summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* makeaci: Use the DN where the ACI is stored, not the permission's DNPetr Viktorin2014-07-072-132/+132
| | | | Reviewed-By: Martin Basti <mbasti@redhat.com>
* Prepare spec for 4.0 releaseMartin Kosek2014-07-041-48/+4
| | | | | | | | | | | | - Bump 389-ds-base requires to fix the deref call with new ACIs: https://fedorahosted.org/freeipa/ticket/4389 - Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC capability - Bump selinux-policy to fix the CRL retrieval: https://fedorahosted.org/freeipa/ticket/4369 - Remove conditionals for Fedora < 20 as FreeIPA 4.0 is not planned to be released on these platforms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Test DNS: add zone with consecutive dash charactersMartin Basti2014-07-041-1/+46
| | | | | | Test for ticket: https://fedorahosted.org/freeipa/ticket/4268 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Test DNS: TLSA recordMartin Basti2014-07-041-0/+66
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Test DNS: test zone normalizationMartin Basti2014-07-041-1/+47
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: new navigation structurePetr Vobornik2014-07-049-109/+163
| | | | | | | | https://fedorahosted.org/freeipa/ticket/4418 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Allow to add managed permission for reverse zonesMartin Basti2014-07-044-12/+44
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4422 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Allow read access to services in cn=masters to auth'd usersPetr Viktorin2014-07-041-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4425 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ldapupdate: Restore 'replace' functionalityPetr Viktorin2014-07-041-0/+8
| | | | | | | The replace directive was made a no-op by mistake in commit 6381d76. Restore it. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Restore privileges after forward zones updateMartin Basti2014-07-041-1/+42
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix: Missing ACI for records in 40-dns.updateMartin Basti2014-07-042-2/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add Modify Realm Domains permissionMartin Kosek2014-07-042-0/+10
| | | | | | | | | The permission is required for DNS Administrators as realm domains object is updated when a master zone is added. https://fedorahosted.org/freeipa/ticket/4423 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix tests dns_realmdomains_integrationMartin Basti2014-07-041-0/+9
| | | | | | Added warning message about forwarders Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Non IDNA zonename should be normalized to lowercaseMartin Basti2014-07-041-0/+10
| | | | | | Before IDNA support zone was normalized. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* test_ipaserver: Add OTP token test data to ipatests packagePetr Viktorin2014-07-042-1/+4
| | | | | | The missing files caused test failures when running tests out of tree. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* test_ipagetkeytab: Fix expected error messagePetr Viktorin2014-07-041-1/+4
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: change ipatokennotbefore and ipatokennotafter types to datetimePetr Vobornik2014-07-041-4/+16
| | | | | | https://fedorahosted.org/freeipa/ticket/3369 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipalib: Use DateTime parameter class for OTP token timestamp attributesTomas Babej2014-07-043-13/+13
| | | | | | | | For ipatokennotbefore and ipatokennotafter attributes use DateTime parameter class instead of Str, since these are represented as LDAP Generalized Time in LDAP. Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-ldap-updater: make possible to use LDAPI with autobind in case of ↵Alexander Bokovoy2014-07-042-1/+6
| | | | | | | | | | | | | | | | | hardened LDAP configuration When nsslapd-minssf is greater than 0, running as root ipa-ldap-updater [-l] will fail even if we force use of autobind for root over LDAPI. The reason for this is that schema updater doesn't get ldapi flag passed and attempts to connect to LDAP port instead and for hardened configurations using simple bind over LDAP is not enough. Additionally, report properly previously unhandled LDAP exceptions. https://fedorahosted.org/freeipa/ticket/3468 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* webui-build: use /usr/share/java/js.jar instead of rhino.jarPetr Vobornik2014-07-032-2/+2
| | | | | | | | | /usr/share/java/rhino.jar is a Fedora's symlink to /usr/share/java/js.jar Debian doesn't have it. Direct usage of upstream /usr/share/java/js.jar should work on both systems. Reviewed-By: Timo Aaltonen <tjaalton@ubuntu.com>
* Fix incompatible permission name *zone-delMartin Basti2014-07-031-14/+19
| | | | | | Fixes ticket: https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix upgrade to forward zonesMartin Basti2014-07-031-1/+1
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Split dns docstringMartin Basti2014-07-031-47/+47
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Help for forward zonesMartin Basti2014-07-031-12/+51
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Use documentation addresses in dns helpMartin Basti2014-07-031-15/+15
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add DNSSEC experimental support warning messageMartin Basti2014-07-032-0/+29
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add warning about semantic change for zonesMartin Basti2014-07-032-0/+35
| | | | | | | | | --forwarder have different semantic since forward zones support. Add warning if zone contains forwarders. Ticket: https://fedorahosted.org/freeipa/ticket/3210#comment:16 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: Add experimental support for DNSSECMartin Basti2014-07-022-0/+23
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Allow to add non string values to named confMartin Basti2014-07-021-6/+24
| | | | | | | | | Non string values should not start and end with '"' in options section in named.conf Required by ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Clear NSS session cache when socket is closedMartin Kosek2014-07-021-0/+1
| | | | | | | | | Even when NSS connection is closed, there may be still cached certificates in the NSS lib. This may cause subsequent NSS initialization to crash. This problem especially reproduces in the unit tests. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Do not fail if there are multiple nsDS5ReplicaId values in cn=replication,cn=etcPetr Viktorin2014-07-021-2/+7
| | | | | | | | | | | On systems installed before #3394 was fixed and nsDS5ReplicaId became single-valued, there are two replica ID values stored in cn=replication: the default (3) and the actual value we want. Instead of failing when multiple values are found, use the largest one. https://fedorahosted.org/freeipa/ticket/4375 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaldap: Override conversion of nsds5replicalast{update,init}{start,end}Tomas Babej2014-07-021-0/+4
| | | | | | | | | | | | | | | | | The replication related attributes with generalized time syntax have special behaviour implemented in 389, as follows: In case they are explicitly requested for and not set, 0 is returned. However, 0 is not a valid value for LDAP Generalized time. Thus we need to add these attributes to the _SYNTAX_OVERRIDE dictionary, overriding their conversion to datetime and converting them to string instead, which perserves the old behaviour expected by the replication codebase. https://fedorahosted.org/freeipa/ticket/4350 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* NSEC3PARAM testsMartin Basti2014-07-021-0/+105
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add NSEC3PARAM to zone settingsMartin Basti2014-07-027-13/+61
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove NSEC3PARAM recordMartin Basti2014-07-028-138/+12
| | | | | | | Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update X-ORIGIN for 4.0Martin Kosek2014-07-013-15/+15
| | | | | | | | It was decided not to change the OID space for FreeIPA 4.0+ objectclasses. However, we should still at least properly mark the X-ORIGIN to make analyzing schema easier. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Fix ACI in DNSMartin Basti2014-07-014-5/+5
| | | | | | | Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord, tlsarecord Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* DNSSEC: WebUI: add TLSA recordMartin Basti2014-07-011-1/+18
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: add TLSA record typeMartin Basti2014-07-015-24/+66
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* webui: focus invalid widget on validation errorPetr Vobornik2014-07-013-3/+30
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: fix required error notification in multivalued widgetPetr Vobornik2014-07-011-4/+3
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: show notification instead of modal dialog on validation errorPetr Vobornik2014-07-011-6/+1
| | | | | Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Allow admins to write krbLoginFailedCountPetr Viktorin2014-07-011-3/+2
| | | | | | | | Without write access to this attribute, admins could not unlock users. https://fedorahosted.org/freeipa/ticket/4409 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check normalization only for IDNA domainsMartin Basti2014-07-012-13/+17
| | | | | | | | | | Backward compability with older IPA versions which allow to use uppper case. Only IDNA domains will be checked. https://fedorahosted.org/freeipa/ticket/4382 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* permission plugin: Ignore unparseable ACIsPetr Viktorin2014-07-012-1/+58
| | | | | | | | | | | | | When manipulating a permission for an entry that has an ACI that the parser cannot process, skip this ACI instead of failing. Add a test that manipulates permission in cn=accounts, where there are complex ipaAllowedOperation-based ACIs. Workaround for: https://fedorahosted.org/freeipa/ticket/4376 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove python-cherrypy BuildRequiresMartin Kosek2014-07-011-1/+0
| | | | | As FreeIPA Foreman Smartproxy was moved to separate repo, python-cherrypy is no longer required as a build dependency.
* Remove IPA Foreman Smart ProxyRob Crittenden2014-07-0115-1216/+1
| | | | | | | The code has been moved to its own, separate repository at git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git Reviewed-By: Martin Kosek <mkosek@redhat.com>
* install/ui/build: Build core.jsPetr Viktorin2014-06-301-0/+2
| | | | | | | | The make-ui.sh script builds both app.js and core.js, but only one was specified in the Makefile. Correct the mistake. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Let Host Administrators use host-disable commandMartin Kosek2014-06-301-1/+1
| | | | | | | | | Host Administrators could not write to service keytab attribute and thus they could not run the host-disable command. https://fedorahosted.org/freeipa/ticket/4284 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa-client-install: Restart nisdomain service instead of startingTomas Babej2014-06-301-1/+3
| | | | | | | | | | To ensure new NIS domain name is loaded after ipa-client-install even in case when nisdomainname service is already running, we need to restart the service rather than starting it. https://fedorahosted.org/freeipa/ticket/4393 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-11 23:40:56 +0000