| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
New rules will all be allow type. Existing rules cannot be changed to
deny.
The type attribute now defaults to allow with autofill so it won't be
prompted in interactive mode in the cli.
https://fedorahosted.org/freeipa/ticket/1432
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1328
|
|
|
|
|
|
|
|
| |
It was my understanding that we would be able to pass in an existing UUID
when registering to connect to an existing registration (for the case where
IPA is re-installed). This is supported in the REST API but not python-rhsm.
https://fedorahosted.org/freeipa/ticket/1216
|
|
|
|
|
|
|
|
| |
The CSS text-transform sometimes produces incorrect capitalization,
so the code has been modified to use translated labels that already
contain the correct capitalization.
Ticket #1424
|
|
|
|
|
|
|
|
|
| |
Implements a new option to filter out reverse zones.
This patch also do some clean up in dns plugin - debug prints were
accidentally left here in the last dns patch.
https://fedorahosted.org/freeipa/ticket/1471
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1259
Python code will see nsaccountlock as bool. JavaScript code will also see it as bool.
This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
|
|
|
|
|
|
|
|
|
| |
The object_name, object_name_plural and messages that use these
attributes have been converted to support translation. The label
attribute in the Param class has been modified to accept unicode
string.
Ticket #1435
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The DNS record plugin does not support modification of a record. One
can only add A type addresses to a DNS record or remove the current
ones. To actually change a DNS record value it has to be removed and
then added with a desired value.
This patch adds a new DNS plugin command "dnsrecord-mod" which enables
user to:
- modify a DNS record value (note than DNS record can hold multiple values
and those will be overwritten)
- remove a DNS record when an empty value is passed
New tests for this new command have been added to the CLI test suite.
https://fedorahosted.org/freeipa/ticket/1137
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This started as a problem in allowing leading/trailing whitespaces
on primary keys. In nearly every command other than add query is True
so all rules were ignored on the primary key. This meant that to
enforce whitespace we would need to define a validator for each one.
I decided instead to set self.all_rules to just the class rules if
query == True. So the minimum set of validators will be executed
against each type but param-specific validators will only run on add.
https://fedorahosted.org/freeipa/ticket/1285
https://fedorahosted.org/freeipa/ticket/1286
https://fedorahosted.org/freeipa/ticket/1287
|
|
|
|
|
|
|
| |
A table has been added into sudo rule details page for managing
sudo options.
Ticket #1447
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The object_name attribute was used as both an identifier and a
label which sometimes require different values (e.g. hbacrule
vs. HBAC rule). The code that uses object_name as an identifier
has been changed to use the 'name' attribute instead. The values
of the object_name attribute have been fixed to become proper
labels.
Ticket #1217
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1416
|
|
|
|
|
|
|
|
|
| |
The following invalid associations have been removed:
- group's memberindirect netgroup and role
- hostgroup's memberofindirect host
Ticket #1366
Ticket #1367
|
|
|
|
|
|
|
|
|
| |
The IPA.user_status_widget has been modified such that it checks
the facet dirty status and asks the admin to either Update or Reset
the changes. Then the widget shows a dialog to confirm whether
the admin wants to activate/deactivate the user.
Ticket #1395
|
| |
|
|
|
|
|
|
| |
Hard-coded messages in the UI have been replaced with I18n messages.
Ticket #1396
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1403
https://fedorahosted.org/freeipa/ticket/1404
https://fedorahosted.org/freeipa/ticket/1405
https://fedorahosted.org/freeipa/ticket/1406
fields and sections for config screen
Using multivalue controls for object classes
|
|
|
|
|
|
|
| |
The 'private' option is kept in to maintain API compatibility, but
is hidden from the user.
ticket 1120
|
|
|
|
| |
Make the uid field optional
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The entity labels in the following locations have been fixed:
- search facet title: plural
- details facet title: singular
- association facet title: singular
- breadcrumb: plural
- adder dialog title: singular
- deleter dialog title: plural
Some entity labels have been changed into the correct plural form.
Unused file install/ui/test/data/i18n_messages.json has been removed.
Ticket #1249
Ticket #1387
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new attribute label_singular has been added to all entities which
contains the singular form of the entity label in lower cases except
for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web
UI, this label can be capitalized using CSS text-transform.
The existing 'label' attribute is intentionally left unchanged due to
inconsistencies in the current values. It contains mostly the plural
form of capitalized entity label, but some are singular. Also, it
seems currently there is no comparable capitalization method on the
server-side. So more work is needed before the label can be changed.
Ticket #1249
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1326
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().
This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.
This also tries to use variable names to indicate what format the certificate
is in at any given point:
dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format
ticket 32
|
|
|
|
|
|
|
| |
It was possible to get to this point without a schema if the first
handled request resulted in a Kerberos error.
https://fedorahosted.org/freeipa/ticket/1354
|
|
|
|
| |
updated label triggered an API change
|
|
|
|
|
|
|
| |
IP addresses are more strictly checked. Netmasks can be specified
and are used in DNS PTR record creation.
ticket 1234
|
|
|
|
|
|
|
|
|
|
| |
The goal is to not import foreign certificates.
This caused a bunch of tests to fail because we had a hardcoded server
certificate. Instead a developer will need to run make-testcert to
create a server certificate generated by the local CA to test against.
ticket 1134
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1339
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1276
https://fedorahosted.org/freeipa/ticket/1277
https://fedorahosted.org/freeipa/ticket/1308
Added new Exception: AttrValueNotFound
Fixed XML Test for Sudorule remove_option
1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule)
1277 (Raise DuplicateEntry Error when adding a duplicate sudo option)
1308 (Make sudooption a required option for sudorule_remove_option)
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1324
|
|
|
|
|
|
|
|
| |
When user_add command is executed without uid parameter filled, user
account is created without 'krbprincipalname' attribute. This renders
the user account unusable.
https://fedorahosted.org/freeipa/ticket/1279
|
|
|
|
|
|
| |
7 is undefined as a revocation reason.
https://fedorahosted.org/freeipa/ticket/1318
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1255
|
|
|
|
|
|
|
|
| |
Enhance Host plugin to provide not only "Managed By" list but also
a list of managed hosts. The new list is generated only when --all
option is passed.
https://fedorahosted.org/freeipa/ticket/993
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.
Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.
https://fedorahosted.org/freeipa/ticket/1261
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user migrates users/groups from an old DS instance, the
migration may fail on unsupported object classes and/or
relevant LDAP object attributes.
This patch implements a support for object class and attribute
ignore lists that can be used to suppress these migration issues.
Additionally, a redundant "dev/null" file is removed from git repo
(originally added in 26b0e8fc9809a4cd9f2f9a2281f0894e2e0f8db2).
https://fedorahosted.org/freeipa/ticket/1266
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1269
https://fedorahosted.org/freeipa/ticket/1270
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support multiple direct maps we added description to the DN of
automount key entries. The downside of this is that to display a key
you had to know the information as well, which was rather pointless if
that is what you were trying to get.
So now both modes are supported. It will first look for just a key
in the description and fall back to including automountinformation
if it needs to.
Multiple direct maps are still supported and for those the info is
always required.
ticket 1229
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDAP search operation may return a search reference pointing to
an LDAP resource. As the framework does not handle search
references, skip these results to prevent result processing
failures.
Migrate operation crashed when the migrated DS contained search
references. Now, it correctly skips these records and prints the
failed references to user.
https://fedorahosted.org/freeipa/ticket/1209
|
|
|
|
| |
ticket https://fedorahosted.org/freeipa/ticket/1265
|
|
|
|
|
|
|
|
| |
Add Add tests for users, groups, hosts and hostgroups to verify membership
Update API to version 2.3
https://fedorahosted.org/freeipa/ticket/1170
|
|
|
|
|
|
|
|
|
|
|
|
| |
Interactive mode for commands manipulating with DNS records
(dnsrecord-add, dnsrecord-del) is not usable. This patch enhances
the server framework with new callback for interactive mode, which
can be used by commands to inject their own interactive handling.
The callback is then used to improve aforementioned commands'
interactive mode.
https://fedorahosted.org/freeipa/ticket/1018
|
|
|
|
| |
ticket 910
|
|
|
|
|
|
|
|
|
|
| |
Attempt to retrieve the schema the first time it is needed rather than
when Apache is started. A global copy is cached for future requests
for performance reasons.
The schema will be retrieved once per Apache child process.
ticket 583
|
|
|
|
|
|
|
| |
There were reports of confusion over what was being prompted for, hopefully
adding member will make things clearer.
ticket 1062
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kerberos ticket policy can update policy in a user entry. This allowed
set/addattr to be used to modify attributes outside of the ticket policy
perview, also bypassing all validation/normalization. Likewise the
ticket policy was updatable by the user plugin bypassing all validation.
Add two new LDAPObject values to control this behavior:
limit_object_classes: only attributes in these are allowed
disallow_object_classes: attributes in these are disallowed
By default both of these lists are empty so are skipped.
ticket 744
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migration from a v2 server would fail because of our fake memberofindirect
attribute. This isn't in any objectclass so would cause entries to fail
to migrate. We can safely just remove it.
Also remove any limits on time/size when searching for entries on the
remote server. Otherwise only the number of entries configured in the
local IPA server can be migrated.
ticket 1124
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
automount implemented using standard facets and containing_entity pkey generation
sample data fixtures for automount.
messages for automount and HBAC.
modified form of the search facet used to nest the automount entities
Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin.
All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title.
update ipa_init sample data
add redirect logic for pages without pkeys.
add and delete link to appropriate entities for nested search facet.
Using on demand entities. Fixed breadcrumbs.
|