summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* Add --range-type option that forces range type of the trusted domainTomas Babej2013-07-112-4/+40
| | | | | | | | | | Adds --range-type option to ipa trust-add command. It takes two allowed values: 'ipa-ad-trust-posix' and 'ipa-ad-trust'. When --range-type option is not specified, the range type should be determined by ID range discovery. https://fedorahosted.org/freeipa/ticket/3650
* Use LDAP search instead of *group_show to check for a group objectclass.Jan Cholasta2013-07-113-37/+41
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check if a group exists.Jan Cholasta2013-07-116-9/+15
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Skip cert issuer validation in service and host commands in CA-less install.Jan Cholasta2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3736
* Remove entitlement supportMartin Kosek2013-06-263-772/+0
| | | | | | | Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739
* Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-installAna Krivokapic2013-06-242-5/+62
| | | | | | | | | | | | | Add a new API command 'adtrust_is_enabled', which can be used to determine whether ipa-adtrust-install has been run on the system. This new command is not visible in IPA CLI. Use this command in idrange_add to conditionally require rid-base and secondary-rid-base options. Add tests to cover the new functionality https://fedorahosted.org/freeipa/ticket/3634
* Fail when adding a trust with a different rangeAna Krivokapic2013-06-241-69/+148
| | | | | | | | When adding a trust, if an id range already exists for this trust, and options --base-id/--range-size are provided with the trust-add command, trust-add should fail. https://fedorahosted.org/freeipa/ticket/3635
* Return ipaRangeType as a list in idrange commandsTomas Babej2013-06-191-1/+1
| | | | | | | To be consistent with the rest of the LDAP commands, return ipaRangeType as a list of unicode strings. Regression caused by https://fedorahosted.org/freeipa/ticket/3647
* PEP8 fixes in idrange.pyTomas Babej2013-06-101-8/+17
|
* Extend idrange commands to support new range origin typesTomas Babej2013-06-101-14/+54
| | | | | | | | | | | | | | Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647
* Prevent error when running IPA commands with su/sudoAna Krivokapic2013-06-071-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/3685
* Remove redundant u'' characterMartin Kosek2013-06-062-2/+2
| | | | | | One Python's unicode marking character was being printed by RPC plugin which then appeared in ipa-client-install output. This patch removes it.
* Incorporate interactive prompts in idrange-addTomas Babej2013-06-051-3/+38
| | | | | | | | | | | In idrange-add command, ensure that RID base is prompted for in the interactive mode if domain SID or domain name was specified. If domain name nor SID was specified, make sure rid base is prompted for if secondary rid base was specified and vice versa. https://fedorahosted.org/freeipa/ticket/3602
* Add prompt_param method to avoid code duplicationTomas Babej2013-06-053-42/+55
| | | | | | | | | | Extracted common code from ipalib/plugins/cli.py and ipalib/plugins/dns.py that provided way to prompt user for the value of specific attribute. Added prompt_param method to Command class in ipalib/frontend.py Done as part of https://fedorahosted.org/freeipa/ticket/3602
* Remove redundant check for env.interactiveTomas Babej2013-06-051-1/+0
| | | | | Fixed as part of https://fedorahosted.org/freeipa/ticket/3602
* Deprecate options --dom-sid and --dom-name in idrange-modAna Krivokapic2013-05-311-7/+10
| | | | https://fedorahosted.org/freeipa/ticket/3636
* Do not allow removal of ID range of an active trustTomas Babej2013-05-311-1/+18
| | | | | | | | | | When removing an ID range using idrange-del command, validation in pre_callback ensures that the range does not belong to any active trust. In such case, ValidationError is raised. Unit tests to cover the functionality has been added. https://fedorahosted.org/freeipa/ticket/3615
* Do not translate trust type and direction with --raw in trust_show and ↵Tomas Babej2013-05-291-6/+28
| | | | | | | | | | | trust-find In trust_show command, make sure that --raw flag is honoured. Attributes ipanttrusttype and ipanttrustdirection are no longer translated to strings from their raw ldap values when --raw is used. https://fedorahosted.org/freeipa/ticket/3525
* Do not display success message on failure in web UIAna Krivokapic2013-05-171-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/3591
* Add IPA OTP schema and ACLsNathaniel McCallum2013-05-171-0/+1
| | | | | | | | | | This commit adds schema support for two factor authentication via OTP devices, including RADIUS or TOTP. This schema will be used by future patches which will enable two factor authentication directly. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP
* Prompt for nameserver IP address in dnszone-addAna Krivokapic2013-05-161-0/+21
| | | | | | | | | | | | | | Prompt for nameserver IP address in interactive mode of dnszone-add. Add a corresponding field to dnszone creation dialog in the web UI. This parameter is required if and only if: * New zone is a forward zone * Nameserver is defined inside the new zone Add a new unit test to cover this functionality. https://fedorahosted.org/freeipa/ticket/3603
* Remove redundancy from hbactest help textTomas Babej2013-05-151-2/+2
| | | | | | | I modified the SID in the second example so that result corresponds with the 5. example. https://fedorahosted.org/freeipa/ticket/3625
* Resolve SIDs in Web UIAlexander Bokovoy2013-05-061-0/+55
| | | | | | | | | | | | | | | | | Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The command uses new SSSD interface, nss_idmap, to resolve actual SIDs. SSSD caches resolved data so that future requests to resolve same SIDs are returned from a memory cache. Web UI code is using Dojo/Deferred to deliver result of SID resolution out of band. Once resolved names are available, they replace SID values. Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved at the same time. They all sent within the single request to the server. https://fedorahosted.org/freeipa/ticket/3302
* Add userClass attribute for hostsMartin Kosek2013-04-261-0/+7
| | | | | | | | | This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583
* Allow underscore in record targetsTomas Babej2013-04-251-1/+1
| | | | | | | Makes record target validation less strict and allows underscore. This is requirement for IPA sites. https://fedorahosted.org/freeipa/ticket/3550
* Improve help text for HBAC service groupsAna Krivokapic2013-04-181-4/+0
| | | | | | | | Remove the part of help text for HBAC service groups which contains an example suggesting that nested groups are supported. Nested groups are not supported in HBAC service groups. https://fedorahosted.org/freeipa/ticket/3548
* Integrate realmdomains with IPA DNSAna Krivokapic2013-04-162-0/+73
| | | | | | | | | | | | | Add an entry to realmdomains when a DNS zone is added to IPA. Delete the related entry from realmdomains when the DNS zone is deleted from IPA. Add _kerberos TXT record to DNS zone when a new realmdomain is added. Delete _kerberos TXT record from DNS zone when realmdomain is deleted. Add unit tests to cover new functionality. https://fedorahosted.org/freeipa/ticket/3544
* Drop --selfsign server functionalityPetr Viktorin2013-04-151-3/+1
| | | | | Design: http://freeipa.org/page/V3/Drop_selfsign_functionality Ticket: https://fedorahosted.org/freeipa/ticket/3494
* Remove obsolete self-sign references from man pages, docstrings, commentsPetr Viktorin2013-04-151-3/+2
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3494
* Deprecate HBAC source hosts from CLIAna Krivokapic2013-04-125-62/+47
| | | | | | | | | | | | | Hide the commands and options listed below from the CLI, but keep them in the API. When called directly from the API, raise appropriate exceptions informing the user that the functionality has been deprecated. Affected commands: hbacrule_add_sourcehost, hbacrule_remove_sourcehost. Affected options: sourcehostcategory, sourcehost_host and sourcehost_hostgroup (hbacrule); sourcehost (hbactest). https://fedorahosted.org/freeipa/ticket/3528
* Remove any reference to HBAC source hosts from helpAna Krivokapic2013-04-122-12/+10
| | | | https://fedorahosted.org/freeipa/ticket/3528
* Remove HBAC source hosts from web UIAna Krivokapic2013-04-121-3/+0
| | | | https://fedorahosted.org/freeipa/ticket/3528
* Add missing summary message to dnszone_delAna Krivokapic2013-04-111-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3503
* Fix output for some CLI commandsAna Krivokapic2013-04-112-2/+6
| | | | | | | | | Fix output of dnsrecord_del: it now uses output.standard_delete and excludes --all and --raw flags. Fix output of sudorule_{add,remove}_option: they now use output.standard_entry and include --all and --raw flags. https://fedorahosted.org/freeipa/ticket/3503
* Global trust config pagePetr Vobornik2013-04-101-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/3333
* Fix trustconfig-mod primary group errorMartin Kosek2013-04-101-1/+1
| | | | | | | As find_entry_by_attr no longer adds $SUFFIX to searched base DN, trustconfig-mod could not find POSIX group to when validating the new ipantfallbackprimarygroup value. This patch fixes this regression.
* Filter groups by type (POSIX, non-POSIX, external)Petr Vobornik2013-04-091-0/+28
| | | | | | | | | | | Added flag for each groups type: --posix, --nonposix, --external to group-find command. Group types: * non-POSIX: not posix, not external * POSIX: with objectclass posixgroup * external: with objectclass ipaexternalgroup https://fedorahosted.org/freeipa/ticket/3483
* Display full command documentation in online helpPetr Viktorin2013-04-031-1/+17
| | | | | | | | | | ipa <command> -h only showed the summary string, not the full help. Use the full docstring. Add a custom help formatter that disables optparse's reformatting. Test included https://fedorahosted.org/freeipa/ticket/3543
* Improve DNAME record validationMartin Kosek2013-04-021-3/+21
| | | | | | | | | Extend DNS RR conflict check and forbid DNAME+NS combination unless it is done in root DNS zone record. Add tests to verify this enforced check. https://fedorahosted.org/freeipa/ticket/3449
* Improve CNAME record validationMartin Kosek2013-04-021-16/+27
| | | | | | | | | | | Refactor DNS RR conflict validator so that it is better extensible in the future. Also check that there is only one CNAME defined for a DNS record. PTR+CNAME record combination is no longer allowed as we found out it does not make sense to have this combination. https://fedorahosted.org/freeipa/ticket/3450
* Do not call cert-* commands in host plugin if a RA is not availablePetr Viktorin2013-04-021-76/+87
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/3363
* Added Web UI support for service PAC type option: NONEPetr Vobornik2013-03-291-0/+6
| | | | | | | | | ipakrbauthzdata accepts [null, 'NONE', 'MS-PAC, 'PAD'] New nesting feature of radios/checkboxes was used to handle mutual exclusivity between ['MS-PAC', 'PAD'], 'NONE' and ''. https://fedorahosted.org/freeipa/ticket/3404
* Add Kerberos ticket flags management to service and host plugins.Jan Cholasta2013-03-292-7/+107
| | | | https://fedorahosted.org/freeipa/ticket/3329
* Fix structured DNS record outputMartin Kosek2013-03-221-0/+2
| | | | | | | | | | | | | Recent LDAP refactoring replaced entry_attrs regular dict with normalized keys (i.e. lowercase) with LDAPEntry instance which keys may not be normalized. This broke CND command output when --structured and --all options were used. Force lowercase normalization of the LDAPEntry keys in DNS plugin structured format postprocessing. Also add a missing test for DNS record structured output. https://fedorahosted.org/freeipa/ticket/3526
* Realm Domains pageAna Krivokapic2013-03-182-3/+10
| | | | | | Add support for Realm Domains to web UI. https://fedorahosted.org/freeipa/ticket/3407
* Web UI:Choose different search option for cert-findPetr Vobornik2013-03-181-0/+12
| | | | | | | | | | This extends certificate search page by search option select. Therefore the search is not restricted to 'subject'. It should be replaced by https://fedorahosted.org/freeipa/ticket/191 in a future. https://fedorahosted.org/freeipa/ticket/3419
* Web UI:Certificate pagesPetr Vobornik2013-03-181-0/+7
| | | | | | | | | | | | | | | | | Following pages were added to Web UI: * certificated details * certificate search Certificate is not regular object so it gets no metadata. Therefore artificial metadata were created for it to allow usage of search and details facet. Search and details facet were modified to allow removing of add/remove/update/ reset buttons - certificates have no mod operation and they are not added by standard means. User can revoke and restore certificated in details facet. https://fedorahosted.org/freeipa/ticket/3419
* Fix internal error for ipa show-mappingsAna Krivokapic2013-03-181-1/+1
| | | | | | The run() method of the show_mappings command was missing the **options parameter in its signature, causing the ipa show-mappings to fail with an internal error.
* Remove check for alphabetic only characters from domain name validationAna Krivokapic2013-03-151-3/+0
| | | | | | | The .isalpha() check in validate_domain_name() was too strict, causing some commands like ipa dnsrecord-add to fail. https://fedorahosted.org/freeipa/ticket/3385
* Improve error messages for external group membersAna Krivokapic2013-03-142-4/+27
| | | | | | | | | | | | | | | | | When adding a duplicate member to a group, an error message is issued, informing the user that the entry is already a member of the group. Similarly, when trying to delete an entry which is not a member, an error message is issued, informing the user that the entry is not a member of the group. These error messages were missing in case of external members. This patch also adds support for using the AD\name or name@ad.domain.com format in ipa group-remove-member command. This format was supported in group-add-member, but not in group-remove-member. Unit test file covering these cases was also added. https://fedorahosted.org/freeipa/ticket/3254
generated by cgit (git 2.34.1) at 2024-05-21 22:11:29 +0000