| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/
|
|
|
|
|
| |
This adds the UI and does error checking of the selected object classes but
it doesn't actually use the values yet.
It also generalizes some functions for doing multi-valued fields.
|
| | |
|
| |
|
|
| |
Don't allow the default group for users to be removed.
|
| | |
|
| |
|
|
| |
Warning: this lacks any sort of authorization.
|
| | |
|
| |
|
|
|
|
| |
specific version check on freeradius. Packages aren't
available and the freeradius support isn't ready
anyway.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This add replication setup through two new commands: ipa-replica-prepare
and ipa-replica-install. The procedure is to run ipa-replica-prepare
on an existing master. This will collect information about the realm
and the current master and create a file storing all of the information.
After copying that file to the new replica, ipa-replica-install is
run (with -r to create a read-only replica).
This version of the patch also includes fixes for the sasl mappings
on the replicas.
Remaining features:
- ssl for replication.
- automatic configuration of mesh topology for
master (or a simpler way to replicate multiple
masters.
- tool for view / configuring current replication.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds 2 new groups: activated and inactivated.
If you, or a group you are a member of, is in inactivated then you are too.
If you, or a group you are a member of, is in the activated group, then you
are too.
In a fight between activated and inactivated, activated wins.
The DNs for doing this matching is case and white space sensitive.
The goal is to never have to actually set nsAccountLock in a user directly
but move them between these groups.
We need to decide where in the CLI this will happen. Right it is split
between ipa-deluser and ipa-usermod. To inactivate groups for now just
add the group to inactivate or active.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
ipaGroupSearchFields: cn,description
ipaSearchTimeLimit: 2
ipaSearchRecordsLimit: 0
ipaCustomFields:
ipaHomesRootDir: /home
ipaDefaultLoginShell: /bin/sh
ipaDefaultPrimaryGroup: ipausers
ipaMaxUsernameLength: 8
ipaPwdExpAdvNotify: 4
This could use some optimization.
|
| | |
|
| |
|
|
|
|
| |
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
|
| |
|
|
|
| |
Better error reporting in the GUI
Include a document describing how multi-valued fields work
|
| |
|
|
| |
add the radiusprofile to the list of objectclasses used when creating a user
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fix a bug in the local transport version of memberOf()
|
| |
|
|
| |
Make find-groups use memberOf to have a prettier dispaly of members
|
| |
|
|
| |
NOTE: this doesn't handle referential integrity.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need the elaborate python requires, since a requires
for e.g. "python-abi = 2.5" is automatically added.
We also don't need the elaborate build requires, since all
it does is query the currently installed version of python
and require that you have it's appropriate python-devel
installed. But if python-devel is installed at all, this
should hold true.
(Also, IMHO the .spec files should be removed from mercurial
since they are automatically generated)
Signed-off-by: Mark McLouglin <markmc@redhat.com>
|
| |
|
|
| |
Move some ACI functions around in preparation for cli delegation
|
| |
|
|
|
|
|
| |
Current ipa-python imports and calls code from ipaserver (which is in
the ipa-server package). This makes it impossible to use the admin
tools or the ipa-python package on a system without the server bits
installed. This fixes that in a fairly minimal way.
|
| |
|
|
|
| |
For now I've added a new API call. The field-specific searching is
a ways off.
|
| | |
|
| | |
|
| |
|
|
|
| |
Karl MacMillan
Remove #!/usr/bin/python from many files to quiet rpmlint
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
will need in the delegation UI.
|
| |
|
|
| |
Also a couple double-escaping fixes I missed in the last patch.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Modify the way we detect SELinux to use selinuxenabled instead of using
a try/except.
Handle SASL/GSSAPI authentication failures when getting a connection
|
| |
|
|
|
|
|
| |
the exception to contain the complete command.
Add a check to make sure installer is running as root.
Add signal handler to detect a user-cancelled installation.
Detect existing DS instances and prompt to remove them.
|
| |
|
|
|
| |
Add new class of errors for connections
Raise an exception if a connection cannot be made due to missing ccache
|
