| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
When creating a host with a password we don't set a Kerberos
principal or add the Kerberos objectclasses. Those get added when the
host is enrolled. If one passed in --password= (so no password) then
we incorrectly thought the user was in fact setting a password, so the
principal and objectclasses weren't updated.
https://fedorahosted.org/freeipa/ticket/4102
|
| |
|
|
|
|
|
|
|
| |
Enable Retro Changelog and Content Synchronization DS plugins which are required
for SyncRepl support.
Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+.
https://fedorahosted.org/freeipa/ticket/3967
|
| |
|
|
|
|
|
|
| |
Since we're exposing the krbPrincipalExpiration attribute for direct
editing in the CLI, remove it from the list of attributes that
admin cannot edit by default.
Part of: https://fedorahosted.org/freeipa/ticket/3306
|
| |
|
|
|
|
|
|
|
| |
IPA client installation did not preserve the status of nscd and nslcd services
correctly. E.g. nscd would be started after uninstallation, even though it
wasn't running before client installation. Make sure the state of services is
saved before installation and correctly restored after uninstallation.
https://fedorahosted.org/freeipa/ticket/3790
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
|
|
|
| |
Use LDAPEntry.generate_modlist instead of LDAPClient._generate_modlist and
remove LDAPClient._generate_modlist.
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
|
|
| |
Remove legacy IPAdmin methods generateModList and updateEntry.
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
|
|
| |
Add some default overrides.
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
|
|
| |
Refactor IPASimpleLDAPObject methods get_syntax and get_single_value.
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3488
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Original patch for ticket #3803 implemented support to resolve SIDs
through SSSD. However, it also broke hbactest for external users. The
result of the updated external member group search must be local
non-external groups, not the external ones. Otherwise the rule is not
matched.
https://fedorahosted.org/freeipa/ticket/3803
|
| |
|
|
|
| |
Previous commit accidentally added executable permission to
restart_pkicad and stop_pkicad.
|
| |
|
|
|
|
|
|
|
|
| |
Fix both the service restart procedure and registration of old
pki-cad well known service name.
This patch was adapted from original patch of Jan Cholasta 178 to
fix ticket 4092.
https://fedorahosted.org/freeipa/ticket/4092
|
| |
|
|
|
|
|
| |
Disallow adding permissions with non-default bindtype to privileges
Ticket: https://fedorahosted.org/freeipa/ticket/4032
Design: http://www.freeipa.org/page/V3/Anonymous_and_All_permissions
|
| | |
|
| |
|
|
|
|
|
|
| |
When output_for_cli was called directly, rather than for values
received through XML or JSON API, joining multiple values failed
on non-strings such as DN objects.
Convert output to strings before printing it out.
|
| |
|
|
|
|
| |
As reported in https://bugzilla.redhat.com/show_bug.cgi?id=1040576,
the default stack trace needs to be also increased on s390 platforms
to prevent rhino segfault.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Part of the effort to port FreeIPA to Arch Linux,
where Python 3 is the default.
FreeIPA hasn't been ported to Python 3, so the code must be modified to
run /usr/bin/python2
https://fedorahosted.org/freeipa/ticket/3438
Updated by pviktori@redhat.com
|
| |
|
|
|
|
|
|
| |
On sysrestore failure, user is prompted out to remove the sysrestore
file. However, the path to the sysrestore file mentioned in the
sentence is not correct.
https://fedorahosted.org/freeipa/ticket/4080
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/4064
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3368
|
| |
|
|
|
|
|
| |
ipasearchrecordslimit can be -1, which means unlimited.
The permission_find post_callback failed in this case in legacy
permission handling.
Do not fail in this case.
|
| | |
|
| |
|
|
|
|
|
| |
The value from my machine ended up wired into API.txt,
so builds on other machines would fail.
Correct the mistake.
|
| |
|
|
|
|
| |
Wit the default stack size, rhino segfaulted on PPC platforms.
https://bugzilla.redhat.com/show_bug.cgi?id=1040576
|
| |
|
|
|
|
|
|
|
| |
Web UI build fails on some architectures or configuration due to
StackOverflow. This patch increases the stack size to solve it.
512k is usually enough but we encountered fail on ppc64 even with 2m,
therefore the 8m. The build is single threaded so it shouldn't waste
much memory.
|
| |
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
|
| |
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4034
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
To double-check the ACIs are correct, this uses different code
than the new permission plugin: the aci_show command.
A new option, location, is added to the command to support
these checks.
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Permissions_V2
|
| |
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Permissions_V2
|
| |
|
|
|
| |
These tests use an old API version, which triggers
backwards-compatible behavior in the plugin.
|
| |
|
|
| |
This makes it possible to test behavior with older clients.
|
| |
|
|
|
|
| |
Lists and tuples are already allowed for convenience; it is easier to write
(1, 2, 3) or [1, 2, 3] than frozenset([1, 2, 3]).
This allows the set literal syntax, {1, 2, 3}, as well.
|
| |
|
|
|
|
|
|
|
|
|
| |
Latest support for subdomains introduced regression that masked
difference between newly added trust and re-added one.
Additionally, in case no new subdomains were found, the code was
returning None instead of an empty list which later could confuse
trustdomain-find command.
https://fedorahosted.org/freeipa/ticket/4067
|
| |
|
|
|
|
|
|
| |
The CLDAP DS plugin uses the uppercased first segment of the fully
qualified hostname as the NetBIOS name. We need to limit its size
to 15 characters.
https://fedorahosted.org/freeipa/ticket/4028
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The driver only checked if the corresponding value was in the config, so
no_dns: False
had the same effect as
no_dns: True
Change the check to take the value into consideration.
This makes false-y values like False (from YAML) and empty string
(from environment) work as if the value was not specified.
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/4066
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/4066
|
| |
|
|
|
|
|
|
| |
Clean up the .gitignore file:
- Remove no longer used .gitignore entries, like .bzr files
- Do not repeat autotools generated files over and over again
- Whitelist existent Makefiles in the repository
- Better separate the .gitignore entries
|
| |
|
|
|
|
|
|
|
|
|
| |
The ipa-client-install script and ipa-join use different methods
of resolving the hostname, the former uses gethostbyaddr() call,
while the latter reads the "uinfo.nodename".
This can result ipa-client-install failures in case of broken PTR
records.
https://fedorahosted.org/freeipa/ticket/4027
|
