summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* Clarify usage of --posix argument in group plugin.Rob Crittenden2011-11-161-2/+2
| | | | Contributed by Jérôme Fenal
* Let PublicError accept Gettext objectsMartin Kosek2011-11-161-1/+4
| | | | | | | | Make sure that PublicError does not crash when it receives Gettext/NGettext object. Instead of throwing a type error, do the translation to receive the required unicode text. https://fedorahosted.org/freeipa/ticket/2096
* Fix LDAP object parameter encodingMartin Kosek2011-11-156-32/+95
| | | | | | | | | | | | | | | Parameters in LDAP objects missed an information if they are real LDAP attributes or not. Real LDAP attributes are written to entry_attrs dictionary in plugin callbacks and are being encoded. This causes issues when plugin callbacks does not expect that the parameters values are already encoded for submission to LDAP. This patch introduces a new flag "noattribute" used to mark that a parameter is not an LDAP attribute and thus should not be encoded or added to entry_attrs. Param documentation is improved to describe the meaning of this and other Param flags or attributes. https://fedorahosted.org/freeipa/ticket/2097
* Refactored permission target section.Endi S. Dewata2011-11-141-4/+0
| | | | | | | The permission target section has been modified to use widgets to create the target selection and handle multiple fields. Ticket #2098
* Polish ipa config helpMartin Kosek2011-11-101-47/+40
| | | | | | | | | | | Remove config-mod options help from config module help to keep the option doc on one place and without unnecessary redundancy. The new format is more consistent with the rest of the plugins. Also fix several inconsistencies in the labels/doc, including: - using abbreviation when not needed - using '.' at the end of options help https://fedorahosted.org/freeipa/ticket/1906
* Fix copy/paste error in parameter description.Rob Crittenden2011-11-101-1/+1
| | | | Contributed by Jérôme Fenal
* Improve DNS record data validationMartin Kosek2011-11-102-23/+374
| | | | | | | | | | | | | Implement missing validators for DNS RR types so that we can capture at least basic user errors. Additionally, a normalizer creating a fully-qualified domain name has been implemented for several RRs where name server may mis-interpret the domain name otherwise. Unit tests exercising these new validators for the most common RR types have been added. This patch also consolidates hard-coded values in DNS test to one place. https://fedorahosted.org/freeipa/ticket/1106
* Misleading Keytab fieldOndrej Hamada2011-11-104-3/+22
| | | | | | | | | | | | The 'Keytab' field in output of all 'user-*' commands was changed to 'Kerberos keys available'. In order to do this change for 'user-*' commands only, the flag 'has_keytab' had to be removed from common output parametrs in ipalib/baseldap.py. This change also affected the host.py and service.py, where the 'has_keytab' flag was added to their local output params. Both host.py and service.py holds the old field caption - 'Keytab' - because of compatibility with older clients. https://fedorahosted.org/freeipa/ticket/1961
* Fix DNS zone --allow-dynupdate option behaviorMartin Kosek2011-11-091-10/+10
| | | | | | | | | | | | --allow-dynupdate was implemented as a Flag parameter type, which is not convenient for LDAP attributes. When a DNS zone with permitted dynamic updates was modified and the --allow-dynupdate flag was not set, dynamic updates were turned off. This patch changes the option type to Bool parameter type which behaves according to user expectations when modifying the zone. https://fedorahosted.org/freeipa/ticket/2039
* Allow custom server backend encodingMartin Kosek2011-11-092-0/+39
| | | | | | | | | | | | | | Server framework does not support encoding of native Python type values stored in Param classes and sub-classes. When backend (LDAP) value encoding differs from Python type value representation user has to has to hard-code the encoders in his processing. This patch introduces a method Param.encode which is used in server context to encode native Python Param values. The new encode method is used for Bool parameter to convert native Python bool type value (True, False) to LDAP value ("TRUE", "FALSE"). https://fedorahosted.org/freeipa/ticket/2039
* Don't allow default objectclass list to be empty.Rob Crittenden2011-11-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/1945
* Added current password field.Endi S. Dewata2011-11-071-0/+2
| | | | | | | | The reset password dialog for user has been modified to provide a field to specify the current password when changing the user's own password. Ticket #2065
* Create pkey-only option for find commandsMartin Kosek2011-10-277-1/+23
| | | | | | | | | | | | New option --pkey-only is available for all LDAPSearch based classes with primary key visible in the output. This option makes LDAPSearch commands search for primary attribute only. This may be useful when manipulating large data sets. User can at first retrieve all primary keys in a relatively small data package and then run further commands with retrieved primary keys. https://fedorahosted.org/freeipa/ticket/1262
* Fixed "enroll" labels.Endi S. Dewata2011-10-271-5/+4
| | | | | | | | | | Labels using the word "enroll" (except for host enrollment) have been modified to use more relevant words. The IPA.add_dialog has been renamed into IPA.entity_adder_dialog for clarity. Ticket #1642
* Removed HBAC deny rule warning.Endi S. Dewata2011-10-261-2/+0
| | | | | | | The HBAC deny rule is no longer supported so it's no longer necessary to show the warning. Ticket #1444
* Add --zonemgr/--admin-mail validatorMartin Kosek2011-10-262-0/+39
| | | | | | | | | | | Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966
* Fixed inconsistent required/optional attributes.Endi S. Dewata2011-10-251-1/+0
| | | | | | | | | The dialogs and details pages have been modified to use the * symbol to mark required fields. The automount map and the DNS zone dialogs have been modified to update the required fields according to the input type. Ticket #1696, #1973
* Fix problems in help systemmasterRob Crittenden2011-10-201-0/+8
| | | | | | | | | | Fixes 3 issues: - If a topic has all its commands disabled, it should be disabled - If a command is disabled its help should be disabled - The show-mappings help was missing a doc string so no help was displayed https://fedorahosted.org/freeipa/ticket/1998
* hbactest fails while you have svcgroup in hbacruleAlexander Bokovoy2011-10-201-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/1988
* Improve hostgroup/netgroup collision checksMartin Kosek2011-10-172-2/+32
| | | | | | | | | | | | | | | When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
* Fix typo in invalid PTR record error messageRob Crittenden2011-10-131-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1982
* Improve handling of GIDs when migrating groupsMartin Kosek2011-10-111-11/+62
| | | | | | | | | | | | Since IPA v2 server already contain predefined groups that may collide with groups in migrated (IPA v1) server (for example admins, ipausers), users having colliding group as their primary group may happen to belong to an unknown group on new IPA v2 server. Implement --group-overwrite-gid option to overwrite GID of already existing groups to prevent this issue. https://fedorahosted.org/freeipa/ticket/1866
* Disallow deletion of global password policy.Jan Cholasta2011-10-121-0/+8
| | | | ticket 1936
* Include indirect membership and canonicalize hosts during HBAC rules testingAlexander Bokovoy2011-10-101-7/+23
| | | | | | | | | | | | | | | | | | | | | | When users and hosts are included into groups indirectly, make sure that during HBAC test e fill in all indirect groups properly into an HBAC request. Also, if hosts provided for test are not specified fully, canonicalize them using IPA domain. This makes possible following requests: ipa hbactest --user foobar --srchost vm-101 --host vm-101 --service sshd Request to evaluate: <user <name foobar groups [hbacusers,ipausers]> service <name sshd groups []> targethost <name vm-101.ipa.local groups []> srchost <name vm-101.ipa.local groups []> > Fixes: https://fedorahosted.org/freeipa/ticket/1862 https://fedorahosted.org/freeipa/ticket/1949
* Fix i18n in config pluginMartin Kosek2011-10-111-2/+2
|
* Improve default user/group object class validationMartin Kosek2011-10-111-0/+23
| | | | | | | | | | | | When user/group default object class is being modified via ipa config-mod, no validation check is run. Check at least the following: - all object classes are known to LDAP - all default user/group attributes are allowed under the new set of default object classes https://fedorahosted.org/freeipa/ticket/1893
* split metadata callAdam Young2011-10-091-14/+18
| | | | | | | | | | | | | The JSON metadata call has grown large enough that parsing it requires too much stack space on some browsers. TO avoid breaking the API, this change reuses some testing parameters that we established for the metadata call in the past. To fetch just the objects call it like this: {"method":"json_metadata","params":[["all",""],{}],"id":0} And just the methods call it like this: {"method":"json_metadata","params":[["","all"],{}],"id":0} Note the difference in the positional parameters. To get a specific object, pass the object name as the first parameter. To get a specific method, pass a blank first parameter and the method name in the second parameter. THis is not ideal, but we are constrained by the existing API.
* Prevent collisions of hostgroup and netgroupMartin Kosek2011-10-061-0/+11
| | | | | | | | For every hostgroup a managed netgroup is created (if this is allowed). Make sure that if a stand-alone netgroup exists, a hostgroup with the same name cannot be created to prevent collisions. https://fedorahosted.org/freeipa/ticket/1914
* Added confirmation when adding multiple entries.Endi S. Dewata2011-10-051-0/+1
| | | | | | | The adder dialog has been modified to show a confirmation message after each successful addition. Ticket #1786
* Add a function for formatting network locations of the form host:port for ↵Jan Cholasta2011-10-051-2/+2
| | | | | | | | | use in URLs. If the host part is a literal IPv6 address, it must be enclosed in square brackets (RFC 2732). ticket 1869
* Unroll StrEnum values when displaying helpAlexander Bokovoy2011-10-031-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/1848
* Require current password when using passwd to change your own password.Rob Crittenden2011-10-044-5/+44
| | | | | | | | | | | | | | | | | | Add a new required parameter, current_password. In order to ask this first I added a new parameter option, sortorder. The lower the value the earlier it will be prompted for. I also changed the way autofill works. It will attempt to get the default and if it doesn't get anything will continue prompting interactively. Since current_password is required I'm passing a magic value that means changing someone else's password. We need to pass something since current_password is required. The python-ldap passwd command doesn't seem to use the old password at all so I do a simple bind to validate it. https://fedorahosted.org/freeipa/ticket/1808
* Validate name_from_ip parameter of dnszone.Jan Cholasta2011-10-041-1/+22
| | | | ticket 1627
* I18n clean-up.Endi S. Dewata2011-10-031-0/+2
| | | | | | | The hard-coded 'undo' and 'undo all' labels have been moved into internal.py to allow translation. Ticket #1897
* migrate process cannot handle multivalued pkey attributeMartin Kosek2011-10-031-1/+17
| | | | | | | | When group/user is migrated, the attribute used for RDN may be multivalued. Make sure that we pick the value used in the RDN which should be the unique one and not just the first one. https://fedorahosted.org/freeipa/ticket/1892
* Fix LDAPCreate search failureMartin Kosek2011-09-301-1/+6
| | | | | | | | | | | | LDAPCreate reports "search criteria was not specific enough" when LDAP object created in LDAPCreate shares its container with other LDAP objects and there is one with the same name and RDN attribute. Pass objectclass to find_entry_by_attr() function used to retrieve newly created object for POST_CALLBACK to identify correct LDAP object. https://fedorahosted.org/freeipa/ticket/1864
* Add regular expression pattern to host names.Rob Crittenden2011-09-271-0/+3
| | | | | | Limit hostnames to letters, digits and - with a maximum length of 255 https://fedorahosted.org/freeipa/ticket/1780
* Include failed service and service groups in hbac rule managementRob Crittenden2011-09-271-0/+3
| | | | | | | | hbacrule-service-add/remove failures weren't being displayed because no label was defined. https://fedorahosted.org/freeipa/ticket/1863 https://fedorahosted.org/freeipa/ticket/1865
* Fix error messages in hbacruleMartin Kosek2011-09-271-4/+16
| | | | | | | Fix NotFound error messages in hbacrule commands so that the text is consistent with the rest of the framework. https://fedorahosted.org/freeipa/ticket/1861
* Normalize uid in user principal to lower-case and do validationRob Crittenden2011-09-222-10/+48
| | | | | | | Use same normalization and validation in passwd plugin and add some tests for invalid principals https://fedorahosted.org/freeipa/ticket/1778
* Fix /usr/bin/ipa dupled server listMartin Kosek2011-09-221-1/+9
| | | | | | | | | Fix get_url_list() so that the configured master server is there just once. This fix lets /usr/bin/ipa try connecting to all IPA masters just once and not print confusing server list with dupled master. https://fedorahosted.org/freeipa/ticket/1817
* Suppress managed netgroups as indirect members of hosts.Rob Crittenden2011-09-191-0/+34
| | | | | | | By design these managed netgroups are not supposed to show unless you specifically want to see them. https://fedorahosted.org/freeipa/ticket/1738
* Skip the cert validator if the csr we are passed in is a valid filenameRob Crittenden2011-09-141-0/+7
| | | | | | | | | The validator will still fire, just after the load_files() call. Basically it will hit the validator twice. The first time it will exit because the value of csr is a filename. The second time it will run the validator against the contents of the file. ticket https://fedorahosted.org/freeipa/ticket/1777
* Fixed labels for run-as users and groups.Endi S. Dewata2011-09-132-11/+12
| | | | | | | The labels for the run-as users and groups tables in sudo rule details page have been modified to improve the clarity. Ticket #1752
* Remove normalizer that made role, privilege and permission names lower-caseRob Crittenden2011-09-123-3/+0
| | | | https://fedorahosted.org/freeipa/ticket/1747
* Fix pylint false positive in hbactest moduleMartin Kosek2011-09-131-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1763
* When external host is specified in HBAC rule, allow its use in simulationAlexander Bokovoy2011-09-131-1/+4
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1763 When external host is specified in HBAC rule, it needs to be added to the set of source hosts this rule applies to. Add (list of external hosts) explicitly when converting FreeIPA rules to PyHBAC objects.
* Cleanup whitespaceAlexander Bokovoy2011-09-131-3/+3
|
* Unroll groups when testing HBAC rulesAlexander Bokovoy2011-09-111-5/+34
| | | | Fixes https://fedorahosted.org/freeipa/ticket/1740
* Incorrect name in examples of ipa help hbactestAlexander Bokovoy2011-09-111-7/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/1741 HBAC rules address PAM services, thus service names should correspond to proper PAM names.
generated by cgit (git 2.34.1) at 2024-06-21 12:44:00 +0000