summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove the ability to create new HBAC deny rules.Rob Crittenden2011-07-141-2/+8
| | | | | | | | | | New rules will all be allow type. Existing rules cannot be changed to deny. The type attribute now defaults to allow with autofill so it won't be prompted in interactive mode in the cli. https://fedorahosted.org/freeipa/ticket/1432
* In sudo labels we should use RunAs and not Run As.Rob Crittenden2011-07-141-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/1328
* Document registering to an entitlement server with a UUID as not implemented.Rob Crittenden2011-07-141-1/+4
| | | | | | | | It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. https://fedorahosted.org/freeipa/ticket/1216
* Fixed label capitalizationEndi S. Dewata2011-07-1425-28/+28
| | | | | | | | The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424
* Filter reverse zones in dnszone-findMartin Kosek2011-07-131-4/+19
| | | | | | | | | Implements a new option to filter out reverse zones. This patch also do some clean up in dns plugin - debug prints were accidentally left here in the last dns patch. https://fedorahosted.org/freeipa/ticket/1471
* Convert nsaccountlock to always work as bool towards Python codeAlexander Bokovoy2011-07-131-11/+16
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 Python code will see nsaccountlock as bool. JavaScript code will also see it as bool. This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
* Fixed object_name and object_name_plural internationalizationEndi S. Dewata2011-07-1226-63/+63
| | | | | | | | | The object_name, object_name_plural and messages that use these attributes have been converted to support translation. The label attribute in the Param class has been modified to accept unicode string. Ticket #1435
* Add DNS record modification commandMartin Kosek2011-07-121-42/+85
| | | | | | | | | | | | | | | | | The DNS record plugin does not support modification of a record. One can only add A type addresses to a DNS record or remove the current ones. To actually change a DNS record value it has to be removed and then added with a desired value. This patch adds a new DNS plugin command "dnsrecord-mod" which enables user to: - modify a DNS record value (note than DNS record can hold multiple values and those will be overwritten) - remove a DNS record when an empty value is passed New tests for this new command have been added to the CLI test suite. https://fedorahosted.org/freeipa/ticket/1137
* Enforce class rules when query=True, continue to not run validators.ticket-hbac-testRob Crittenden2011-07-111-1/+1
| | | | | | | | | | | | | | | This started as a problem in allowing leading/trailing whitespaces on primary keys. In nearly every command other than add query is True so all rules were ignored on the primary key. This meant that to enforce whitespace we would need to define a validator for each one. I decided instead to set self.all_rules to just the class rules if query == True. So the minimum set of validators will be executed against each type but param-specific validators will only run on add. https://fedorahosted.org/freeipa/ticket/1285 https://fedorahosted.org/freeipa/ticket/1286 https://fedorahosted.org/freeipa/ticket/1287
* Added sudo options.Endi S. Dewata2011-07-111-0/+1
| | | | | | | A table has been added into sudo rule details page for managing sudo options. Ticket #1447
* password expiration labelAdam Young2011-07-051-1/+1
|
* Fixed object_name usage.Endi S. Dewata2011-07-058-15/+15
| | | | | | | | | | | The object_name attribute was used as both an identifier and a label which sometimes require different values (e.g. hbacrule vs. HBAC rule). The code that uses object_name as an identifier has been changed to use the 'name' attribute instead. The values of the object_name attribute have been fixed to become proper labels. Ticket #1217
* Add pwd expiration notif (ipapwdexpadvnotify) to config plugin def attr listRob Crittenden2011-07-051-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/1416
* Removed invalid associations.Endi S. Dewata2011-07-012-2/+2
| | | | | | | | | The following invalid associations have been removed: - group's memberindirect netgroup and role - hostgroup's memberofindirect host Ticket #1366 Ticket #1367
* Added confirmation dialog for user activation.Endi S. Dewata2011-07-011-10/+12
| | | | | | | | | The IPA.user_status_widget has been modified such that it checks the facet dirty status and asks the admin to either Update or Reset the changes. Then the widget shows a dialog to confirm whether the admin wants to activate/deactivate the user. Ticket #1395
* config widgets entity select default group checkbox for migrationAdam Young2011-06-301-1/+1
|
* Fixed hard-coded messages.Endi S. Dewata2011-06-301-12/+51
| | | | | | Hard-coded messages in the UI have been replaced with I18n messages. Ticket #1396
* config fieldsAdam Young2011-06-301-0/+3
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1403 https://fedorahosted.org/freeipa/ticket/1404 https://fedorahosted.org/freeipa/ticket/1405 https://fedorahosted.org/freeipa/ticket/1406 fields and sections for config screen Using multivalue controls for object classes
* Replace the 'private' option in netgroup-find with 'managed'.Jan Cholasta2011-06-281-4/+9
| | | | | | | The 'private' option is kept in to maintain API compatibility, but is hidden from the user. ticket 1120
* optional uidAdam Young2011-06-271-0/+1
| | | | Make the uid field optional
* Fixed entity labels.Endi S. Dewata2011-06-278-35/+11
| | | | | | | | | | | | | | | | The entity labels in the following locations have been fixed: - search facet title: plural - details facet title: singular - association facet title: singular - breadcrumb: plural - adder dialog title: singular - deleter dialog title: plural Some entity labels have been changed into the correct plural form. Unused file install/ui/test/data/i18n_messages.json has been removed. Ticket #1249 Ticket #1387
* Added singular entity labels.Endi S. Dewata2011-06-2724-4/+30
| | | | | | | | | | | | | | | A new attribute label_singular has been added to all entities which contains the singular form of the entity label in lower cases except for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web UI, this label can be capitalized using CSS text-transform. The existing 'label' attribute is intentionally left unchanged due to inconsistencies in the current values. It contains mostly the plural form of capitalized entity label, but some are singular. Also, it seems currently there is no comparable capitalization method on the server-side. So more work is needed before the label can be changed. Ticket #1249
* oneliner correct typo in ipasudorunas_groupJr Aquino2011-06-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1326
* Use DN class in get_primary_key_from_dn to return decoded valueJohn Dennis2011-06-221-1/+4
|
* Make data type of certificates more obvious/predictable internally.Rob Crittenden2011-06-214-143/+31
| | | | | | | | | | | | | | | | | | | For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
* Do lazy LDAP schema retrieval in json handler.Rob Crittenden2011-06-211-0/+1
| | | | | | | It was possible to get to this point without a schema if the first handled request resulted in a Kerberos error. https://fedorahosted.org/freeipa/ticket/1354
* ipaddress for host addAdam Young2011-06-201-0/+1
| | | | updated label triggered an API change
* Improve IP address handling in the host-add command.Jan Cholasta2011-06-191-15/+36
| | | | | | | IP addresses are more strictly checked. Netmasks can be specified and are used in DNS PTR record creation. ticket 1234
* Require an imported certificate's issuer to match our issuer.Rob Crittenden2011-06-162-2/+32
| | | | | | | | | | The goal is to not import foreign certificates. This caused a bunch of tests to fail because we had a hardcoded server certificate. Instead a developer will need to run make-testcert to create a server certificate generated by the local CA to test against. ticket 1134
* Don't add empty tuple to entry_attrs['externalhost']Jr Aquino2011-06-161-1/+2
| | | | https://fedorahosted.org/freeipa/ticket/1339
* Raise DuplicateEntry Error when adding a duplicate sudo optionJr Aquino2011-06-161-26/+40
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option)
* Fix doc for sudorule runasuser commandsMartin Kosek2011-06-171-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/1324
* Missing krbprincipalname when uid is not setMartin Kosek2011-06-151-0/+1
| | | | | | | | When user_add command is executed without uid parameter filled, user account is created without 'krbprincipalname' attribute. This renders the user account unusable. https://fedorahosted.org/freeipa/ticket/1279
* Return an error message when revocation reason 7 is usedRob Crittenden2011-06-151-0/+2
| | | | | | 7 is undefined as a revocation reason. https://fedorahosted.org/freeipa/ticket/1318
* Add message output summary to sudorule del, mod and find.Rob Crittenden2011-06-151-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/1255
* Add a list of managed hostsMartin Kosek2011-06-151-0/+36
| | | | | | | | Enhance Host plugin to provide not only "Managed By" list but also a list of managed hosts. The new list is generated only when --all option is passed. https://fedorahosted.org/freeipa/ticket/993
* Improve DNS zone creationMartin Kosek2011-06-151-0/+20
| | | | | | | | | | | | | | | When a new DNS zone is being created a local hostname is set as a nameserver of the new zone. However, when the zone is created during ipa-replica-prepare, the the current master/replica doesn't have to be an IPA server with DNS support. This would lead to DNS zones with incorrect NS records as they wouldn't point to a valid name server. Now, a list of all master servers with DNS support is retrieved during DNS zone creation and added as NS records for a new DNS zone. https://fedorahosted.org/freeipa/ticket/1261
* Add ignore lists to migrate-ds commandMartin Kosek2011-06-151-5/+61
| | | | | | | | | | | | | | When user migrates users/groups from an old DS instance, the migration may fail on unsupported object classes and/or relevant LDAP object attributes. This patch implements a support for object class and attribute ignore lists that can be used to suppress these migration issues. Additionally, a redundant "dev/null" file is removed from git repo (originally added in 26b0e8fc9809a4cd9f2f9a2281f0894e2e0f8db2). https://fedorahosted.org/freeipa/ticket/1266
* Display remaining external hosts when removing from sudoruleJr Aquino2011-06-141-2/+2
| | | | | https://fedorahosted.org/freeipa/ticket/1269 https://fedorahosted.org/freeipa/ticket/1270
* Remove automountinformation as part of the DN for automount.Rob Crittenden2011-06-131-21/+76
| | | | | | | | | | | | | | | | To support multiple direct maps we added description to the DN of automount key entries. The downside of this is that to display a key you had to know the information as well, which was rather pointless if that is what you were trying to get. So now both modes are supported. It will first look for just a key in the description and fall back to including automountinformation if it needs to. Multiple direct maps are still supported and for those the info is always required. ticket 1229
* Handle LDAP search referencesMartin Kosek2011-06-101-3/+9
| | | | | | | | | | | | | LDAP search operation may return a search reference pointing to an LDAP resource. As the framework does not handle search references, skip these results to prevent result processing failures. Migrate operation crashed when the migrated DS contained search references. Now, it correctly skips these records and prints the failed references to user. https://fedorahosted.org/freeipa/ticket/1209
* Add UID, GID and e-mail to the user default attributes.Rob Crittenden2011-06-081-1/+2
| | | | ticket https://fedorahosted.org/freeipa/ticket/1265
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-064-8/+10
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* Improve interactive mode for DNS pluginMartin Kosek2011-06-022-20/+181
| | | | | | | | | | | | Interactive mode for commands manipulating with DNS records (dnsrecord-add, dnsrecord-del) is not usable. This patch enhances the server framework with new callback for interactive mode, which can be used by commands to inject their own interactive handling. The callback is then used to improve aforementioned commands' interactive mode. https://fedorahosted.org/freeipa/ticket/1018
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-301-17/+28
| | | | ticket 910
* Do a lazy retrieval of the LDAP schema rather than at module load.Rob Crittenden2011-05-301-0/+2
| | | | | | | | | | Attempt to retrieve the schema the first time it is needed rather than when Apache is started. A global copy is cached for future requests for performance reasons. The schema will be retrieved once per Apache child process. ticket 583
* Include the word 'member' with autogenerated optional member labels.Rob Crittenden2011-05-271-1/+1
| | | | | | | There were reports of confusion over what was being prompted for, hopefully adding member will make things clearer. ticket 1062
* Add option to limit the attributes allowed in an entry.Rob Crittenden2011-05-273-0/+39
| | | | | | | | | | | | | | | | Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744
* Fix migration to work between v2 servers and remove search/size limits.Rob Crittenden2011-05-261-6/+14
| | | | | | | | | | | | Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124
* automount UIAdam Young2011-05-262-4/+11
| | | | | | | | | | | | | | | | | | | | | | automount implemented using standard facets and containing_entity pkey generation sample data fixtures for automount. messages for automount and HBAC. modified form of the search facet used to nest the automount entities Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin. All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title. update ipa_init sample data add redirect logic for pages without pkeys. add and delete link to appropriate entities for nested search facet. Using on demand entities. Fixed breadcrumbs.
generated by cgit (git 2.34.1) at 2024-04-25 01:04:54 +0000