summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
...
* Enable filtering search results by member attributes.Pavel Zuna2010-12-204-2/+37
| | | | | | | | | | | | | | LDAPSearch base class has now the ability to generate additional options for objects with member attributes. These options are used to filter search results - search only for objects without the specified members. Example: ipa group-find --no-users=admin Only direct members are taken into account. Ticket #288
* Allow RDN changes from CLIJakub Hrozek2010-12-202-1/+21
| | | | https://fedorahosted.org/freeipa/ticket/397
* Check the number of fields when importing automount mapsJakub Hrozek2010-12-201-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/359
* import NSPRError in host.pyJakub Hrozek2010-12-201-0/+1
|
* Added option --no-reverse to add-hostJan Zeleny2010-12-201-14/+23
| | | | | | | | | When adding a host with specific IP address, the operation would fail in case IPA doesn't own the reverse DNS. This new option overrides the check for reverse DNS zone and falls back to different IP address existence check. https://fedorahosted.org/freeipa/ticket/417
* Allow renaming of object that have a parentJakub Hrozek2010-12-201-1/+2
| | | | Allow renaming of object that have a parent
* Make pkey always iterable when deletingJakub Hrozek2010-12-201-3/+5
|
* Don't use camel-case LDAP attributes in ACI and don't clear enrolledByRob Crittenden2010-12-174-1/+3
| | | | | | | | | | | | We keep LDAP attributes lower-case elsewhere in the API we should do the same with all access controls. There were two ACIs pointing at the manage_host_keytab permission. This isn't allowed in general and we have decided separately to not clear out enrolledBy when a host is unenrolled so dropping it is the obvious thing to do. ticket 597
* Fix some doctestsRob Crittenden2010-12-171-8/+8
| | | | A few had bad formatting causing the doctests to fail.
* Catch ACI errors better when adding a permission.Rob Crittenden2010-12-171-3/+17
| | | | | | | | We create the aci with the --test flag to test its validity but it doesn't do the same level of tests that actually adding an aci to LDAP does. Catch any syntax errors that get thrown and clean up as best we can. ticket 621
* Fix the change_password permissions and the DNS access controls.Rob Crittenden2010-12-172-2/+3
| | | | | | | | | | The change_password permission was too broad, limit it to users. The DNS access controls rolled everything into a single ACI. I broke it out into separate ACIs for add, delete and add. I also added a new dns type for the permission plugin. ticket 628
* Remove principal as an option when updating an existing user.Rob Crittenden2010-12-171-0/+1
| | | | ticket 559
* Add metadata for the selfservice and delegation plugins.Rob Crittenden2010-12-142-0/+28
|
* Add group to group delegation plugin.Rob Crittenden2010-12-132-7/+272
| | | | | | | This is a thin wrapper around the ACI plugin that manages granting group A the ability to write a set of attributes of group B. ticket 532
* Give the memberof plugin time to work when adding/removing reverse members.Rob Crittenden2010-12-132-3/+79
| | | | | | | | | | | | When we add/remove reverse members it looks like we're operating on group A but we're really operating on group B. This adds/removes the member attribute on group B and the memberof plugin adds the memberof attribute into group A. We need to give the memberof plugin a chance to do its work so loop a few times, reading the entry to see if the number of memberof is more or less what we expect. Bail out if it is taking too long. ticket 560
* sudo run as user or group https://fedorahosted.org/freeipa/ticket/570Jr Aquino2010-12-131-0/+62
|
* relabel roleAdam Young2010-12-131-1/+1
| | | | no longer calling them role groups.
* Add --out option to service, host and cert-show to save the cert to a file.Rob Crittenden2010-12-134-1/+131
| | | | | | | Override forward() to grab the result and if a certificate is in the entry and the file is writable then dump the certificate in PEM format. ticket 473
* Better handle permission object updates versus aci object updates.Rob Crittenden2010-12-131-7/+10
| | | | | | | | | permissions are a real group pointed to by an aci, managed by the same plugin. Any given update can update one or both or neither. Do a better job at determining what it is that needs to be updated and handle the case where only the ACI is updated so that EmptyModList is not thrown. ticket 603
* Check for existence of the group when adding a user.Rob Crittenden2010-12-132-0/+27
| | | | | | | | | | | | | The Managed Entries plugin will allow a user to be added even if a group of the same name exists. This would leave the user without a private group. We need to check for both the user and the group so we can do 1 of 3 things: - throw an error that the group exists (but not the user) - throw an error that the user exists (and the group) - allow the uesr to be added ticket 567
* Fix typo in migration documentationRob Crittenden2010-12-131-1/+1
|
* Don't import from ipaserver when not in a server context.Rob Crittenden2010-12-111-1/+2
| | | | ticket 579
* Print expected error message in hbac-modJan Zeleny2010-12-101-1/+5
| | | | | | | This patch catches NotFound exception and calls handling function which then sends exception with unified error message. https://fedorahosted.org/freeipa/ticket/487
* Properly handle multi-valued attributes when using setattr/addattr.Rob Crittenden2010-12-102-3/+9
| | | | | | | | | | | | The problem was that the normalizer was returning each value as a tuple which we were then appending to a list, so it looked like [(u'value1',), (u'value2',),...]. If there was a single value we could end up adding a tuple to a list which would fail. Additionally python-ldap doesn't like lists of lists so it was failing later in the process as well. I've added some simple tests for setattr and addattr. ticket 565
* Set labels on all attributes in the config object.Rob Crittenden2010-12-101-1/+35
| | | | | | | Make the cert subject base read-only. This is here only so replicated servers know their base. ticket 466
* If any params marked alwaysask are provided then prompt for none of them.Rob Crittenden2010-12-091-1/+6
| | | | ticket 604
* Add documentation to the migrate-ds command.Rob Crittenden2010-12-091-2/+34
| | | | ticket 539
* Add plugin for manage self-service ACIsRob Crittenden2010-12-083-15/+217
| | | | | | | | | This is just a thin wrapper around the aci plugin, controlling what types of ACIs can be added. Right now only ACIs in the basedn can be managed with this plugin. ticket 531
* Enable/Disable SudoRule https://fedorahosted.org/freeipa/ticket/570Jr Aquino2010-12-081-2/+60
|
* Adding user/host category and ipaenabledflag ↵Jr Aquino2010-12-081-0/+16
| | | | https://fedorahosted.org/freeipa/ticket/570 This patch Addresses items: 1. The UI needs a rule status with values active & inactive. The CLI doesn't have this attribute. HBAC has ipaenabledflag attribute which can be managed using hbac-enable/disable operations. 2. The UI needs a user category for the "Who" section. The CLI doesn't have this attribute. HBAC has usercategory attribute which can be managed using hbac-add/mod operations. 3. The UI needs a host category for the "Access this host" section. The CLI doesn't have this attribute. HBAC has hostcategory attribute which can be managed using hbac-add/mod operations.
* Fix kwargs usage in automount pluginJakub Hrozek2010-12-071-15/+12
| | | | https://fedorahosted.org/freeipa/ticket/580
* Fix default attributes in config plugin (ipadefaultemaildomain).Pavel Zuna2010-12-071-1/+1
| | | | Ticket #573
* Add new parameter type IA5Str and use this to enforce the right charset.Rob Crittenden2010-12-075-19/+54
| | | | ticket 496
* Do not migrate krbPrincipalKeyJakub Hrozek2010-12-071-0/+7
| | | | https://fedorahosted.org/freeipa/ticket/455
* Make the migration plugin more configurableJakub Hrozek2010-12-071-28/+108
| | | | | | | | | | | | This patch adds new options to the migration plugin: * the option to fine-tune the objectclass of users or groups being imported * the option to select the LDAP schema (RFC2307 or RFC2307bis) Also makes the logic that decides whether an entry is a nested group or user (for RFC2307bis) smarter by looking at the DNS. Does not hardcode primary keys for migrated entries. https://fedorahosted.org/freeipa/ticket/429
* Add more information and examples on targets.Rob Crittenden2010-12-061-6/+33
| | | | ticket 310
* Remove accessTime from HBAC.Rob Crittenden2010-12-061-19/+24
| | | | ticket 545
* Check if the group existsJan Zeleny2010-12-061-0/+6
| | | | | | | | When setting default group, we should check if the group exists. If not, it could lead to some issues with adding new users after the new default group is set. https://fedorahosted.org/freeipa/ticket/504
* Document that the default group has to existJan Zeleny2010-12-061-1/+2
| | | | | | | | | After calling ipa config --defaultgroup=xxx with nonexistent group xxx, the result will be that no new user can be added. The operation will always fail in the middle because it is not possible to add the new user to desired default group. https://bugzilla.redhat.com/show_bug.cgi?id=654117#c4
* When deleting multiple entries use --continue, not --continuous.Rob Crittenden2010-12-031-1/+1
| | | | ticket 561
* Don't look up the CoS entry with the global password policy.Rob Crittenden2010-12-031-2/+2
| | | | ticket 523
* Provide list of available attributes for use in ACI UI.Rob Crittenden2010-12-035-2/+26
| | | | | | | Also include flag indicating whether the object is bindable. This will be used to determine if the object can have a selfservice ACI. ticket 446
* Fixed association linksEndi S. Dewata2010-12-031-0/+4
| | | | | | | | | | | | | | | | | | | The create_association_facets() has been modified such that it does not generate duplicate links. This is done by assigning the proper labels and hiding non-assignable associations. Each association will get a label based on the attribute used: - memberof: Membership in <entity name> - member.*: <entity name> Members - managedby: Managed by <entity name> The following associations will be hidden: - memberindirect - enrolledby The internal.py was modified to return localized labels. The test data has been updated.
* dns2 ui replaceing calls for the dns plugin to the dns2 plugin no has ↵Adam Young2010-12-031-1/+1
| | | | attribute permissions and all other benefits of building on the baseldap plugin
* Added some fields to user objectJan Zeleny2010-12-031-2/+46
| | | | | | | Some fields were missing from user object, this change adds them along with their l10n https://fedorahosted.org/freeipa/ticket/305
* Add labels for passwords, fix output of exceptions, fix passwd output.Rob Crittenden2010-12-023-9/+14
| | | | | | | | | | | Passwords didn't have internationalizable labels. Exceptions that occured during required input weren't printed as unicode so weren't being translated properly. Don't use output_for_cli() directly in the passwd plugin, use output.Output. ticket 352
* This is the second half of a patch. Only the part that had to beRob Crittenden2010-12-026-5/+6
| | | | | | | | | | | | | | | | | | | | | | | re-based got pushed for some reason. Use better description for group names in help and always prompt for members When running <foo>-[add|remove]-member completely interactively it didn't prompt for managing membership, it just reported that 0 members were handled which was rather confusing. This will work via a shell if you want to echo too: $ echo "" | ipa group-add-member g1 This returns 0 members because nothing is read for users or group members. $ echo -e "g1\nadmin\n" | ipa group-add-member This adds the user admin to the group g1. It adds it as a user because user membership is prompted for first. ticket 415
* Use better description for group names in help and always prompt for membersRob Crittenden2010-12-021-5/+8
| | | | | | | | | | | | | | | | | | | When running <foo>-[add|remove]-member completely interactively it didn't prompt for managing membership, it just reported that 0 members were handled which was rather confusing. This will work via a shell if you want to echo too: $ echo "" | ipa group-add-member g1 This returns 0 members because nothing is read for users or group members. $ echo -e "g1\nadmin\n" | ipa group-add-member This adds the user admin to the group g1. It adds it as a user because user membership is prompted for first. ticket 415
* Updated output when calling hbac-showJan Zeleny2010-12-021-2/+6
| | | | | | | | Some attributes weren't included in the output of hbac-show command. This patch fixes it. https://fedorahosted.org/freeipa/ticket/494 https://fedorahosted.org/freeipa/ticket/495
* Normalize and convert default params, tooJakub Hrozek2010-12-021-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/555
generated by cgit (git 2.34.1) at 2024-06-03 12:37:44 +0000