summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
...
* Optionally wait for 389-ds postop plugins to completeRob Crittenden2011-07-194-0/+67
| | | | | | | | | | | Add a new command that lets you wait for an attribute to appear in a value. Using this you can do things like wait for a managed entry to be created, adding a new objectclass to the parent entry. This is controlled by a new booleon option, wait_for_attr, defaulting to False. https://fedorahosted.org/freeipa/ticket/1144
* Return correct "RunAs External Group" when removing membersJr Aquino2011-07-181-4/+4
| | | | | | | | | If you used sudorule-remove-runasgroup to remove a member that member still appeared in the command output when --all was included (it isn't a default attribute). This was due to post-processing to evaluate external users/groups, the entry was actually updated properly. https://fedorahosted.org/freeipa/ticket/1348
* Use information from the certificate subject when setting the NSS nickname.Rob Crittenden2011-07-171-8/+26
| | | | | | | | | | | There were a few places in the code where certs were loaded from a PKCS#7 file or a chain in a PEM file. The certificates got very generic nicknames. We can instead pull the subject from the certificate and use that as the nickname. https://fedorahosted.org/freeipa/ticket/1141
* Improve long integer type validationMartin Kosek2011-07-181-0/+24
| | | | | | | | | Passing a number of "long" type to IPA Int parameter invokes user-unfriendly error message about incompatible types. This patch improves Int parameter with user understandable message along with maximum value he can pass. https://fedorahosted.org/freeipa/ticket/1346
* Add new dnszone-find testMartin Kosek2011-07-181-1/+1
| | | | | | | | Implement a test for new dnszone-find option --forward-only. Fix example for reverse zone (zone was not fully qualified and DNS plugin would forbid adding PTR records). https://fedorahosted.org/freeipa/ticket/1473
* Add ability to specify DNS reverse zone name by IP network address.Jan Cholasta2011-07-152-1/+35
| | | | | | | In order for this to work, chaining of parameters through default_from is made possible. ticket 1474
* Remove the ability to create new HBAC deny rules.Rob Crittenden2011-07-141-2/+8
| | | | | | | | | | New rules will all be allow type. Existing rules cannot be changed to deny. The type attribute now defaults to allow with autofill so it won't be prompted in interactive mode in the cli. https://fedorahosted.org/freeipa/ticket/1432
* In sudo labels we should use RunAs and not Run As.Rob Crittenden2011-07-141-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/1328
* Document registering to an entitlement server with a UUID as not implemented.Rob Crittenden2011-07-141-1/+4
| | | | | | | | It was my understanding that we would be able to pass in an existing UUID when registering to connect to an existing registration (for the case where IPA is re-installed). This is supported in the REST API but not python-rhsm. https://fedorahosted.org/freeipa/ticket/1216
* Fixed label capitalizationEndi S. Dewata2011-07-1425-28/+28
| | | | | | | | The CSS text-transform sometimes produces incorrect capitalization, so the code has been modified to use translated labels that already contain the correct capitalization. Ticket #1424
* Filter reverse zones in dnszone-findMartin Kosek2011-07-131-4/+19
| | | | | | | | | Implements a new option to filter out reverse zones. This patch also do some clean up in dns plugin - debug prints were accidentally left here in the last dns patch. https://fedorahosted.org/freeipa/ticket/1471
* Convert nsaccountlock to always work as bool towards Python codeAlexander Bokovoy2011-07-132-13/+18
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 Python code will see nsaccountlock as bool. JavaScript code will also see it as bool. This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
* Fixed object_name and object_name_plural internationalizationEndi S. Dewata2011-07-1227-64/+64
| | | | | | | | | The object_name, object_name_plural and messages that use these attributes have been converted to support translation. The label attribute in the Param class has been modified to accept unicode string. Ticket #1435
* Add DNS record modification commandMartin Kosek2011-07-121-42/+85
| | | | | | | | | | | | | | | | | The DNS record plugin does not support modification of a record. One can only add A type addresses to a DNS record or remove the current ones. To actually change a DNS record value it has to be removed and then added with a desired value. This patch adds a new DNS plugin command "dnsrecord-mod" which enables user to: - modify a DNS record value (note than DNS record can hold multiple values and those will be overwritten) - remove a DNS record when an empty value is passed New tests for this new command have been added to the CLI test suite. https://fedorahosted.org/freeipa/ticket/1137
* Fix error in AttrValueNotFound exception exampleRob Crittenden2011-07-111-2/+2
|
* find_entry_by_attr() should fail if multiple entries are foundRob Crittenden2011-07-111-0/+17
| | | | | | | | | | It will only ever return one entry so if more than one are found then we raise an exception. This is most easily seen in the host plugin where we search on the server shortname which can be the same across sub-domains (e.g. foo.example.com & foo.lab.example.com). https://fedorahosted.org/freeipa/ticket/1388
* Enforce class rules when query=True, continue to not run validators.ticket-hbac-testRob Crittenden2011-07-112-5/+20
| | | | | | | | | | | | | | | This started as a problem in allowing leading/trailing whitespaces on primary keys. In nearly every command other than add query is True so all rules were ignored on the primary key. This meant that to enforce whitespace we would need to define a validator for each one. I decided instead to set self.all_rules to just the class rules if query == True. So the minimum set of validators will be executed against each type but param-specific validators will only run on add. https://fedorahosted.org/freeipa/ticket/1285 https://fedorahosted.org/freeipa/ticket/1286 https://fedorahosted.org/freeipa/ticket/1287
* Added sudo options.Endi S. Dewata2011-07-111-0/+1
| | | | | | | A table has been added into sudo rule details page for managing sudo options. Ticket #1447
* password expiration labelAdam Young2011-07-051-1/+1
|
* Fixed object_name usage.Endi S. Dewata2011-07-058-15/+15
| | | | | | | | | | | The object_name attribute was used as both an identifier and a label which sometimes require different values (e.g. hbacrule vs. HBAC rule). The code that uses object_name as an identifier has been changed to use the 'name' attribute instead. The values of the object_name attribute have been fixed to become proper labels. Ticket #1217
* Add pwd expiration notif (ipapwdexpadvnotify) to config plugin def attr listRob Crittenden2011-07-051-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/1416
* Removed invalid associations.Endi S. Dewata2011-07-012-2/+2
| | | | | | | | | The following invalid associations have been removed: - group's memberindirect netgroup and role - hostgroup's memberofindirect host Ticket #1366 Ticket #1367
* Added confirmation dialog for user activation.Endi S. Dewata2011-07-011-10/+12
| | | | | | | | | The IPA.user_status_widget has been modified such that it checks the facet dirty status and asks the admin to either Update or Reset the changes. Then the widget shows a dialog to confirm whether the admin wants to activate/deactivate the user. Ticket #1395
* config widgets entity select default group checkbox for migrationAdam Young2011-06-301-1/+1
|
* Fixed hard-coded messages.Endi S. Dewata2011-06-301-12/+51
| | | | | | Hard-coded messages in the UI have been replaced with I18n messages. Ticket #1396
* config fieldsAdam Young2011-06-301-0/+3
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1403 https://fedorahosted.org/freeipa/ticket/1404 https://fedorahosted.org/freeipa/ticket/1405 https://fedorahosted.org/freeipa/ticket/1406 fields and sections for config screen Using multivalue controls for object classes
* Replace the 'private' option in netgroup-find with 'managed'.Jan Cholasta2011-06-281-4/+9
| | | | | | | The 'private' option is kept in to maintain API compatibility, but is hidden from the user. ticket 1120
* Convert Bool to TRUE/FALSE when working with LDAP backend ↵Alexander Bokovoy2011-06-271-2/+2
| | | | | | | | https://fedorahosted.org/freeipa/ticket/1259 According to RFC4517 the only valid values for a boolean in LDAP are TRUE or FALSE. This commit adds support to recognize TRUE and FALSE as valid Bool constants when converting from LDAP attribute values and enforces TRUE or FALSE string for account locking.
* optional uidAdam Young2011-06-271-0/+1
| | | | Make the uid field optional
* Fixed entity labels.Endi S. Dewata2011-06-278-35/+11
| | | | | | | | | | | | | | | | The entity labels in the following locations have been fixed: - search facet title: plural - details facet title: singular - association facet title: singular - breadcrumb: plural - adder dialog title: singular - deleter dialog title: plural Some entity labels have been changed into the correct plural form. Unused file install/ui/test/data/i18n_messages.json has been removed. Ticket #1249 Ticket #1387
* Added singular entity labels.Endi S. Dewata2011-06-2724-4/+30
| | | | | | | | | | | | | | | A new attribute label_singular has been added to all entities which contains the singular form of the entity label in lower cases except for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web UI, this label can be capitalized using CSS text-transform. The existing 'label' attribute is intentionally left unchanged due to inconsistencies in the current values. It contains mostly the plural form of capitalized entity label, but some are singular. Also, it seems currently there is no comparable capitalization method on the server-side. So more work is needed before the label can be changed. Ticket #1249
* oneliner correct typo in ipasudorunas_groupJr Aquino2011-06-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1326
* Slight performance improvement by not doing some checking in production modeRob Crittenden2011-06-231-6/+12
| | | | | | These changes save a few hundred ms but every little bit helps. ticket 1023
* Let the framework be able to override the hostname.Rob Crittenden2011-06-232-6/+10
| | | | | | | | | | | | | | | | | | The hostname is passed in during the server installation. We should use this hostname for the resulting server as well. It was being discarded and we always used the system hostname value. Important changes: - configure ipa_hostname in sssd on masters - set PKI_HOSTNAME so the hostname is passed to dogtag installer - set the hostname when doing ldapi binds This also reorders some things in the dogtag installer to eliminate an unnecessary restart. We were restarting the service twice in a row with very little time in between and this could result in a slew of reported errors, though the server installed ok. ticket 1052
* Use DN class in get_primary_key_from_dn to return decoded valueJohn Dennis2011-06-221-1/+4
|
* Add backslash escape support for cvs readerJohn Dennis2011-06-221-1/+2
|
* Module for DN objects plus unit testJohn Dennis2011-06-221-0/+1123
|
* Make data type of certificates more obvious/predictable internally.Rob Crittenden2011-06-216-149/+159
| | | | | | | | | | | | | | | | | | | For the most part certificates will be treated as being in DER format. When we load a certificate we will generally accept it in any format but will convert it to DER before proceeding in normalize_certificate(). This also re-arranges a bit of code to pull some certificate-specific functions out of ipalib/plugins/service.py into ipalib/x509.py. This also tries to use variable names to indicate what format the certificate is in at any given point: dercert: DER cert: PEM nsscert: a python-nss Certificate object rawcert: unknown format ticket 32
* Do lazy LDAP schema retrieval in json handler.Rob Crittenden2011-06-211-0/+1
| | | | | | | It was possible to get to this point without a schema if the first handled request resulted in a Kerberos error. https://fedorahosted.org/freeipa/ticket/1354
* ipaddress for host addAdam Young2011-06-201-0/+1
| | | | updated label triggered an API change
* Improve IP address handling in the host-add command.Jan Cholasta2011-06-191-15/+36
| | | | | | | IP addresses are more strictly checked. Netmasks can be specified and are used in DNS PTR record creation. ticket 1234
* Require an imported certificate's issuer to match our issuer.Rob Crittenden2011-06-162-2/+32
| | | | | | | | | | The goal is to not import foreign certificates. This caused a bunch of tests to fail because we had a hardcoded server certificate. Instead a developer will need to run make-testcert to create a server certificate generated by the local CA to test against. ticket 1134
* Don't add empty tuple to entry_attrs['externalhost']Jr Aquino2011-06-161-1/+2
| | | | https://fedorahosted.org/freeipa/ticket/1339
* Raise DuplicateEntry Error when adding a duplicate sudo optionJr Aquino2011-06-162-26/+58
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option)
* Fix doc for sudorule runasuser commandsMartin Kosek2011-06-171-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/1324
* Missing krbprincipalname when uid is not setMartin Kosek2011-06-151-0/+1
| | | | | | | | When user_add command is executed without uid parameter filled, user account is created without 'krbprincipalname' attribute. This renders the user account unusable. https://fedorahosted.org/freeipa/ticket/1279
* Return an error message when revocation reason 7 is usedRob Crittenden2011-06-151-0/+2
| | | | | | 7 is undefined as a revocation reason. https://fedorahosted.org/freeipa/ticket/1318
* Add message output summary to sudorule del, mod and find.Rob Crittenden2011-06-151-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/1255
* Add a list of managed hostsMartin Kosek2011-06-151-0/+36
| | | | | | | | Enhance Host plugin to provide not only "Managed By" list but also a list of managed hosts. The new list is generated only when --all option is passed. https://fedorahosted.org/freeipa/ticket/993
* Improve DNS zone creationMartin Kosek2011-06-151-0/+20
| | | | | | | | | | | | | | | When a new DNS zone is being created a local hostname is set as a nameserver of the new zone. However, when the zone is created during ipa-replica-prepare, the the current master/replica doesn't have to be an IPA server with DNS support. This would lead to DNS zones with incorrect NS records as they wouldn't point to a valid name server. Now, a list of all master servers with DNS support is retrieved during DNS zone creation and added as NS records for a new DNS zone. https://fedorahosted.org/freeipa/ticket/1261
generated by cgit (git 2.34.1) at 2024-11-16 16:14:55 +0000