2 | -97/+4 |
| | |||||
* | Fix the pwpolicy plugin to work better with new output system. | Rob Crittenden | 2010-02-17 | 1 | -9/+24 |
| | |||||
* | Use the Output tuple to determine the order of output | Rob Crittenden | 2010-02-15 | 10 | -46/+195 |
| | | | | | | | | | | | | | | The attributes displayed is now dependant upon their definition in a Param. This enhances that, giving some level of control over how the result is displayed to the user. This also fixes displaying group membership, including failures of adding/removing entries. All tests pass now though there is still one problem. We need to return the dn as well. Once that is fixed we just need to comment out all the dn entries in the tests and they should once again pass. | ||||
* | Fix the automountlocation-tofiles command and add some labels | Rob Crittenden | 2010-02-15 | 1 | -8/+18 |
| | |||||
* | Add Object.label class attribute, enable in webUI | Jason Gerard DeRose | 2010-02-12 | 12 | -3/+31 |
| | |||||
* | Add default automount location. Auto-create auto.direct in new locations. | Pavel Zuna | 2010-02-12 | 1 | -0/+3 |
| | |||||
* | Implement pwplicy_find to show all group password policies | Rob Crittenden | 2010-02-03 | 1 | -0/+32 |
| | | | | | find is a bit of a misnomer here because we consider no search terms, it is all or nothing. | ||||
* | Add flag to allow a cert to be re-issued | Rob Crittenden | 2010-02-03 | 1 | -3/+7 |
| | | | | | I don't want a user to accidentally re-issue a certificate so I've added a new flag, --revoke, to revoke the old cert and load the new one. | ||||
* | Be more careful when base64-decoding certificates | Rob Crittenden | 2010-02-02 | 1 | -6/+3 |
| | | | | | Only decode certs that have a BEGIN/END block, otherwise assume it is in DER format. | ||||
* | Remove group-specific password policy on group deletion | Rob Crittenden | 2010-01-29 | 1 | -0/+8 |
| | |||||
* | Enabled CRUDS in webUI using wehjit 0.2.0 | Jason Gerard DeRose | 2010-01-26 | 2 | -1/+9 |
| | |||||
* | Fix merge error, variable mis-named label instead of doc | Rob Crittenden | 2010-01-21 | 1 | -1/+1 |
| | |||||
* | User-defined certificate subjects | Rob Crittenden | 2010-01-20 | 1 | -1/+17 |
| | | | | | | | | | | | | | | | Let the user, upon installation, set the certificate subject base for the dogtag CA. Certificate requests will automatically be given this subject base, regardless of what is in the CSR. The selfsign plugin does not currently support this dynamic name re-assignment and will reject any incoming requests that don't conform to the subject base. The certificate subject base is stored in cn=ipaconfig but it does NOT dynamically update the configuration, for dogtag at least. The file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to be updated and pki-cad restarted. | ||||
* | Fix plugin to work with new output validation, add new helpers | Rob Crittenden | 2010-01-20 | 1 | -34/+57 |
| | | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed. | ||||
* | Add DS migration plugin and password migration page. | Pavel Zuna | 2010-01-20 | 1 | -0/+374 |
| | |||||
* | Add --enable-migration option in config plugin. | Pavel Zuna | 2010-01-20 | 1 | -1/+14 |
| | |||||
* | Temporary fix for name collision of textui.print_entry. | Pavel Zuna | 2010-01-20 | 1 | -2/+2 |
| | | | | Somehow there's two of them... rename old one to print_entry1. | ||||
* | Make DNS plugin support output validation and thus make it work again. | Pavel Zuna | 2010-01-20 | 1 | -39/+86 |
| | |||||
* | pass DER flag to x509.get_serial_number() | John Dennis | 2010-01-19 | 1 | -1/+1 |
| | |||||
* | Allow cospriority to be updated and fix description of priority ordering | Rob Crittenden | 2010-01-19 | 1 | -7/+27 |
| | | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work. | ||||
* | Use 'l' instead of 'localityname' in host plugin. | Pavel Zuna | 2010-01-14 | 1 | -2/+14 |
| | | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS. | ||||
* | Make host objects aware of their membership and that l==localityName. | Pavel Zuna | 2010-01-14 | 1 | -0/+6 |
| | |||||
* | Add Kerberos Ticket Policy management plugin. | Pavel Zuna | 2010-01-13 | 2 | -27/+167 |
| | |||||
* | Add --all to LDAPCreate and make LDAP commands always display default ↵ | Pavel Zuna | 2010-01-11 | 7 | -14/+30 |
| | | | | attributes. | ||||
* | Use the caIPAserviceCert profile for issuing service certs. | Rob Crittenden | 2010-01-08 | 1 | -2/+2 |
| | | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration. | ||||
* | Add messages, declarative tests for rolegroup, taskgroup plugins | Jason Gerard DeRose | 2009-12-18 | 2 | -7/+29 |
| | |||||
* | Handle base64-encoded certificates better, import missing function | Rob Crittenden | 2009-12-18 | 3 | -0/+11 |
| | |||||
* | Make hosts more like real services so we can issue certs for host principals | Rob Crittenden | 2009-12-16 | 2 | -12/+56 |
| | | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work. |