| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Originally we made them all optional as a workaround for the lack of SELFDN
support in 389DS. However, with the advent of SELFDN, this hack is no longer
necessary. This patch updates TOTP to match HOTP in this regard.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
| |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an error occurs in the start up sequence in ipactl start/restart,
all the services are stopped. Using the --force option prevents
stopping of services that have successfully started, just skips the
services which can not be started.
ipactl status now shows stopped services also, if the directory
server is running.
With the contribution of Ana Krivokapic
https://fedorahosted.org/freeipa/ticket/3509
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the target filter to be multivalued.
Make the `type` option on permissions set location and an
(objectclass=...) targetfilter, instead of location and target.
Make changing or unsetting `type` remove existing
(objectclass=...) targetfilters only, and similarly,
changing/unsetting `memberof` to remove (memberof=...) only.
Update tests
Part of the work for: https://fedorahosted.org/freeipa/ticket/4074
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixed by starting the directory server when restarting if it is not
currently running to enable fetching running services
later restart didn't check that
also added a check, that if the directory server started at the
beginning, there is no need to restart it
https://fedorahosted.org/freeipa/ticket/4050
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4087
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for managed permissions. The attribute list
of these is computed from the "default" (modifiable only internally),
"allowed", and "excluded" lists. This makes it possible to cleanly
merge updated IPA defaults and user changes on upgrades.
The default managed permissions are to be added in a future patch.
For now they can only be created manually (see test_managed_permissions).
Tests included.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4033
Design: http://www.freeipa.org/page/V3/Managed_Read_permissions
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4158
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The working directory will be provided directly
by bind-dyndb-ldap package.
This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08.
https://fedorahosted.org/freeipa/ticket/3967
|
|
|
|
|
|
| |
This drastically improves performance of retro changelog trimming.
https://fedorahosted.org/freeipa/ticket/3967
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The checks for existing host and existing replication agreement
set a flag that caused an exit() if any of them failed.
Between these checks there was an unrelated check, DNS resolution.
If the host and DNS checks both failed, this made it look like
the DNS check was the cause of failed install. Especially if the user
ignored the DNS check in unattended mode, the output was confusing.
Remove the flag and fail directly.
Do the replication agreement check first; fixing this with
ipa-replica-manage del will also remove the host entry.
Also, use the logger for error messages so they appear in the log
file as well as on the console.
https://fedorahosted.org/freeipa/ticket/3889
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stock httpd no longer uses systemd EnvironmentFile option which is
making FreeIPA's KRB5CCNAME setting ineffective. This can lead in hard
to debug problems during subsequent ipa-server-install's where HTTP
may use a stale CCACHE in the default kernel keyring CCACHE.
Avoid forcing custom CCACHE and switch to system one, just make sure
that it is properly cleaned by kdestroy run as "apache" user during
FreeIPA server installation process.
https://fedorahosted.org/freeipa/ticket/4084
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add Web UI counterpart of following CLI commands:
* trust-fetch-domains Refresh list of the domains associated with the trust
* trustdomain-del Remove infromation about the domain associated with the trust.
* trustdomain-disable Disable use of IPA resources by the domain of the trust
* trustdomain-enable Allow use of IPA resources by the domain of the trust
* trustdomain-find Search domains of the trust
https://fedorahosted.org/freeipa/ticket/4119
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes how fonts are used.
- remove usage of bundled fonts and only system fonts are used instead
- by using alias in httpd conf
- by using local("Font Name") directive in font-face
- removed usage of overpass font
- redefined Open Sans font-face declarations. Note: upstream is doing the
same change so we will be fine on upgrade.
- introduce variable.less for variable definitions and overrides. This file
will be very useful when we upgrade to newer RCUE so we will be able to
redefine their and bootstrap's variables.
Fixes: https://fedorahosted.org/freeipa/ticket/2861
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4018
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2811
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
|
|
| |
as well
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
|
|
|
|
| |
- widgets has a new base class - Evented it allows raising various events
- it's purpose is to replace IPA.observer events in a future
- now all widget's IPA.observers events has their own counterpart
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3904
|