| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
The --force option may be misused to reinstall an existing IPA
client. This is not supported and may lead to unexpected errors.
When required, the cleanest way to re-install IPA client is to
run uninstall and then install again.
This patch also includes few cosmetic changes in messages to user
to provide more consistent user experience with the script.
https://fedorahosted.org/freeipa/ticket/1117
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1191
|
|
|
|
|
|
| |
The widget base class has been modified to validate integer value
if the type is specified in the metadata. This is used to validate
entitlement quantity.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
replacing the action panel with the Design for 2.1
Significantly cleaned up implementation of intra-entity navigation
requires additional CSS work
still need to integrate the search controls onto each page
cleaning up interface between entity and facet
simplified nested tabs logic
Fixed role navigation
select default tab from the search widget
fixed unit tests and jsl
keep tabs area allocated
set default tab selected whenever the pkey changes.
Removing styling that is changing positions of buttons. The logic for that was for action-panel, but does not translate to entity-header.
change from metadata name to label for I18N
set selected tab in entity_init.
Default title for entities without search and pkeys
associations in table now link.
remove colon from title when not showing pkey
added Managed by facet group.
Removed entities that are, for some reason, invalid.
|
|
|
|
| |
ticket 1164
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1160
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was causing a replica DS instance to crash if the task was not
completed when we attempted a shutdown to do a restart.
In replication.py we were restarting the DS instance without waiting
for the ports to become available.
It is unlikely that the dn of the memberof task will change but just in
case I noted it in the two places it is referenced.
ticket 1188
|
|
|
|
|
| |
Action panel buttons are now created in facet's create_action_panel().
This is to allow a subclass to override and customize the buttons.
|
|
|
|
|
| |
The adder dialog box definition has been moved from search facet
into entity to make it accessible from other facets.
|
|
|
|
|
|
|
|
|
|
|
| |
When adding a new DNS zone in the WebUI, IPA server will verify
whether the nameserver is in DNS. Sometimes it is necessary to
skip the verification.
This patch adds a --force option already available in CLI which
can skip this the verification.
https://fedorahosted.org/freeipa/ticket/1105
|
|
|
|
|
|
|
|
|
|
|
| |
UI trims whitespace at the beginning or at the end when user data
are being saved. This confuses is_dirty function which incorrectly
recognizes given field as modified.
This patch fixes this issue for both general text fields and
ACI filter field.
https://fedorahosted.org/freeipa/ticket/1096
|
|
|
|
|
| |
Disable pylint error _ undefined in i18n tests
Fix missing os import in ipa-nis-manage
|
|
|
|
| |
A Download link has been added to download entitlement certificates.
|
|
|
|
|
|
|
|
|
|
| |
The entitlement facet will invoke entitle_status to check the entitlement
status and show the appropriate buttons. If it's unregistered it will show
Register and Import button. If it's registered it will show the Consume
button only. If it's imported it will show the Import button only. The
Import button will open a dialog box for importing entitlement certificate.
Ticket #277
|
|
|
|
|
|
|
|
| |
This adds a new directive to ipa-ldap-updater: addifnew. This will add
a new attribute only if it doesn't exist in the current entry. We can't
compare values because the value we are adding is automatically generated.
ticket 1177
|
|
|
|
|
|
| |
The entitlement facet will show buttons according to the entitlement
status. If it's unregistered, the facet will show a Register button.
If it's registered, the facet will show a Consume button.
|
|
|
|
|
|
|
| |
The IPA.cmd() has been merged into IPA.command(). All invocations
and test cases have been converted.
Ticket #988
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The root user cannot use ldapi because of the autobind configuration.
Fall back to a standard GSSAPI sasl bind if the external bind fails.
With --ldapi a regular user may be trying this as well, catch that
and report a reasonable error message.
This also gives priority to the DM password if it is passed in.
Also require the user be root to run the ipa-nis-manage command.
We enable/disable and start/stop services which need to be done as root.
Add a new option to ipa-ldap-updater to prompt for the DM password.
Remove restriction to be run as root except when doing an upgrade.
Ticket 1157
|
|
|
|
| |
The Selenium tests have been updated to improve robustness.
|
| |
|
|
|
|
|
| |
To simplify customization, the add(), remove(), and refresh() methods
have been moved from IPA.search_widget into IPA.search_facet.
|
|
|
|
|
|
|
| |
The IPA.entity_builder has been modified to take a 'factory' parameter
in custom facet's and custom dialog's spec. The IPA.dialog has been
modified to take an array of fields in the spec. The IPA.search_facet
has been modified to take an array of columns in the spec.
|
|
|
|
|
|
|
| |
To improve code readability and extensibility the containers for action
panel and client area are now created in IPA.entity.setup(). The 'client area'
has been renamed into 'content'. The IPA.facet.create() has been renamed to
IPA.facet.create_content().
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/1138
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.
This requires 389-ds-base-1.2.8.0-1+
ticket 1153
|
| |
|
|
|
|
| |
http://www.freeipa.org/page/Selenium
|
|
|
|
| |
this version includes using spec for detail_facets
|
|
|
|
| |
no longer default to all: true for searches, only specify it for user searches
|
|
|
|
|
|
| |
merged hbac and sudo in to single files
associaton facet and table supports linking
|
| |
|
|
|
|
| |
ticket 1082
|
|
|
|
|
|
|
|
|
| |
If the host has a one-time password but krbPrincipalName wasn't set yet
then the enrollment would fail because writing the principal is not
allowed. This creates an ACI that only lets it be written if it is not
already set.
ticket 1075
|
|
|
|
|
|
|
| |
When IPA server was configured as self-signed (--selfsign option)
the replica always failed to install.
https://fedorahosted.org/freeipa/ticket/1122
|
|
|
|
|
|
|
| |
The IPA.rights_widget was fixed to invoke the base init() method
to load the i18n labels properly.
Ticket 1113
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.
This also:
* corrects the ipa-ldap-updater man page
* remove automatic --realm, --server, --domain options
* handle upgrade errors properly
* saves a copy of dse.ldif before we change it so it can be recovered
* fixes an error discovered by pylint
ticket 1087
|
|
|
|
|
|
| |
Priority is now a required field in order to add a new password policy. Thus, not having the field present means we cannot create one.
https://fedorahosted.org/freeipa/ticket/1102
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
|
|
|
|
|
|
|
|
| |
Configure the dogtag 389-ds instance with SSL so we can enable TLS
for the dogtag replication agreements. The NSS database we use is a
symbolic link to the IPA 389-ds instance.
ticket 1060
|
|
|
|
|
| |
Collaborated with ayoung to fix this problem:
https://fedorahosted.org/freeipa/ticket/1070
|
|
|
|
| |
ticket 1056
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are cases when ipactl returns success even when it fails. Plus,
when the error really is detected the status codes are not LSB
compliant. This may result in consequent issues.
This patch improves error handling in ipactl and adds LSB compliant
status codes. Namely:
0 program is running or service is OK
3 program is not running
4 program or service status is unknown
for "status" action. Status code 4 is issued when IPA is not
configured to distinguish this state from not running IPA.
For other actions, the following non-zero status codes are
implemented:
1 generic or unspecified error
2 invalid or excess argument(s)
4 user had insufficient privilege
6 program is not configured
https://fedorahosted.org/freeipa/ticket/1055
|
|
|
|
| |
Ticket 1054
|