summaryrefslogtreecommitdiffstats
path: root/install/static/test
diff options
context:
space:
mode:
authorAdam Young <ayoung@redhat.com>2010-10-25 19:55:57 -0400
committerAdam Young <ayoung@redhat.com>2010-12-20 23:32:06 -0500
commit07ace112afeaadade0ca372fe23a9432c2c9780f (patch)
tree6442a26960fd1d07087a90f28292f419cc3dbd71 /install/static/test
parentfc4ce7dc8c2102561396e4987ff6357bb79bf524 (diff)
downloadfreeipa.git-07ace112afeaadade0ca372fe23a9432c2c9780f.tar.gz
freeipa.git-07ace112afeaadade0ca372fe23a9432c2c9780f.tar.xz
freeipa.git-07ace112afeaadade0ca372fe23a9432c2c9780f.zip
aci ui
Implements the role, privilege, permission, delegation and selfservice entities ui. Targetgroup has been added to the object types. The groups lists need to be filter. The filter is currently hidden, with a hyperlink that reads 'filter' to unhide it. Each keystroke in this filter performs an AJAX request to the server. There are bugs on the server side that block some of the functionality from completing Creating a Permission requires one of 4 target types. The add dialog in this version assumes the user will want to create a filter type. They can change this on the edit page. Most search results come back with the values as arrays, but ACIs seem not to. Search and details both required special code to handle non-arrays. The unit tests now make use of the 'module' aspect of QUnit. This means that future unit test will also need to specify the module. The advantage is that multiple tests can share a common setup and teardown. Bugs that need to be fixed before this works 100% are https://fedorahosted.org/freeipa/ticket/634 https://fedorahosted.org/freeipa/ticket/633
Diffstat (limited to 'install/static/test')
-rwxr-xr-xinstall/static/test/aci_tests.html33
-rw-r--r--install/static/test/aci_tests.js81
-rw-r--r--install/static/test/all_tests.html2
-rwxr-xr-xinstall/static/test/certificate_tests.html2
-rwxr-xr-xinstall/static/test/certificate_tests.js2
-rw-r--r--install/static/test/data/aci_find.json115
-rw-r--r--install/static/test/data/delegation_find.json35
-rw-r--r--install/static/test/data/delegation_list.json35
-rw-r--r--install/static/test/data/delegation_mod.json21
-rw-r--r--install/static/test/data/delegation_show.json20
-rw-r--r--install/static/test/data/ipa_init.json740
-rw-r--r--install/static/test/data/permission_add.json26
-rw-r--r--install/static/test/data/permission_del9
-rw-r--r--install/static/test/data/permission_find.json887
-rw-r--r--install/static/test/data/permission_show.json41
-rw-r--r--install/static/test/data/privilege_find.json215
-rw-r--r--install/static/test/data/privilege_show.json39
-rw-r--r--install/static/test/data/role_find.json20
-rw-r--r--install/static/test/data/role_show.json36
-rw-r--r--install/static/test/data/selfservice_find.json24
-rw-r--r--install/static/test/data/selfservice_show.json21
-rw-r--r--install/static/test/details_tests.js2
-rw-r--r--install/static/test/entity_tests.js2
-rw-r--r--install/static/test/index.html1
-rw-r--r--install/static/test/ipa_tests.js2
-rw-r--r--install/static/test/navigation_tests.js2
26 files changed, 2227 insertions, 186 deletions
diff --git a/install/static/test/aci_tests.html b/install/static/test/aci_tests.html
new file mode 100755
index 00000000..7cdbeffa
--- /dev/null
+++ b/install/static/test/aci_tests.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Access Control Interface Test Suite</title>
+ <link rel="stylesheet" href="qunit.css" type="text/css" media="screen">
+ <script type="text/javascript" src="qunit.js"></script>
+
+
+
+ <script type="text/javascript" src="../jquery.js"></script>
+ <script type="text/javascript" src="../jquery.ba-bbq.js"></script>
+ <script type="text/javascript" src="../jquery-ui.js"></script>
+ <script type="text/javascript" src="../ipa.js"></script>
+ <script type="text/javascript" src="../widget.js"></script>
+ <script type="text/javascript" src="../details.js"></script>
+ <script type="text/javascript" src="../search.js"></script>
+ <script type="text/javascript" src="../add.js"></script>
+ <script type="text/javascript" src="../entity.js"></script>
+ <script type="text/javascript" src="../associate.js"></script>
+ <script type="text/javascript" src="../navigation.js"></script>
+ <script type="text/javascript" src="../aci.js"></script>
+
+ <script type="text/javascript" src="aci_tests.js"></script>
+</head>
+<body>
+ <h1 id="qunit-header">Certificate Test Suite</h1>
+ <h2 id="qunit-banner"></h2>
+ <div id="qunit-testrunner-toolbar"></div>
+ <h2 id="qunit-userAgent"></h2>
+ <ol id="qunit-tests"></ol>
+ <div id="qunit-fixture"></div>
+</body>
+</html>
diff --git a/install/static/test/aci_tests.js b/install/static/test/aci_tests.js
new file mode 100644
index 00000000..76bff355
--- /dev/null
+++ b/install/static/test/aci_tests.js
@@ -0,0 +1,81 @@
+/* Authors:
+ * Endi Sukma Dewata <edewata@redhat.com>
+ *
+ * Copyright (C) 2010 Red Hat
+ * see file 'COPYING' for use and warranty information
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; version 2 only
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+
+
+var target_section;
+var aci_container;
+
+module('aci',{
+ setup: function() {
+ IPA.ajax_options.async = false;
+ IPA.init(
+ "data",
+ true,
+ function(data, text_status, xhr) {
+ ok(true, "ipa_init() succeeded.");
+ },
+ function(xhr, text_status, error_thrown) {
+ ok(false, "ipa_init() failed: "+error_thrown);
+ }
+ );
+ aci_container = $('<div id="aci"/>').appendTo(document.body);
+ target_section = ipa_target_section();
+ target_section.create(aci_container);
+ },
+ teardown: function() {
+ aci_container.remove();
+ }}
+);
+
+
+test("Testing aci grouptarget.", function() {
+ var sample_data_filter_only = {"targetgroup":"ipausers"};
+ target_section.load(sample_data_filter_only);
+ ok($('#aci_by_group')[0].checked, 'aci_by_group control selected');
+ ok ($('#aci_target_group_select option').length > 2,'group select populated');
+
+});
+
+
+
+test("Testing aci object type.", function() {
+ var sample_data_filter_only = {"type":"hostgroup"};
+ target_section.load(sample_data_filter_only);
+ ok($('.aci-attribute', aci_container).length > 4);
+ ok($('#aci_by_type')[0].checked, 'aci_by_type control selected');
+
+});
+
+
+test("Testing aci filter only.", function() {
+
+ var sample_data_filter_only = {"filter":"somevalue"};
+
+ target_section.load(sample_data_filter_only);
+
+ var filter_radio = $('#aci_by_filter');
+
+ ok(filter_radio.length,'find "filter_only_radio" control');
+ ok(filter_radio[0].checked,'filter_only_radio control is checked');
+
+});
+
+
+
diff --git a/install/static/test/all_tests.html b/install/static/test/all_tests.html
index 64412b01..6a29daff 100644
--- a/install/static/test/all_tests.html
+++ b/install/static/test/all_tests.html
@@ -16,12 +16,14 @@
<script type="text/javascript" src="../associate.js"></script>
<script type="text/javascript" src="../navigation.js"></script>
<script type="text/javascript" src="../certificate.js"></script>
+ <script type="text/javascript" src="../aci.js"></script>
<script type="text/javascript" src="ipa_tests.js"></script>
<script type="text/javascript" src="details_tests.js"></script>
<script type="text/javascript" src="entity_tests.js"></script>
<script type="text/javascript" src="association_tests.js"></script>
<script type="text/javascript" src="navigation_tests.js"></script>
<script type="text/javascript" src="certificate_tests.js"></script>
+ <script type="text/javascript" src="aci_tests.js"></script>
</head>
<body>
<h1 id="qunit-header">Complete Test Suite</h1>
diff --git a/install/static/test/certificate_tests.html b/install/static/test/certificate_tests.html
index 90f09b21..5b411ff1 100755
--- a/install/static/test/certificate_tests.html
+++ b/install/static/test/certificate_tests.html
@@ -5,6 +5,8 @@
<link rel="stylesheet" href="qunit.css" type="text/css" media="screen">
<script type="text/javascript" src="qunit.js"></script>
<script type="text/javascript" src="../jquery.js"></script>
+ <script type="text/javascript" src="../jquery.ba-bbq.js"></script>
+ <script type="text/javascript" src="../jquery-ui.js"></script>
<script type="text/javascript" src="../ipa.js"></script>
<script type="text/javascript" src="../details.js"></script>
<script type="text/javascript" src="../search.js"></script>
diff --git a/install/static/test/certificate_tests.js b/install/static/test/certificate_tests.js
index cfa96b2b..c50ec186 100755
--- a/install/static/test/certificate_tests.js
+++ b/install/static/test/certificate_tests.js
@@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+module('certificate');
+
test("Testing certificate_parse_dn().", function() {
same(
diff --git a/install/static/test/data/aci_find.json b/install/static/test/data/aci_find.json
index 3f0018c8..23077876 100644
--- a/install/static/test/data/aci_find.json
+++ b/install/static/test/data/aci_find.json
@@ -1,64 +1,63 @@
{
- "error": null,
- "id": 0,
+ "error": null,
+ "id": 6,
"result": {
- "count": 54,
+ "count": 53,
"result": [
- "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
- "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groupss,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr != \"aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || ipaUniqueId\")(targetfilter = \"(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))\")(version 3.0;acl \"Account Admins can manage Users and Groups\";allow (add,delete,read,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
- "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
- "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey\")(version 3.0;acl \"Enable Anonymous access\";allow (read,search,compare) userdn = \"ldap:///anyone\";)",
+ "(targetattr != \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory || krbMKey || ipaUniqueId || memberOf || serverHostName || enrolledBy\")(version 3.0;acl \"Admin can manage any entry\";allow (all) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword\")(version 3.0;acl \"Self can write own password\";allow (write) userdn = \"ldap:///self\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Admins can write passwords\";allow (add,delete,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"Password change service can read/write passwords\";allow (read,write) userdn = \"ldap:///krbprincipalname=kadmin/changepw@AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=AYOUNG.BOSTON.DEVEL.REDHAT.COM,cn=kerberos,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || krbPasswordExpiration || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"KDC System Account can access passwords\";allow (all) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"KDC System Account can update some fields\";allow (write) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbPrincipalName || krbCanonicalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount\")(version 3.0;acl \"Only the KDC System Account has access to kerberos material\";allow (read,search,compare) userdn = \"ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength\")(targetfilter = \"(objectClass=krbPwdPolicy)\")(version 3.0;acl \"Admins can write password policies\";allow (read,search,compare,write) groupdn = \"ldap:///cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou\")(version 3.0;acl \"Self service\";allow (write) userdn = \"ldap:///self\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Get Certificates status from the CA\";allow (write) groupdn = \"ldap:///cn=certificate_status,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Users\";allow (delete) groupdn = \"ldap:///cn=removeusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify group membership\";allow (write) groupdn = \"ldap:///cn=modifygroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Services\";allow (add) groupdn = \"ldap:///cn=addservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory\")(version 3.0;acl \"change_password\";allow (write) groupdn = \"ldap:///cn=change_password,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Groups\";allow (add) groupdn = \"ldap:///cn=addgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hostgroups\";allow (write) groupdn = \"ldap:///cn=modifyhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Roles\";allow (write) groupdn = \"ldap:///cn=modifyroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"memberhost || externalhost || memberuser || member\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroup membership\";allow (write) groupdn = \"ldap:///cn=modifynetgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userCertificate\")(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Services\";allow (write) groupdn = \"ldap:///cn=modifyservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hostgroups\";allow (add) groupdn = \"ldap:///cn=addhostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount maps\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove automount keys\";allow (delete) groupdn = \"ldap:///cn=removeautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///krbprincipalname=*,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Services\";allow (delete) groupdn = \"ldap:///cn=removeservices,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Users\";allow (add) groupdn = \"ldap:///cn=addusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description || l || location || nshardwareplatform || nsosversion\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Hosts\";allow (write) groupdn = \"ldap:///cn=modifyhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add user to default group\";allow (write) groupdn = \"ldap:///cn=add_user_to_default_group,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hostgroups\";allow (delete) groupdn = \"ldap:///cn=removehostgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Remove entitlement entries\";allow (delete) groupdn = \"ldap:///cn=removeentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(targetattr = \"krbPrincipalName || enrolledBy || objectClass\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Enroll a host\";allow (write) groupdn = \"ldap:///cn=enroll_host,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Hosts\";allow (add) groupdn = \"ldap:///cn=addhosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove netgroups\";allow (delete) groupdn = \"ldap:///cn=removenetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"description\")(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify netgroups\";allow (write) groupdn = \"ldap:///cn=modifynetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify role group membership\";allow (write) groupdn = \"ldap:///cn=modifyrolegroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=request_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"userCertificate\")(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Modify entitlements\";allow (write) groupdn = \"ldap:///cn=modifyentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify task group membership\";allow (write) groupdn = \"ldap:///cn=modifytaskgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add Roles\";allow (add) groupdn = \"ldap:///cn=addroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Certificate Remove Hold\";allow (write) groupdn = \"ldap:///cn=certificate_remove_hold,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=rolegroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Roles\";allow (delete) groupdn = \"ldap:///cn=removeroles,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount maps\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou || mepManagedEntry || objectclass\")(target = \"ldap:///uid=*,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Users\";allow (write) groupdn = \"ldap:///cn=modifyusers,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=ng,cn=alt,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add netgroups\";allow (add) groupdn = \"ldap:///cn=addnetgroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Hosts\";allow (delete) groupdn = \"ldap:///cn=removehosts,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=greyoak,dc=com\")(version 3.0;acl \"Add entitlements\";allow (add) groupdn = \"ldap:///cn=addentitlements,cn=taskgroups,cn=accounts,dc=greyoak,dc=com\";)",
+ "(target = \"ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Add automount keys\";allow (add) groupdn = \"ldap:///cn=addautomount,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Remove Groups\";allow (delete) groupdn = \"ldap:///cn=removegroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Retrieve Certificates from the CA\";allow (write) groupdn = \"ldap:///cn=retrieve_certs,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"objectClass\")(target = \"ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Revoke Certificate\";allow (write) groupdn = \"ldap:///cn=revoke_certificate,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"krbPrincipalKey || krbLastPwdChange\")(target = \"ldap:///fqdn=*,cn=computers,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Manage host keytab\";allow (write) groupdn = \"ldap:///cn=manage_host_keytab,cn=taskgroups, cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"cn || description || gidnumber || objectclass || mepManagedBy\")(target = \"ldap:///cn=*,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify Groups\";allow (write) groupdn = \"ldap:///cn=modifygroups,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
+ "(targetattr = \"member\")(target = \"ldap:///cn=*,cn=hostgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Modify host group membership\";allow (write) groupdn = \"ldap:///cn=modifyhostgroupmembership,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)",
"(targetattr = \"objectClass\")(target = \"ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\")(version 3.0;acl \"Request Certificates from a different host\";allow (write) groupdn = \"ldap:///cn=request_cert_different_host,cn=taskgroups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com\";)"
- ],
- "summary": "54 ACIs matched"
+ ],
+ "summary": "53 ACIs matched"
}
} \ No newline at end of file
diff --git a/install/static/test/data/delegation_find.json b/install/static/test/data/delegation_find.json
new file mode 100644
index 00000000..82b31fc5
--- /dev/null
+++ b/install/static/test/data/delegation_find.json
@@ -0,0 +1,35 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 2,
+ "result": [
+ {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ }
+ ],
+ "summary": "2 delegations matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_list.json b/install/static/test/data/delegation_list.json
new file mode 100644
index 00000000..d4d9fc06
--- /dev/null
+++ b/install/static/test/data/delegation_list.json
@@ -0,0 +1,35 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 2,
+ "result": [
+ {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ }
+ ],
+ "summary": "2 delegations matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_mod.json b/install/static/test/data/delegation_mod.json
new file mode 100644
index 00000000..9f7da68b
--- /dev/null
+++ b/install/static/test/data/delegation_mod.json
@@ -0,0 +1,21 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "m2m",
+ "attrs": [
+ "title"
+ ],
+ "filter": "(memberOf=cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=monsters,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "add",
+ "delete"
+ ]
+ },
+ "summary": "Modified delegation \"m2m\"",
+ "value": "m2m"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/delegation_show.json b/install/static/test/data/delegation_show.json
new file mode 100644
index 00000000..9444c875
--- /dev/null
+++ b/install/static/test/data/delegation_show.json
@@ -0,0 +1,20 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "delegme",
+ "attrs": [
+ "cn"
+ ],
+ "filter": "(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com)",
+ "group": "muppets",
+ "membergroup": "cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "permissions": [
+ "write"
+ ]
+ },
+ "summary": null,
+ "value": "delegme"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/ipa_init.json b/install/static/test/data/ipa_init.json
index 606f8482..3a5301e8 100644
--- a/install/static/test/data/ipa_init.json
+++ b/install/static/test/data/ipa_init.json
@@ -52,7 +52,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "key",
"cli_short_name": null,
"default": null,
@@ -78,7 +78,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "info",
"cli_short_name": null,
"default": null,
@@ -234,7 +234,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "map",
"cli_short_name": null,
"default": null,
@@ -295,7 +295,7 @@
"ipahomesrootdir",
"ipadefaultloginshell",
"ipadefaultprimarygroup",
- "ipadefaultdomain",
+ "ipadefaultemaildomain",
"ipasearchtimelimit",
"ipasearchrecordslimit",
"ipausersearchfields",
@@ -347,7 +347,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "homedirectory",
"cli_short_name": null,
"default": null,
@@ -497,7 +497,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "usersearch",
"cli_short_name": null,
"default": null,
@@ -523,7 +523,7 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
- "class": "Str",
+ "class": "IA5Str",
"cli_name": "groupsearch",
"cli_short_name": null,
"default": null,
@@ -586,7 +586,9 @@
"default": null,
"doc": "Base for certificate subjects (OU=Test,O=Example)",
"exclude": null,
- "flags": [],
+ "flags": [
+ "no_update"
+ ],
"hint": null,
"include": null,
"label": "Certificate Subject base",
@@ -601,6 +603,103 @@
"query": false,
"required": false,
"type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "groupobjectclasses",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Default group objectclassses (comma-separated list)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Default group objectclasses",
+ "multivalue": true,
+ "name": "ipagroupobjectclasses",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "userobjectclasses",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Default user objectclassses (comma-separated list)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Default user objectclasses",
+ "multivalue": true,
+ "name": "ipauserobjectclasses",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Int",
+ "cli_name": "pwdexpnotify",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Password Expiration Notification (days)",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Password Expiration Notification",
+ "maxvalue": null,
+ "minvalue": 0,
+ "multivalue": false,
+ "name": "ipapwdexpadvnotify",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "int"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipaconfigstring",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Extra hashes to generate in password plugin",
+ "exclude": null,
+ "flags": [
+ "no_update"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Password plugin features",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipaconfigstring",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
}
],
"uuid_attribute": ""
@@ -1614,6 +1713,151 @@
],
"uuid_attribute": ""
},
+ "delegation": {
+ "bindable": false,
+ "label": "Delegation",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "delegation",
+ "object_name": [
+ "delegation"
+ ],
+ "object_name_plural": [
+ "delegation"
+ ],
+ "primary_key": "aciname",
+ "takes_params": [
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "name",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Delegation name",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Delegation name",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "aciname",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": true,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "permissions",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Permissions",
+ "multivalue": true,
+ "name": "permissions",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "attrs",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of attributes",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Attributes",
+ "multivalue": true,
+ "name": "attrs",
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "membergroup",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User group to apply delegation to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Member user group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "memberof",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "group",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User group ACI grants access to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "User group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "group",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ }
+ ]
+ },
"dns": {
"default_attributes": [
"idnsname",
@@ -4887,7 +5131,7 @@
"objectclass",
"aci"
],
- "label": "Role Groups",
+ "label": "Role",
"methods": [
"add",
"add_member",
@@ -4966,6 +5210,99 @@
],
"uuid_attribute": ""
},
+ "selfservice": {
+ "bindable": false,
+ "label": "Self Service Permissions",
+ "methods": [
+ "add",
+ "del",
+ "find",
+ "mod",
+ "show"
+ ],
+ "name": "selfservice",
+ "object_name": [
+ "selfservice"
+ ],
+ "object_name_plural": [
+ "selfservice"
+ ],
+ "primary_key": "aciname",
+ "takes_params": [
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "name",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Self-Service name",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Self-Service name",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "aciname",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": true,
+ "query": false,
+ "required": true,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "permissions",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of permissions to grant (read, write). Default is write.",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Permissions",
+ "multivalue": true,
+ "name": "permissions",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "List",
+ "cli_name": "attrs",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Comma-separated list of attributes",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Attributes",
+ "multivalue": true,
+ "name": "attrs",
+ "primary_key": false,
+ "query": false,
+ "required": true,
+ "separator": ",",
+ "skipspace": true,
+ "type": "tuple"
+ }
+ ]
+ },
"service": {
"aciattrs": [
"ipaUniqueID",
@@ -5388,6 +5725,12 @@
"memberUser"
],
"attribute_members": {
+ "ipasudorunas": [
+ "user"
+ ],
+ "ipasudorunasgroup": [
+ "group"
+ ],
"memberallowcmd": [
"sudocmd",
"sudocmdgroup"
@@ -5409,7 +5752,15 @@
"container_dn": "cn=sudorules",
"default_attributes": [
"cn",
- "description"
+ "ipaenabledflag",
+ "description",
+ "usercategory",
+ "hostcategory",
+ "cmdcategory",
+ "memberuser",
+ "memberhost",
+ "memberallowcmd",
+ "memberdenycmd"
],
"hidden_attributes": [
"objectclass",
@@ -5421,13 +5772,19 @@
"add_allow_command",
"add_deny_command",
"add_host",
+ "add_runasgroup",
+ "add_runasuser",
"add_user",
"del",
+ "disable",
+ "enable",
"find",
"mod",
"remove_allow_command",
"remove_deny_command",
"remove_host",
+ "remove_runasgroup",
+ "remove_runasuser",
"remove_user",
"show"
],
@@ -5498,6 +5855,89 @@
{
"alwaysask": false,
"attribute": false,
+ "autofill": true,
+ "class": "Flag",
+ "cli_name": "ipaenabledflag",
+ "cli_short_name": null,
+ "default": false,
+ "doc": "Enabled",
+ "exclude": null,
+ "falsehoods": [
+ 0,
+ "0",
+ "false"
+ ],
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Enabled",
+ "multivalue": false,
+ "name": "ipaenabledflag",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "truths": [
+ "1",
+ 1,
+ "true"
+ ],
+ "type": "bool"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "usercat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "User category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "User category",
+ "multivalue": false,
+ "name": "usercategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "hostcat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Host category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Host category",
+ "multivalue": false,
+ "name": "hostcategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
"autofill": false,
"class": "StrEnum",
"cli_name": "cmdcat",
@@ -5523,6 +5963,54 @@
"alwaysask": false,
"attribute": false,
"autofill": false,
+ "class": "StrEnum",
+ "cli_name": "runasusercat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As User category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Run As User category",
+ "multivalue": false,
+ "name": "ipasudorunasusercategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "StrEnum",
+ "cli_name": "runasgroupcat",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As Group category the rule applies to",
+ "exclude": null,
+ "flags": [],
+ "hint": null,
+ "include": null,
+ "label": "Run As Group category",
+ "multivalue": false,
+ "name": "ipasudorunasgroupcategory",
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode",
+ "values": [
+ "all"
+ ]
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
"class": "Str",
"cli_name": "memberuser_user",
"cli_short_name": null,
@@ -5728,6 +6216,66 @@
"query": false,
"required": false,
"type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipasudorunas_user",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As User",
+ "exclude": null,
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Run As User",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipasudorunas_user",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
+ },
+ {
+ "alwaysask": false,
+ "attribute": false,
+ "autofill": false,
+ "class": "Str",
+ "cli_name": "ipasudorunasgroup_group",
+ "cli_short_name": null,
+ "default": null,
+ "doc": "Run As Group",
+ "exclude": null,
+ "flags": [
+ "no_update",
+ "no_create",
+ "no_search"
+ ],
+ "hint": null,
+ "include": null,
+ "label": "Run As Group",
+ "length": null,
+ "maxlength": null,
+ "minlength": null,
+ "multivalue": false,
+ "name": "ipasudorunasgroup_group",
+ "pattern": null,
+ "pattern_errmsg": null,
+ "primary_key": false,
+ "query": false,
+ "required": false,
+ "type": "unicode"
}
],
"uuid_attribute": "ipauniqueid"
@@ -5742,139 +6290,77 @@
"gidNumber",
"uidNumber",
"homeDirectory",
- "radiusRealm",
- "radiusSimultaneousUse",
- "radiusProxyToRealm",
- "radiusReplicateToRealm",
- "radiusStripUserName",
- "dialupAccess",
- "radiusLoginTime",
- "radiusUserCategory",
- "radiusExpiration",
- "radiusCheckItem",
- "roomNumber",
- "photo",
- "mail",
- "krbLastPwdChange",
+ "manager",
+ "userCertificate",
+ "homePostalAddress",
"krbLoginFailedCount",
+ "krbLastSuccessfulAuth",
+ "title",
"userSMIMECertificate",
- "radiusNASIpAddress",
- "radiusReplyItem",
- "jpegPhoto",
- "krbPrincipalAliases",
- "telexNumber",
- "telephoneNumber",
- "facsimileTelephoneNumber",
- "teletexTerminalIdentifier",
- "internationalISDNNumber",
- "x121Address",
- "destinationIndicator",
- "registeredAddress",
- "radiusTunnelType",
- "krbPrincipalKey",
- "radiusTunnelClientEndpoint",
- "radiusVSA",
+ "krbPrincipalExpiration",
+ "roomNumber",
+ "photo",
+ "description",
"krbPrincipalName",
- "displayName",
- "preferredDeliveryMethod",
- "audio",
- "preferredLanguage",
- "krbExtraData",
- "krbCanonicalName",
- "radiusLoginIPHost",
- "krbTicketFlags",
+ "mail",
+ "employeeType",
"krbPwdHistory",
- "pager",
- "mobile",
+ "carLicense",
+ "departmentNumber",
+ "employeeNumber",
+ "inetUserHttpURL",
"memberOf",
- "krbUPEnabled",
- "krbPrincipalType",
- "krbTicketPolicyReference",
- "x500UniqueIdentifier",
- "krbMaxTicketLife",
- "givenName",
- "homePostalAddress",
- "radiusReplyMessage",
- "krbPrincipalExpiration",
- "userPKCS12",
- "radiusFramedProtocol",
- "radiusFramedRoute",
- "radiusFramedIPXNetwork",
- "radiusFramedMTU",
- "radiusFramedIPAddress",
- "radiusFramedIPNetmask",
- "radiusFramedAppleTalkZone",
- "radiusFramedCompression",
- "radiusFramedAppleTalkLink",
- "radiusFramedAppleTalkNetwork",
+ "displayName",
"st",
"street",
"l",
- "inetUserHttpURL",
- "inetUserStatus",
+ "krbMaxRenewableAge",
+ "jpegPhoto",
+ "audio",
+ "pager",
+ "secretary",
+ "preferredLanguage",
+ "krbExtraData",
+ "krbCanonicalName",
"o",
"ou",
- "title",
- "description",
+ "seeAlso",
+ "userPassword",
"businessCategory",
"postalAddress",
"postalCode",
"postOfficeBox",
"physicalDeliveryOfficeName",
+ "mobile",
"krbPwdPolicyReference",
- "secretary",
- "homePhone",
- "radiusLoginLATGroup",
- "krbLastFailedAuth",
- "radiusIdleTimeout",
- "radiusFramedRouting",
- "radiusLoginService",
- "radiusLoginLATService",
- "radiusLoginLATPort",
- "radiusLoginLATNode",
- "radiusPasswordRetry",
- "radiusLoginTCPPort",
- "radiusPortLimit",
- "manager",
- "radiusTerminationAction",
- "radiusTunnelAssignmentId",
- "radiusTunnelMediumType",
- "radiusTunnelPassword",
"labeledURI",
- "radiusPrompt",
- "radiusServiceType",
- "radiusSessionTimeout",
- "employeeType",
- "radiusTunnelPreference",
- "carLicense",
- "departmentNumber",
- "employeeNumber",
- "radiusTunnelPrivateGroupId",
- "userCertificate",
- "radiusTunnelServerEndpoint",
- "seeAlso",
- "userPassword",
- "radiusClientIPAddress",
- "radiusAuthType",
- "radiusHint",
- "radiusGroupName",
- "radiusProfileDn",
- "radiusHuntgroupName",
- "krbMaxRenewableAge",
+ "homePhone",
"krbPasswordExpiration",
- "krbLastSuccessfulAuth",
+ "inetUserStatus",
+ "krbLastPwdChange",
+ "krbMaxTicketLife",
+ "krbUPEnabled",
"loginShell",
+ "x500UniqueIdentifier",
+ "krbLastFailedAuth",
"gecos",
- "radiusCallbackId",
- "radiusCallbackNumber",
- "radiusCalledStationId",
- "radiusCallingStationId",
- "radiusArapFeatures",
- "radiusArapSecurity",
- "radiusArapZoneAccess",
+ "krbPrincipalKey",
+ "krbTicketFlags",
+ "krbPrincipalType",
+ "userPKCS12",
"initials",
- "radiusClass",
- "radiusFilterId"
+ "krbTicketPolicyReference",
+ "givenName",
+ "preferredDeliveryMethod",
+ "krbPrincipalAliases",
+ "telexNumber",
+ "telephoneNumber",
+ "facsimileTelephoneNumber",
+ "teletexTerminalIdentifier",
+ "internationalISDNNumber",
+ "x121Address",
+ "destinationIndicator",
+ "registeredAddress"
],
"attribute_members": {
"memberof": [
@@ -6683,19 +7169,19 @@
"Administrator"
],
"gidnumber": [
- "2120898932"
+ "66000000"
],
"homedirectory": [
"/home/admin"
],
"ipauniqueid": [
- "cc2d5b64-fe52-11df-a795-525400674dcd"
+ "c9e61ada-0703-11e0-addd-525400674dcd"
],
"krblastpwdchange": [
- "20101202203134Z"
+ "20101213215751Z"
],
"krbpasswordexpiration": [
- "20110302203134Z"
+ "20110313215751Z"
],
"krbprincipalname": [
"admin@AYOUNG.BOSTON.DEVEL.REDHAT.COM"
@@ -6729,7 +7215,7 @@
"admin"
],
"uidnumber": [
- "2120898932"
+ "66000000"
]
}
],
diff --git a/install/static/test/data/permission_add.json b/install/static/test/data/permission_add.json
new file mode 100644
index 00000000..2235b74c
--- /dev/null
+++ b/install/static/test/data/permission_add.json
@@ -0,0 +1,26 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "cn": [
+ "testperm"
+ ],
+ "description": [
+ "description"
+ ],
+ "dn": "cn=testperm,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "objectclass": [
+ "groupofnames",
+ "top"
+ ],
+ "permissions": [
+ "read",
+ "write"
+ ],
+ "targetgroup": "ipausers"
+ },
+ "summary": "Added permission \"testperm\"",
+ "value": "testperm"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_del b/install/static/test/data/permission_del
new file mode 100644
index 00000000..c1136898
--- /dev/null
+++ b/install/static/test/data/permission_del
@@ -0,0 +1,9 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": true,
+ "summary": "Deleted permission \"testperm\"",
+ "value": "testperm"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_find.json b/install/static/test/data/permission_find.json
new file mode 100644
index 00000000..0cd4d988
--- /dev/null
+++ b/install/static/test/data/permission_find.json
@@ -0,0 +1,887 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 47,
+ "result": [
+ {
+ "cn": [
+ "addusers"
+ ],
+ "description": [
+ "Add Users"
+ ],
+ "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "user"
+ },
+ {
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword",
+ "passwordHistory"
+ ],
+ "cn": [
+ "change_password"
+ ],
+ "description": [
+ "Change a user password"
+ ],
+ "dn": "cn=change_password,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ]
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "add_user_to_default_group"
+ ],
+ "description": [
+ "Add user to default group"
+ ],
+ "dn": "cn=add_user_to_default_group,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "targetgroup": "ldap:///cn=ipausers,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeusers"
+ ],
+ "description": [
+ "Remove Users"
+ ],
+ "dn": "cn=removeusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "user"
+ },
+ {
+ "attrs": [
+ "givenName",
+ "sn",
+ "cn",
+ "displayName",
+ "title",
+ "initials",
+ "loginShell",
+ "gecos",
+ "homePhone",
+ "mobile",
+ "pager",
+ "facsimileTelephoneNumber",
+ "telephoneNumber",
+ "street",
+ "roomNumber",
+ "l",
+ "st",
+ "postalCode",
+ "manager",
+ "secretary",
+ "description",
+ "carLicense",
+ "labeledURI",
+ "inetUserHTTPURL",
+ "seeAlso",
+ "employeeType",
+ "businessCategory",
+ "ou",
+ "mepManagedEntry",
+ "objectclass"
+ ],
+ "cn": [
+ "modifyusers"
+ ],
+ "description": [
+ "Modify Users"
+ ],
+ "dn": "cn=modifyusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "useradmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "user"
+ },
+ {
+ "cn": [
+ "addgroups"
+ ],
+ "description": [
+ "Add Groups"
+ ],
+ "dn": "cn=addgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "group"
+ },
+ {
+ "cn": [
+ "removegroups"
+ ],
+ "description": [
+ "Remove Groups"
+ ],
+ "dn": "cn=removegroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "group"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description",
+ "gidnumber",
+ "objectclass",
+ "mepManagedBy",
+ "ipaUniqueId"
+ ],
+ "cn": [
+ "modifygroups"
+ ],
+ "description": [
+ "Modify Groups"
+ ],
+ "dn": "cn=modifygroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "group"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifygroupmembership"
+ ],
+ "description": [
+ "Modify Group membership"
+ ],
+ "dn": "cn=modifygroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "groupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "group"
+ },
+ {
+ "cn": [
+ "addhosts"
+ ],
+ "description": [
+ "Add Hosts"
+ ],
+ "dn": "cn=addhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "removehosts"
+ ],
+ "description": [
+ "Remove Hosts"
+ ],
+ "dn": "cn=removehosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "host"
+ },
+ {
+ "attrs": [
+ "description",
+ "l",
+ "nshostlocation",
+ "nshardwareplatform",
+ "nsosversion"
+ ],
+ "cn": [
+ "modifyhosts"
+ ],
+ "description": [
+ "Modify Hosts"
+ ],
+ "dn": "cn=modifyhosts,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "addhostgroups"
+ ],
+ "description": [
+ "Add Hostgroups"
+ ],
+ "dn": "cn=addhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "cn": [
+ "removehostgroups"
+ ],
+ "description": [
+ "Remove Hostgroups"
+ ],
+ "dn": "cn=removehostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description"
+ ],
+ "cn": [
+ "modifyhostgroups"
+ ],
+ "description": [
+ "Modify Hostgroups"
+ ],
+ "dn": "cn=modifyhostgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyhostgroupmembership"
+ ],
+ "description": [
+ "Modify Hostgroup membership"
+ ],
+ "dn": "cn=modifyhostgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "hostgroup"
+ },
+ {
+ "cn": [
+ "addservices"
+ ],
+ "description": [
+ "Add Services"
+ ],
+ "dn": "cn=addservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "service"
+ },
+ {
+ "cn": [
+ "removeservices"
+ ],
+ "description": [
+ "Remove Services"
+ ],
+ "dn": "cn=removeservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "service"
+ },
+ {
+ "attrs": [
+ "userCertificate"
+ ],
+ "cn": [
+ "modifyservices"
+ ],
+ "description": [
+ "Modify Services"
+ ],
+ "dn": "cn=modifyservices,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "service"
+ },
+ {
+ "cn": [
+ "addroles"
+ ],
+ "description": [
+ "Add Roles"
+ ],
+ "dn": "cn=addroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeroles"
+ ],
+ "description": [
+ "Remove Roles"
+ ],
+ "dn": "cn=removeroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "cn",
+ "description"
+ ],
+ "cn": [
+ "modifyroles"
+ ],
+ "description": [
+ "Modify Roles"
+ ],
+ "dn": "cn=modifyroles,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyrolemembership"
+ ],
+ "description": [
+ "Modify Role Group membership"
+ ],
+ "dn": "cn=modifyrolemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "member"
+ ],
+ "cn": [
+ "modifyprivilegemembership"
+ ],
+ "description": [
+ "Modify privilege membership"
+ ],
+ "dn": "cn=modifyprivilegemembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "delegationadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=*,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addautomountmaps"
+ ],
+ "description": [
+ "Add Automount maps"
+ ],
+ "dn": "cn=addautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeautomountmaps"
+ ],
+ "description": [
+ "Remove Automount maps"
+ ],
+ "dn": "cn=removeautomountmaps,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addautomountkeys"
+ ],
+ "description": [
+ "Add Automount keys"
+ ],
+ "dn": "cn=addautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeautomountkeys"
+ ],
+ "description": [
+ "Remove Automount keys"
+ ],
+ "dn": "cn=removeautomountkeys,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "automountadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///automountkey=*,automountmapname=*,cn=automount,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "addnetgroups"
+ ],
+ "description": [
+ "Add netgroups"
+ ],
+ "dn": "cn=addnetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "cn": [
+ "removenetgroups"
+ ],
+ "description": [
+ "Remove netgroups"
+ ],
+ "dn": "cn=removenetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "description"
+ ],
+ "cn": [
+ "modifynetgroups"
+ ],
+ "description": [
+ "Modify netgroups"
+ ],
+ "dn": "cn=modifynetgroups,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "memberhost",
+ "externalhost",
+ "memberuser",
+ "member"
+ ],
+ "cn": [
+ "modifynetgroupmembership"
+ ],
+ "description": [
+ "Modify netgroup membership"
+ ],
+ "dn": "cn=modifynetgroupmembership,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "netgroupadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "netgroup"
+ },
+ {
+ "attrs": [
+ "krbPrincipalKey",
+ "krbLastPwdChange"
+ ],
+ "cn": [
+ "manage_host_keytab"
+ ],
+ "description": [
+ "Manage host keytab"
+ ],
+ "dn": "cn=manage_host_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin",
+ "enrollhost"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "attrs": [
+ "krbPrincipalKey",
+ "krbLastPwdChange"
+ ],
+ "cn": [
+ "manage_service_keytab"
+ ],
+ "description": [
+ "Manage service keytab"
+ ],
+ "dn": "cn=manage_service_keytab,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "serviceadmin",
+ "admins"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "service"
+ },
+ {
+ "attrs": [
+ "enrolledBy",
+ "objectClass"
+ ],
+ "cn": [
+ "enroll_host"
+ ],
+ "description": [
+ "Enroll a host"
+ ],
+ "dn": "cn=enroll_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "hostadmin",
+ "enrollhost"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "type": "host"
+ },
+ {
+ "cn": [
+ "managereplica"
+ ],
+ "description": [
+ "Manage Replication Agreements"
+ ],
+ "dn": "cn=managereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "replicaadmin"
+ ],
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ },
+ {
+ "cn": [
+ "deletereplica"
+ ],
+ "description": [
+ "Delete Replication Agreements"
+ ],
+ "dn": "cn=deletereplica,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "replicaadmin"
+ ],
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "cn=admins,cn=groups,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ },
+ {
+ "cn": [
+ "addentitlements"
+ ],
+ "description": [
+ "Add Entitlements"
+ ],
+ "dn": "cn=addentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "removeentitlements"
+ ],
+ "description": [
+ "Remove Entitlements"
+ ],
+ "dn": "cn=removeentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "delete"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "userCertificate"
+ ],
+ "cn": [
+ "modifyentitlements"
+ ],
+ "description": [
+ "Modify Entitlements"
+ ],
+ "dn": "cn=modifyentitlements,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "entitlementadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///ipauniqueid=*,cn=entitlements,cn=etc,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "retrieve_certs"
+ ],
+ "description": [
+ "Retrieve Certificates from the CA"
+ ],
+ "dn": "cn=retrieve_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=retrieve certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "request_certs"
+ ],
+ "description": [
+ "Request Certificates from the CA"
+ ],
+ "dn": "cn=request_certs,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=request certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "request_cert_different_host"
+ ],
+ "description": [
+ "Request Certificates from a different host"
+ ],
+ "dn": "cn=request_cert_different_host,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=request certificate different host,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "certificate_status"
+ ],
+ "description": [
+ "Get Certificates status from the CA"
+ ],
+ "dn": "cn=certificate_status,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=certificate status,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "revoke_certificate"
+ ],
+ "description": [
+ "Revoke Certificate"
+ ],
+ "dn": "cn=revoke_certificate,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=revoke certificate,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "attrs": [
+ "objectClass"
+ ],
+ "cn": [
+ "certificate_remove_hold"
+ ],
+ "description": [
+ "Certificate Remove Hold"
+ ],
+ "dn": "cn=certificate_remove_hold,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "certadmin"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "subtree": "ldap:///cn=certificate remove hold,cn=virtual operations,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "update_dns"
+ ],
+ "description": [
+ "DNS Servers Updates"
+ ],
+ "dn": "cn=update_dns,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member_privilege": [
+ "dnsadmin",
+ "dnsserver"
+ ],
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ }
+ ],
+ "summary": "47 permissions matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/permission_show.json b/install/static/test/data/permission_show.json
new file mode 100644
index 00000000..ac12ef0e
--- /dev/null
+++ b/install/static/test/data/permission_show.json
@@ -0,0 +1,41 @@
+{
+ "error": null,
+ "id": 6,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "addusers"
+ ],
+ "description": [
+ "Add Users"
+ ],
+ "dn": "cn=addusers,cn=permissions,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "member": [
+ "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "objectclass": [
+ "top",
+ "groupofnames"
+ ],
+ "permissions": [
+ "add"
+ ],
+ "type": "user"
+ },
+ "summary": null,
+ "value": "addusers"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/privilege_find.json b/install/static/test/data/privilege_find.json
new file mode 100644
index 00000000..c48c4a0e
--- /dev/null
+++ b/install/static/test/data/privilege_find.json
@@ -0,0 +1,215 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 14,
+ "result": [
+ {
+ "cn": [
+ "useradmin"
+ ],
+ "description": [
+ "User Administrators"
+ ],
+ "dn": "cn=useradmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addusers",
+ "change_password",
+ "add_user_to_default_group",
+ "removeusers",
+ "modifyusers"
+ ]
+ },
+ {
+ "cn": [
+ "groupadmin"
+ ],
+ "description": [
+ "Group Administrators"
+ ],
+ "dn": "cn=groupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addgroups",
+ "removegroups",
+ "modifygroups",
+ "modifygroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "hostadmin"
+ ],
+ "description": [
+ "Host Administrators"
+ ],
+ "dn": "cn=hostadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addhosts",
+ "removehosts",
+ "modifyhosts",
+ "manage_host_keytab",
+ "enroll_host"
+ ]
+ },
+ {
+ "cn": [
+ "hostgroupadmin"
+ ],
+ "description": [
+ "Host Group Administrators"
+ ],
+ "dn": "cn=hostgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addhostgroups",
+ "removehostgroups",
+ "modifyhostgroups",
+ "modifyhostgroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "delegationadmin"
+ ],
+ "description": [
+ "Role administration"
+ ],
+ "dn": "cn=delegationadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addroles",
+ "removeroles",
+ "modifyroles",
+ "modifyrolemembership",
+ "modifyprivilegemembership"
+ ]
+ },
+ {
+ "cn": [
+ "serviceadmin"
+ ],
+ "description": [
+ "Service Administrators"
+ ],
+ "dn": "cn=serviceadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addservices",
+ "removeservices",
+ "modifyservices",
+ "manage_service_keytab"
+ ]
+ },
+ {
+ "cn": [
+ "automountadmin"
+ ],
+ "description": [
+ "Automount Administrators"
+ ],
+ "dn": "cn=automountadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addautomountmaps",
+ "removeautomountmaps",
+ "addautomountkeys",
+ "removeautomountkeys"
+ ]
+ },
+ {
+ "cn": [
+ "netgroupadmin"
+ ],
+ "description": [
+ "Netgroups Administrators"
+ ],
+ "dn": "cn=netgroupadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addnetgroups",
+ "removenetgroups",
+ "modifynetgroups",
+ "modifynetgroupmembership"
+ ]
+ },
+ {
+ "cn": [
+ "certadmin"
+ ],
+ "description": [
+ "Certificate Administrators"
+ ],
+ "dn": "cn=certadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "retrieve_certs",
+ "request_certs",
+ "request_cert_different_host",
+ "certificate_status",
+ "revoke_certificate",
+ "certificate_remove_hold"
+ ]
+ },
+ {
+ "cn": [
+ "replicaadmin"
+ ],
+ "description": [
+ "Replication Administrators"
+ ],
+ "dn": "cn=replicaadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "uid=admin,cn=users,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "memberof_permission": [
+ "managereplica",
+ "deletereplica"
+ ]
+ },
+ {
+ "cn": [
+ "enrollhost"
+ ],
+ "description": [
+ "Host Enrollment"
+ ],
+ "dn": "cn=enrollhost,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "manage_host_keytab",
+ "enroll_host"
+ ]
+ },
+ {
+ "cn": [
+ "entitlementadmin"
+ ],
+ "description": [
+ "Entitlement Administrators"
+ ],
+ "dn": "cn=entitlementadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberof_permission": [
+ "addentitlements",
+ "removeentitlements",
+ "modifyentitlements"
+ ]
+ },
+ {
+ "cn": [
+ "dnsadmin"
+ ],
+ "description": [
+ "DNS Administrators"
+ ],
+ "dn": "cn=dnsadmin,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ },
+ {
+ "cn": [
+ "dnsserver"
+ ],
+ "description": [
+ "DNS Servers"
+ ],
+ "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ]
+ }
+ ],
+ "summary": "14 privileges matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/privilege_show.json b/install/static/test/data/privilege_show.json
new file mode 100644
index 00000000..7d9328aa
--- /dev/null
+++ b/install/static/test/data/privilege_show.json
@@ -0,0 +1,39 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "memberof": "rsc",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "dnsserver"
+ ],
+ "description": [
+ "DNS Servers"
+ ],
+ "dn": "cn=dnsserver,cn=privileges,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "memberindirect": [
+ "krbprincipalname=dns/ipa.ayoung.boston.devel.redhat.com@ayoung.boston.devel.redhat.com,cn=services,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ ],
+ "objectclass": [
+ "top",
+ "groupofnames",
+ "nestedgroup"
+ ]
+ },
+ "summary": null,
+ "value": "dnsserver"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/role_find.json b/install/static/test/data/role_find.json
new file mode 100644
index 00000000..af013803
--- /dev/null
+++ b/install/static/test/data/role_find.json
@@ -0,0 +1,20 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 1,
+ "result": [
+ {
+ "cn": [
+ "helpdesk"
+ ],
+ "description": [
+ "Helpdesk"
+ ],
+ "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com"
+ }
+ ],
+ "summary": "1 role matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/role_show.json b/install/static/test/data/role_show.json
new file mode 100644
index 00000000..9ad8dd68
--- /dev/null
+++ b/install/static/test/data/role_show.json
@@ -0,0 +1,36 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "attributelevelrights": {
+ "aci": "rscwo",
+ "businesscategory": "rscwo",
+ "cn": "rscwo",
+ "description": "rscwo",
+ "member": "rscwo",
+ "memberof": "rsc",
+ "nsaccountlock": "rscwo",
+ "o": "rscwo",
+ "objectclass": "rscwo",
+ "ou": "rscwo",
+ "owner": "rscwo",
+ "seealso": "rscwo"
+ },
+ "cn": [
+ "helpdesk"
+ ],
+ "description": [
+ "Helpdesk"
+ ],
+ "dn": "cn=helpdesk,cn=roles,cn=accounts,dc=ayoung,dc=boston,dc=devel,dc=redhat,dc=com",
+ "objectclass": [
+ "top",
+ "groupofnames",
+ "nestedgroup"
+ ]
+ },
+ "summary": null,
+ "value": "helpdesk"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/selfservice_find.json b/install/static/test/data/selfservice_find.json
new file mode 100644
index 00000000..91db6e40
--- /dev/null
+++ b/install/static/test/data/selfservice_find.json
@@ -0,0 +1,24 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "count": 1,
+ "result": [
+ {
+ "aciname": "Self can write own password",
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "selfaci": true
+ }
+ ],
+ "summary": "1 selfservice matched",
+ "truncated": false
+ }
+} \ No newline at end of file
diff --git a/install/static/test/data/selfservice_show.json b/install/static/test/data/selfservice_show.json
new file mode 100644
index 00000000..358e6592
--- /dev/null
+++ b/install/static/test/data/selfservice_show.json
@@ -0,0 +1,21 @@
+{
+ "error": null,
+ "id": 0,
+ "result": {
+ "result": {
+ "aciname": "Self can write own password",
+ "attrs": [
+ "userPassword",
+ "krbPrincipalKey",
+ "sambaLMPassword",
+ "sambaNTPassword"
+ ],
+ "permissions": [
+ "write"
+ ],
+ "selfaci": true
+ },
+ "summary": null,
+ "value": "Self can write own password"
+ }
+} \ No newline at end of file
diff --git a/install/static/test/details_tests.js b/install/static/test/details_tests.js
index f0b8e15c..baed80ce 100644
--- a/install/static/test/details_tests.js
+++ b/install/static/test/details_tests.js
@@ -19,6 +19,8 @@
*/
+module('details');
+
test("Testing ipa_details_section.create().", function() {
IPA.ajax_options.async = false;
diff --git a/install/static/test/entity_tests.js b/install/static/test/entity_tests.js
index 78fb5f4b..4b60c3e9 100644
--- a/install/static/test/entity_tests.js
+++ b/install/static/test/entity_tests.js
@@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+module('entity');
+
test('Testing ipa_entity_set_search_definition().', function() {
var uid_callback = function() {
diff --git a/install/static/test/index.html b/install/static/test/index.html
index 5467a683..78b41e9b 100644
--- a/install/static/test/index.html
+++ b/install/static/test/index.html
@@ -30,6 +30,7 @@
<li><a href="association_tests.html">Association Test Suite</a>
<li><a href="navigation_tests.html">Navigation Test Suite</a>
<li><a href="certificate_tests.html">Certificate Test Suite</a>
+ <li><a href="aci_tests.html">Access Control Interface Test Suite</a>
</ul>
</div>
diff --git a/install/static/test/ipa_tests.js b/install/static/test/ipa_tests.js
index ec95f686..23190c1f 100644
--- a/install/static/test/ipa_tests.js
+++ b/install/static/test/ipa_tests.js
@@ -18,6 +18,8 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+module('ipa');
+
test("Testing ipa_init().", function() {
expect(1);
diff --git a/install/static/test/navigation_tests.js b/install/static/test/navigation_tests.js
index f8e58026..4321939f 100644
--- a/install/static/test/navigation_tests.js
+++ b/install/static/test/navigation_tests.js
@@ -19,7 +19,7 @@
*/
-
+module('navigation');
test("Testing nav_create().", function() {
generated by cgit (git 2.34.1) at 2025-09-03 04:29:07 +0000