freeipa.git/ipalib/plugins, branch master Unnamed repository; edit this file 'description' to name the repository. trustdomain-find: report status of the (sub)domain 2014-01-15T15:19:26+00:00 Alexander Bokovoy abokovoy@redhat.com 2014-01-15T13:42:10+00:00 0cad0fa1116cf3d23a6a44225d05e4956e3c4d95 Show status of each enumerated domain trustdomain-find shows list of domains associated with the trust. Each domain except the trust forest root can be enabled or disabled with the help of trustdomain-enable and trustdomain-disable commands. https://fedorahosted.org/freeipa/ticket/4096 
Show status of each enumerated domain

trustdomain-find shows list of domains associated with the trust.
Each domain except the trust forest root can be enabled or disabled
with the help of trustdomain-enable and trustdomain-disable commands.

https://fedorahosted.org/freeipa/ticket/4096
trust-fetch-domains: create ranges for new child domains 2014-01-15T14:43:40+00:00 Alexander Bokovoy abokovoy@redhat.com 2014-01-14T11:55:56+00:00 0e2cda9da79b58fc67434d262155e86b718125e4 When trust is added, we do create ranges for discovered child domains. However, this functionality was not available through 'trust-fetch-domains' command. Additionally, make sure non-existing trust will report proper error in trust-fetch-domains. https://fedorahosted.org/freeipa/ticket/4111 https://fedorahosted.org/freeipa/ticket/4104 
When trust is added, we do create ranges for discovered child domains.
However, this functionality was not available through
'trust-fetch-domains' command.

Additionally, make sure non-existing trust will report proper error in
trust-fetch-domains.

https://fedorahosted.org/freeipa/ticket/4111
https://fedorahosted.org/freeipa/ticket/4104
Add missing example to sudorule 2014-01-15T10:01:36+00:00 Martin Kosek mkosek@redhat.com 2014-01-15T08:31:37+00:00 7cc8c3b14b8155fe8d688ea93fd1cf375b2f7f1e https://fedorahosted.org/freeipa/ticket/4090 
https://fedorahosted.org/freeipa/ticket/4090
Change the way we determine if the host has a password set. 2014-01-15T09:02:49+00:00 Rob Crittenden rcritten@redhat.com 2014-01-14T19:23:47+00:00 0070c0fedab5386b313908762c6b6ab2c1577489 When creating a host with a password we don't set a Kerberos principal or add the Kerberos objectclasses. Those get added when the host is enrolled. If one passed in --password= (so no password) then we incorrectly thought the user was in fact setting a password, so the principal and objectclasses weren't updated. https://fedorahosted.org/freeipa/ticket/4102 
When creating a host with a password we don't set a Kerberos
principal or add the Kerberos objectclasses. Those get added when the
host is enrolled. If one passed in --password= (so no password) then
we incorrectly thought the user was in fact setting a password, so the
principal and objectclasses weren't updated.

https://fedorahosted.org/freeipa/ticket/4102
Use old entry state in LDAPClient.update_entry. 2014-01-10T13:41:39+00:00 Jan Cholasta jcholast@redhat.com 2013-12-10T10:13:48+00:00 24d85f15ee886d8704438045cb0e3568f59a831a https://fedorahosted.org/freeipa/ticket/3488 
https://fedorahosted.org/freeipa/ticket/3488
hbactest does not work for external users 2014-01-10T11:55:44+00:00 Martin Kosek mkosek@redhat.com 2014-01-10T11:41:29+00:00 faa820f39e2f632d5333ea6124c9cb190e69f728 Original patch for ticket #3803 implemented support to resolve SIDs through SSSD. However, it also broke hbactest for external users. The result of the updated external member group search must be local non-external groups, not the external ones. Otherwise the rule is not matched. https://fedorahosted.org/freeipa/ticket/3803 
Original patch for ticket #3803 implemented support to resolve SIDs
through SSSD. However, it also broke hbactest for external users. The
result of the updated external member group search must be local
non-external groups, not the external ones. Otherwise the rule is not
matched.

https://fedorahosted.org/freeipa/ticket/3803
Allow anonymous and all permissions 2014-01-07T08:56:41+00:00 Petr Viktorin pviktori@redhat.com 2013-10-29T16:01:07+00:00 4a64a1f18bd51c65bf34a13fd7541e1d6b4b75fd Disallow adding permissions with non-default bindtype to privileges Ticket: https://fedorahosted.org/freeipa/ticket/4032 Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions 
Disallow adding permissions with non-default bindtype to privileges

Ticket: https://fedorahosted.org/freeipa/ticket/4032
Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
Use new registration API in the privilege plugin 2014-01-07T08:56:36+00:00 Petr Viktorin pviktori@redhat.com 2013-10-29T15:28:17+00:00 d7f5d58d352f31df144de15976bd06c5aa822210 






Add OTP support to ipalib CLI
2013-12-18T08:58:59+00:00

Nathaniel McCallum
npmccallum@redhat.com

2013-10-01T18:26:38+00:00

397b2876e2f9bf1c5b3ad3e2874a92715ccda599

https://fedorahosted.org/freeipa/ticket/3368





https://fedorahosted.org/freeipa/ticket/3368







permission_find: Do not fail for ipasearchrecordslimit=-1
2013-12-17T11:29:56+00:00

Petr Viktorin
pviktori@redhat.com

2013-12-16T15:11:33+00:00

1a9beac1bebc7d9b0207053a7eb6d775cae590d1

ipasearchrecordslimit can be -1, which means unlimited.
The permission_find post_callback failed in this case in legacy
permission handling.
Do not fail in this case.





ipasearchrecordslimit can be -1, which means unlimited.
The permission_find post_callback failed in this case in legacy
permission handling.
Do not fail in this case.