summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* whoami fixAdam Young2010-11-241-2/+3
| | | | recent changes to the scope mechanism weren't propigated to the whoami call
* Rename parent LDAPObject pkeys in child LDAPObject methods.Pavel Zuna2010-11-241-1/+5
| | | | | | | | If the parent and child entries have the same attribute as primary key (such as in the DNS schema), we need to rename the parent key to prevent a param name conflict. It has no side effects, because the primary key name is always taken from the LDAPObject params, never from the method params.
* Gracefully handle an empty members listRob Crittenden2010-11-241-1/+4
| | | | | | | | | | | This can occur if you do something like: $ ipa hbac-add-host --hosts="" testrule options will have an entry for 'host' but it will be None whcih is not iterable. ticket 486
* Generate better DuplicateEntry error messages in LDAPCreate.Pavel Zuna2010-11-231-6/+13
| | | | Ticket #530
* Change signature of LDAPSearch.pre_callback.Pavel Zuna2010-11-236-18/+30
| | | | Add the opportunity to change base DN and scope in the callback.
* Add ability to add/remove DNS records when adding/removing a host entry.Rob Crittenden2010-11-234-1/+165
| | | | | | | | | | | | | | | | | | A host in DNS must have an IP address so a valid IP address is required when adding a host. The --force flag will be needed too since you are adding a host that isn't in DNS. For IPv4 it will create an A and a PTR DNS record. IPv6 isn't quite supported yet. Some basic work in the DNS installer is needed to get this working. Once the get_reverse_zone() returns the right value then this should start working and create an AAAA record and the appropriate reverse entry. When deleting a host with the --updatedns flag it will try to remove all records it can find in the zone for this host. ticket 238
* Multivalued email addressEndi S. Dewata2010-11-201-1/+1
|
* Improve the documentation of setattr/addattrJakub Hrozek2010-11-191-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/245
* Give a detached group a full set of group objectclasses.Rob Crittenden2010-11-192-8/+25
| | | | | | | The UUID plugin handles adding ipaUniqueId for us as well as the access control for it. ticket 250
* Fix returning effective rights for password policy.Rob Crittenden2010-11-192-2/+6
| | | | | | This also returns the rights for cospriority if the policy is for a group. ticket 449
* Add managedby to Host entriesRob Crittenden2010-11-191-3/+33
| | | | | | This will allow others to provision on behalf of the host. ticket 280
* Revoke a host's certificate (if any) when it is deleted or disabled.Rob Crittenden2010-11-192-93/+246
| | | | | | | | | Disable any services when its host is disabled. This also adds displaying the certificate attributes (subject, etc) a bit more universal and centralized in a single function. ticket 297
* Use distutil.version to check for min versionSimo Sorce2010-11-181-2/+8
|
* add plugin to enable/disable anonymous pkinitSimo Sorce2010-11-181-0/+98
|
* batch init this batches together the calls to json_metadata, i18n_messages, ↵Adam Young2010-11-181-30/+41
| | | | and user-find [whoami] tostreamline the init process, and also allow us to add a call to enumerate the plugins.
* Increase # of chars in users and groups to 255 and default username to 32.Rob Crittenden2010-11-122-4/+4
| | | | ticket 434
* Don't include INTERNAL commands in `ipa help commands` output.Rob Crittenden2010-11-101-0/+2
| | | | ticket 463
* Replace 'Locking' in `ipa help user` with 'Disabling'.Pavel Zuna2010-11-091-1/+1
| | | | Ticket #452
* delete to remove THe keyword delete is reserved in Javascript Using it ↵Adam Young2010-11-091-1/+1
| | | | breaks the WebUI on Chrome. This fixes replaces the word with delete.
* Add usercategory and hostcategory and fix displaying members in netgroup_showRob Crittenden2010-11-081-0/+24
| | | | ticket 443
* Clarify the description of --raw and -allJakub Hrozek2010-11-082-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/244
* Ticket ExpirationAdam Young2010-11-081-1/+8
| | | | | | | | THis patch handles Kerberos ticket expiration in the UI. Additionally it removes the mod_atuh_kerb authorization for elements in the static directory, cutting down on the number of round trips required for initializing the web app Conflicts: install/static/ipa.js
* Add the --rights option to the LDAPUpdate base class.Rob Crittenden2010-11-051-10/+24
| | | | ticket 437
* Fix typo in exception sample causing a doctest to failRob Crittenden2010-11-051-1/+1
|
* batchAdam Young2010-11-051-0/+86
| | | | Allows the user to send multiple commands bundled together
* user-enable/disable improvementsRob Crittenden2010-11-043-22/+35
| | | | | | | | | | | | | Always display the account enable/disable status. Don't ignore the exceptions when a user is already enabled or disabled. Fix the exception error messages to use the right terminology. In baseldap when retrieving all attributes include the default attributes in case they include some operational attributes. ticket 392
* Output ACI's broken out into attributes rather than a single text fieldRob Crittenden2010-11-042-74/+87
| | | | | | Also add validation to the List parameter type. ticket 357
* Added fixes to adjust for sudocmd attribute for sudocmds. Added fix for ↵Jr Aquino2010-11-032-5/+10
| | | | sudorule to allow for cmdCategory all Added fixes for xmlrpc tests to reflect sudocmd changes.
* Use kerberos password policy.Rob Crittenden2010-11-012-15/+35
| | | | | | | | | | | | | | | | | | | | | | | This lets the KDC count password failures and can lock out accounts for a period of time. This only works for KDC >= 1.8. There currently is no way to unlock a locked account across a replica. MIT Kerberos 1.9 is adding support for doing so. Once that is available unlock will be added. The concept of a "global" password policy has changed. When we were managing the policy using the IPA password plugin it was smart enough to search up the tree looking for a policy. The KDC is not so smart and relies on the krbpwdpolicyreference to find the policy. For this reason every user entry requires this attribute. I've created a new global_policy entry to store the default password policy. All users point at this now. The group policy works the same and can override this setting. As a result the special "GLOBAL" name has been replaced with global_policy. This policy works like any other and is the default if a name is not provided on the command-line. ticket 51
* Implement nested netgroups and include summaries for the commands.Rob Crittenden2010-10-292-10/+38
| | | | | | | Replace the existing netgroup test cases with Declarative tests. This triples the number of tests we were doing. ticket 209
* Return reason for failure when updating group membership fails.Rob Crittenden2010-10-284-36/+56
| | | | | | | | | | | We used to return a list of dns that failed to be added. We now return a list of tuples instead. The tuple looks like (dn, reason) where reason is the exception that was returned. Also made the label we use for failures to be singular instead of plural since we now print them out individually instead of as comma-separated. ticket 270
* Don't allow managed groups to have group password policy.Rob Crittenden2010-10-282-1/+19
| | | | | | | UPG cannot have members and we use memberOf in class of service to determine which policy to apply. ticket 160
* Remove group nesting from the HBAC service groupsRob Crittenden2010-10-281-9/+3
| | | | ticket 389
* Use context to decide which name to return on RequirementsErrorsRob Crittenden2010-10-282-6/+13
| | | | | | | | | | | | | | When a Requirement fails we throw an exception including the name of the field that is missing. To make the command-line friendlier we have a cli_name defined which may or may not match the LDAP attribute. This can be confusing if you are using ipalib directly because the attribute name missing may not match what is actually required (desc vs description is a good example). If you use the context 'cli' then it will throw exceptions using cli_name. If you use any other context it will use the name of the attribute. ticket 187
* Add option to generate random one-time password for hosts for bulk enrollmentRob Crittenden2010-10-281-2/+43
| | | | ticket 228
* Populate indirect members when showing a group object.Rob Crittenden2010-10-2811-132/+130
| | | | | | | | | | | | | | | This is done by creating a new attribute, memberindirect, to hold this indirect membership. The new function get_members() can return all members or just indirect or direct. We are only using it to retrieve indirect members currently. This also: * Moves all member display attributes into baseldap.py to reduce duplication * Adds netgroup nesting * Use a unique object name in hbacsvc and hbacsvcgroup ticket 296
* Retrieve Get Effective Rights output with LDAPRetrieveRob Crittenden2010-10-281-0/+18
| | | | | | | The output is a pure python dict so is really only useful when used with --all so it is required. Updated to return a string for rights as opposed to a list. Terser, reducing the wire size by a factor of 3.5
* Allow RDN changes for users, groups, rolegroups and taskgroups.Rob Crittenden2010-10-285-0/+22
| | | | | | | | | | | | To do a change right now you have to perform a setattr like: ipa user-mod --setattr uid=newuser olduser The RDN change is performed before the rest of the mods. If the RDN change is the only change done then the EmptyModlist that update_entry() throws is ignored. ticket 323
* Add LDAPObject setting to handle different attributes for RDN and PKEY.Pavel Zuna2010-10-284-64/+48
|
* UUIDs: remove uuid python plugin and let DS always autogenerateSimo Sorce2010-10-284-580/+5
| | | | merge in remove uuid
* whoami goodbyeAdam Young2010-10-261-41/+0
| | | | Removing the whoami plugin, as it has been wrapped up into the user plugin
* Fix two failing tests.Rob Crittenden2010-10-221-1/+1
| | | | | | The first test is a mismatch in the sample output of an exception. The second test adds certificate information output to the service plugin.
* Set default encoding to utf-8, use unicode when printing output.Rob Crittenden2010-10-221-4/+5
| | | | | | The Gettext() object only does the lookup when you print it as a unicode. ticket 308
* Add flag to group-find to only search on private groups.Pavel Zuna2010-10-201-2/+29
| | | | ticket #251
* Host certificate managementEndi S. Dewata2010-10-201-0/+35
| | | | | | | | | | | | | | | The service certificate management UI has been generalized and moved into certificate.js. The host details page is now using the same code to manage certificates. The host.py has been modified to return host certificate info. The Get/Revoke/View buttons behavior has been modified such that they are visible only if there is a valid certificate. The Get dialog box has been fixed to show the correct certificate header and footer. The ipa.css has been modified to store the style of the status bullets. New unit tests for certificate has been added. The test data has been modified to include sample host certificate.
* Fix problem testing for mutual exclusivity in hbac plugin.Rob Crittenden2010-10-181-8/+16
| | | | This should fix the hbac tests.
* Disallow RDN change and single-value bypass using setattr/addattr.Pavel Zuna2010-10-183-5/+48
| | | | | | | | | | | When setting or adding an attribute wiht setatt/addattr check to see if there is a Param for the attribute and enforce the multi-value. If there is no Param check the LDAP schema for SINGLE-VALUE. Catch RDN mods and try to return a more reasonable error message. Ticket #230 Ticket #246
* Add Requires on ipa-client to ipa-admintools, ensure ipa client is configuredRob Crittenden2010-10-153-1/+15
| | | | | | | | | | It makes little sense to install ipa-admintools without ipa-client, require it. Also see if the client has been configured. This is a bit tricky since we have a full set of defaults. Add a new env option that gets set if at least one configuration file is loaded. ticket 213
* Handle regular socket errors gracefully in ipa commandRob Crittenden2010-10-151-0/+3
| | | | ticket 382
* Improve doc string for passwordRob Crittenden2010-10-151-1/+1
| | | | ticket 182
generated by cgit (git 2.34.1) at 2024-06-19 20:32:58 +0000