| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
When renaming a object to the same name, errors.EmptyModList is raised.
This is not properly handled, and can cause other modifications in the
LDAPUpdate command to be ignored.
https://fedorahosted.org/freeipa/ticket/4548
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
|
|
| |
Also fixes incorrect error catching for UnicodeDecodeError.
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
|
|
|
|
| |
LDAPRemoveReverseMember
|
|
|
|
|
|
|
|
|
|
|
| |
The host-del command did not accept --continue option, since the
takes_options was overriden and did not take the options from LDAPDelete.
Fix the behaviour.
https://fedorahosted.org/freeipa/ticket/4473
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The attributes entryusn, createtimestamp, and modifytimestamp
should be readable whenever thir entry is, i.e. when we allow reading
the objectclass.
Automatically add them to every read permission that includes objectclass.
https://fedorahosted.org/freeipa/ticket/4534
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add 'Add OTP Token' action to user action menu.
This option is disabled in self-service when viewing other users.
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4402
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This substantially reduces the FreeIPA dependencies and allows
QR codes to fit in a standard terminal.
https://fedorahosted.org/freeipa/ticket/4430
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fix for an earlier version, which was committed by mistake as:
master: 418ce870bfbe13cea694a7b862cafe35c703f660
ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17
ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7
Thanks to Alexander Bokovoy for contributions
https://fedorahosted.org/freeipa/ticket/4521
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4521
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make validation more strict
* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
| |
NS can coexistent only with A, AAAA, DS, NS record
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3801
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
Removing last record attribute causes output type validation error
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4521
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
| |
This was left out by mistake when permissions were refactored.
The API is already tested.
https://fedorahosted.org/freeipa/ticket/4522
|
|
|
|
|
|
|
|
|
| |
Make error message more meaningful when a password policy is added for a non
existing group.
https://fedorahosted.org/freeipa/ticket/4334
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/4463
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'
https://fedorahosted.org/freeipa/ticket/3034
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the capability of installing a Dogtag KRA
to an IPA instance. With this patch, a KRA is NOT configured
by default when ipa-server-install is run. Rather, the command
ipa-kra-install must be executed on an instance on which a Dogtag
CA has already been configured.
The KRA shares the same tomcat instance and DS instance as the
Dogtag CA. Moreover, the same admin user/agent (and agent cert) can
be used for both subsystems. Certmonger is also confgured to
monitor the new subsystem certificates.
To create a clone KRA, simply execute ipa-kra-install <replica_file>
on a replica on which a Dogtag CA has already been replicated.
ipa-kra-install will use the security domain to detect whether the
system being installed is a replica, and will error out if a needed
replica file is not provided.
The install scripts have been refactored somewhat to minimize
duplication of code. A new base class dogtagintance.py has
been introduced containing code that is common to KRA and CA
installs. This will become very useful when we add more PKI
subsystems.
The KRA will install its database as a subtree of o=ipaca,
specifically o=ipakra,o=ipaca. This means that replication
agreements created to replicate CA data will also replicate KRA
data. No new replication agreements are required.
Added dogtag plugin for KRA. This is an initial commit providing
the basic vault functionality needed for vault. This plugin will
likely be modified as we create the code to call some of these
functions.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3872
The uninstallation option in ipa-kra-install is temporarily disabled.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
This will make any lookup go through the normalization.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3164
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
http://fedorahosted.org/freeipa/ticket/4164
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|