| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Test were modified accordingly to AMD changes.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
|
| |
Updated makefiles to comply to new directory structure and also to use builder
for building Web UI.
FreeIPA package spec is modified to use the output of the builder.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
| |
Web UI sources were wrapped by AMD definition. Listed dependencies were changed
accordingly.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
| |
Added configuration file for DOJO loader. Removal of JS links from index.html of
files which were changed to AMD modules.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
| |
Update is needed because various files were moved to different directories.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
| |
SSIA
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
| |
Third party JS libraries which are not AMD modules were moved to src/libs/
directory. Links in html files were changed accordingly.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
| |
Add util/sync.sh utility. It serves for copying source codes or compiled code
of Web UI to testing servers. Useful for development.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added symbolic links which points to directories which should contain files of
Web UI layers. By changing those links we can switch between debugging (using
source codes) or testing (compiled version).
util/change-profile.sh utility serves for changing symbolic links in js/ dir
and therefore for switching between debugging and testing.
Default configuration for development is:
* freeipa source files
* libs as in git
* compiled Dojo layer
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
|
|
|
| |
Added configuration files for building Dojo library and built library itself.
This configuration contains only modules currently needed.
make-dojo.sh script should be used for rebuilding the library when additional
modules or an update are needed.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
| |
* Added package configuration and build profile of FreeIPA UI layer for
Dojo Builder.
* Added script (util/make-ui.sh) which builds the layer
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for Dojo builder.
* Includes built builder and patches required to build the builder.
* _base/configRhino.js is required by the builder to run under rhino.
* added utility scripts for running the builder
* build.sh
* clean.sh
* compile.sh
* make-builder.sh
* prepare-dojo.sh
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
| |
Uglify.js library was included in ui/util folder. A wrapper script
util/uglifyjs/uglify was created to run Uglify.js in Rhino enviroment.
https://fedorahosted.org/freeipa/ticket/112
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enabled mod_deflate for:
* text/html (HTML files)
* text/plain (for future use)
* text/css (CSS files)
* text/xml (XML RPC)
* application/javascript (JavaScript files)
* application/json (JSON RPC)
* application/x-font-woff (woff fonts)
Added proper mime type for woff fonts.
Disabled etag header because it doesn't work with mod_deflate.
https://fedorahosted.org/freeipa/ticket/3326
|
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3215
|
|
|
|
|
|
|
|
|
|
|
|
| |
When either dirsrv or krb5kdc is down, named service restart in
ipa-upgradeconfig will fail and cause a crash of the whole upgrade
process.
Rather only report a failure to restart the service and continue
with the upgrade as it does not need the named service running. Do
the same precaution for pki-ca service restart.
https://fedorahosted.org/freeipa/ticket/3350
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When CRL files are being migrated to a new directory, the upgrade
log may contain an error message raised during MasterCRL.bin symlink
migration. This is actually being caused by `chown' operation which
tried to chown a symlinked file that was not migrated yet.
Sort migrated files before the migration process and put symlinks
at the end of the list. Also do not run chown on the symlinks as
it is a redundant operation since the symlinked file will be
chown'ed on its own.
https://fedorahosted.org/freeipa/ticket/3336
|
|
|
|
|
|
|
|
| |
When using 'Add and Add Another' button in entity adder dialog the dialog lose focus when an item is successfully added.
It caused by search dialog filter input. It gets focus in search facet's refresh. The refresh is happening when item is added.
This patch is disabling this focus and additionally is focusing first input element to allow imidiate definion of another item
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In all dialogs:
* validation notification was standardized
* can be confirmed by enter
User pwd dialog has fixed focus of first element.
https://fedorahosted.org/freeipa/ticket/2884
https://fedorahosted.org/freeipa/ticket/3200
Standartize password reset dialog
|
|
|
|
|
|
| |
Support for confirm mixin in association dialog.
https://fedorahosted.org/freeipa/ticket/3200
|
|
|
|
|
|
| |
When multiple dialogs is opened and one is closed the new top dialog doesn't recieve focus. It prevents from confirming/canceling the dialog using keyboard. This patch is fixing it.
https://fedorahosted.org/freeipa/ticket/3200
|
|
|
|
|
|
| |
Refactored error dialog and unauthorized dialog to support confirm mixin.
https://fedorahosted.org/freeipa/ticket/3200
|
|
|
|
|
|
| |
Added confirm mixin support to entity adder dialog.
https://fedorahosted.org/freeipa/ticket/3200
|
|
|
|
|
|
|
|
| |
Base mixin class for dialogs witch confirmation/canceling capabilities.
When used, dialog can be 'confirmed' by 'enter' key or canceled by 'escape' key. It doesn't accept confirmation from all elements to not override default expected behavior like creating new line in text area, executing link or selecting a value in a select element.
https://fedorahosted.org/freeipa/ticket/3200
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3035
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3035
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3035
|
|
|
|
|
|
| |
Originally ipa-server-install would still prompt for the hostname even if it's supplied in the initial installation command.
Ticket: https://fedorahosted.org/freeipa/ticket/2692
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora 16 introduced chrony as default client time&date synchronization
service:
http://fedoraproject.org/wiki/Features/ChronyDefaultNTP
Thus, there may be people already using chrony as their time and date
synchronization service before installing IPA.
However, installing IPA server or client on such machine may lead to
unexpected behavior, as the IPA installer would configure ntpd and leave
the machine with both ntpd and chronyd enabled. However, since the OS
does not allow both chronyd and ntpd to be running concurrently and chronyd
has the precedence, ntpd would not be run on that system at all.
Make sure, that user is warned when trying to install IPA on such
system and is given a possibility to either not to let IPA configure
ntpd at all or to let the installer stop and disable chronyd.
https://fedorahosted.org/freeipa/ticket/2974
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the default IPA CA certificate profile to include CRL and
OCSP extensions which will add URIs to IPA CRL&OCSP to published
certificates.
Both CRL and OCSP extensions have 2 URIs, one pointing directly to
the IPA CA which published the certificate and one to a new CNAME
ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
to all IPA replicas which have CA configured.
The new CNAME is added either during new IPA server/replica/CA
installation or during upgrade.
https://fedorahosted.org/freeipa/ticket/3074
https://fedorahosted.org/freeipa/ticket/1431
|
|
|
|
|
|
|
|
|
|
|
| |
When user from other realm than FreeIPA's tries to use Web UI (login via forms-based auth or with valid trusted realm ticket), he gets an unauthorized error with X-Ipa-Rejection-Reason=denied. Web UI responds with showing login dialog with following error message: 'Sorry you
are not allowed to access this service.'.
Note: such users are not supported because they don't have a corresponding entry in LDAP which is needed for ACLs.
https://fedorahosted.org/freeipa/ticket/3252
denied change
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3132
|
|
|
|
|
|
|
|
|
| |
When DNS zone/record manipulation commands fails for example due to
a ValidationError, ipa-replica-prepapre reports a whole traceback
which is difficult to read. Make sure our error error is more
readable.
https://fedorahosted.org/freeipa/ticket/3283
|
|
|
|
|
|
|
|
| |
The file is only present in the case of a server installation.
It should only be touched by the server installer and ipactl.
https://fedorahosted.org/freeipa/ticket/3277
|
|
|
|
|
|
|
| |
README-LICENSE.txt file with licensing information of third party code used by
Web UI in production or development was added.
https://fedorahosted.org/freeipa/ticket/3281
|
|
|
|
|
|
|
|
|
|
|
| |
Fedora+systemd changed deprecated /etc/sysconfig/network which was
used by IPA to store static hostname for the IPA machine. See
https://bugzilla.redhat.com/show_bug.cgi?id=881785 for details.
Change Fedora platform files to store the hostname to /etc/hostname
instead.
https://fedorahosted.org/freeipa/ticket/3279
|
|
|
|
|
|
|
|
|
|
| |
After upgrade, sshkeys of existing users and hosts or mac address are not editable because attribute level rights are not send to Web UI due to lack of ipasshuser/ieee802device object classes.
'w_if_no_aci' attribute flag was introduced to bypass this issue. It makes attribute writable when AttributeLevelRights for the attribute are not present and only when user posses rights for modifying object class attribute.
The flag was set for sshkeys_field and mac address field.
https://fedorahosted.org/freeipa/ticket/3260
|
|
|
|
|
|
| |
In FreeIPA 2.2, the default for group type was 'POSIX', in 3.0 it's 'normal' (non-posix). CLI's default is 'POSIX', Web UI should use 'POSIX' as well.
https://fedorahosted.org/freeipa/ticket/3270
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ipa-csreplica-manage tool often assumed that the port numbers are the
same on both sides of a replication agreement.
This assumption doesn't hold in a cluster with both old-style hosts and
ones with merged DBs.
When managing agreements, determine the port with the PKI (or merged) DS
on each master, and use it.
Also, in CSReplicationManager, always use starttls rather than ldaps://.
|
|
|
|
|
|
|
|
|
| |
With the new unified Dogtag10 LDAP database, PKI-CA data and the
agreements themselves are now in the main LDAP instance.
Replication management tools now need to properly filter replication
agreements based on the suffix to avoid clashing of agreements of
different types.
|
|
|
|
|
|
|
|
|
|
| |
Stopping certificate tracking was done as part of the PKI DS uninstall.
Since with the merged DB, thePKI DS is not used any more, this step
was skipped.
Move certificate untracking to a separate step and call it separately.
Also, the post-uninstall check for tracked certificates used the wrong
set of Dogtag constants. Fix the issue.
|
|
|
|
|
|
|
|
| |
This brings /etc/dirsrv/slapd-REALM/certmap.conf under IPA control.
The file is overwritten on upgrades.
This ensures that the cert for the ipaca user is recognized when
ipa-ca-install is run on older masters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new merged database will replicate with both the IPA and CA trees, so all
DS instances (IPA and CA on the existing master, and the merged one on the
replica) need to have the same schema.
Dogtag does all its schema modifications online. Those are replicated normally.
The basic IPA schema, however, is delivered in ldif files, which are not
replicated. The files are not present on old CA DS instances. Any schema
update that references objects in these files will fail.
The whole 99user.ldif (i.e. changes introduced dynamically over LDAP) is
replicated as a blob. If we updated the old master's CA schema dynamically
during replica install, it would conflict with updates done during the
installation: the one with the lower CSN would get lost.
Dogtag's spawn script recently grew a new flag, 'pki_clone_replicate_schema'.
Turning it off tells Dogtag to create its schema in the clone, where the IPA
modifications are taking place, so that it is not overwritten by the IPA schema
on replication.
The patch solves the problems by:
- In __spawn_instance, turning off the pki_clone_replicate_schema flag.
- Providing a script to copy the IPA schema files to the CA DS instance.
The script needs to be copied to old masters and run there.
- At replica CA install, checking if the schema is updated, and failing if not.
The --skip-schema-check option is added to ipa-{replica,ca}-install to
override the check.
All pre-3.1 CA servers in a domain will have to have the script run on them to
avoid schema replication errors.
https://fedorahosted.org/freeipa/ticket/3213
|
|
|
|
|
|
|
|
|
|
|
|
| |
New servers that are installed with dogtag 10 instances will use
a single database instance for dogtag and IPA, albeit with different
suffixes. Dogtag will communicate with the instance through a
database user with permissions to modify the dogtag suffix only.
This user will authenticate using client auth using the subsystem cert
for the instance.
This patch includes changes to allow the creation of masters and clones
with single ds instances.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The password and modrdn plugins needed to be made transaction aware
for the pre and post operations.
Remove the reverse member hoop jumping. Just fetch the entry once
and all the memberof data is there (plus objectclass).
Fix some unit tests that are failing because we actually get the data
now due to transactions.
Add small bit of code in user plugin to retrieve the user again
ala wait_for_attr but in the case of transactions we need do it only
once.
Deprecate wait_for_attr code.
Add a memberof fixup task for roles.
https://fedorahosted.org/freeipa/ticket/1263
https://fedorahosted.org/freeipa/ticket/1891
https://fedorahosted.org/freeipa/ticket/2056
https://fedorahosted.org/freeipa/ticket/3043
https://fedorahosted.org/freeipa/ticket/3191
https://fedorahosted.org/freeipa/ticket/3046
|
|
|
|
|
|
|
|
| |
Web UI part of 'disable global forwaring per zone' effort.
Option "Forwarding disabled" was added to 'DNS global config' and 'DNS zone' forwarding policy. It corresponds to 'none' value of idnsforwardpolicy.
https://fedorahosted.org/freeipa/ticket/3209
|
|
|
|
| |
Fixes https://fedorahosted.org/freeipa/ticket/3192
|
|
|
|
|
|
|
| |
This assumed that at least was returned by LDAP. This is not the case
if no replicas have ever been created.
https://fedorahosted.org/freeipa/ticket/3229
|
|
|
|
|
|
|
| |
The user_u context in the default list was broader than is actually
configured by default on systems.
https://fedorahosted.org/freeipa/ticket/3224
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3208
|