| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Add Add tests for users, groups, hosts and hostgroups to verify membership
Update API to version 2.3
https://fedorahosted.org/freeipa/ticket/1170
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Interactive mode for commands manipulating with DNS records
(dnsrecord-add, dnsrecord-del) is not usable. This patch enhances
the server framework with new callback for interactive mode, which
can be used by commands to inject their own interactive handling.
The callback is then used to improve aforementioned commands'
interactive mode.
https://fedorahosted.org/freeipa/ticket/1018
|
| |
|
|
| |
ticket 910
|
| |
|
|
|
|
|
|
|
|
| |
Attempt to retrieve the schema the first time it is needed rather than
when Apache is started. A global copy is cached for future requests
for performance reasons.
The schema will be retrieved once per Apache child process.
ticket 583
|
| |
|
|
|
|
|
| |
There were reports of confusion over what was being prompted for, hopefully
adding member will make things clearer.
ticket 1062
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Kerberos ticket policy can update policy in a user entry. This allowed
set/addattr to be used to modify attributes outside of the ticket policy
perview, also bypassing all validation/normalization. Likewise the
ticket policy was updatable by the user plugin bypassing all validation.
Add two new LDAPObject values to control this behavior:
limit_object_classes: only attributes in these are allowed
disallow_object_classes: attributes in these are disallowed
By default both of these lists are empty so are skipped.
ticket 744
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Migration from a v2 server would fail because of our fake memberofindirect
attribute. This isn't in any objectclass so would cause entries to fail
to migrate. We can safely just remove it.
Also remove any limits on time/size when searching for entries on the
remote server. Otherwise only the number of entries configured in the
local IPA server can be migrated.
ticket 1124
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
automount implemented using standard facets and containing_entity pkey generation
sample data fixtures for automount.
messages for automount and HBAC.
modified form of the search facet used to nest the automount entities
Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin.
All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title.
update ipa_init sample data
add redirect logic for pages without pkeys.
add and delete link to appropriate entities for nested search facet.
Using on demand entities. Fixed breadcrumbs.
|
| |
|
|
|
|
|
|
| |
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.
https://fedorahosted.org/freeipa/ticket/1131
|
| |
|
|
|
|
|
| |
The IPA.entity_builder has been fixed to use the correct title
for the entity's adder dialog.
Ticket #1239
|
| |
|
|
|
|
|
|
|
| |
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.
Also catch and display KerberosErrors from ping() in the client better.
ticket 1101
|
| |
|
|
|
|
|
|
|
| |
The IPA.association_facet has been modified to take a read_only parameters.
If the parameter is set to true, the Enroll and Delete buttons will not be
shown. All facets under the memberindirect and memberofindirect facet groups
are marked as read-only.
Ticket #1030
|
| |
|
|
|
|
|
|
| |
The IPA.entity has been modified to support customizable facet groups.
The default list of facet groups is defined in IPA.entity_header and can
be overriden in the entity definition.
Ticket #1219
|
| |
|
|
| |
ticket 914
|
| |
|
|
|
|
|
| |
Improve performance by specifying basedn to find_entry_by_attr()
function in ldap2 and passwd plugins.
https://fedorahosted.org/freeipa/ticket/1165
|
| |
|
|
| |
ticket 1198
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/1128
|
| |
|
|
|
|
|
| |
Facet container has been added to hold facet header (i.e. title,
search fields, buttons, links) and facet content. Each facet now
occupies separate container, so it can be shown/hidden without
having to redraw the content.
|
| |
|
|
|
|
|
|
| |
Report missing python packages, inform about false positives, fail
gracefully if pylint isn't installed. Fixed a bug in the ignore
list and added few more files/directories to it.
ticket 1184
|
| |
|
|
|
|
|
|
|
|
| |
When the pwpolicy attribute "cospriority" is passed to pwpolicy-mod
command and the old value is kept, the command should succeed
if there was at least one other attribute changed. Current
pwpolicy-mod raises exception in this case which may lead to issues
in the WebUI.
https://fedorahosted.org/freeipa/ticket/1104
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change means the UI can stop using the --all option and have to
retrieve significantly less information from the server. It also
speeds up user-find as it doesn't have to calculate membership.
This adds a new baseclass parameter, search_display_attributes, which
can provide a separate list from default_attributes just for find
commands.
The UI will need to be changed to switch from using cn to using
givenname and sn.
ticket 1136
|
| |
|
|
| |
ticket 1151
|
| |
|
|
|
|
|
|
|
|
|
| |
When adding a new DNS zone in the WebUI, IPA server will verify
whether the nameserver is in DNS. Sometimes it is necessary to
skip the verification.
This patch adds a --force option already available in CLI which
can skip this the verification.
https://fedorahosted.org/freeipa/ticket/1105
|
| | |
|
| |
|
|
|
|
|
| |
Since the broken-out components are just part of the aci just copy right
access rights for aci.
ticket 943
|
| |
|
|
|
|
|
| |
This changes the API but alwaysask is enforced on the client only
so doesn't change the wire API so I'm not updating the API version.
ticket 1081
|
| |
|
|
|
|
| |
The entitlement facet will show buttons according to the entitlement
status. If it's unregistered, the facet will show a Register button.
If it's registered, the facet will show a Consume button.
|
| |
|
|
|
|
|
|
| |
Do a server-side sort if there is a primary key.
Fix a couple of tests that were failing due to the new sorting.
ticket 794
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Current PTR validation is unclear and may misled the user. This
patch improves the validation process so that the eventual exception
is clearer. New check that the PTR record is fully qualified has
been added to ensure that the reverse zone resolution behaves as
expected.
Additionally, several strings in the DNS plugin were prepared for
localization.
https://fedorahosted.org/freeipa/ticket/1129
|
| |
|
|
|
|
|
|
|
| |
Most of the pwpolicy_* commands do include cospriority in the result
and potentially in the attribute rights (--all --rights). Especially
when --raw output is requested. This patch fixes it for all
pwpolicy commands.
https://fedorahosted.org/freeipa/ticket/1103
|
| |
|
|
|
|
|
|
|
|
|
|
| |
postalCode is defined as an Int. This means you can't define one that has
a leading zero nor can you have dashes, letters, etc.
This changes the data type on the server. It will still accept an int
value if provided and convert it into a string.
Bump the API version to 2.1.
ticket 1150
|
| |
|
|
| |
ticket 1146
|
| | |
|
| |
|
|
|
|
|
|
| |
When duplicate user is added an inconsistent error message to the rest
of the framework is printed. This patch changes this to standard
duplicate error message.
https://fedorahosted.org/freeipa/ticket/1116
|
| |
|
|
| |
Ticket #1127
|
| |
|
|
|
|
|
|
|
| |
This patch fixes a stacktrace that is printed out when a IPv6
AAAA record with subnet prefix length (e.g. /64) is added.
The same error message as when IPv4 record with subnet prefix
length is used.
https://fedorahosted.org/freeipa/ticket/1115
|
| |
|
|
|
|
|
|
|
| |
Nested role is not supported in 2.0.x, so the association facet
for it should be removed from the UI. The attribute_members in
role.py needs to be fixed because it is used to generate the
association facet automatically.
Ticket 1092.
|
| |
|
|
|
|
|
| |
There is a rather large API.txt change but it is only due to changes
in the doc string in parameters.
ticket 729
|
| | |
|
| |
|
|
| |
ticket 1048
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
In a details page, usually any changes done to the fields will not be
applied until the user clicks the Update button. However, if the page
contains an association table, any addition/deletion to the table will
be applied immediately.
To avoid any confusion, the user is now required to save or reset all
changes to the page before modifying the association. A dialog box will
appear if the page contains any unsaved changes.
|
| |
|
|
| |
This reverts commit 79d22f8341026450ba7ca564e24812c9351c7e70.
|
| |
|
|
| |
ticket 1005
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch replaces xgettext with a custom pygettext to generate
translatable strings from plugin files in ipalib/plugins. pygettext
was modified to handle plural forms (credit goes to Jan Hendrik Goellner)
and had some bugs fixed by myself. We only use it for plugins, because
it's the only place where we need to extract docstrings for the built-in
help system.
I also had to make some changes to the way the built-in documentation
systems gets docstrings from modules for this to work.
|
| |
|
|
| |
Needed for xgettext/pygettext processing.
|
