summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ipatests: Perform a connection test before preparing the clientTomas Babej2014-02-101-0/+4
| | | | | | | | | | | | When the host is down, the preparation of the host fails. This produces misleading errors, since the test framework reports that the actual command being executed failed, when in fact (in case of SSHTransport), the cause of failure was unability to establish a SSH session. https://fedorahosted.org/freeipa/ticket/4132 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* ipatests: legacy_clients: Test legacy clients with non-posix trustTomas Babej2014-02-101-13/+76
| | | | | | | | | Adds test cases for legacy client support with IPA that has estabilish trust with AD that does not leverage POSIX attributes defined on AD. https://fedorahosted.org/freeipa/ticket/4134 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Remove sourcehostcategory from the default HBAC rule.Jan Cholasta2014-02-062-2/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4158 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Migration does not add users to default groupMartin Kosek2014-02-051-7/+10
| | | | | | | | | | When users with missing default group were searched, IPA suffix was not passed so these users were searched in a wrong base DN. Thus, no user was detected and added to default group. https://fedorahosted.org/freeipa/ticket/4141 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Run restoring backup files and restoring their context in one sessionTomas Babej2014-02-051-10/+14
| | | | | | | | | | | | | | Restoring backup files and restoring their context were two separate commands, what means that in case we use SSHTrasport, which creates a separate SSH session for each command, we try to restore the SELinux context of the changed files in a new session. This causes problems, if the access to files themselves are necessary for the creation of the new SSH session. https://fedorahosted.org/freeipa/ticket/4133 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: Add records for all hosts in master's domainTomas Babej2014-02-053-0/+62
| | | | | | | | | | | | | | All the hosts in the domain have IPA master set as their only nameserver. However, the IPA master does not create records for these machines by default. This is not an big issue for clients or replicas, since those records do get created in other ways, but external hosts using their internal hostnames will not resolve. Adds an A record for each host in master's domain. https://fedorahosted.org/freeipa/ticket/4130 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipatests: test_legacy_clients: Change "test group" to "testgroup"Tomas Babej2014-02-051-2/+2
| | | | | | | | | | The integration test for legacy clients used incorrectly "test group" instead of "testgroup" as group used on AD for test purposes. This is inconsistent with the usage of "testuser". https://fedorahosted.org/freeipa/ticket/4131 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* ipa tool: Print the name of the server we are connecting to with -vPetr Viktorin2014-02-052-3/+8
| | | | | | | | | | | | | The logging level for these messages was decreaed so that they do not show up in ipa-advise output. Reset the log level to INFO and configure ipa-advise to not display INFO messages from xmlclient by default. Partially reverts commit efe5a96725d3ddcd05b03a1ca9df5597eee693be https://fedorahosted.org/freeipa/ticket/4135 Reviewed-By: Tomáš Babej <tbabej@redhat.com>
* integration tests OpenSSHTransport: Expand tilde to home in ↵Petr Viktorin2014-02-051-1/+2
| | | | | | | | | root_ssh_key_filename Expand paths beginning with a tilde, such as the default ~/.ssh/id_rsa, to the home directory. https://fedorahosted.org/freeipa/ticket/4115
* ipa-lockout: do not fail when default realm cannot be readMartin Kosek2014-02-041-17/+17
| | | | | | | | | | | When ipa-lockout plugin is started during FreeIPA server installation, the default realm may not be available and plugin should then not end with failure. Similarly to other plugins, start in degraded mode in this situation. Operation is fully restored during the final services restart. https://fedorahosted.org/freeipa/ticket/4085
* Fallback to global policy in ipa-lockout pluginMartin Kosek2014-02-031-0/+34
| | | | | | | | | | krbPwdPolicyReference is no longer filled default users. Instead, plugins fallback to hardcoded global policy reference. Fix ipa-lockout plugin to fallback to it instead of failing to apply the policy. https://fedorahosted.org/freeipa/ticket/4085
* Use reserved domain names for testsPetr Spacek2014-01-301-31/+38
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Rename variables in test xmlrpc/dns_pluginPetr Spacek2014-01-301-479/+486
| | | | https://fedorahosted.org/freeipa/ticket/4139
* Use private IPv4 addresses for testsPetr Spacek2014-01-301-48/+63
| | | | https://fedorahosted.org/freeipa/ticket/4139
* BUILD: Fix portability of NSS in file ipa_pwd.cLukas Slebodnik2014-01-283-5/+8
| | | | Tested-by: Timo Aaltonen <tjaalton@ubuntu.com>
* Remove working directory for bind-dyndb-ldap plugin.Petr Spacek2014-01-273-18/+1
| | | | | | | | | The working directory will be provided directly by bind-dyndb-ldap package. This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08. https://fedorahosted.org/freeipa/ticket/3967
* Limit memberOf and refInt DS plugins to main IPA suffix.Petr Spacek2014-01-272-4/+15
| | | | | | This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
* Convert remaining frontend code to LDAPEntry API.Jan Cholasta2014-01-2428-344/+364
|
* Raise an exception when legacy LDAP API is used.Jan Cholasta2014-01-241-19/+12
|
* Convert remaining test code to LDAPEntry API.Jan Cholasta2014-01-242-5/+5
|
* Convert remaining update code to LDAPEntry API.Jan Cholasta2014-01-248-28/+25
|
* Convert remaining installer code to LDAPEntry API.Jan Cholasta2014-01-2411-56/+59
|
* Get original entry state from LDAP in LDAPUpdate.Jan Cholasta2014-01-241-1/+6
|
* ntpconf: remove redundant commentMartin Kosek2014-01-241-2/+1
| | | | https://fedorahosted.org/freeipa/ticket/4094
* Fix ntpd config on clients.Jan Cholasta2014-01-242-1/+11
| | | | https://fedorahosted.org/freeipa/ticket/4094
* CLDAP: add unit tests for make_netbios_nameSumit Bose2014-01-232-0/+87
|
* CLDAP: generate NetBIOS name like ipa-adtrust-install doesSumit Bose2014-01-232-14/+35
| | | | Fixes https://fedorahosted.org/freeipa/ticket/4116
* ipa-replica-install: Move check for existing host before DNS resolution checkPetr Viktorin2014-01-231-15/+24
| | | | | | | | | | | | | | | | | | | The checks for existing host and existing replication agreement set a flag that caused an exit() if any of them failed. Between these checks there was an unrelated check, DNS resolution. If the host and DNS checks both failed, this made it look like the DNS check was the cause of failed install. Especially if the user ignored the DNS check in unattended mode, the output was confusing. Remove the flag and fail directly. Do the replication agreement check first; fixing this with ipa-replica-manage del will also remove the host entry. Also, use the logger for error messages so they appear in the log file as well as on the console. https://fedorahosted.org/freeipa/ticket/3889
* Implement XML introspectionPetr Viktorin2014-01-142-9/+140
| | | | https://fedorahosted.org/freeipa/ticket/2937
* rpcserver: Consolidate __call__ in xmlclient and jsonclient_kerbPetr Viktorin2013-12-101-54/+34
| | | | | | | | | The two classes had very similar __call__ methods, but the JSON server lacked error handling. Create a common class for the __call__ method. https://fedorahosted.org/freeipa/ticket/4069
* httpd should destroy all CCACHEsMartin Kosek2014-01-221-1/+1
| | | | | | | | Use "kdestroy -A" command to destroy all CCACHEs, both the primary and the non-primary ones to make sure that the non-primary ones are not used later. https://fedorahosted.org/freeipa/ticket/4084
* Switch httpd to use default CCACHEMartin Kosek2014-01-222-20/+9
| | | | | | | | | | | | | Stock httpd no longer uses systemd EnvironmentFile option which is making FreeIPA's KRB5CCNAME setting ineffective. This can lead in hard to debug problems during subsequent ipa-server-install's where HTTP may use a stale CCACHE in the default kernel keyring CCACHE. Avoid forcing custom CCACHE and switch to system one, just make sure that it is properly cleaned by kdestroy run as "apache" user during FreeIPA server installation process. https://fedorahosted.org/freeipa/ticket/4084
* Add runas option to run functionMartin Kosek2014-01-221-21/+38
| | | | | | | | Run function can now run the specified command as different user by setting the both real and effective UID and GID for executed process. Add both the missing run function attribute doc strings as well as a doc string for the runas attribute.
* ipasam: delete trusted child domains before removing the trustAlexander Bokovoy2014-01-211-1/+44
| | | | | | | LDAP protocol doesn't allow deleting non-leaf entries. One needs to remove all leaves first before removing the tree node. https://fedorahosted.org/freeipa/ticket/4126
* Trust domains Web UIPetr Vobornik2014-01-214-4/+77
| | | | | | | | | | | | Add Web UI counterpart of following CLI commands: * trust-fetch-domains Refresh list of the domains associated with the trust * trustdomain-del Remove infromation about the domain associated with the trust. * trustdomain-disable Disable use of IPA resources by the domain of the trust * trustdomain-enable Allow use of IPA resources by the domain of the trust * trustdomain-find Search domains of the trust https://fedorahosted.org/freeipa/ticket/4119
* Use only system fontsPetr Vobornik2014-01-2112-141/+108
| | | | | | | | | | | | | | | | This commit changes how fonts are used. - remove usage of bundled fonts and only system fonts are used instead - by using alias in httpd conf - by using local("Font Name") directive in font-face - removed usage of overpass font - redefined Open Sans font-face declarations. Note: upstream is doing the same change so we will be fine on upgrade. - introduce variable.less for variable definitions and overrides. This file will be very useful when we upgrade to newer RCUE so we will be able to redefine their and bootstrap's variables. Fixes: https://fedorahosted.org/freeipa/ticket/2861
* Web UI integration tests: maximize browser window by defaultPetr Vobornik2014-01-211-0/+1
|
* Use fluid layout in host adder dialog fqdn widgetPetr Vobornik2014-01-213-58/+49
|
* About dialogPetr Vobornik2014-01-215-0/+44
| | | | https://fedorahosted.org/freeipa/ticket/4018
* Increase distance between control buttons and facet-tabsPetr Vobornik2014-01-211-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3904
* New header spinnerPetr Vobornik2014-01-214-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Fix association adder dialog table-body positionPetr Vobornik2014-01-211-6/+2
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Increase margin between facet control buttonsPetr Vobornik2014-01-211-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Font awesome glyphs as checkboxes and radiosPetr Vobornik2014-01-212-43/+52
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Use font awesome glyph for dialog close buttonPetr Vobornik2014-01-213-8/+13
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Facet title status iconsPetr Vobornik2014-01-212-14/+19
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Status widgets iconsPetr Vobornik2014-01-214-137/+82
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Replace icons with the ones from Font AwesomePetr Vobornik2014-01-2112-45/+51
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Font Awesome icons in headerPetr Vobornik2014-01-214-9/+21
| | | | https://fedorahosted.org/freeipa/ticket/3904
* Change font-awesome to be compilable by lesscpyPetr Vobornik2014-01-212-2/+6
| | | | https://fedorahosted.org/freeipa/ticket/3904
generated by cgit (git 2.34.1) at 2024-05-08 00:20:59 +0000