| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2937
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3902
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3902
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3902
|
|
|
|
|
|
|
|
|
|
| |
When legacy client tests fail during IPA installation, the legacy
client test produces an additional misleading error
(the real cause is reported as well). This happens due the fact
that we try to cleanup host that was not yet defined. We need to
check for this attribute being defined before unapplying fixes there.
https://fedorahosted.org/freeipa/ticket/4124
|
|
|
|
|
|
|
|
| |
Sudo calls are not necessary since we log in as a root. Additionally,
sudo requires tty in default configuration, which is not acquired
when using OpenSSH transport.
https://fedorahosted.org/freeipa/ticket/4125
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both the password plugin and the kdb driver code automatically fall
back to the default password policy.
so stop adding an explicit reference to user objects and instead rely on the
fallback.
This way users created via the framework and users created via winsync plugin
behave the same way wrt password policies and no surprises will happen.
Also in case we need to change the default password policy DN this will allow
just code changes instead of having to change each user entry created, and
distinguish between the default policy and explicit admin changes.
Related: https://fedorahosted.org/freeipa/ticket/4085
|
|
|
|
|
|
|
|
|
|
| |
When creating a host with a password we don't set a Kerberos
principal or add the Kerberos objectclasses. Those get added when the
host is enrolled. If one passed in --password= (so no password) then
we incorrectly thought the user was in fact setting a password, so the
principal and objectclasses weren't updated.
https://fedorahosted.org/freeipa/ticket/4102
|
|
|
|
|
|
|
| |
Disallow adding permissions with non-default bindtype to privileges
Ticket: https://fedorahosted.org/freeipa/ticket/4032
Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.
FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2
https://fedorahosted.org/freeipa/ticket/3438
Updated by pviktori@redhat.com
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
|
| |
|
| |
|
|
|
|
|
|
|
| |
To double-check the ACIs are correct, this uses different code
than the new permission plugin: the aci_show command.
A new option, location, is added to the command to support
these checks.
|
|
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Permissions_V2
|
|
|
|
|
| |
These tests use an old API version, which triggers
backwards-compatible behavior in the plugin.
|
|
|
|
| |
This makes it possible to test behavior with older clients.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The driver only checked if the corresponding value was in the config, so
no_dns: False
had the same effect as
no_dns: True
Change the check to take the value into consideration.
This makes false-y values like False (from YAML) and empty string
(from environment) work as if the value was not specified.
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4066
|
|
|
|
| |
This may make debugging easier if the address is set incorrectly.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The framework had a concept of external hostnames,
which the controller uses to contact the test machines,
but they were not loaded from configuration.
Load external names from configuration.
This makes tests pass in setups where internal and external
hostnames are different, and the internal hostnames are not
initially resolvable from the controller.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify ipalib.rpc to support JSON-RPC in addition to XML-RPC.
This is done by subclassing and extending xmlrpclib, because
our existing code relies on xmlrpclib internals.
The URI to use is given in the new jsonrpc_uri env variable. When
it is not given, it is generated from xmlrpc_uri by replacing
/xml with /json.
The rpc_json_uri env variable existed before, but was unused,
undocumented and not set the install scripts.
This patch removes it in favor of jsonrpc_uri (for consistency
with xmlrpc_uri).
Add the rpc_protocol env variable to control the protocol
IPA uses. rpc_protocol defaults to 'jsonrpc', but may be changed
to 'xmlrpc'.
Make backend.Executioner and tests use the backend specified by
rpc_protocol.
For compatibility with unwrap_xml, decoding JSON now gives tuples
instead of lists.
Design: http://freeipa.org/page/V3/JSON-RPC
Ticket: https://fedorahosted.org/freeipa/ticket/3299
|
|
|
|
|
|
|
|
| |
This object will allow splitting large translatable strings into more
pieces, so translators don't have to re-translate the entire text
when a small part changes.
https://fedorahosted.org/freeipa/ticket/3587
|
|
|
|
|
|
|
|
|
| |
This new freeform user attribute will allow provisioning systems
to add custom tags for user objects which can be later used for
automember rules or for additional local interpretation.
Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems
https://fedorahosted.org/freeipa/ticket/3588
|
|
|
|
|
| |
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3928
|
|
|
|
|
|
| |
Handle selecting an option from a select box.
https://fedorahosted.org/freeipa/ticket/3928
|
|
|
|
|
|
| |
Also fix object_name and object_name_plural for automember rules.
https://fedorahosted.org/freeipa/ticket/2708
|
|
|
|
|
| |
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3752
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3368
|
|
|
|
|
|
| |
This change makes single_value consistent with the raw property.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
| |
Recent ipaldap work has made LDAPEntry incompatible with python-ldap's
LDIFWriter.
Convert entry to dict before printing debug output.
|
| |
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3833
|
|
|
|
|
|
|
|
|
|
|
| |
This is achieved by storing both decoded and encoded attribute values in
LDAPEntry and synchronizing changes between them whenever an attribute is
accessed.
Added a new property "raw" to LDAPEntry. It provides a dictionary-like
object which can be used to directly access encoded attribute values.
https://fedorahosted.org/freeipa/ticket/3521
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds support for host definition by a environment variables of the
following form:
ROLE_<keyword>_envX, where X is the number of the environment
for which host referenced by a role <keyword> should be defined.
Adds a required_extra_roles attribute to the IntegrationTest class,
which can test developer use to specify the extra roles that this
particular test requires. If not all required extra roles are
available, the test will be skipped.
All extra (and static) roles are accessible to the IntegrationTests
via the host_by_role method, which returns a host of given role.
Part of: https://fedorahosted.org/freeipa/ticket/3833
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3833
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3833
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3833
|
|
|
|
|
|
| |
- was broken by navigation and application controller refactoring
https://fedorahosted.org/freeipa/ticket/4003
|
| |
|
|
|
|
|
|
| |
When the directory directly under root (e.g. /etc) did not exist,
mkdir_recursive failed.
Fix the issue.
|
|
|
|
|
|
|
| |
The rename tests use names that were not being cleaned up when the
tests fail. Add cleanup steps for them.
Also, use --force so system permissions are removed as well.
|