| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
|
| |
|
|
|
|
|
| |
A simple sort(key=len) is simpler both implementation-wise and
semantics-wise.
Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
|
| |
|
|
|
|
| |
Remove all unused LDAP-related imports, plus some other ones.
This should make it easier to quickly check what uses which LDAP wrapper
|
| |
|
|
|
|
|
| |
We did not have the includedir directory with a trailing slash which made
rpm update add a redundant line.
https://fedorahosted.org/freeipa/ticket/3132
|
| |
|
|
|
|
|
|
| |
IA5 string syntax does not have a compatible ORDERING matching rule.
Simply use default ORDERING for these attributeTypes as we already
do in other cases.
https://fedorahosted.org/freeipa/ticket/3398
|
| |
|
|
|
|
|
|
| |
Add mising ipaExternalMember attribute and ipaExternalGroup objectclass.
Replacing mis-spelled ORDERING value on new install and upgrades.
https://fedorahosted.org/freeipa/ticket/3398
|
| |
|
|
|
|
|
| |
This is to prevent a fatal name clash wih the new common "messages" Output.
Since i18n_messages is an internal plugin, the change does not affect
our public API.
|
| |
|
|
|
|
| |
freeipa.profile was updated accordingly to contain all modules in dojo layer.
This change removes expected errors during the build and therefore it won't confuse others during rpm build. It also helps during development because developer will notice real dependency errors (those not specified this way).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One can specify module ids provided by other means (already built layer file) in providedMids array of build profile file's package section. Builder then ignores dependency errors for specified modules. This allows to build layers without source codes of their dependencies, with no expected errors raised.
Example:
packages:[
{
name: "freeipa",
location: "freeipa",
providedMids: [
'dojo/_base/declare',
'dojo/_base/lang',
'dojo/_base/array',
'dojo/Stateful'
//etc
]
}
],
|
| |
|
|
|
|
|
|
|
|
|
| |
Develop.js contains code useful only for debugging. It is not part of FreeIPA
release.
Is loaded by typing require(['freeipa/develop']); in browser JS console.
It adds IPA global variable and provide easier way of loading AMD modules into
window.ipadev[providedNameOrModuleName] variable.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Sudo commands created in the past have the sudocmd in their RDN, while
the new case-sensitive ones have ipaUniqueID. In order for permissions
to apply to both of these, use a targetfilter for objectclass=ipasudocmd
instead of sudocmd=* in the target.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since it is not really possible to separate SSH errors from
errors of the called program, add a SSH check before
calling replica-conncheck on the master.
The check also adds the master to a temporary known_hosts file,
so suppressing SSH's warning about unknown host is no longer
necessary. If the "real" connection fails despite the check,
any SSH errors will be included in the output.
https://fedorahosted.org/freeipa/ticket/3402
|
| |
|
|
|
|
|
|
|
| |
Add new LDAP container to store the list of domains associated with IPA realm.
Add two new ipa commands (ipa realmdomains-show and ipa realmdomains-mod) to allow
manipulation of the list of realm domains.
Unit test file covering these new commands was added.
https://fedorahosted.org/freeipa/ticket/2945
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3132
|
| |
|
|
|
|
|
|
| |
When ipa-adtrust-install is run, check if there are any objects
that need have SID generated. If yes, interactively ask the user
if the sidgen task should be run.
https://fedorahosted.org/freeipa/ticket/3195
|
| |
|
|
|
|
|
|
| |
Update our LDAP schema and add 2 new attributes for SID blacklist
definition. These new attributes can now be set per-trust with
trustconfig command.
https://fedorahosted.org/freeipa/ticket/3289
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the discovery code to validate all servers, regardless of where
the originated (either via SRV records or --server). This will prevent
the client installer from failing if one of those records points to a
server that is either not running or is not an IPA server.
If a server is not available it is not removed from the list of configured
servers, simply moved to the end of the list.
If a server is not an IPA server it is removed.
https://fedorahosted.org/freeipa/ticket/3388
|
| |
|
|
|
|
|
|
| |
When deleting a replica from IPA domain:
* Abort if the installation is about to be left without CA
* Warn if the installation is about to be left without DNS
Ticket: https://fedorahosted.org/freeipa/ticket/2879
|
| |
|
|
|
|
|
|
|
|
| |
Modify update file to use default: rather than add: in
cn=replication,cn=etc,$SUFFIX.
Drop quotes around nsDS5ReplicaRoot because default: values
are not parsed as CSV.
https://fedorahosted.org/freeipa/ticket/3394
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Break the script into several smaller methods.
Use modern idioms: os.path.join instead of string addition; the with statement
for closing files.
Add --quiet, --verbose, and --log-file options. Use logging instead of print
statements. (http://freeipa.org/page/V3/Logging_and_output)
Part of: https://fedorahosted.org/freeipa/ticket/2652
Fixes: https://fedorahosted.org/freeipa/ticket/3285
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some parts of install scripts used only ccache name as returned by
krbV.CCache.name attribute. However, when this name is used again
to initialize krbV.CCache object or when it is used in KRB5CCNAME
environmental variable, it fails for new DIR type of CCACHE.
We should always use both CCACHE type and name when referring to
them to avoid these crashes. ldap2 backend was also updated to
accept directly krbV.CCache object which contains everything we need
to authenticate with ccache.
https://fedorahosted.org/freeipa/ticket/3381
|
| |
|
|
| |
https://fedorahosted.org/freeipa/ticket/3381
|
| |
|
|
|
| |
"Add SIDs for existing users andgroups as the final step" changed
to "Add SIDs for existing users and groups as the final step".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dogtag opens its NSS database in read/write mode so we need to be very
careful during renewal that we don't also open it up read/write. We
basically need to serialize access to the database. certmonger does the
majority of this work via internal locking from the point where it generates
a new key/submits a rewewal through the pre_save and releases the lock after
the post_save command. This lock is held per NSS database so we're save
from certmonger. dogtag needs to be shutdown in the pre_save state so
certmonger can safely add the certificate and we can manipulate trust
in the post_save command.
Fix a number of bugs in renewal. The CA wasn't actually being restarted
at all due to a naming change upstream. In python we need to reference
services using python-ish names but the service is pki-cad. We need a
translation for non-Fedora systems as well.
Update the CA ou=People entry when he CA subsystem certificate is
renewed. This certificate is used as an identity certificate to bind
to the DS instance.
https://fedorahosted.org/freeipa/ticket/3292
https://fedorahosted.org/freeipa/ticket/3322
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The DS is installed before the CA cert is generated. Trying to
add the cert to LDAP before it exists resulted in a nasty-looking
error message.
This moves the cert upload to after the CA cert is ready and the
certdb is created.
Move the cert upload to after thecertdb is generated.
https://fedorahosted.org/freeipa/ticket/3375
|
| |
|
|
|
|
|
| |
Update anonymous access ACI so that no users besides Trust Admins
users can read AD Trust key attributes (ipaNTTrustAuthOutgoing,
ipaNTTrustAuthIncoming). The change is applied both for updated
IPA servers and new installations.
|
| |
|
|
|
| |
This will later allow clients to securely download the CA cert by
performaing mutual auth using LDAP with GSSAPI
|
| |
|
|
|
|
| |
Test were modified accordingly to AMD changes.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
|
| |
Updated makefiles to comply to new directory structure and also to use builder
for building Web UI.
FreeIPA package spec is modified to use the output of the builder.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Web UI sources were wrapped by AMD definition. Listed dependencies were changed
accordingly.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Added configuration file for DOJO loader. Removal of JS links from index.html of
files which were changed to AMD modules.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
| |
Update is needed because various files were moved to different directories.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
| |
SSIA
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Add util/sync.sh utility. It serves for copying source codes or compiled code
of Web UI to testing servers. Useful for development.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added symbolic links which points to directories which should contain files of
Web UI layers. By changing those links we can switch between debugging (using
source codes) or testing (compiled version).
util/change-profile.sh utility serves for changing symbolic links in js/ dir
and therefore for switching between debugging and testing.
Default configuration for development is:
* freeipa source files
* libs as in git
* compiled Dojo layer
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
|
|
|
| |
Added configuration files for building Dojo library and built library itself.
This configuration contains only modules currently needed.
make-dojo.sh script should be used for rebuilding the library when additional
modules or an update are needed.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
| |
* Added package configuration and build profile of FreeIPA UI layer for
Dojo Builder.
* Added script (util/make-ui.sh) which builds the layer
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for Dojo builder.
* Includes built builder and patches required to build the builder.
* _base/configRhino.js is required by the builder to run under rhino.
* added utility scripts for running the builder
* build.sh
* clean.sh
* compile.sh
* make-builder.sh
* prepare-dojo.sh
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
| |
Uglify.js library was included in ui/util folder. A wrapper script
util/uglifyjs/uglify was created to run Uglify.js in Rhino enviroment.
https://fedorahosted.org/freeipa/ticket/112
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enabled mod_deflate for:
* text/html (HTML files)
* text/plain (for future use)
* text/css (CSS files)
* text/xml (XML RPC)
* application/javascript (JavaScript files)
* application/json (JSON RPC)
* application/x-font-woff (woff fonts)
Added proper mime type for woff fonts.
Disabled etag header because it doesn't work with mod_deflate.
https://fedorahosted.org/freeipa/ticket/3326
|
| |
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3215
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When either dirsrv or krb5kdc is down, named service restart in
ipa-upgradeconfig will fail and cause a crash of the whole upgrade
process.
Rather only report a failure to restart the service and continue
with the upgrade as it does not need the named service running. Do
the same precaution for pki-ca service restart.
https://fedorahosted.org/freeipa/ticket/3350
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When CRL files are being migrated to a new directory, the upgrade
log may contain an error message raised during MasterCRL.bin symlink
migration. This is actually being caused by `chown' operation which
tried to chown a symlinked file that was not migrated yet.
Sort migrated files before the migration process and put symlinks
at the end of the list. Also do not run chown on the symlinks as
it is a redundant operation since the symlinked file will be
chown'ed on its own.
https://fedorahosted.org/freeipa/ticket/3336
|
| |
|
|
|
|
|
|
| |
When using 'Add and Add Another' button in entity adder dialog the dialog lose focus when an item is successfully added.
It caused by search dialog filter input. It gets focus in search facet's refresh. The refresh is happening when item is added.
This patch is disabling this focus and additionally is focusing first input element to allow imidiate definion of another item
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In all dialogs:
* validation notification was standardized
* can be confirmed by enter
User pwd dialog has fixed focus of first element.
https://fedorahosted.org/freeipa/ticket/2884
https://fedorahosted.org/freeipa/ticket/3200
Standartize password reset dialog
|
| |
|
|
|
|
| |
Support for confirm mixin in association dialog.
https://fedorahosted.org/freeipa/ticket/3200
|
| |
|
|
|
|
| |
When multiple dialogs is opened and one is closed the new top dialog doesn't recieve focus. It prevents from confirming/canceling the dialog using keyboard. This patch is fixing it.
https://fedorahosted.org/freeipa/ticket/3200
|
| |
|
|
|
|
| |
Refactored error dialog and unauthorized dialog to support confirm mixin.
https://fedorahosted.org/freeipa/ticket/3200
|
| |
|
|
|
|
| |
Added confirm mixin support to entity adder dialog.
https://fedorahosted.org/freeipa/ticket/3200
|
