summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server/funcs.py
Commit message (Collapse)AuthorAgeFilesLines
* Compatibility changes to work on RHEL 5 with python 2.4rcritten@redhat.com2007-11-301-5/+6
|
* Revert logging setup change because it has unintendedKarl MacMillan2007-12-031-3/+3
| | | | consequences during ipa-server-install.
* Require that the default users group existsRob Crittenden2007-11-301-8/+19
| | | | Fix some copy-paste errors from the password policy update
* Don't allow the admins or editors groups to be removed.Rob Crittenden2007-11-301-0/+10
| | | | Don't allow the default group for users to be removed.
* Remove optional arguments from the XML-RPC interfaceRob Crittenden2007-11-291-15/+15
|
* Add xml-rpc interface for getting keytabs.Karl MacMillan2007-11-211-0/+67
| | | | Warning: this lacks any sort of authorization.
* Generate master password from Simo.Karl MacMillan2007-11-211-3/+3
|
* Use groupOfNames and member, not groupOfUniqueNames and uniqueMemberSimo Sorce2007-11-201-16/+16
|
* Enable group inactivation by using the Class of Service plugin.Rob Crittenden2007-11-201-16/+88
| | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active.
* Implement the password policy UI and finish IPA policy UIRob Crittenden2007-11-161-55/+140
| | | | | | | | | | | | | | | | | | This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization.
* Use the dna plugin to automatically assign uidRob Crittenden2007-11-131-7/+14
| | | | | Set gid to the group "ipausers" Add the user to this default group
* Allow a user or group to change an attribute in its RDNRob Crittenden2007-11-121-4/+84
| | | | | Add secretary to the list of indexes otherwise RDN changing could be slow Port --addattr, --setattr and --delattr from usermod to groupmod
* Handle ldap.UNWILLING_TO_PERFORM more gracefullyRob Crittenden2007-11-091-1/+4
|
* remove offensive use of rpmJohn Dennis2007-11-061-1/+1
| | | | add the radiusprofile to the list of objectclasses used when creating a user
* Rename memberOf to group_members in xml-rpc interface.Karl MacMillan2007-10-311-1/+1
|
* Add memberOf API call to the XML-RPC interfaceRob Crittenden2007-10-301-0/+31
| | | | Make find-groups use memberOf to have a prettier dispaly of members
* Add delete user and group to webgui.Kevin McCarthy2007-10-231-3/+2
| | | | NOTE: this doesn't handle referential integrity.
* Add an LDAP attribute -> label mapping function to XML-RPC layerRob Crittenden2007-10-221-0/+11
| | | | Move some ACI functions around in preparation for cli delegation
* update_user and update_group need to be defined differently in orderRob Crittenden2007-10-221-2/+6
| | | | to be available to the XML-RPC interface
* Finish the email autosuggest.Kevin McCarthy2007-10-181-1/+10
| | | | | For now I've added a new API call. The field-specific searching is a ways off.
* Creates an update_entry api call, aliases update_user and update_group to it.Kevin McCarthy2007-10-151-6/+6
|
* Adds delegation listing and creation to the GUI.Kevin McCarthy2007-10-121-0/+9
|
* Remove buggy connection caching. Create a new connection for each LDAPRob Crittenden2007-10-121-36/+7
| | | | request.
* Add inetUser objectclass. Remove test-users ldif.Kevin McCarthy2007-10-111-3/+5
|
* Refactor the __get_entry into __get_base_entry and __get_sub_entry().Kevin McCarthy2007-10-111-11/+31
| | | | | The API needs to be thought about, but this is a quick fix w/minimal impact to allow get_entry_by_dn do work on non-leaf entries.
* Combine get_user/group by dn/cn into get_entry_by_cn/dn.Kevin McCarthy2007-10-091-31/+25
| | | | Also a couple double-escaping fixes I missed in the last patch.
* Several escaping fixes:Kevin McCarthy2007-10-051-2/+7
| | | | | | - illegal dn characters need to be escaped - null characters in search filters - dynamicedit.js was double html escaping (the python layer does it already)
* New LDAP connection pool that does lockingRob Crittenden2007-10-081-24/+62
|
* Try to catch more error conditions during installationrcritten@redhat.com2007-10-031-2/+5
| | | | | | Modify the way we detect SELinux to use selinuxenabled instead of using a try/except. Handle SASL/GSSAPI authentication failures when getting a connection
* Add the rest of the user fields to the user pages.Kevin McCarthy2007-10-031-1/+1
|
* I broke add_groups_to_user and remove_groups_from_user with myrcritten@redhat.com2007-10-021-6/+2
| | | | "use group DN" patch. This fixes it.
* Do group operations based on the group DN, not the CNrcritten@redhat.com2007-10-021-31/+30
| | | | | Add new class of errors for connections Raise an exception if a connection cannot be made due to missing ccache
* Rely more on kerberos.Simo Sorce2007-10-011-27/+30
| | | | | | | Don't read ipa.conf to get the realm, the kerberos libs do that for you. Use the krbPrincipalName to change passwords Make it possible to specify the principal at user creation. Mail is not a required attribute so far, don't require it.
* Add group management to the user edit page.Kevin McCarthy2007-09-281-0/+50
| | | | Added a couple more API calls to make the inverse operations easier.
* patch queue: add_filters.patchKevin McCarthy2007-09-271-0/+3
|
* Make timelimit a parameter to the find methods.Kevin McCarthy2007-09-271-8/+4
|
* Misc small fixes:Kevin McCarthy2007-09-251-5/+25
| | | | | | | | | | - Members of groups are clickable - Combine name and uid into a single column in find users - Remove license plate from searching - Mailto links on user emails - Add timelimit to finds. This is experimental... - Fix usersearch to only search on objectClass=Person - Change search to use get parameter
* Adds methods to manipulate groups by dns.Kevin McCarthy2007-09-261-40/+96
| | | | | Renamed some of the user_group parameters to be self-evident. Binary wrapping isn't necessary on strings, so removed from xmlrpc calls.
* Adds manager and direct reports to usershow page.Kevin McCarthy2007-09-251-2/+16
| | | | Fixes a bug with the group by member where is wasn't trapping not found errors.
* Show the list of groups a user belongs to.Kevin McCarthy2007-09-251-2/+25
|
* Fix error when using with TurboGearsrcritten@redhat.com2007-09-251-2/+3
|
* Enable LDAP debugging using the mod_python Apache configuration directivercritten@redhat.com2007-09-211-8/+10
| | | | PythonOption IPADebug On/Off
* Don't fall back on proxy authentication. We don't generate the certificatesrcritten@redhat.com2007-09-241-4/+7
| | | | anymore and that failure just causes more confusion.
* Merge conflicts between rob and kevin patchesSimo Sorce2007-09-201-13/+60
|\
| * Handle add/remove failures a little bit better.Kevin McCarthy2007-09-191-2/+2
| | | | | | | | | | Still some refinements that can be done, but at least it shows the failures now.
| * Implement asynchronous search for groups.Kevin McCarthy2007-09-191-8/+55
| | | | | | | | Use the filter generation code to search on multiple fields.
| * Add client-side search limit parameter for user search.Kevin McCarthy2007-09-181-3/+3
| | | | | | | | | | Limit editgroup user ajax search. Minor UI cleanup for editgroup.
* | Use ticket forwarding with TurboGears. mod_proxy forwards the principalrcritten@redhat.com2007-09-141-20/+22
| | | | | | | | | | | | name and location of the keytab. In order for this keytab to be usable TurboGears and Apache will need to run as the same user. We will also need to listen only on localhost in TG.
* | Add function to allow user's to set/reset their kerberos passwordrcritten@redhat.com2007-09-111-0/+18
|/ | | | Remove some unused calls to retrieve the current realm
* small release fixes:Kevin McCarthy2007-09-071-1/+1
| | | | | - Make password not required for add person - Fix for searching on '*' or ''
generated by cgit (git 2.34.1) at 2025-09-06 05:52:05 +0000