| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3750
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3718
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new API command 'adtrust_is_enabled', which can be used to determine
whether ipa-adtrust-install has been run on the system. This new command is not
visible in IPA CLI.
Use this command in idrange_add to conditionally require rid-base and
secondary-rid-base options.
Add tests to cover the new functionality
https://fedorahosted.org/freeipa/ticket/3634
|
|
|
|
|
|
|
|
| |
Logging tracebacks at the INFO level caused them to be displayed to user on the
command line. Change the log level to DEBUG, so that tracebacks are not visible
to user.
https://fedorahosted.org/freeipa/ticket/3704
|
|
|
|
|
|
|
|
| |
When adding a trust, if an id range already exists for this trust,
and options --base-id/--range-size are provided with the trust-add command,
trust-add should fail.
https://fedorahosted.org/freeipa/ticket/3635
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3713
|
|
|
|
|
|
|
|
|
|
|
| |
Improve handling of command line options related to forced client re-enrollment
in ipa-client-install:
* Make --keytab and --principal options mutually exclusive.
* Warn that using --force-join together with --keytab provides no additional
functionality.
https://fedorahosted.org/freeipa/ticket/3686
|
|
|
|
|
|
|
| |
To be consistent with the rest of the LDAP commands, return
ipaRangeType as a list of unicode strings.
Regression caused by https://fedorahosted.org/freeipa/ticket/3647
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardcoded values for range parameters such as base RID or range
size could be the reason the tests produced incorrect results,
as the ranges could get in conflict with already existing ranges
on the server.
Patch dynamically chooses ID and RID range space at the end of
all ranges already present on the server.
https://fedorahosted.org/freeipa/ticket/3662
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The plugin hooks into the Nose runner and IPA's logging infrastructure
and calls the appropriate BeakerLib functions (rl*).
IPA's log_manager is extended to accept custom Handler classes.
The ipa-run-tests helper now loads the plugin.
Patr of the work for: https://fedorahosted.org/freeipa/ticket/3621
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
|
|
|
|
|
|
|
| |
Rename the 'tests' directory to 'ipa-tests', and create an ipa-tests RPM
containing the test suite
Part of the work for: https://fedorahosted.org/freeipa/ticket/3654
|
|
|
|
| |
This directory is no longer used as session storage.
|
|
|
|
|
|
|
|
|
| |
All SELinux policy needed by FreeIPA server is now part of the global
system SELinux policy which makes the subpackage redundant and slowing
down the installation. This patch drops it.
https://fedorahosted.org/freeipa/ticket/3683
https://fedorahosted.org/freeipa/ticket/3684
|
|
|
|
|
|
|
| |
Make sure that the success message is properly populated with actual number of
items that were successfully added/removed.
https://fedorahosted.org/freeipa/ticket/3708
|
|
|
|
|
|
|
|
|
|
| |
There is a JS error.
Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error.
This patch creates proper exclude array before passing it to adder dialog.
https://fedorahosted.org/freeipa/ticket/3711
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3675
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3673
https://fedorahosted.org/freeipa/ticket/3674
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3667
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3665
|
|
|
|
|
|
| |
sys.stdout is buffered by default if redirected to a file.
This may causes automated installation to appear hung.
Flush the stream so that messages are written immediately.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following values of ipaRangeType attribute are supported
and translated accordingly in the idrange commands:
'ipa-local': 'local domain range'
'ipa-ad-winsync': 'Active Directory winsync range'
'ipa-ad-trust': 'Active Directory domain range'
'ipa-ad-trust-posix': 'Active Directory trust range with
POSIX attributes'
'ipa-ipa-trust': 'IPA trust range'
Part of https://fedorahosted.org/freeipa/ticket/3647
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, we deduced the range type from the range objectclass
and filled in virtual attribute in post_callback phase.
Having a ipaRangeType attributeType in schema, we need to fill
the attribute values to ranges created in previous IPA versions.
The plugin follows the same approach, setting ipa-local or
ipa-ad-trust value to the ipaRangeType attribute according
to the objectclass of the range.
Part of https://fedorahosted.org/freeipa/ticket/3647
|
|
|
|
|
|
|
|
|
|
| |
This adds a new LDAP attribute ipaRangeType with
OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema.
ObjectClass ipaIDrange has been altered to require
ipaRangeType attribute.
Part of https://fedorahosted.org/freeipa/ticket/3647
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3685
|
|
|
|
|
|
|
|
| |
Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.
https://fedorahosted.org/freeipa/ticket/3680
|
|
|
|
|
|
|
|
| |
Default list of attributes that are checked with 7-bit plugin
for being 7-bit clean includes userPassword. Consecutively, one
is unable to set passwords that contain non-ascii characters.
https://fedorahosted.org/freeipa/ticket/3640
|
|
|
|
|
|
| |
One Python's unicode marking character was being printed by RPC plugin
which then appeared in ipa-client-install output. This patch removes
it.
|
|
|
|
|
|
|
|
| |
Currently there is only empty space between facet tabs and facet title.
It's a regression caused by recent refactoring.
https://fedorahosted.org/freeipa/ticket/3688
|
|
|
|
|
|
|
|
|
|
|
| |
In idrange-add command, ensure that RID base is prompted for
in the interactive mode if domain SID or domain name was
specified.
If domain name nor SID was specified, make sure rid base is
prompted for if secondary rid base was specified and vice versa.
https://fedorahosted.org/freeipa/ticket/3602
|
|
|
|
|
|
|
|
|
|
| |
Extracted common code from ipalib/plugins/cli.py and
ipalib/plugins/dns.py that provided way to prompt user
for the value of specific attribute.
Added prompt_param method to Command class in ipalib/frontend.py
Done as part of https://fedorahosted.org/freeipa/ticket/3602
|
|
|
|
|
| |
Fixed as part of
https://fedorahosted.org/freeipa/ticket/3602
|
|
|
|
|
|
|
|
| |
All installers that handle Kerberos auth, have been altered to use
private ccache, that is ipa-server-install, ipa-dns-install,
ipa-replica-install, ipa-ca-install.
https://fedorahosted.org/freeipa/ticket/3666
|
|
|
|
|
|
|
|
| |
Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed.
This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail.
https://fedorahosted.org/freeipa/ticket/3645
|
| |
|
|
|
|
|
|
|
|
| |
This was to resolve a -Werror=format-security error.
ipa_extdom_extop.c: In function 'ipa_extdom_extop':
ipa_extdom_extop.c:144:9: error: format not a string literal and no format
arguments [-Werror=format-security]
|
|
|
|
|
|
| |
Regression introduced by 6e90920233cc9a7c9feb040dea22cda837715c39 - 'Move spec modifications from facet factories to pre_ops'.
https://fedorahosted.org/freeipa/ticket/3605
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3636
|
|
|
|
|
|
|
|
|
|
| |
When removing an ID range using idrange-del command, validation
in pre_callback ensures that the range does not belong to any
active trust. In such case, ValidationError is raised.
Unit tests to cover the functionality has been added.
https://fedorahosted.org/freeipa/ticket/3615
|
| |
|
|
|
|
|
|
|
|
|
| |
Since we depend on Dogtag 10 now, there is no need to keep code
that installs a Dogtag 9 CA.
Support for upgraded Dogtag-9-style instances is left in.
https://fedorahosted.org/freeipa/ticket/3529
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3639
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In ip-adtrust-install, "adding RID bases" step would fail
if there was more than one local range defined. This can be a
common case if e.g. there are users that migrated from previous
IdM solution.
With this patch, we fail only if there are multiple local ranges
that do not have RID bases set.
Keep in mind that overlap checking is ensured by ipa-range-check
DS plugin.
https://fedorahosted.org/freeipa/ticket/3498
|
|
|
|
|
|
|
|
|
|
|
| |
trust-find
In trust_show command, make sure that --raw flag is honoured.
Attributes ipanttrusttype and ipanttrustdirection are no longer
translated to strings from their raw ldap values when --raw is
used.
https://fedorahosted.org/freeipa/ticket/3525
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows DCs return an empty reply when a legal request cannot satisfied.
If we get EINVAL or ENOENT it means the information requested could not be
found or input parameters were bogus.
Always return an empty reply in these cases.
On any other internal error just return, the request may have been legit but we
can't really handle it right now, pretend we never saw it and hope the next
attempt will succeed.
Fixes: https://fedorahosted.org/freeipa/ticket/3639
Signed-off-by: Simo Sorce <simo@redhat.com>
|