summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
...
* Require an imported certificate's issuer to match our issuer.Rob Crittenden2011-06-162-2/+32
| | | | | | | | | | The goal is to not import foreign certificates. This caused a bunch of tests to fail because we had a hardcoded server certificate. Instead a developer will need to run make-testcert to create a server certificate generated by the local CA to test against. ticket 1134
* Don't add empty tuple to entry_attrs['externalhost']Jr Aquino2011-06-161-1/+2
| | | | https://fedorahosted.org/freeipa/ticket/1339
* Raise DuplicateEntry Error when adding a duplicate sudo optionJr Aquino2011-06-162-26/+58
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1276 https://fedorahosted.org/freeipa/ticket/1277 https://fedorahosted.org/freeipa/ticket/1308 Added new Exception: AttrValueNotFound Fixed XML Test for Sudorule remove_option 1276 (Raise AttrValueNotFound when trying to remove a non-existent option from Sudo rule) 1277 (Raise DuplicateEntry Error when adding a duplicate sudo option) 1308 (Make sudooption a required option for sudorule_remove_option)
* Fix doc for sudorule runasuser commandsMartin Kosek2011-06-171-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/1324
* Missing krbprincipalname when uid is not setMartin Kosek2011-06-151-0/+1
| | | | | | | | When user_add command is executed without uid parameter filled, user account is created without 'krbprincipalname' attribute. This renders the user account unusable. https://fedorahosted.org/freeipa/ticket/1279
* Return an error message when revocation reason 7 is usedRob Crittenden2011-06-151-0/+2
| | | | | | 7 is undefined as a revocation reason. https://fedorahosted.org/freeipa/ticket/1318
* Add message output summary to sudorule del, mod and find.Rob Crittenden2011-06-151-0/+5
| | | | https://fedorahosted.org/freeipa/ticket/1255
* Add a list of managed hostsMartin Kosek2011-06-151-0/+36
| | | | | | | | Enhance Host plugin to provide not only "Managed By" list but also a list of managed hosts. The new list is generated only when --all option is passed. https://fedorahosted.org/freeipa/ticket/993
* Improve DNS zone creationMartin Kosek2011-06-151-0/+20
| | | | | | | | | | | | | | | When a new DNS zone is being created a local hostname is set as a nameserver of the new zone. However, when the zone is created during ipa-replica-prepare, the the current master/replica doesn't have to be an IPA server with DNS support. This would lead to DNS zones with incorrect NS records as they wouldn't point to a valid name server. Now, a list of all master servers with DNS support is retrieved during DNS zone creation and added as NS records for a new DNS zone. https://fedorahosted.org/freeipa/ticket/1261
* Add ignore lists to migrate-ds commandMartin Kosek2011-06-151-5/+61
| | | | | | | | | | | | | | When user migrates users/groups from an old DS instance, the migration may fail on unsupported object classes and/or relevant LDAP object attributes. This patch implements a support for object class and attribute ignore lists that can be used to suppress these migration issues. Additionally, a redundant "dev/null" file is removed from git repo (originally added in 26b0e8fc9809a4cd9f2f9a2281f0894e2e0f8db2). https://fedorahosted.org/freeipa/ticket/1266
* Display remaining external hosts when removing from sudoruleJr Aquino2011-06-141-2/+2
| | | | | https://fedorahosted.org/freeipa/ticket/1269 https://fedorahosted.org/freeipa/ticket/1270
* Remove automountinformation as part of the DN for automount.Rob Crittenden2011-06-131-21/+76
| | | | | | | | | | | | | | | | To support multiple direct maps we added description to the DN of automount key entries. The downside of this is that to display a key you had to know the information as well, which was rather pointless if that is what you were trying to get. So now both modes are supported. It will first look for just a key in the description and fall back to including automountinformation if it needs to. Multiple direct maps are still supported and for those the info is always required. ticket 1229
* JSON marshalling listAdam Young2011-06-101-1/+1
| | | | Lists are sometimes marshalled as arrays. Before, we assumed they were CSV strings.
* Handle LDAP search referencesMartin Kosek2011-06-101-3/+9
| | | | | | | | | | | | | LDAP search operation may return a search reference pointing to an LDAP resource. As the framework does not handle search references, skip these results to prevent result processing failures. Migrate operation crashed when the migrated DS contained search references. Now, it correctly skips these records and prints the failed references to user. https://fedorahosted.org/freeipa/ticket/1209
* Add UID, GID and e-mail to the user default attributes.Rob Crittenden2011-06-081-1/+2
| | | | ticket https://fedorahosted.org/freeipa/ticket/1265
* Localization fails for MaxArgumentErrorMartin Kosek2011-06-061-1/+4
| | | | | | | When MaxArgumentError si raised, the string localized by ngettext is not printed properly. https://fedorahosted.org/freeipa/ticket/1148
* Add sudorule and hbacrule to memberof and indirectmemberof attributesJr Aquino2011-06-064-8/+10
| | | | | | | | Add Add tests for users, groups, hosts and hostgroups to verify membership Update API to version 2.3 https://fedorahosted.org/freeipa/ticket/1170
* Improve interactive mode for DNS pluginMartin Kosek2011-06-023-20/+225
| | | | | | | | | | | | Interactive mode for commands manipulating with DNS records (dnsrecord-add, dnsrecord-del) is not usable. This patch enhances the server framework with new callback for interactive mode, which can be used by commands to inject their own interactive handling. The callback is then used to improve aforementioned commands' interactive mode. https://fedorahosted.org/freeipa/ticket/1018
* Honor netmask in DNS reverse zone setup.Jan Cholasta2011-05-301-17/+28
| | | | ticket 910
* Do a lazy retrieval of the LDAP schema rather than at module load.Rob Crittenden2011-05-301-0/+2
| | | | | | | | | | Attempt to retrieve the schema the first time it is needed rather than when Apache is started. A global copy is cached for future requests for performance reasons. The schema will be retrieved once per Apache child process. ticket 583
* Include the word 'member' with autogenerated optional member labels.Rob Crittenden2011-05-271-1/+1
| | | | | | | There were reports of confusion over what was being prompted for, hopefully adding member will make things clearer. ticket 1062
* Add option to limit the attributes allowed in an entry.Rob Crittenden2011-05-273-0/+39
| | | | | | | | | | | | | | | | Kerberos ticket policy can update policy in a user entry. This allowed set/addattr to be used to modify attributes outside of the ticket policy perview, also bypassing all validation/normalization. Likewise the ticket policy was updatable by the user plugin bypassing all validation. Add two new LDAPObject values to control this behavior: limit_object_classes: only attributes in these are allowed disallow_object_classes: attributes in these are disallowed By default both of these lists are empty so are skipped. ticket 744
* Fix migration to work between v2 servers and remove search/size limits.Rob Crittenden2011-05-261-6/+14
| | | | | | | | | | | | Migration from a v2 server would fail because of our fake memberofindirect attribute. This isn't in any objectclass so would cause entries to fail to migrate. We can safely just remove it. Also remove any limits on time/size when searching for entries on the remote server. Otherwise only the number of entries configured in the local IPA server can be migrated. ticket 1124
* automount UIAdam Young2011-05-262-4/+11
| | | | | | | | | | | | | | | | | | | | | | automount implemented using standard facets and containing_entity pkey generation sample data fixtures for automount. messages for automount and HBAC. modified form of the search facet used to nest the automount entities Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin. All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title. update ipa_init sample data add redirect logic for pages without pkeys. add and delete link to appropriate entities for nested search facet. Using on demand entities. Fixed breadcrumbs.
* A new flag to disable creation of UPGMartin Kosek2011-05-251-12/+41
| | | | | | | | Automatic creation may of User Private Groups (UPG) may not be wanted at all times. This patch adds a new flag --noprivate to ipa user-add command to disable it. https://fedorahosted.org/freeipa/ticket/1131
* Fixed adder dialog title.Endi S. Dewata2011-05-241-11/+11
| | | | | | | The IPA.entity_builder has been fixed to use the correct title for the entity's adder dialog. Ticket #1239
* Test for forwarded Kerberos credentials cache in wsgi code.Rob Crittenden2011-05-181-1/+13
| | | | | | | | | We should more gracefully handle if the TGT has not been forwarded than returning a 500 error. Also catch and display KerberosErrors from ping() in the client better. ticket 1101
* Read-only association facet.Endi S. Dewata2011-05-161-1/+1
| | | | | | | | | The IPA.association_facet has been modified to take a read_only parameters. If the parameter is set to true, the Enroll and Delete buttons will not be shown. All facets under the memberindirect and memberofindirect facet groups are marked as read-only. Ticket #1030
* Customizable facet groups.Endi S. Dewata2011-05-162-0/+11
| | | | | | | | The IPA.entity has been modified to support customizable facet groups. The default list of facet groups is defined in IPA.entity_header and can be overriden in the entity definition. Ticket #1219
* Assume ipa help for plugins.Jan Cholasta2011-05-131-0/+6
| | | | ticket 914
* Limit passwd plugin to user containerMartin Kosek2011-05-121-1/+2
| | | | | | | Improve performance by specifying basedn to find_entry_by_attr() function in ldap2 and passwd plugins. https://fedorahosted.org/freeipa/ticket/1165
* Fix regressions introduced by pylint false positive fixes.Jan Cholasta2011-05-112-17/+17
| | | | ticket 1198
* Typos in freeIPA messages and man pageYuri Chornoivan2011-05-105-7/+7
| | | | https://fedorahosted.org/freeipa/ticket/1128
* Added facet container.Endi S. Dewata2011-05-051-1/+1
| | | | | | | Facet container has been added to hold facet header (i.e. title, search fields, buttons, links) and facet content. Each facet now occupies separate container, so it can be shown/hidden without having to redraw the content.
* Several improvements of the lint script.Jan Cholasta2011-05-051-0/+1
| | | | | | | | Report missing python packages, inform about false positives, fail gracefully if pylint isn't installed. Fixed a bug in the ignore list and added few more files/directories to it. ticket 1184
* pwpolicy-mod doesn't accept old attribute valuesMartin Kosek2011-04-291-8/+19
| | | | | | | | | | When the pwpolicy attribute "cospriority" is passed to pwpolicy-mod command and the old value is kept, the command should succeed if there was at least one other attribute changed. Current pwpolicy-mod raises exception in this case which may lead to issues in the WebUI. https://fedorahosted.org/freeipa/ticket/1104
* Modify the default attributes shown in user-find to match the UI design.Rob Crittenden2011-04-222-2/+12
| | | | | | | | | | | | | | | This change means the UI can stop using the --all option and have to retrieve significantly less information from the server. It also speeds up user-find as it doesn't have to calculate membership. This adds a new baseclass parameter, search_display_attributes, which can provide a separate list from default_attributes just for find commands. The UI will need to be changed to switch from using cn to using givenname and sn. ticket 1136
* Convert manager from userid to dn for storage and back for displaying.Rob Crittenden2011-04-221-0/+43
| | | | ticket 1151
* Need force option in DNS zone adder dialogMartin Kosek2011-04-211-0/+2
| | | | | | | | | | | When adding a new DNS zone in the WebUI, IPA server will verify whether the nameserver is in DNS. Sometimes it is necessary to skip the verification. This patch adds a --force option already available in CLI which can skip this the verification. https://fedorahosted.org/freeipa/ticket/1105
* Fix uninitialized attributes.Jan Cholasta2011-04-213-0/+6
|
* Provide attributelevelrights for the aci components in permission_show.Rob Crittenden2011-04-211-1/+6
| | | | | | | Since the broken-out components are just part of the aci just copy right access rights for aci. ticket 943
* Always ask members in LDAP*ReverseMember commands.Rob Crittenden2011-04-151-1/+1
| | | | | | | This changes the API but alwaysask is enforced on the client only so doesn't change the wire API so I'm not updating the API version. ticket 1081
* Entitlement registration.Endi S. Dewata2011-04-141-1/+21
| | | | | | The entitlement facet will show buttons according to the entitlement status. If it's unregistered, the facet will show a Register button. If it's registered, the facet will show a Consume button.
* Sort entries returned by *-find by the primary key (if any).Rob Crittenden2011-04-131-0/+4
| | | | | | | | Do a server-side sort if there is a primary key. Fix a couple of tests that were failing due to the new sorting. ticket 794
* Fix lint false positives.Jan Cholasta2011-04-137-10/+17
|
* Fix double definition of output_for_cli.Jan Cholasta2011-04-131-1/+0
|
* Entitlements.Endi S. Dewata2011-04-111-0/+2
|
* Improve DNS PTR record validationMartin Kosek2011-04-111-11/+30
| | | | | | | | | | | | | Current PTR validation is unclear and may misled the user. This patch improves the validation process so that the eventual exception is clearer. New check that the PTR record is fully qualified has been added to ensure that the reverse zone resolution behaves as expected. Additionally, several strings in the DNS plugin were prepared for localization. https://fedorahosted.org/freeipa/ticket/1129
* Password policy commands do not include cospriorityMartin Kosek2011-04-111-32/+24
| | | | | | | | | Most of the pwpolicy_* commands do include cospriority in the result and potentially in the attribute rights (--all --rights). Especially when --raw output is requested. This patch fixes it for all pwpolicy commands. https://fedorahosted.org/freeipa/ticket/1103
* postalCode should be a string not an integer.Rob Crittenden2011-04-051-1/+1
| | | | | | | | | | | | postalCode is defined as an Int. This means you can't define one that has a leading zero nor can you have dashes, letters, etc. This changes the data type on the server. It will still accept an int value if provided and convert it into a string. Bump the API version to 2.1. ticket 1150
generated by cgit (git 2.34.1) at 2024-05-03 22:13:34 +0000