summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix typo in rewording of help for the user module.Rob Crittenden2011-02-161-4/+4
| | | | I was too quick on the patch push and didn't see a nack on the wording.
* Reword help for the user moduleJan Zeleny2011-02-161-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/351
* Fixed association facets.Endi S. Dewata2011-02-151-0/+3
| | | | | | | | The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets. The service.py has been modified to specify the correct relationships. The API.txt has been updated. https://fedorahosted.org/freeipa/ticket/960
* Fix service validator, ensure the service isn't blank.Rob Crittenden2011-02-151-0/+4
| | | | ticket 961
* Add group members to default output of sudorule-showJan Zeleny2011-02-151-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/915
* Fix setattr mail bug in user plugin.Pavel Zuna2011-02-151-0/+2
| | | | | The email normalizer expects a list or tuple, but when using setattr it gets a string and interates on it as if it was a list/tuple.
* A privilege cannot be a member of a permission, remove it from metadataRob Crittenden2011-02-151-3/+1
| | | | ticket 970
* The --out option wasn't working at all with cert-show.Rob Crittenden2011-02-142-4/+13
| | | | | | | | Also fix some related problems in write_certificate(), handle either a DER or base64-formatted incoming certificate and don't explode if the filename is None. ticket 954
* Add missing import for netaddrRob Crittenden2011-02-141-0/+1
| | | | ticket 964
* Remove obsolete record types from DNSJakub Hrozek2011-02-141-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/923
* A mod command should not be able to remove a required attribute.Rob Crittenden2011-02-141-0/+9
| | | | | | | | | | | | Some attribute enforcement is done by schema, others should be done by the required option in a Parameter. description, for example, is required by many plugins but not the schema. We need to enforce in the framework that required options are provided. After all the setattr/addattr work is done run through the modifications and ensure that no required values will be removed. ticket 852
* Changed dns permission typesJan Zeleny2011-02-142-3/+3
| | | | | | | | Recent change of DNS module to version caused that dns object type was replaced by dnszone and dnsrecord. This patch corrects dns types in permissions class. https://fedorahosted.org/freeipa/ticket/646
* Fixed type of argument in class helpJan Zeleny2011-02-141-1/+1
|
* Support of user default email domainMartin Kosek2011-02-141-0/+24
| | | | | | | | | | | | | This patch fixes the default domain functionality for user email(s). This setting may be configured via: ipa config-mod --emaildomain=example.com Then, when user is added/modified and --mail option is passed, the default domain is appended if the passed attribute does not contain another domain already. https://fedorahosted.org/freeipa/ticket/598
* Add default success/failure output logging.Rob Crittenden2011-02-145-9/+12
| | | | | | | | | | Request logging on the server only happened if you added verbose=True or debug=True to the IPA config file. We should log the basics at least: who, what, result. Move a lot of entries from info to debug logging as well. Related to ticket 873
* Fix checking for arguments in DNS pluginsJakub Hrozek2011-02-141-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/956
* Convert json strings to unicode when they are unmarshalled.Rob Crittenden2011-02-111-27/+1
| | | | | | | | | This patch removes some individual work-arounds of converting strings to unicode, they only masked the problem. String values are not passed to the validator or normalizers so things like adding the realm automatically to services weren't happening. ticket 941
* Provide a way to display CLI-LDAP relationJan Zeleny2011-02-101-1/+26
| | | | | | | | | | | Since some LDAP attributes have their cli_name value defined, so they can be more user friendly, it can be difficult for user to find out which attributes do the parameteres given to CLI really represent. This patch provides new command, which will take another IPA command as and argument and display attributes which given command takes and what LDAP attributes are they mapped to. https://fedorahosted.org/freeipa/ticket/447
* Fix test failures caused by the performance patch.Rob Crittenden2011-02-102-8/+19
| | | | | | It isn't safe to assume there is an environment or mode in any given object. Only skip the extra work if the object explicitly has production in it.
* Remove certificate as service a search option.Rob Crittenden2011-02-101-0/+1
| | | | ticket 912
* Display error messages for failed manageby in service-add/remove-host.Pavel Zuna2011-02-102-4/+3
| | | | Fix #830
* Add the entitlement API to API.txtRob Crittenden2011-02-101-5/+6
| | | | | | | It was missed because the whole module was skipped if python-rhsm wasn't loaded. ticket 919
* Update krbtpolicy doc to inform that restarting krb5kdc might be needed.Pavel Zuna2011-02-101-0/+19
| | | | Fix #844
* Update config doc to reflect that 0 is not allowed for search time limit.Pavel Zuna2011-02-101-2/+2
| | | | Fix #837
* Set minimum for Kerberos policy max life and max renew.Pavel Zuna2011-02-101-0/+2
| | | | Fix #847
* Fix of a small typoJan Zeleny2011-02-101-1/+1
|
* Inconsistent error message for ipa group-detachMartin Kosek2011-02-031-1/+4
| | | | | | | | When attempting to detach a private group that doesn't exist, the error message returned is not consistent with the error returned by the other topic commands. This patch adds a standard message. https://fedorahosted.org/freeipa/ticket/291
* Use correct LDAP attributes for city and state.Rob Crittenden2011-02-021-5/+9
| | | | | | Also add a unit test for address. Ticket 889
* Typos in freeIPA messagesMartin Kosek2011-02-022-4/+4
| | | | | | | | | | This patch fixes several reported typos in IPA messages and in comments. Contributors file has been updated + the original author of the patch reporting the typos was added. https://fedorahosted.org/freeipa/ticket/848
* IPv6 enhancementsJakub Hrozek2011-02-021-25/+36
| | | | | | | * Make host-add, host-del and reverse zone creation IPv6 aware * Make Bind listen on IPv6 interfaces, too https://fedorahosted.org/freeipa/ticket/398
* Fix minor bug in host-add logic.Pavel Zuna2011-02-021-2/+2
| | | | Ticket #798
* Fix crash in ipa help for NO_CLI plugins.Pavel Zuna2011-02-021-14/+2
| | | | Fix #854
* Add support for tracking and counting entitlementsRob Crittenden2011-02-025-6/+805
| | | | | | | | | | | | | | Adds a plugin, entitle, to register to the entitlement server, consume entitlements and to count and track them. It is also possible to import an entitlement certificate (if for example the remote entitlement server is unaviailable). This uses the candlepin server from https://fedorahosted.org/candlepin/wiki for entitlements. Add a cron job to validate the entitlement status and syslog the results. tickets 28, 79, 278
* Add new schema to store information about permissions.Rob Crittenden2011-02-011-2/+28
| | | | | | | | | There are some permissions we can't display because they are stored outside of the basedn (such as the replication permissions). We are adding a new attribute to store extra information to make this clear, in this case SYSTEM. ticket 853
* Fix changing membergroup in a delegation.Rob Crittenden2011-02-012-14/+24
| | | | | | | | This is mostly due to inconsistent option name usage but also due to the aci plugin not always treating memberof as a special kind of filter. ticket 869
* Add an address for a nameserver when a new zone is created during installJakub Hrozek2011-01-311-1/+10
| | | | https://fedorahosted.org/freeipa/ticket/881
* Rename permissions and privileges to be more readable.Rob Crittenden2011-01-311-20/+16
| | | | | | | This also drops description from permissions since it seems redundant and fixes up the help text a little. ticket 792
* Fixed permission lookupJan Zeleny2011-01-313-12/+16
| | | | | | | | Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality. https://fedorahosted.org/freeipa/ticket/818
* ipa permission-mod --rename does not workMartin Kosek2011-01-281-5/+22
| | | | | | | | | | | This patch fixes nonfunctional rename operation in permission plugin. Also makes sure, that no change is made to the underlying ACI in pre_callback() when the target permission already exists. Several tests for the rename operation have been created to ensure that the it won't break again unnoticed. https://fedorahosted.org/freeipa/ticket/814
* Don't perform some API self-tests in production mode for performance reasonsRob Crittenden2011-01-283-8/+17
| | | | | | | | | | | | The API does a fair number of self tests and locking to assure that the registered commands are consistent and will work. This does not need to be done on a production system and adds additional overhead causing somewhere between a 30 and 50% decrease in performance. Because makeapi is executed when a build is done ensure that it is executed in developer mode to ensure that the framework is ok. ticket 751
* Fix delegation helpJakub Hrozek2011-01-281-6/+6
|
* Enforce that all NS records are resolvableJakub Hrozek2011-01-281-0/+61
| | | | | | | Bind cannot load a zone if any of its name server records is not resolvable. https://fedorahosted.org/freeipa/ticket/838
* Add example of DNS SRV record and a simple validatorJakub Hrozek2011-01-281-0/+23
| | | | https://fedorahosted.org/freeipa/ticket/846
* Delete the whole DNS record with no parametersJakub Hrozek2011-01-281-4/+48
| | | | | | | | | Error out when deleting a nonexistent DNS record Also fixes the DNS unit tests. https://fedorahosted.org/freeipa/ticket/816 https://fedorahosted.org/freeipa/ticket/829
* host-add should not add a PTR record with --no-reverseJakub Hrozek2011-01-281-7/+10
| | | | https://fedorahosted.org/freeipa/ticket/866
* Add support for account unlockingJan Zeleny2011-01-281-0/+24
| | | | | | | | This patch adds command ipa user-unlock and some LDAP modifications which are required by Kerberos for unlocking to work. Ticket: https://fedorahosted.org/freeipa/ticket/344
* dirtyAdam Young2011-01-271-1/+2
| | | | | If a page is dirty, do not allow additional navigation until changes are saved or committed https://fedorahosted.org/freeipa/ticket/726
* adding label for RBACAdam Young2011-01-271-1/+2
|
* ACI plugin supports prefixesMartin Kosek2011-01-264-44/+131
| | | | | | | | | | | | | | | | | | | | | | | | When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory "prefix" attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764
* Raise ValidationError when adding unallowed attribute to search fields.Pavel Zuna2011-01-261-0/+16
| | | | Ticket #845
generated by cgit (git 2.34.1) at 2025-09-02 21:01:38 +0000