summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ipatests: Do not use /usr/bin hardcoded pathsTomas Babej2013-10-311-6/+7
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Restore SELinux context after restoring files from backupTomas Babej2013-10-311-0/+12
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* ipatests: Extend clear_sssd_cache to support non-systemd platformsTomas Babej2013-10-311-6/+16
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* advice: Add legacy client configuration script using nss-ldapTomas Babej2013-10-311-1/+36
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3833
* Remove ipa-pwd-extop and ipa-enrollment duplicate error stringsMartin Kosek2013-10-303-16/+22
| | | | | | | Some error strings were duplicate which makes it then harder to see what is the real root cause of it. https://fedorahosted.org/freeipa/ticket/3988
* Fix password expiration notificationPetr Vobornik2013-10-305-19/+137
| | | | | | - was broken by navigation and application controller refactoring https://fedorahosted.org/freeipa/ticket/4003
* beakerlib plugin: Don't try to submit logs if they are missingPetr Viktorin2013-10-301-0/+1
|
* Tests: mkdir_recursive: Don't fail when top-level directory doesn't existPetr Viktorin2013-10-301-4/+4
| | | | | | When the directory directly under root (e.g. /etc) did not exist, mkdir_recursive failed. Fix the issue.
* Improve permission plugin test cleanupPetr Viktorin2013-10-301-3/+5
| | | | | | | The rename tests use names that were not being cleaned up when the tests fail. Add cleanup steps for them. Also, use --force so system permissions are removed as well.
* Use new ipaldap entry API in aci and permission pluginPetr Viktorin2013-10-302-23/+27
|
* Help plugin: don't fail if a topic's module is not foundPetr Viktorin2013-10-301-3/+8
| | | | | | | | Previously the help plugin failed when searching for the docstring when a topic's module was not found. This can happen when some server plugins are loaded (e.g. for tests). Use empty documentation when the topic is not found.
* Fix invalid assumption NSS initialization check in SSLTransportPetr Viktorin2013-10-301-1/+3
| | | | | | There code assumes that the `conn` in any Connection in the context is a ServerProxy. This might not always be the case: ldap2 uses a python-ldap connection here.
* Fix indentation in permission plugin testsPetr Viktorin2013-10-301-44/+44
|
* Update Permission and ACI plugins to decorator registration APIPetr Viktorin2013-10-302-30/+24
|
* Add nsswitch.conf to FILES section of ipa-client-install man pageMartin Kosek2013-10-291-0/+1
| | | | | | This file is always updated when client is installed or uninstalled. https://fedorahosted.org/freeipa/ticket/3995
* Track DS certificate with certmonger on replicas.Jan Cholasta2013-10-292-2/+10
| | | | https://fedorahosted.org/freeipa/ticket/3975
* Add test for external CA installationAna Krivokapic2013-10-291-0/+107
| | | | https://fedorahosted.org/freeipa/ticket/3819
* Fix date in last changelog entryPetr Viktorin2013-10-251-1/+1
|
* Remove mod_ssl conflictMartin Kosek2013-10-255-10/+54
| | | | | | | | | | | Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking of either mod_nss or mod_ssl was configured to listen on that port. https://fedorahosted.org/freeipa/ticket/3974
* Make set_directive and get_directive more strictMartin Kosek2013-10-251-2/+2
| | | | | | | | | | | When set_directive was used for directive "foo" and the word "foo" was detected anywhere on the line (e.g. in a comment, or in an example), it was overwritten which may potentially lead to wrong line being overwritten. Only match the directives on the beginning of the lines, it is safer. https://fedorahosted.org/freeipa/ticket/3974
* Do not add kadmin/changepw ACIs on new installsMartin Kosek2013-10-252-2/+0
| | | | | | | | | | | | These ACI were needed when FreeIPA had a custom ipa_kpasswd daemon, now that a standard kadmin is used, ACIs are not needed anymore as kadmin uses the same driver as the KDC. The ACIs is not removed on upgrades to avoid breaking older replicas which may still use FreeIPA version with the ipa_kpasswd daemon. https://fedorahosted.org/freeipa/ticket/3987
* Make sure nsds5ReplicaStripAttrs is set on agreementsAna Krivokapic2013-10-251-2/+1
| | | | | | | Add nsds5ReplicaStripAttrs to the agreement LDAP entry before the agreement is created. https://fedorahosted.org/freeipa/ticket/3989
* Do not roll back failed client installation on serverAna Krivokapic2013-10-251-0/+5
| | | | | | | | In case of a failed enrollment, IPA client rolls back any changes it has made to the system. In order to have a more debuggable setup, do not roll back these changes in the case of an IPA server install. https://fedorahosted.org/freeipa/ticket/3990
* trusts: Fix typo in error message for realm-domain mismatchTomas Babej2013-10-251-2/+2
|
* ipatests: Add AD integration test caseTomas Babej2013-10-251-0/+188
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Add AD-integration related tasksTomas Babej2013-10-243-5/+324
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Add WinHost classTomas Babej2013-10-241-0/+19
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Create util module for ipatestsTomas Babej2013-10-241-0/+60
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Extend IntegrationTest with multiple AD domain supportTomas Babej2013-10-241-10/+18
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Extend domain object with 'ad' role support and WinHostsTomas Babej2013-10-241-20/+25
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* ipatests: Add Active Directory support to configurationTomas Babej2013-10-242-3/+47
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3834
* trusts: combine filters with AND to make sure only the intended domain matchesJakub Hrozek2013-10-241-1/+2
|
* Get the created range type in case of re-establishing trustTomas Babej2013-10-211-0/+2
| | | | | | | This is a regression fix introduced by commit id: 285ed59889590ddd0d6ca2e2a030b28527941cbf Fixes internal error in case of re-establishing the trust.
* test_simple_replication: Fix waiting for replicationPetr Viktorin2013-10-182-2/+4
| | | | | | | | | | | The integration tests must wait for replication to happen before checking results. In some cases, the tests have failed because the checks that detect completed replication were insufficient. This fixes the code to: - Wait for replication to be completed on both servers - In the case of an error, continue waiting -- it might be the case that the DS is temporarily unreachable
* Use a user result template in testsPetr Viktorin2013-10-1810-1308/+271
| | | | | This makes the tests shorter, more descriptive, and easier to change e.g. when new attributes are added.
* Add ipa-advise plugins for nss-pam-ldapd legacy clientsAna Krivokapic2013-10-186-17/+250
| | | | | | | | | | | Add three new ipa-advise plugins, to facilitate configuration of legacy clients using nss-pam-ldapd: * config-redhat-nss-pam-ldapd * config-generic-linux-nss-pam-ldapd * config-freebsd-nss-pam-ldapd https://fedorahosted.org/freeipa/ticket/3672
* Use new CLI options in certinstall testsPetr Viktorin2013-10-181-12/+33
| | | | | | | | | | The --pin and --dirman-password options simplified ipa-certinstall usage. Use them in tests. Also add tests for the old way of calling the command. https://fedorahosted.org/freeipa/ticket/3869 http://www.freeipa.org/page/V3/ipa-server-certinstall_CLI_cleanup
* test_caless.TestCertInstall: Fix 'test_no_ds_password' test casePetr Viktorin2013-10-181-1/+1
| | | | The test installed the HTTP cert instead of the DS one.
* Administrative password change does not respect password policyMartin Kosek2013-10-171-15/+29
| | | | | | | | | When Directory Manager or a PassSync agent is changing a password, it is not being expired, but standard expiration time should apply. However, default expiration time was always applied (90 days) even though administrator may have a custom policy for the user. https://fedorahosted.org/freeipa/ticket/3968
* Installer should always wait until CA starts upMartin Kosek2013-10-172-6/+11
| | | | | | | | | | | | | | Patch for ticket 3964 changed the installer so that it does not always wait for CA if the proxy is not configured. However, it was found out that it may freeze an installation when a step subsequent after CA restart call the CA and receives no reply. Change the wait so that it always waits for CA to start up. If HTTP proxy is already configured, it should wait on port 443. If not, it should wait on local PKI port 8443. https://fedorahosted.org/freeipa/ticket/3973
* ipatests: Extend the order plugin to properly handle inheritanceTomas Babej2013-10-171-1/+24
| | | | | | | | | | | When trying to create a new ordered test case by inheriting from already defined test case, by overriding few of its methods, the execution order of the tests is as follows: - first all non-overriden test methods from the parent test class - then all overriden tests methods This patch makes sure that methods are executed in the logical order, that is, the order defined in the parent class.
* Registries and Build GuidePetr Vobornik2013-10-162-0/+310
|
* Navigation GuidePetr Vobornik2013-10-162-0/+276
|
* Plugin Infrastructure GuidePetr Vobornik2013-10-162-0/+79
|
* Debugging Web UI guidePetr Vobornik2013-10-162-0/+85
|
* Phases GuidePetr Vobornik2013-10-163-0/+131
|
* Configuration for JSDuck documentation generatorPetr Vobornik2013-10-165-0/+252
| | | | | | | | | | Installation: https://github.com/senchalabs/jsduck/wiki/Installation Basically it requires ruby and jsduck gem. Usage: $ cd install/ui/doc $ make Documentation will be generated into: install/ui/build/code_doc directory
* Web UI source code annotationPetr Vobornik2013-10-1643-479/+5571
| | | | Part of ongoing Web UI documentation effort. Source code is annotated in a way that it can be processed by documentation generator.
* Removal of unused codePetr Vobornik2013-10-161-14/+0
|
* Load updated Web UI files after server upgradePetr Vobornik2013-10-1614-105/+243
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue: * There was no caching policy specified. * -> Browsers use their own default policy. * -> After upgrade, some Web UI files might have been actualized some not. * -> With schema change may result into weird bugs in Web UI Solution considerations: 1. Detect server version change and hard-reload at runtime Detection is easy. Problem is the reload. Obvious candidate 'window.location.reload(true)' works in Firefox but not in Chrome because expected behavior when parameter is used is not in standard and therefore Chromium/WebKit authors did not implement it. 2. Application Cache HTML 5 technology which lets web apps to run offline. Besides weird issues with event handlers which I encountered, this would be an ideal candidate. Simple change of manifest file would lead to reload of all files (requires reload of page to used the new files). Showstopper was usage with untrusted certificate. If user did not add exception for the cert or its CA and would visit the page for a second time, all AJAX calls would fail. 3. Set Expires to now() for everything Web UI rarely changes so this is an overkill. Setting it to different value is not a solution either. We can't predict when the upgrade will happen and when new Web UI will be needed. Solution: * Implemented a mini loader which loads basic resources. Dojo loader takes action after Dojo is loaded. * The loader adds a version parameter (?v=__NUM_VERSION__) to all requests. * Version is defined in the loader. It's set to current in `make version-update`. * All static pages use this loader to fetch their resources. * Version is also passed to dojo loader as cache-bust for the same effect. * Expire header was set to 'access time plus 1 year' for /ui folder. Exceptions are HTML files and loader (set to immediate expiration). Possible issues: * Images are cached but not requested with version param. * Images with version and without are considered different * -> We would have to attach version to all URIs - in CSS and in JS. But we should avoid changing jQuery UI CSS. * Proposed solution is to change image name when changing image. Image change is done rarely. * Version is set by build and therefore updated just on server update. It might cause trouble with different update schedule of plugins. * No action taken to address this issue yet. * We might leave it on plugin devs (own .conf in /etc/httpd/conf.d/) * or set expires to now for all plugins * running `make version-update` is required in order to use static version of UI for testing https://fedorahosted.org/freeipa/ticket/3798
generated by cgit (git 2.34.1) at 2025-09-03 20:50:33 +0000