| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
| |
Make validation more strict
* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.
>=certmonger-0.75.13 is needed for this to work.
https://fedorahosted.org/freeipa/ticket/4280
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
Removing last record attribute causes output type validation error
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
entries
Makes sure that any new sources added are not already present
in the entry.
https://fedorahosted.org/freeipa/ticket/4508
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4019
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This is to avoid chicken-egg problem when directory server fails to start
without resolvable hostname and named fails to provide hostname without
directory server.
https://fedorahosted.org/freeipa/ticket/4220
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4521
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
| |
This was left out by mistake when permissions were refactored.
The API is already tested.
https://fedorahosted.org/freeipa/ticket/4522
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an explicit build dependency to
python-backports-ssl_match_hostname.
Without it, the build-time lint would fail.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
Allow checking and setting CA renewal master for non-local CA instances.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without python-backports-ssl_match_hostname installed, an ipa-client
installation could have failed with:
from backports.ssl_match_hostname import match_hostname
ImportError: No module named ssl_match_hostname
This patch adds an explicit dependency to
python-backports-ssl_match_hostname.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4039
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/4463
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
forest trust
https://fedorahosted.org/freeipa/ticket/4463
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
| |
Server prior to 2012
http://msdn.microsoft.com/en-us/library/2a769a08-e023-459f-aebe-4fb3f595c0b7#id83
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Certain operations against AD domain controller can only be done if its
FSMO role is primary domain controller. We need to use writable DC and
PDC when creating trust and updating name suffix routing information.
https://fedorahosted.org/freeipa/ticket/4479
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4458
Reviewed-By: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'
https://fedorahosted.org/freeipa/ticket/3034
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Requiring a specific version of Java leads to breakages, like the
one happening on nightly builds in Fedora Rawhide right now.
We should use the more generic 'java' BuildRequires instead of the
versioned one.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add_table_record call used old selector for add button which
caused 3 fails in CI:
- ERROR: Test automember rebuild membership feature for hosts
- ERROR: Test automember rebuild membership feature for users
- ERROR: Basic CRUD: dns
related to:
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
On page:
- styled to use proper line breaks
- "centered" by .container class and not by huge padding
Console:
- proper line breaks
- links in stack trace are clickable(Chrome)
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4397
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
Test for: https://fedorahosted.org/freeipa/ticket/4164
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
http://fedorahosted.org/freeipa/ticket/4164
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.
Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.
https://fedorahosted.org/freeipa/ticket/4208
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a CIFS service exists and adtrust agents group does not
have it as a member attribute (for whatever reason), re-running
ipa-adtrust-install does not fix the inconsistency.
Make the installer more robust by being able to fix the inconsistency.
https://fedorahosted.org/freeipa/ticket/4464
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
After login, CI checks if password needs a reset by checking if
reset password fields are displayed. This check failed since
login facet was removed from DOM after successful auth. Weakening
the selector fixes it.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The ipagetkeytab command recently changed its failure output
to accomodate pre-4.0 servers.
Update the test to reflect this.
Related: https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
ipa-client-install runs anonymous search in non-rootdse space which
may raise UNWILLING_TO_PERFORM error. This case was only covered for
BIND, but not for the actual LDAP queries.
https://fedorahosted.org/freeipa/ticket/4459
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When creating or modifying otptoken check that token validity start is not after
validity end.
https://fedorahosted.org/freeipa/ticket/4244
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/freeipa/ticket/4448
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4448
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4371
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
|
| |
Remove the file on uninstall.
https://fedorahosted.org/freeipa/ticket/4303
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
|
|
|
| |
Fortunately this cause no error, because dnszone-find doesnt raise
exception if there is no DNS container
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
|
|
|
| |
Additional fix for https://fedorahosted.org/freeipa/ticket/4323
|
|
|
|
|
|
|
|
|
|
| |
The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to
pass the validation tests, however, they are not implemented nor
checked by the 389 server plugin.
https://fedorahosted.org/freeipa/ticket/4323
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
Buttons in hbactest check for 'action-button-disabled' but it's never set.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Detach/attach facet nodes when switching facets instead of
hiding/showing.
Keeps dom-tree more simple.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Fixed:
1. IE doesn't support value 'initial' in CSS rule.
2. setting innerHTML='' also destroys content of child nodes in
LoginScreen in IE -> reattached buttons have no text.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
Items nested in other items were created in root list instead of nested list.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Reproduction:
* add 'extensibleObject' object class to target object
https://fedorahosted.org/freeipa/ticket/4380
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Returning non-unicode causes serialization into base64 which causes havoc
in Web UI.
https://fedorahosted.org/freeipa/ticket/4454
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents the reuse of TOTP tokens by recording the last token
interval that was used. This will be replicated as normal. However,
this patch does not increase the number of writes to the database
in the standard authentication case. This is because it also
eliminates an unnecessary write during authentication. Hence, this
patch should be write-load neutral with the existing code.
Further performance enhancement is desired, but is outside the
scope of this patch.
https://fedorahosted.org/freeipa/ticket/4410
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|