summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Do not fail if there are multiple nsDS5ReplicaId values in cn=replication,cn=etcPetr Viktorin2014-07-021-2/+7
| | | | | | | | | | | On systems installed before #3394 was fixed and nsDS5ReplicaId became single-valued, there are two replica ID values stored in cn=replication: the default (3) and the actual value we want. Instead of failing when multiple values are found, use the largest one. https://fedorahosted.org/freeipa/ticket/4375 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaldap: Override conversion of nsds5replicalast{update,init}{start,end}Tomas Babej2014-07-021-0/+4
| | | | | | | | | | | | | | | | | The replication related attributes with generalized time syntax have special behaviour implemented in 389, as follows: In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which perserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* NSEC3PARAM testsMartin Basti2014-07-021-0/+105
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add NSEC3PARAM to zone settingsMartin Basti2014-07-027-13/+61
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove NSEC3PARAM recordMartin Basti2014-07-028-138/+12
| | | | | | | Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update X-ORIGIN for 4.0Martin Kosek2014-07-013-15/+15
| | | | | | | | It was decided not to change the OID space for FreeIPA 4.0+ objectclasses. However, we should still at least properly mark the X-ORIGIN to make analyzing schema easier. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix ACI in DNSMartin Basti2014-07-014-5/+5
| | | | | | | Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord, tlsarecord Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* DNSSEC: WebUI: add TLSA recordMartin Basti2014-07-011-1/+18
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: add TLSA record typeMartin Basti2014-07-015-24/+66
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* webui: focus invalid widget on validation errorPetr Vobornik2014-07-013-3/+30
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix required error notification in multivalued widgetPetr Vobornik2014-07-011-4/+3
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: show notification instead of modal dialog on validation errorPetr Vobornik2014-07-011-6/+1
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Allow admins to write krbLoginFailedCountPetr Viktorin2014-07-011-3/+2
| | | | | | | | Without write access to this attribute, admins could not unlock users. https://fedorahosted.org/freeipa/ticket/4409 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check normalization only for IDNA domainsMartin Basti2014-07-012-13/+17
| | | | | | | | | | Backward compability with older IPA versions which allow to use uppper case. Only IDNA domains will be checked. https://fedorahosted.org/freeipa/ticket/4382 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* permission plugin: Ignore unparseable ACIsPetr Viktorin2014-07-012-1/+58
| | | | | | | | | | | | | When manipulating a permission for an entry that has an ACI that the parser cannot process, skip this ACI instead of failing. Add a test that manipulates permission in cn=accounts, where there are complex ipaAllowedOperation-based ACIs. Workaround for: https://fedorahosted.org/freeipa/ticket/4376 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove python-cherrypy BuildRequiresMartin Kosek2014-07-011-1/+0
| | | | | As FreeIPA Foreman Smartproxy was moved to separate repo, python-cherrypy is no longer required as a build dependency.
* Remove IPA Foreman Smart ProxyRob Crittenden2014-07-0115-1216/+1
| | | | | | | The code has been moved to its own, separate repository at git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git Reviewed-By: Martin Kosek <mkosek@redhat.com>
* install/ui/build: Build core.jsPetr Viktorin2014-06-301-0/+2
| | | | | | | | The make-ui.sh script builds both app.js and core.js, but only one was specified in the Makefile. Correct the mistake. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Let Host Administrators use host-disable commandMartin Kosek2014-06-301-1/+1
| | | | | | | | | Host Administrators could not write to service keytab attribute and thus they could not run the host-disable command. https://fedorahosted.org/freeipa/ticket/4284 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-install: Restart nisdomain service instead of startingTomas Babej2014-06-301-1/+3
| | | | | | | | | | To ensure new NIS domain name is loaded after ipa-client-install even in case when nisdomainname service is already running, we need to restart the service rather than starting it. https://fedorahosted.org/freeipa/ticket/4393 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* webui: support unlock user commandPetr Vobornik2014-06-304-2/+16
| | | | | | | | | | Call user-unlock command from Web UI. It will unlock displayed user on current master. https://fedorahosted.org/freeipa/ticket/4407 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-ci: fix action list action visibility and enablement assertionPetr Vobornik2014-06-301-4/+5
| | | | | | The new html structure was not addressed properly. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add sync_otp.htmlPetr Vobornik2014-06-303-0/+69
| | | | | | | | | standalone page for OTP token synchronization. It reuses SyncOTPScreen widget instead of reimplementing the logic as in other standalone pages. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: layer for standalone pages which use WebUI frameworkPetr Vobornik2014-06-308-16/+67
| | | | | | | | | | Current compiled Web UI layer (app.js) contains every FreeIPA plugin and not just the UI framework. It's not possible to start just a simple facet. This commit creates a basis for a layer (core.js) which contains only framework code and not entity related code. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix confirmation mixin origin checkPetr Vobornik2014-06-301-1/+4
| | | | | | | | Current check is not enough. https://fedorahosted.org/freeipa/ticket/4098 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: bind Login facet and OTP sync facetPetr Vobornik2014-06-304-3/+66
| | | | | | | | | Simple plugin which handles transition from login facet to OTP sync facet and vice versa. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support global notifications in all containersPetr Vobornik2014-06-303-2/+11
| | | | | | | | Global notifications were limited to "main" container. Now they have their own container which is displayed over other ones. It makes them usable everywhere. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add link pointing to OTP sync page to loginPetr Vobornik2014-06-304-0/+19
| | | | | | https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add OTP token synchronizationPetr Vobornik2014-06-306-1/+356
| | | | | | | | New SyncOTPScreen widget and related facet. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: base class for LoginScreen-like facetsPetr Vobornik2014-06-302-267/+345
| | | | | | | LoginScreen has layout which can be reused for other facets/widgets, e.g. for Sync OTP facet Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Update translationsPetr Viktorin2014-06-2717-3931/+8428
| | | | | | | Pull fresh translations from Transifex. Update the POT file. Thanks to all translators!
* Fix objectClass casing in LDIF to prevent schema update errorMartin Kosek2014-06-271-1/+1
| | | | | | | | | When a new objectclass was defined as "objectclass" and not "objectClass", it made the schema updater skip some objectclasses. https://fedorahosted.org/freeipa/ticket/4405 Reviewed-By: Rich Megginson <rmeggins@redhat.com>
* Upgrade special master zones to forward zonesMartin Basti2014-06-271-2/+177
| | | | | | | | | | | This upgrade is executed only if IPA version is older than 4.0 Requires detection if 'idnsforwardzone' objectclass is presented in schema before schema is upgraded Design: http://www.freeipa.org/page/V4/Forward_zones#Updates_and_Upgrades Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Added upgrade step executed before schmema is upgradedMartin Basti2014-06-275-8/+54
| | | | | | | | Class PreSchemaUpdate is executed before ldap schema update This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: extract rpc value from object envelopePetr Vobornik2014-06-276-9/+61
| | | | | | | | adapt Web UI to a newer style of encapsulation object data https://fedorahosted.org/freeipa/ticket/4394 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: send API version in RPC requestsPetr Vobornik2014-06-273-1/+7
| | | | | | | | | | | | | Currently there is an incorrect behavior that server doesn't send datetime and dnsname data in new format. This patch adds the version to each RPC request making the UI look as the latest client. Server then sends data in correct format. It also removes the "unknown version" warning from each RPC response. https://fedorahosted.org/freeipa/ticket/4394 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix detection of RPC commandPetr Vobornik2014-06-272-10/+10
| | | | | | | | | old detection did not work with the static version used for test and demonstration purposes. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-test: dns forward zone json dataPetr Vobornik2014-06-275-0/+158
| | | | | | | | | Fake API results for testing and presentation purposes of DNS Forward Zones. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-test: static metadata updatePetr Vobornik2014-06-273-1676/+3478
| | | | | | | | | Regular update of static metadata for testing and presentation purposes. It should also contain new DNS Forward Zones metadata. https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui-ci: dns forward zone testsPetr Vobornik2014-06-272-0/+43
| | | | | | | | Selenium CI sanity tests for DNS Forward Zones https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: dns forward zonesPetr Vobornik2014-06-272-1/+163
| | | | | | | | | | Add DNS Forward Zones Web UI. - pages under: Identity/DNS/DNS Forward Zones https://fedorahosted.org/freeipa/ticket/4357 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add confirmation for dns zone permission actionsPetr Vobornik2014-06-273-41/+13
| | | | | | All header actions should require confirmation. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Add python-yubico to BuildRequiresMartin Kosek2014-06-271-0/+1
| | | | | python-yubico needs to be on a machine to be able to build FreeIPA. Without it, even ./makeapi and ./makeaci fails.
* Fix getkeytab code to always use implicit tagging.Simo Sorce2014-06-272-9/+9
| | | | | | | | | | | | | | A mixture of implicit and explicit tagging was being used and this caused a bug in retrieving the enctype number due to the way ber_scanf() loosely treat sequences and explicit tagging. The ASN.1 notation used to describe the getkeytab operation uses implicit tagging, so by changing the code we simply follow to the specified encoding. Resolves: https://fedorahosted.org/freeipa/ticket/4404 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add otptoken-sync commandNathaniel McCallum2014-06-263-3/+112
| | | | | | | | | This command calls the token sync HTTP POST call in the server providing the CLI interface to synchronization. https://fedorahosted.org/freeipa/ticket/4260 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add the otptoken-add-yubikey commandNathaniel McCallum2014-06-265-3/+155
| | | | | | | | This command behaves almost exactly like otptoken-add except: 1. The new token data is written directly to a YubiKey 2. The vendor/model/serial fields are populated from the YubiKey Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add /session/token_sync POST supportNathaniel McCallum2014-06-264-9/+126
| | | | | | | | | | | | | | | | | This HTTP call takes the following parameters: * user * password * first_code * second_code * token (optional) Using this information, the server will perform token synchronization. If the token is not specified, all tokens will be searched for synchronization. Otherwise, only the token specified will be searched. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* rpcserver: fix local vs utc time comparisonPetr Vobornik2014-06-261-1/+1
| | | | | | | | | | login_password did not work properly in timezones other than +0h because local time was compared with utc time. Bug introduced in: https://fedorahosted.org/freeipa/ticket/4339 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: support otp in reset_password.htmlPetr Vobornik2014-06-262-2/+18
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: rebase user password dialog on password dialog and add otp supportPetr Vobornik2014-06-264-155/+75
| | | | | | https://fedorahosted.org/freeipa/ticket/4262 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-01 12:23:38 +0000