| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Previously the user's city parameter is defined to use the 'locality'
attribute. This was a problem because the attribute would be returned
as 'l' by the directory server causing a mismatch. Now the parameter
has been changed to use the 'l' attribute.
|
|
|
|
|
|
|
|
| |
nsaccountlock doesn't have a visible Param but we want do so
some basic validation to be sure garbage doesn't get in there so
do it in the pre_callback of add and mod.
ticket 968
|
|
|
|
|
|
|
| |
This patch ensures that PTR records added by FreeIPA are compliant with
RFC.
https://fedorahosted.org/freeipa/ticket/839
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/563
https://fedorahosted.org/freeipa/ticket/588
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/735
|
|
|
|
|
|
|
| |
We are required by LDAP schema to have a cn value. Don't let
users change it thinking they are actually doing something.
tickets 706 and 707
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a service/host is disabled, the resulting summary message states
that a Kerberos key was disabled. However, Kerberos key may not have
been enabled before this command at all, which makes this information
confusing for some users. Also, the summary message didn't state
that an SSL certificate was disabled too.
This patch rather changes the summary message to a standard phrase
known from other plugins disable command and states all disable
command steps in a respective command help.
https://fedorahosted.org/freeipa/ticket/872
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cert plugin only worked OK with decimal certificate serial numbers.
This patch allows specifying the serial number in hexadecimal, too. The
conversion now works such that:
* with no explicit radix, a best-effort conversion is done using int(str,
0) in python. If the format is ambiguous, decimal takes precedence.
* a hexadecimal radix can be specified explicitly with the traditional
0x prefix
https://fedorahosted.org/freeipa/ticket/958
https://fedorahosted.org/freeipa/ticket/953
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/963
|
|
|
|
|
|
|
|
| |
This patch adds a proper summary text to HBAC command which is
then printed out in CLI. Now, HBAC plugin output is consistent
with other plugins.
https://fedorahosted.org/freeipa/ticket/596
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/967
|
|
|
|
| |
I was too quick on the patch push and didn't see a nack on the wording.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/351
|
|
|
|
|
|
|
|
| |
The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets.
The service.py has been modified to specify the correct relationships. The API.txt has been updated.
https://fedorahosted.org/freeipa/ticket/960
|
|
|
|
| |
ticket 961
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/915
|
|
|
|
|
| |
The email normalizer expects a list or tuple, but when using setattr
it gets a string and interates on it as if it was a list/tuple.
|
|
|
|
| |
ticket 970
|
|
|
|
|
|
|
|
| |
Also fix some related problems in write_certificate(), handle
either a DER or base64-formatted incoming certificate and don't
explode if the filename is None.
ticket 954
|
|
|
|
| |
ticket 964
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/923
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some attribute enforcement is done by schema, others should be done
by the required option in a Parameter. description, for example, is
required by many plugins but not the schema. We need to enforce in the
framework that required options are provided.
After all the setattr/addattr work is done run through the modifications
and ensure that no required values will be removed.
ticket 852
|
|
|
|
|
|
|
|
| |
Recent change of DNS module to version caused that dns object type
was replaced by dnszone and dnsrecord. This patch corrects dns types
in permissions class.
https://fedorahosted.org/freeipa/ticket/646
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the default domain functionality for user email(s).
This setting may be configured via:
ipa config-mod --emaildomain=example.com
Then, when user is added/modified and --mail option is passed,
the default domain is appended if the passed attribute does not
contain another domain already.
https://fedorahosted.org/freeipa/ticket/598
|
|
|
|
|
|
|
|
|
|
| |
Request logging on the server only happened if you added verbose=True
or debug=True to the IPA config file. We should log the basics at
least: who, what, result.
Move a lot of entries from info to debug logging as well.
Related to ticket 873
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/956
|
|
|
|
|
|
|
|
|
| |
This patch removes some individual work-arounds of converting strings
to unicode, they only masked the problem. String values are not
passed to the validator or normalizers so things like adding the
realm automatically to services weren't happening.
ticket 941
|
|
|
|
|
|
|
|
|
|
|
| |
Since some LDAP attributes have their cli_name value defined,
so they can be more user friendly, it can be difficult for user to find
out which attributes do the parameteres given to CLI really represent.
This patch provides new command, which will take another IPA command as
and argument and display attributes which given command takes and what
LDAP attributes are they mapped to.
https://fedorahosted.org/freeipa/ticket/447
|
|
|
|
|
|
| |
It isn't safe to assume there is an environment or mode in any given
object. Only skip the extra work if the object explicitly has production
in it.
|
|
|
|
| |
ticket 912
|
|
|
|
| |
Fix #830
|
|
|
|
|
|
|
| |
It was missed because the whole module was skipped if python-rhsm wasn't
loaded.
ticket 919
|
|
|
|
| |
Fix #844
|
|
|
|
| |
Fix #837
|
|
|
|
| |
Fix #847
|
| |
|
|
|
|
|
|
|
|
| |
When attempting to detach a private group that doesn't exist, the
error message returned is not consistent with the error returned by
the other topic commands. This patch adds a standard message.
https://fedorahosted.org/freeipa/ticket/291
|
|
|
|
|
|
| |
Also add a unit test for address.
Ticket 889
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes several reported typos in IPA messages and
in comments.
Contributors file has been updated + the original author of the
patch reporting the typos was added.
https://fedorahosted.org/freeipa/ticket/848
|
|
|
|
|
|
|
| |
* Make host-add, host-del and reverse zone creation IPv6 aware
* Make Bind listen on IPv6 interfaces, too
https://fedorahosted.org/freeipa/ticket/398
|
|
|
|
| |
Ticket #798
|
|
|
|
| |
Fix #854
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
|
|
|
|
|
|
|
|
|
| |
There are some permissions we can't display because they are stored
outside of the basedn (such as the replication permissions). We
are adding a new attribute to store extra information to make this
clear, in this case SYSTEM.
ticket 853
|
|
|
|
|
|
|
|
| |
This is mostly due to inconsistent option name usage but also due
to the aci plugin not always treating memberof as a special kind
of filter.
ticket 869
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/881
|
|
|
|
|
|
|
| |
This also drops description from permissions since it seems redundant and
fixes up the help text a little.
ticket 792
|
|
|
|
|
|
|
|
| |
Lookup based on --filter wasn't implemented at all. It did't show until
now, because of bug sitting on top of it which was resulting in internal
error. This patch fixes the bug and adds the filtering functionality.
https://fedorahosted.org/freeipa/ticket/818
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes nonfunctional rename operation in permission
plugin. Also makes sure, that no change is made to the underlying
ACI in pre_callback() when the target permission already exists.
Several tests for the rename operation have been created to ensure
that the it won't break again unnoticed.
https://fedorahosted.org/freeipa/ticket/814
|