| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Also do the following:
- Remove conflicts on mod_ssl
- Remove a lot of version checking for EOL'd Fedora versions
- Add a few conditionals for rhel6
- Add Requires of nss-tools on ipa-client
|
| |
|
|
|
|
| |
We dropped the schema for ipaContainer so use nsContainer instead.
ticket 121
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The EntityBuilder has been modified to obtain the pkey value by
invoking getPKey(). This function can be overriden for different
entities.
The addOptionsFunction() has been renamed to getOptions() and it
can be overriden for different entities. Each entity that uses this
function has been modified accordingly.
The addEdit(), addAnother(), add_fail() has been moved into the
EntityBuilder class. The global builders is no longer needed because
a reference to the builder object can be obtained via enclosure.
The ServiceForms has been modified to take service name and
hostname and combine them to generate the service principal by
overriding the getPKey().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.
This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.
I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.
ticket 142
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't use certmonger to get certificates during installation because
of the chicken-and-egg problem. This means that the IPA web and ldap
certs aren't being tracked for renewal.
This requires some manual changes to the certmonger request files once
tracking has begun because it doesn't store a subject or principal template
when a cert is added via start-tracking.
This also required some changes to the cert command plugin to allow a
host to execute calls against its own service certs.
ticket 67
|
| |
|
|
|
|
|
| |
netgroup->user,group,host,hostgroup
-- Added facets to netgroup
-- added links into lists for associations
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When making LDAP calls via api.Backend.ldap2 the ldap2 object will already
be locked by the api.finalize() call. So the first time that
api.Backend.ldap2.connect() is called an error would be thrown that
self.schema cannot be set because the object is ReadOnly. This uses the
documented procedure for working around this lock.
This was preventing the DNS installation to proceed.
ticket #188
|
| |
|
|
|
| |
adds the Service tab: search, details, add, associations
It also contains the sample data for some service operations
|
| |
|
|
| |
ticket 138
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the user-private group caching code out of the global config and
determine the value the first time it is needed.
Renamed global_init() back to get_schema() and make it take an optional
connection. This solves the problem of being able to do all operations
with a simple bind instead of GSSAPI.
Moved the global get_syntax() into a class method so that a schema
can be passed in.
If a schema wasn't loaded during the module import then it is loaded
when the connection is created (so we have the credntials needed for
binding).
ticket 63
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
-Refactored the associations code into a set of objects that are configured by the entities
-Added support for associations that can be done in a single rpc
-hostgroup to host and group to user associations working
-Restructed sampledata so that the file is matched automatically by the RPC method name
-The new ipa_cmd/sampledata scheme insists on there being sample data for any commands or the ipa_command fails.
-Added sampledata files for all the calls we make
-renamed several of the sampledata files to match their rpc calls
-Started a pattern of refactoring where all the forms for the entity fall under a single object
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fedora 14 introduced the following incompatiblities:
- the kerberos binaries moved from /usr/kerberos/[s]/bin to /usr/[s]bin
- the xmlrpclib in Python 2.7 is not fully backwards compatible to 2.6
Also, when moving the installed host service principals:
- don't assume that krbticketflags is set
- allow multiple values for krbextradata
ticket 155
|
| |
|
|
|
|
|
|
|
|
|
| |
This replaces the old no logging mechanism that only handled not logging
passwords passed on the command-line. The dogtag installer was including
passwords in the output.
This also adds no password logging to the sslget invocations and removes
a couple of extraneous log commands.
ticket 156
|
| |\ |
|
| | | |
|
| |\| |
|
| | |
| |
| |
| | |
Correction for previous comit. 'group' not group.
|
| | |
| |
| |
| | |
Enroll was broken due to the missing obj.
|
| |/ |
|
| |
|
|
| |
ticket #158
|
| |
|
|
|
|
|
|
|
| |
We will update any/all of /etc/ldap.conf, /etc/nss_ldap.conf,
/etc/libnss-ldap.conf and /etc/pam_ldap.conf.
nslcd is the replacement for nss_ldap.
ticket 50
|
| |
|
|
|
|
|
|
|
|
| |
We now catch the hashchange event and use that to drive most of the site.
To trigger page transitions, modify location.hash.
Params start with # not ?.
Removed user-group.inc.
converted tabs to spaces
trivial imlementation of add and details for netgroup and hostgroup
lots of bug fixes based on routing problems and the refactorings.
|
| |
|
|
| |
End tag is required by lite server.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Add/Remove links are now only available for multivalue
attributes (Param.multivalue = true) and attributes with param
types, that are multivalue by definition (as of now only List).
Single-value attributes with no value are displayed as empty
input elements.
- When updating an attribute, leading and trailing spaces are
stripped
- Context help available in the form of hints, that are extracted
form Param.hint.
|
| |
|
|
|
|
|
|
| |
object. DOing this in hosts for now to avoid conflicts on details.js"
This reverts commit 37d302d6830ee73d6dada132210711d7c0c3b8be.
THis commit was pushed accidentally, and not ready to be pushed.
|
| |
|
|
| |
the code was calling ldap_init, which is a deprecated function, and getting a compilation warning. This version uses the recommended function ldap_initilaize.
|
| |
|
|
| |
made the data type for server consistant and correct across its usage
|
| |
|
|
| |
DOing this in hosts for now to avoid conflicts on details.js
|
| |
|
|
|
|
|
|
| |
to hash params ( starting with # ). User Details are now part of
index.xhtml, ao one more .inc file has been removed.
Updated commit to catch a few things that had been left out, including
sampledata handling and updateing Makefile.am
|
| | |
|
| |
|
|
|
|
| |
Add test to verify that limit is honored and truncated flag set.
ticket #48
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Installing dogtag is quite slow and it isn't always clear that things
are working. This breaks out some restart calls into separate steps
to show some amount of progress. There are still some steps that take
more than a minute (pkicreate and pkisilent).
Add new argument to pkisilent, -key_algorithm
Update a bunch of minimum required versions in the spec file.
tickets 139 (time) and 144 (key_algorithm)
|
| |
|
|
|
|
|
|
|
| |
Move the netgroup compat configuration from the nis configuration to
the existing compat configuration.
Add a 'status' option to the ipa-copmat-manage tool.
ticket 91
|
| |
|
|
|
|
|
| |
This is added mainly so the self service rules can be updated without
resorting to ldapmodify.
ticket 80
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This disables debug output in the Apache log by default. If you want
increased output create /etc/ipa/server.conf and set it to:
[global]
debug=True
If this is too much output you can select verbose output instead:
[global]
debug=False
verbose=True
ticket 60
|
| |
|
|
|
|
|
|
|
|
| |
The problem was that parameters with no values are automatically
set to None by the framework and it wasn't handled properly in
baseldap.py:get_attributes function. Also, there were two logical
bugs in details.js:
1) atttribute callback to update values were called for input elements
instead of dt elements
2) it was always trying to update the primary key
|
| |
|
|
|
|
|
|
|
| |
Unfortunately we can't have any javascript in *.inc files, because
the browser will strip them for security reasons. I moved all the
attribute callbacks etc. to the only logical place: user.js.
It's fine for now, but user.js is going to need some serious cleaning
up in the future.
|
| |
|
|
|
|
|
|
|
|
|
| |
What does it mean?
I removed duplicate code, that was pasted here from the user details page.
ipa_details_init doesn't call ipa_init anymore.
ipa_details_create takes a second optional parameter, that can be set to
a container element if we want to place the definition lists into a specific
element instead of <body>. In our case, we place stuff in <div id="content">
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
What it means?
Well, first I removed some development control variables from ipa.js.
Namely useSampleData and sizelimit. I moved useSampleData to the top
of index.xhtml. This way we won't forget about it when we don't need
it anymore. sizelimit has nothing to do in ipa.js and be hardcoded
for ALL commands! Some don't have this parameter and could fail.
Since ipa_init now loads meta-data over JSON-RPC, we need to wait for
it to finish its job. That's why I put a second parameter to ipa_init:
on_win. ipa_init will call on_win when all data is loaded properly and
we can start building the page.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the host service principal one should be able to retrieve a keytab
for other services for the host using ipa-getkeytab. This required a number
of changes:
- allow hosts in the service's managedby to write krbPrincipalKey
- automatically add the host to managedby when a service is created
- fix ipa-getkeytab to return the entire prinicpal and not just the
first data element. It was returning "host" from the service tgt
and not host/ipa.example.com
- fix the display of the managedby attribute in the service plugin
This led to a number of changes in the service unit tests. I took the
opportunity to switch to the Declarative scheme and tripled the number
of tests we were doing. This shed some light on a few bugs in the plugin:
- if a service had a bad usercertificate it was impossible to delete the
service. I made it a bit more flexible.
- I added a summary for the mod and find commands
- has_keytab wasn't being set in the find output
ticket 68
|
| |
|
|
| |
ticket 137
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a new global option to the ipa command, -f/--no-fallback. If this
is included then just the server configured in /etc/ipa/default.conf is used.
Otherwise that is tried first then all servers in DNS with the ldap SRV record
are tried.
Create a new Local() Command class for local-only commands. The help
command is one of these. It shouldn't need a remote connection to execute.
ticket #15
|
| |
|
|
|
|
|
|
|
|
|
| |
Date: Tue, 10 Aug 2010 16:41:28 -0400
Subject: [PATCH 2/6] Add a new INTERNAL plugin that exports plugin meta-data into JSON.
This is required for the webUI, since we're dropping Genshi. *ehm* :)
You can't use this command on the CLI. It takes one optional argument:
the name of an IPA object. If not specified, meta-data for all objects
are returned.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setattr and addattr can now be used both to set all values of
ANY attribute. the last setattr always resets the attribute to
the specified value and all addattr append to it.
Examples:
user-mod testuser --setattr=title=msc
title: msc
user-mod testuser --setattr=title=msb
title: msb
user-mod testuser --addattr=title=msc
title: msb, msc
user-mod testuser --setattr=title=
title:
user-mod testuser --setattr=title=msc --addattr=msb
title: msc, msb
user-mod testuser --setattr=title=ing --addattr=bc
title: ing, bc
user-mod testuser --setattr=title=doc
title: doc
It's not very user friendly, but it's going to be used very very
rarely in special conditions in the CLI and we can use it to save
lots of JSON-RPC roundtrips in the webUI.
This version includes calling the validation of Params during the setting of the attrs.
|
| |
|
|
|
|
| |
- Make it recursive.
- Make Param classes serializable.
- Take python native data types into account.
|
| | |
|
| | |
|
