Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add Object.label class attribute, enable in webUI | Jason Gerard DeRose | 2010-02-12 | 15 | -6/+68 |
| | |||||
* | Allow one-character Param names | Rob Crittenden | 2010-02-12 | 4 | -8/+4 |
| | | | | This is done explicitly to support the l/localityname attribute. | ||||
* | Add default automount location. Auto-create auto.direct in new locations. | Pavel Zuna | 2010-02-12 | 1 | -0/+3 |
| | |||||
* | Command.output_params not contains params in Command.params | Jason Gerard DeRose | 2010-02-11 | 1 | -0/+7 |
| | |||||
* | Fix logging in CLI and server (take 2) | Jason Gerard DeRose | 2010-02-09 | 1 | -5/+10 |
| | |||||
* | Add support for the 'no_create', 'no_update', and 'no_search' Param flags | Jason Gerard DeRose | 2010-02-05 | 1 | -3/+109 |
| | |||||
* | Implement pwplicy_find to show all group password policies | Rob Crittenden | 2010-02-03 | 1 | -0/+32 |
| | | | | | find is a bit of a misnomer here because we consider no search terms, it is all or nothing. | ||||
* | Add flag to allow a cert to be re-issued | Rob Crittenden | 2010-02-03 | 1 | -3/+7 |
| | | | | | I don't want a user to accidentally re-issue a certificate so I've added a new flag, --revoke, to revoke the old cert and load the new one. | ||||
* | Only change the log level if it isn't already set | Rob Crittenden | 2010-02-03 | 1 | -4/+5 |
| | | | | | | This primarily affects the installer. We want to log to the install/ uninstall file in DEBUG. This was getting reset to INFO causing lots of details to not show in the logs. | ||||
* | Be more careful when base64-decoding certificates | Rob Crittenden | 2010-02-02 | 1 | -6/+3 |
| | | | | | Only decode certs that have a BEGIN/END block, otherwise assume it is in DER format. | ||||
* | Base64-encode binary values on the command-line | Rob Crittenden | 2010-02-02 | 1 | -3/+17 |
| | |||||
* | Remove group-specific password policy on group deletion | Rob Crittenden | 2010-01-29 | 1 | -0/+8 |
| | |||||
* | Remove __public__ and __proxy__ hold-overs from Plugin class | Jason Gerard DeRose | 2010-01-28 | 3 | -109/+1 |
| | |||||
* | Enabled CRUDS in webUI using wehjit 0.2.0 | Jason Gerard DeRose | 2010-01-26 | 3 | -1/+11 |
| | |||||
* | Fix merge error, variable mis-named label instead of doc | Rob Crittenden | 2010-01-21 | 1 | -1/+1 |
| | |||||
* | User-defined certificate subjects | Rob Crittenden | 2010-01-20 | 1 | -1/+17 |
| | | | | | | | | | | | | | | | Let the user, upon installation, set the certificate subject base for the dogtag CA. Certificate requests will automatically be given this subject base, regardless of what is in the CSR. The selfsign plugin does not currently support this dynamic name re-assignment and will reject any incoming requests that don't conform to the subject base. The certificate subject base is stored in cn=ipaconfig but it does NOT dynamically update the configuration, for dogtag at least. The file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to be updated and pki-cad restarted. | ||||
* | Fix plugin to work with new output validation, add new helpers | Rob Crittenden | 2010-01-20 | 1 | -34/+57 |
| | | | | | | | | Add a new get_subject() helper and return the subject when retrieving certificates. Add a normalizer so that everything before and after the BEGIN/END block is removed. | ||||
* | Add DS migration plugin and password migration page. | Pavel Zuna | 2010-01-20 | 1 | -0/+374 |
| | |||||
* | Add --enable-migration option in config plugin. | Pavel Zuna | 2010-01-20 | 1 | -1/+14 |
| | |||||
* | Temporary fix for name collision of textui.print_entry. | Pavel Zuna | 2010-01-20 | 2 | -3/+3 |
| | | | | Somehow there's two of them... rename old one to print_entry1. | ||||
* | Make DNS plugin support output validation and thus make it work again. | Pavel Zuna | 2010-01-20 | 1 | -39/+86 |
| | |||||
* | Correct some comment errors | Rob Crittenden | 2010-01-19 | 1 | -2/+1 |
| | |||||
* | pass DER flag to x509.get_serial_number() | John Dennis | 2010-01-19 | 1 | -1/+1 |
| | |||||
* | Allow cospriority to be updated and fix description of priority ordering | Rob Crittenden | 2010-01-19 | 1 | -7/+27 |
| | | | | | | Need to add a few more places where the DN will not be automatically normalized. The krb5 server expects a very specific format and normalizing causes it to not work. | ||||
* | Use 'l' instead of 'localityname' in host plugin. | Pavel Zuna | 2010-01-14 | 1 | -2/+14 |
| | | | | | It seems that 'localityname' and 'locality' aliases were dropped in newer versions of DS. | ||||
* | Make host objects aware of their membership and that l==localityName. | Pavel Zuna | 2010-01-14 | 1 | -0/+6 |
| | |||||
* | Add Kerberos Ticket Policy management plugin. | Pavel Zuna | 2010-01-13 | 2 | -27/+167 |
| | |||||
* | Allow creation of new connections by unshared instances of backend.Connectible. | Pavel Zuna | 2010-01-11 | 2 | -14/+22 |
| | |||||
* | Add --all to LDAPCreate and make LDAP commands always display default ↵ | Pavel Zuna | 2010-01-11 | 7 | -14/+30 |
| | | | | attributes. | ||||
* | Use the caIPAserviceCert profile for issuing service certs. | Rob Crittenden | 2010-01-08 | 1 | -2/+2 |
| | | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration. | ||||
* | Add messages, declarative tests for rolegroup, taskgroup plugins | Jason Gerard DeRose | 2009-12-18 | 2 | -7/+29 |
| | |||||
* | Handle base64-encoded certificates better, import missing function | Rob Crittenden | 2009-12-18 | 3 | -0/+11 |
| | |||||
* | Make hosts more like real services so we can issue certs for host principals | Rob Crittenden | 2009-12-16 | 2 | -12/+56 |
| | | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work. | ||||
* | host and hostgroup summary messages, declarative tests; fix tests for 'dn' | Jason Gerard DeRose | 2009-12-16 | 1 | -3/+11 |
| | |||||
* | Add some missing labels | Rob Crittenden | 2009-12-14 | 2 | -0/+5 |
| | |||||
* | Convert to using new result output handling | Rob Crittenden | 2009-12-14 | 2 | -27/+85 |
| | | | | | This also inserts the dn into the response when adding a record. We need this in the ACI plugin when adding a taskgroup | ||||
* | This plugin was replaced by the aci plugin | Rob Crittenden | 2009-12-11 | 1 | -93/+0 |
| | |||||
* | Take 2: Extensible return values and validation; steps toward a single ↵ | Jason Gerard DeRose | 2009-12-10 | 16 | -193/+677 |
| | | | | output_for_cli(); enable more webUI stuff | ||||
* | rebase dogtag clean-up patch | John Dennis | 2009-12-09 | 3 | -21/+27 |
| | |||||
* | Add idnsUpdatePolicy into the dns plug-in | Martin Nagy | 2009-12-02 | 1 | -1/+5 |
| | | | | | | The idnsUpdatePolicy takes a list of BIND dynamic update policies, each of which must be terminated by ";". Also fix a minor error in the documentation string. | ||||
* | Add NotImplementedError type so CA plugins can return client-friendly errors | Rob Crittenden | 2009-12-01 | 2 | -3/+18 |
| | | | | | | | | Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding. | ||||
* | Add type argument to x509.load_certificate() so it can handle binary certs | Rob Crittenden | 2009-12-01 | 1 | -9/+12 |
| | |||||
* | Rename GeneralizedTime to AccessTime. | Pavel Zuna | 2009-12-01 | 3 | -8/+8 |
| | |||||
* | Add {user,host,sourcehost}Category to HBAC and make accessTime multivalue. | Pavel Zuna | 2009-12-01 | 1 | -2/+94 |
| | |||||
* | Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL. | Rob Crittenden | 2009-11-30 | 4 | -27/+784 |
| | | | | | | | | | The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr | ||||
* | Fix boolean attributes in DNS plugin. | Pavel Zuna | 2009-11-30 | 1 | -3/+9 |
| | | | | | Sometimes they worked fine and sometimes DS rejected them as invalid. | ||||
* | Fix Bool parameter type. It was impossible to set it to FALSE. | Pavel Zuna | 2009-11-30 | 2 | -3/+5 |
| | |||||
* | Fix takes_options in automount plugin. | Pavel Zuna | 2009-11-30 | 1 | -1/+1 |
| | |||||
* | Print only one line of docstrings in command listings. | Pavel Zuna | 2009-11-30 | 1 | -4/+3 |
| | | | | Full docstring is shown on `ipa help COMMAND`. | ||||
* | Use correct attribute for hosts. | Rob Crittenden | 2009-11-25 | 1 | -1/+1 |
| |