summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Create pkey-only option for find commandsMartin Kosek2011-10-2710-23/+86
| | | | | | | | | | | | New option --pkey-only is available for all LDAPSearch based classes with primary key visible in the output. This option makes LDAPSearch commands search for primary attribute only. This may be useful when manipulating large data sets. User can at first retrieve all primary keys in a relatively small data package and then run further commands with retrieved primary keys. https://fedorahosted.org/freeipa/ticket/1262
* Fixed inconsistent image names.Endi S. Dewata2011-10-2769-118/+137
| | | | | | | The images have been renamed to be more consistent and moved into the "images" directory to mimic the original jQuery UI structure. Ticket #1613
* Refactored validation code.Endi S. Dewata2011-10-276-50/+37
| | | | | The validation code in details facet, dialog, and sections have been modified to work more consistently.
* Merged widget's metadata and param_info.Endi S. Dewata2011-10-2711-148/+135
| | | | | | | The metadata and param_info attributes in widget have been merged because they are redundant. Ticket #1436
* Fixed "enroll" labels.Endi S. Dewata2011-10-2711-27/+25
| | | | | | | | | | Labels using the word "enroll" (except for host enrollment) have been modified to use more relevant words. The IPA.add_dialog has been renamed into IPA.entity_adder_dialog for clarity. Ticket #1642
* Fix nis netgroup config entry so users appear in netgroup triple.Rob Crittenden2011-10-273-1/+5
| | | | https://fedorahosted.org/freeipa/ticket/2028
* Fixed problem clearing validation error on checkboxes.Endi S. Dewata2011-10-261-0/+1
| | | | | | The IPA.checkboxes_widget has been modified such that it performs validation when the checkboxes are clicked. This will also clear any validation errors.
* Fixed host Enrolled column.Endi S. Dewata2011-10-262-25/+40
| | | | | | | The Enrolled column in the host search page has been added back to show the host enrollment status based on has_keytab attribute. Ticket #2020
* Removed HBAC deny rule warning.Endi S. Dewata2011-10-2612-205/+32
| | | | | | | The HBAC deny rule is no longer supported so it's no longer necessary to show the warning. Ticket #1444
* Fix ipa-managed-entries password option long formMartin Kosek2011-10-261-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1913
* Add --zonemgr/--admin-mail validatorMartin Kosek2011-10-266-16/+62
| | | | | | | | | | | Do at least a basic validation of DNS zone manager mail address. Do not require '@' to be in the mail address as the SOA record stores this value without it and people may be used to configure it that way. '@' is always removed by the installer/dns plugin before the DNS zone is created. https://fedorahosted.org/freeipa/ticket/1966
* Quote multiple workers optionAlexander Bokovoy2011-10-251-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2023
* Minor visual enhancement of required indicatorPetr Vobornik2011-10-252-1/+12
| | | | | | | | | https://fedorahosted.org/freeipa/ticket/1696 Changes: * in details table facet '*' don't break colon alignment * bolder, bigger (-> IMHO nicer) asteriks * float (visual style) moved to css file
* Fixed inconsistent required/optional attributes.Endi S. Dewata2011-10-2515-273/+313
| | | | | | | | | The dialogs and details pages have been modified to use the * symbol to mark required fields. The automount map and the DNS zone dialogs have been modified to update the required fields according to the input type. Ticket #1696, #1973
* remove enrolled columnAdam Young2011-10-241-6/+1
| | | | | | We don't have a value in the API that accuratly reflects the enrollment data. https://fedorahosted.org/freeipa/ticket/2020
* Update spec file to use systemd on Fedora 16 and aboveAlexander Bokovoy2011-10-241-1/+74
|
* Spin for connection success also when socket is not (yet) availableAlexander Bokovoy2011-10-241-1/+1
| | | | | | | | | | We were spinning for socket connection if attempt to connect returned errno 111 (connection refused). However, it is not enough for local AF_UNIX sockets as heavy applications might not be able to start yet and therefore the whole path might be missing. So spin for errno 2 (no such file or directory) as well. Partial fix for https://fedorahosted.org/freeipa/ticket/1990
* Add support for systemd environments and use it to support Fedora 16Alexander Bokovoy2011-10-2411-19/+371
| | | | https://fedorahosted.org/freeipa/ticket/1192
* Fix problems in help systemRob Crittenden2011-10-201-0/+8
| | | | | | | | | | Fixes 3 issues: - If a topic has all its commands disabled, it should be disabled - If a command is disabled its help should be disabled - The show-mappings help was missing a doc string so no help was displayed https://fedorahosted.org/freeipa/ticket/1998
* Ticket 1201 - Unable to Download Certificate with BrowserJohn Dennis2011-10-212-15/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Certificates are passed through the IPA XML-RPC and JSON as binary data in DER X509 format. Queries peformed against the LDAP server also return binary DER X509 format. In all cases the binary DER data is base-64 encoded. PEM is standard text format for certificates. It also uses base64 to encode the binary DER data, but had specific formatting requirements. The base64 data must be wrapped inside PEM delimiters and the base64 data must be line wrapped at 64 characters. Most external software which accepts certificates as input will only accept DER or PEM format (e.g. openssl & NSS). Although base64 is closely related to PEM it is not PEM unless the PEM delimters are present and the base64 data is line wrapped at 64 characters. We already convert binary DER certificates which have been passed as base64 in other parts of the IPA code. However this conversion has not been available in the web UI. When the web UI presented certificates it did so by filling a dialog box with a single line of base64 data. A user could not copy this data and use it as input to openssl or NSS for example. We resolve this problem by introducing new javascript functions in certificate.js. IPA.cert.pem_cert_format(text) will examine the text input and if it's already in PEM format just return it unmodified, otherwise it will line wrap the base64 data and add the PEM delimiters. Thus it is safe to call on either a previously formated PEM cert or a binary DER cert encoded as base64. This applies to pem_csr_format() as well for CSR's. Because pem_cert_format() is safe to call on either format the web UI will see the use of the flag add_pem_delimiters was eliminated except in the one case where the IPA.cert.download_dialog() was being abused to display PKCS12 binary data (pkcs12 is neither a cert nor a cert request). Because of the abuse of the cert.download_dialog() for pkcs12 it was necessary to retain the flag which in effect said "do not treat the data as PEM". Modify the CSR (Certificate Signing Request) dialog box to accept a PEM formatted CSR. Remove the artifical PEM delimiters above and below the dialog box which were used to suggest the input needed to be sans the delimiters. The dialog box continues to accept bare base64 thus allowing either text format. Also note this solves the display of certificate data in the UI without touching anything existing code in the server or command line, thus it's isolated.
* hbactest fails while you have svcgroup in hbacruleAlexander Bokovoy2011-10-201-2/+3
| | | | https://fedorahosted.org/freeipa/ticket/1988
* Fix client krb5 domain mapping and DNSMartin Kosek2011-10-211-7/+13
| | | | | | | | | | | Add Kerberos mapping for clients outside of server domain. Otherwise certmonger had problems issuing the certificate. Also make sure that client DNS records on the server are set before certmonger is started and certificate is requested. Based on Lars Sjostrom patch. https://fedorahosted.org/freeipa/ticket/2006
* Fixing infinite loop in UI navigation unit test.Petr Vobornik2011-10-201-3/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/1531 It's a fix for regression introduced by previous patch.
* Fixed dependency problem in UI test.Endi S. Dewata2011-10-201-0/+2
|
* Fixed: Duplicate CSS definitionsPetr Vobornik2011-10-1910-1704/+144
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1565 The ipa.css, ipa_error.css and ipa_migration.css contain some duplicate definitions which cause maintenance problems. Additional changes: * fixed whitespaces in ipa.css * unified headings in config pages
* Circular entity dependencyPetr Vobornik2011-10-184-104/+275
| | | | | | | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1531 Each entity is created together with its dependent objects (e.g. facets and dialog boxes). This causes a circular dependency problem because some of the objects need to obtain a reference to another entity that has not been created. Currently this is handled by storing only the other entity name and resolve it when needed (e.g. during rendering stage). In IPA.search_facet this delays the creation of the table widget, making it more difficult to customize. One solution is to do the object creation in 2 steps: * create all entity objects only * create the dependent objects in each entity Implemented solution: * all entities are created on application start * dependant objects (facets and dialogs) are created at once on their first use in entity.
* Fixed: Unable to add external user for RunAs User for Sudo rulesPetr Vobornik2011-10-171-0/+2
| | | | | | | https://fedorahosted.org/freeipa/ticket/1987 There is no way to add root or any external user as a RunAs User for a Sudo Rule.
* Improve hostgroup/netgroup collision checksMartin Kosek2011-10-172-2/+32
| | | | | | | | | | | | | | | When the NGP plugin is enabled, a managed netgroup is created for every hostgroup. We already check that netgroup with the same name does not exist and provide a meaningful error message. However, this error message was also printed when a duplicate hostgroup existed. This patch checks for duplicate hostgroup existence first and netgroup on the second place. It also makes sure that when NGP plugin is (temporarily) disabled, a colliding netgroup cannot be created. https://fedorahosted.org/freeipa/ticket/1914
* Fix typo in invalid PTR record error messageRob Crittenden2011-10-131-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1982
* If our domain is already configured in sssd.conf start with a new config.Rob Crittenden2011-10-131-1/+12
| | | | https://fedorahosted.org/freeipa/ticket/1989
* Update all LDAP configuration files that we can.Rob Crittenden2011-10-131-2/+5
| | | | | | | LDAP can be configured in any number of places, we need to update everything we find. https://fedorahosted.org/freeipa/ticket/1986
* Use set class instead of dictview class as set is wider supportedAlexander Bokovoy2011-10-131-2/+2
|
* Handle an empty value in a name/value pair in config_replace_variables()Rob Crittenden2011-10-131-1/+3
| | | | | | | | | This would blow up if you tried to append a value to an entry that looked like: NAME= https://fedorahosted.org/freeipa/ticket/1983
* Set min nvr of 389-ds-base to 1.2.10-0.4.a4 for limits fixes (740942, 742324)Rob Crittenden2011-10-131-1/+4
|
* Fix ipa-client-install -U option alignmentMartin Kosek2011-10-141-0/+1
|
* Document --preserve-sssd option of ipa-client-installAlexander Bokovoy2011-10-141-0/+9
| | | | | | | | | | | Add documentation about --preserve-sssd, an ipa-client-install's option to honor previously available SSSD configuration in case it is not possible to merge it cleanly with the new one. In this case ipa-client-install will fail and ask user to fix SSSD config before continuing. Additional fix for https://fedorahosted.org/freeipa/ticket/1750 https://fedorahosted.org/freeipa/ticket/1769
* Add explicit instructions to ipa-replica-manage for winsync replicationRob Crittenden2011-10-141-2/+29
| | | | https://fedorahosted.org/freeipa/ticket/1946
* Save the value of hostname even if it doesn't appear in /etc/sysconfig/networkRob Crittenden2011-10-131-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/1871
* Check /etc/hosts file in ipa-server-installMartin Kosek2011-10-133-10/+42
| | | | | | | | There may already be a record in /etc/hosts for chosen IP address which may not be detected under some circumstances. Make sure that /etc/hosts is checked properly. https://fedorahosted.org/freeipa/ticket/1923
* Hostname used by IPA must be a system hostnameMartin Kosek2011-10-134-7/+27
| | | | | | | | | | | Make sure that the hostname IPA uses is a system hostname. If user passes a non-system hostname, update the network settings and system hostname in the same way that ipa-client-install does. This step should prevent various services failures which may not be ready to talk to IPA with non-system hostname. https://fedorahosted.org/freeipa/ticket/1931
* Check hostname resolution sanityMartin Kosek2011-10-132-4/+12
| | | | | | | | | Always check (even with --setup-dns or --no-host-dns) that if the host name or ip address resolves, it resolves to sane value. Otherwise report an error. Misconfigured /etc/hosts causing these errors could harm the installation later. https://fedorahosted.org/freeipa/ticket/1923
* Fix dynamic display of UI tabs based on rightsAdam Young2011-10-121-2/+2
| | | | | | | | | | | | | Fixes the webui for the case wherea user is not admin but has a role. In that case, the UI should show the full administrative tabset, but was instead limited to the selfservice tabset. The problem was rolegroup had been renamed to role but the UI hadn't been updated to reflect this. Addresses https://bugzilla.redhat.com/show_bug.cgi?id=745957 https://fedorahosted.org/freeipa/ticket/1970
* Work around limits not being updatable in 389-ds.Rob Crittenden2011-10-121-1/+1
| | | | | | | | | The bug to fix updates, BZ 741744, isn't working. For the short term add the attributes we want to update to the REPLACE whitelist so rather than using an ADD and DEL operation it will use a REPLACE. https://fedorahosted.org/freeipa/ticket/1888
* updates: Change default limits on ldap searchesSimo Sorce2011-10-121-0/+20
| | | | | Fixes: https://fedorahosted.org/freeipa/ticket/1867 https://fedorahosted.org/freeipa/ticket/1888
* Fix has_upg() to work with relocated managed entries configuration.Rob Crittenden2011-10-131-18/+17
| | | | https://fedorahosted.org/freeipa/ticket/1964
* Refactor authconfig use in ipa-client-installAlexander Bokovoy2011-10-122-20/+103
| | | | | | | | | | | | | When certain features are being configured via authconfig, we need to remember what was configured and what was the state before it so that during uninstall we restore proper state of the services. Mostly it affects sssd configuration with multiple domains but also pre-existing LDAP and krb5 configurations. This should fix following tickets: https://fedorahosted.org/freeipa/ticket/1750 https://fedorahosted.org/freeipa/ticket/1769
* Make IPv4 address parsing more strictMartin Kosek2011-10-131-3/+9
| | | | | | | | | Let netaddr.IPAddress() use inet_pton() rather than inet_aton() for IP address parsing. We will use the same function in IPv4/IPv6 conversions + be stricter and don't allow IP addresses such as '1.1.1' at the same time. https://fedorahosted.org/freeipa/ticket/1965
* Optimize member/memberof searches in LDAPMartin Kosek2011-10-121-5/+4
| | | | | | | | | | | | When investigating if member/memberof attribute is direct/indirect we do a lot of LDAP SCOPE_SUBTREE searches when we actually search just for one item. Make sure we search only with SCOPE_BASE to improve the performance. One not so efficient iteration was also changed to list comprehension to speed things up a tiny bit. https://fedorahosted.org/freeipa/ticket/1885
* ipa-client-install hangs if the discovered server is unresponsiveMartin Kosek2011-10-122-3/+6
| | | | | | | | Add a timeout to the wget call to cover a case when autodiscovered server does not response to our attempt to download ca.crt. Let user specify a different IPA server in that case. https://fedorahosted.org/freeipa/ticket/1960
* Improve handling of GIDs when migrating groupsMartin Kosek2011-10-113-15/+67
| | | | | | | | | | | | Since IPA v2 server already contain predefined groups that may collide with groups in migrated (IPA v1) server (for example admins, ipausers), users having colliding group as their primary group may happen to belong to an unknown group on new IPA v2 server. Implement --group-overwrite-gid option to overwrite GID of already existing groups to prevent this issue. https://fedorahosted.org/freeipa/ticket/1866
generated by cgit (git 2.34.1) at 2025-09-02 14:35:37 +0000