summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* WIP: support idviews in compat treeviewsAlexander Bokovoy2014-09-242-0/+21
|
* idviews: Handle Default Trust View properly in the frameworkTomas Babej2014-09-221-0/+28
|
* idviews: Make description optional for the ID View objectTomas Babej2014-09-221-1/+1
|
* idviews: Fix casing of ID Views to be consistentTomas Babej2014-09-221-35/+35
|
* baseldap: Properly handle the case of renaming object to the same nameTomas Babej2014-09-221-10/+17
| | | | | | | | When renaming a object to the same name, errors.EmptyModList is raised. This is not properly handled, and can cause other modifications in the LDAPUpdate command to be ignored. https://fedorahosted.org/freeipa/ticket/4548
* idviews: Add ipaOriginalUidTomas Babej2014-09-221-2/+29
|
* idviews: Resolve anchors to object names in idview-showTomas Babej2014-09-171-115/+132
|
* idviews: Raise NotFound errors if object to override could not be foundTomas Babej2014-09-171-0/+11
|
* idviews: Change format of IPA anchor to include domainTomas Babej2014-09-171-2/+14
|
* idviews: Alter idoverride methods to work with splitted objectsTomas Babej2014-09-171-40/+28
|
* idviews: Split the idoverride commands into iduseroverride and idgroupoverrideTomas Babej2014-09-171-10/+66
|
* idviews: Split the idoverride object into iduseroverride and idgroupoverrideTomas Babej2014-09-171-54/+103
|
* idviews: Support specifying object names instead of raw anchors onlyTomas Babej2014-09-172-0/+120
|
* idviews: Extend idview-show command to display assigned idoverrides and hostsTomas Babej2014-09-171-40/+129
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* idviews: Add ipa idview-apply and idview-unapply commandsTomas Babej2014-09-171-3/+176
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* hostgroup: Selected PEP8 fixes for the hostgroup pluginTomas Babej2014-09-171-11/+4
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* hostgroup: Remove redundant and star importsTomas Babej2014-09-171-2/+5
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* hostgroup: Add helper that returns all members of a hostgroupTomas Babej2014-09-171-0/+8
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* idvies: Add managed permissions for idview and idoverride objectsTomas Babej2014-09-171-0/+23
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* idviews: Create basic idview plugin structureTomas Babej2014-09-171-0/+191
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* ipalib: PEP8 fixes for host pluginTomas Babej2014-09-171-18/+22
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* ipalib: Remove redundant and star imports from host pluginTomas Babej2014-09-171-8/+8
| | | | | | Also fixes incorrect error catching for UnicodeDecodeError. Part of: https://fedorahosted.org/freeipa/ticket/3979
* idviews: Add ipaAssignedIDVIew reference to the host objectTomas Babej2014-09-171-3/+6
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* idviews: Create container for ID views under cn=accountsTomas Babej2014-09-171-0/+1
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3979
* baseldap: Fix undefined variable reference in LDAPAddReverseMember and ↵Tomas Babej2014-09-171-26/+18
| | | | LDAPRemoveReverseMember
* ipalib: host_del: Extend LDAPDelete's takes_options instead of overridingTomas Babej2014-09-171-1/+1
| | | | | | | | | | | The host-del command did not accept --continue option, since the takes_options was overriden and did not take the options from LDAPDelete. Fix the behaviour. https://fedorahosted.org/freeipa/ticket/4473 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* permission plugin: Auto-add operational atttributes to read permissionsPetr Viktorin2014-09-121-0/+8
| | | | | | | | | | | The attributes entryusn, createtimestamp, and modifytimestamp should be readable whenever thir entry is, i.e. when we allow reading the objectclass. Automatically add them to every read permission that includes objectclass. https://fedorahosted.org/freeipa/ticket/4534 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add i18n for the rest of QR code stringsPetr Vobornik2014-09-111-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add token from user pagePetr Vobornik2014-09-111-0/+1
| | | | | | | | | | Add 'Add OTP Token' action to user action menu. This option is disabled in self-service when viewing other users. https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: better otp token type labelPetr Vobornik2014-09-111-3/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4402 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Update qrcode support for newer python-qrcodeNathaniel McCallum2014-09-111-2/+2
| | | | | | | | | This substantially reduces the FreeIPA dependencies and allows QR codes to fit in a standard terminal. https://fedorahosted.org/freeipa/ticket/4430 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix: Add managed read permissions for compat tree and operational attrsPetr Viktorin2014-09-054-6/+6
| | | | | | | | | | | This is a fix for an earlier version, which was committed by mistake as: master: 418ce870bfbe13cea694a7b862cafe35c703f660 ipa-4-0: 3e2c86aeabbd2e3c54ad73a40803ef2bf5b0cb17 ipa-4-1: 9bcd88589e30d31d3f533cd42d2f816ef01b07c7 Thanks to Alexander Bokovoy for contributions https://fedorahosted.org/freeipa/ticket/4521
* Add managed read permissions for compat treePetr Viktorin2014-09-054-0/+41
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* FIX DNS wildcard records (RFC4592)Martin Basti2014-09-051-0/+22
| | | | | | | | | | Make validation more strict * DS, NS, DNAME owners should not be a wildcard domanin name * zone name should not be a wildcard domain name Ticket: https://fedorahosted.org/freeipa/ticket/4488 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix NS record coexistence validatorMartin Basti2014-09-051-6/+17
| | | | | | | NS can coexistent only with A, AAAA, DS, NS record Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: fix DS record validationMartin Basti2014-09-051-36/+63
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3801 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix dnsrecord-mod raise error if last record attr is removedMartin Basti2014-09-051-0/+7
| | | | | | Removing last record attribute causes output type validation error Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Ensure ipaUserAuthTypeClass when needed on user creationNathaniel McCallum2014-09-031-13/+11
| | | | | | | | | Also, remove the attempt to load the objectClasses when absent. This never makes sense during an add operation. https://fedorahosted.org/freeipa/ticket/4455 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* permission plugin: Improve description of the target optionPetr Viktorin2014-09-031-1/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4521 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* permission plugin: Make --target available in the CLIPetr Viktorin2014-09-031-1/+0
| | | | | | | This was left out by mistake when permissions were refactored. The API is already tested. https://fedorahosted.org/freeipa/ticket/4522
* pwpolicy-add: Added better error handlingThorsten Scherf2014-09-021-1/+6
| | | | | | | | | Make error message more meaningful when a password policy is added for a non existing group. https://fedorahosted.org/freeipa/ticket/4334 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipaserver/dcerpc.py: Make sure trust is established only to forest root domainAlexander Bokovoy2014-09-011-0/+16
| | | | | | Part of https://fedorahosted.org/freeipa/ticket/4463 Reviewed-By: Sumit Bose <sbose@redhat.com>
* ipa trust-add command should be interactiveGabe2014-08-251-1/+25
| | | | | | | | | - Make ipa trust-add command interactive for realm_admin and realm_passwd - Fix 'Active directory' typo to 'Active Directory' https://fedorahosted.org/freeipa/ticket/3034 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Add a KRA to IPAAde Lee2014-08-221-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds the capability of installing a Dogtag KRA to an IPA instance. With this patch, a KRA is NOT configured by default when ipa-server-install is run. Rather, the command ipa-kra-install must be executed on an instance on which a Dogtag CA has already been configured. The KRA shares the same tomcat instance and DS instance as the Dogtag CA. Moreover, the same admin user/agent (and agent cert) can be used for both subsystems. Certmonger is also confgured to monitor the new subsystem certificates. To create a clone KRA, simply execute ipa-kra-install <replica_file> on a replica on which a Dogtag CA has already been replicated. ipa-kra-install will use the security domain to detect whether the system being installed is a replica, and will error out if a needed replica file is not provided. The install scripts have been refactored somewhat to minimize duplication of code. A new base class dogtagintance.py has been introduced containing code that is common to KRA and CA installs. This will become very useful when we add more PKI subsystems. The KRA will install its database as a subtree of o=ipaca, specifically o=ipakra,o=ipaca. This means that replication agreements created to replicate CA data will also replicate KRA data. No new replication agreements are required. Added dogtag plugin for KRA. This is an initial commit providing the basic vault functionality needed for vault. This plugin will likely be modified as we create the code to call some of these functions. Part of the work for: https://fedorahosted.org/freeipa/ticket/3872 The uninstallation option in ipa-kra-install is temporarily disabled. Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* service: Normalize service principal in get_dnPetr Viktorin2014-08-211-0/+3
| | | | | | This will make any lookup go through the normalization. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support delegating RBAC roles to service principalsPetr Viktorin2014-08-212-2/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/3164 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: better authentication types descriptionPetr Vobornik2014-08-211-0/+7
| | | | | | | | | | Tooltips were added to "User authentication types" and "Default user authentication types" to describe their relationship and a meaning of not-setting a value. https://fedorahosted.org/freeipa/ticket/4471 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improved info msgs on login/token sync/reset pwd pagesPetr Vobornik2014-08-201-2/+3
| | | | | | | | | | - add info icons to distinguish and classify the messages. - add info text for OTP fields - fix login instruction inaccuracy related to position of login button https://fedorahosted.org/freeipa/ticket/4470 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Allow to add host if AAAA record existsMartin Basti2014-08-112-6/+17
| | | | | | http://fedorahosted.org/freeipa/ticket/4164 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add functions for DER encoding certificate extensions to ipalib.x509.Jan Cholasta2014-07-301-0/+25
| | | | | | | Part of https://fedorahosted.org/freeipa/ticket/3259 Part of https://fedorahosted.org/freeipa/ticket/3520 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-05 09:04:13 +0000