| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ticket 389
|
| |
|
|
| |
ticket 228
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is done by creating a new attribute, memberindirect, to hold this
indirect membership.
The new function get_members() can return all members or just indirect or
direct. We are only using it to retrieve indirect members currently.
This also:
* Moves all member display attributes into baseldap.py to reduce duplication
* Adds netgroup nesting
* Use a unique object name in hbacsvc and hbacsvcgroup
ticket 296
|
| |
|
|
|
|
|
| |
The output is a pure python dict so is really only useful when used with
--all so it is required.
Updated to return a string for rights as opposed to a list. Terser, reducing the wire size by a factor of 3.5
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To do a change right now you have to perform a setattr like:
ipa user-mod --setattr uid=newuser olduser
The RDN change is performed before the rest of the mods. If the RDN
change is the only change done then the EmptyModlist that update_entry()
throws is ignored.
ticket 323
|
| | |
|
| |
|
|
| |
merge in remove uuid
|
| |
|
|
| |
Removing the whoami plugin, as it has been wrapped up into the user plugin
|
| |
|
|
| |
ticket #251
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service certificate management UI has been generalized and moved
into certificate.js. The host details page is now using the same code
to manage certificates. The host.py has been modified to return host
certificate info.
The Get/Revoke/View buttons behavior has been modified such that they
are visible only if there is a valid certificate. The Get dialog box
has been fixed to show the correct certificate header and footer.
The ipa.css has been modified to store the style of the status bullets.
New unit tests for certificate has been added. The test data has been
modified to include sample host certificate.
|
| |
|
|
| |
This should fix the hbac tests.
|
| |
|
|
|
|
|
|
|
|
|
| |
When setting or adding an attribute wiht setatt/addattr check to
see if there is a Param for the attribute and enforce the multi-value.
If there is no Param check the LDAP schema for SINGLE-VALUE.
Catch RDN mods and try to return a more reasonable error message.
Ticket #230
Ticket #246
|
| |
|
|
| |
ticket 182
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The service.py has been modified to include certificate info in
the service-show result if the service contains usercertificate.
A new file certificate.js has been added to store codes related
to certificates (e.g. revocation reasons, dialog boxes). The
service.js has been modified to provide the UI for certificate
management. The certificate.js can also be used for host
certificate management.
The Makefile.am and index.xhtml has been modified to include
certificate.js. New test data files have been added for certificate
operations.
To test revoke and restore operations the server needs to be
installed with dogtag CA instead of self-signed CA.
The certificate status and revocation reason in the details page
will be implemented in subsequent patches. Unit tests will also
be added in subsequent patches.
|
| |
|
|
| |
ticket 347
|
| |
|
|
| |
ticket 226
|
| |
|
|
|
|
|
|
|
|
| |
It would be nicer if we disabled the command altogether but this would require
checking the server to see every time the ipa command is executed (which would
be bad). We can't store this in a configuration file because it is possible
to add a DNS post-install (and it would require adding this to every single
client install).
ticket 147
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Support is fairly basic right now and will only work on the CLI. All
the work is done on the client side.
To continue past errors use the --continue option.
Fixed a bug where direct mounts weren't always added properly.
Added real user documentation to the plugin.
ticket 78
|
| |
|
|
|
|
| |
This is a little bit of a copy and paste approach, as the code for__json__
was copied from baseldap. Long term, we want to rewrite this plugin as
an extension of baseldap anyway.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.
On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.
On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.
The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.
All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The plugin required a base64-encoded certificate and always decoded it
before processing. This doesn't work with the UI because the json module
decodes binary values already.
Try to detect if the incoming value is base64-encoded and decode if
necessary. Finally, try to pull the cert apart to validate it. This will
tell us for sure that the data is a certificate, regardless of the format
it came in as.
ticket 348
|
| |
|
|
|
|
|
|
| |
Basically, make 'all' mutually exclusive. This makes debugging lots easier.
If say usercat='all' there is no point adding specific users to the rule
because it will always apply to everyone.
ticket 164
|
| |
|
|
|
|
|
|
| |
Population of the policy and entites tabs.
DNS and ACI are broken due to PLugin issues
Fix for entities without search
Added new files to Makefile.am
used rolegroup.js file as the start point, renamed to serverconfig.js
|
| |
|
|
| |
Ticket #292
|
| |
|
|
| |
Ticket #165
|
| |
|
|
| |
Ticket #321
|
| | |
|
| | |
|
| |
|
|
| |
Added in params for phone number types: phone, fax, mobile ,pager
|
| |
|
|
| |
ticket 241
|
| |
|
|
|
|
|
| |
And move it to the group 'admins' instead. This way the admin user can
be removed/renamed.
ticket 197
|
| |
|
|
| |
Ticket #206
|
| |
|
|
|
|
|
| |
In other words: make *-del commands accept 1 or more primary keys
of entries to be deleted.
Ticket #20
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We lacked good error messages if the user/group container you used doesn't
exist.
Add a --continue option so things can continue if you use a bad user/group
container. This has the side-effect of letting you migrate just users or
groups by using a bad container for the one you don't want.
Fix a Gettext() error when displaying the migrated password message.
ticket 289
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Performing I18N completely on the server, to leverage the
existing gettext architecture.
Also, the browser does not have access to the Language header.
Added the additional po files for a set of required languages
conflict with install/static/ipa.js was resolved.
Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS
file with the languages for which we want support. If we don't
add the .po files in, they get automatically generated by the rpmbuild
process. Our implementation of gettext has a bug in it (It might
be F13 thing) where the the Plurals line is not getting correctly
transformed, which causes a build failure. However, since the
RPM would have the .po files anyway, we should revision control
the ones we have, even if they are empty.
Fixed the Bug reporting url to the original value.
Corrected the Chartype encoding for UK
|
| |
|
|
| |
ticket 227
|
| |
|
|
|
|
|
| |
Try to tie in the hbacsvc and hbacsvcgroup plugins better through an
example.
ticket 159
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Note that this doesn't rely on IPA having a configured DNS server.
It passes the host name to the resolver and doesn't try to do a lookup
within the IPA DNS directly (e.g. no internal LDAP search).
Tries to determine if a domain is included and if not then the IPA
domain is added. This won't do the right thing if there are multiple
configured subdomains.
ticket 106
|
| |
|
|
|
|
| |
Now no longer breaks user-find with a filter
Uses the corrected Params for getting option
printf style strings
|
| |
|
|
| |
This reverts commit bef0690a2ff9cccf7de132e5e64b4ba631482764.
|
| |
|
|
| |
Added a whoami option to the user, allows the user to query their own information based on their Kerberos principal
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use certmonger to get certificates during installation because
of the chicken-and-egg problem. This means that the IPA web and ldap
certs aren't being tracked for renewal.
This requires some manual changes to the certmonger request files once
tracking has begun because it doesn't store a subject or principal template
when a cert is added via start-tracking.
This also required some changes to the cert command plugin to allow a
host to execute calls against its own service certs.
ticket 67
|
| |
|
|
| |
ticket #158
|
| |
|
|
|
|
| |
Add test to verify that limit is honored and truncated flag set.
ticket #48
|
| |
|
|
|
|
|
| |
This is added mainly so the self service rules can be updated without
resorting to ldapmodify.
ticket 80
|
| |
|
|
|
|
|
|
|
|
| |
The problem was that parameters with no values are automatically
set to None by the framework and it wasn't handled properly in
baseldap.py:get_attributes function. Also, there were two logical
bugs in details.js:
1) atttribute callback to update values were called for input elements
instead of dt elements
2) it was always trying to update the primary key
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the host service principal one should be able to retrieve a keytab
for other services for the host using ipa-getkeytab. This required a number
of changes:
- allow hosts in the service's managedby to write krbPrincipalKey
- automatically add the host to managedby when a service is created
- fix ipa-getkeytab to return the entire prinicpal and not just the
first data element. It was returning "host" from the service tgt
and not host/ipa.example.com
- fix the display of the managedby attribute in the service plugin
This led to a number of changes in the service unit tests. I took the
opportunity to switch to the Declarative scheme and tripled the number
of tests we were doing. This shed some light on a few bugs in the plugin:
- if a service had a bad usercertificate it was impossible to delete the
service. I made it a bit more flexible.
- I added a summary for the mod and find commands
- has_keytab wasn't being set in the find output
ticket 68
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a new global option to the ipa command, -f/--no-fallback. If this
is included then just the server configured in /etc/ipa/default.conf is used.
Otherwise that is tried first then all servers in DNS with the ldap SRV record
are tried.
Create a new Local() Command class for local-only commands. The help
command is one of these. It shouldn't need a remote connection to execute.
ticket #15
|
