summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server
Commit message (Collapse)AuthorAgeFilesLines
* Catch all errors when obtaining an LDAP connection.Rob Crittenden2008-04-151-0/+2
| | | | 442582
* Don't quit trying to lock a user if they aren't in the activated group.Rob Crittenden2008-04-141-1/+5
| | | | | | | | Users are considered activated by default so don't need to be in the activated group explicitly. Ignore the "not in group" error when trying to remove them. 442470
* Don't allow the admin user to be removed from the admins group.Rob Crittenden2008-04-041-0/+10
| | | | 439281
* Add missing normalizeDN() when removing members from a group.Rob Crittenden2008-04-041-4/+11
| | | | 438387
* Fix typo in python directive. Fixes marking a group active.Rob Crittenden2008-04-011-1/+1
| | | | 440142
* Fix crash when creating new groups. You can't iterate over a None variable.Rob Crittenden2008-04-011-0/+2
| | | | 440081
* Fix account activation.Rob Crittenden2008-03-311-6/+53
| | | | | | | | | | | | | | | | We do account activation by using a Class of Service based on group membership. A problem can happen if the entry itself has an nsaccountlock attribute and you try doing Class of Service work as well because the local attribute has priority. So try to detect that the entry has a local nsAccountLock attribute and report an appropriate error. Don't allow the admins or editors groups to be de-activated. Return a better error message if account [in]activation fails. Catch errors when doing group [in]activation. 439230
* Don't allow the admin user to be removed using the XML-RPC Interface.Rob Crittenden2008-03-281-0/+2
| | | | | | If a site really wants it gone then can delete it via LDAP. 439281
* Do case-less comparisons when considering objectclass but store theRob Crittenden2008-03-281-3/+3
| | | | | | | | | | current value to prevent unnecessary LPAP updates (and failed writes) Don't check against these lists on updates, only add them on new entries. Disable the ability to configure in the UI these values for now. 438256
* Normalize member DN's when determining whether they are in a groupRob Crittenden2008-03-261-1/+5
| | | | | | as a direct or indirect member. 438387
* When getting members let user indicate what type of member they want.Rob Crittenden2008-03-271-4/+44
| | | | | | | | | | The memberOf attribute includes members that are directly in the group via the "member" attribute and those that are included as a result of being in a group that is in the group. The UI needs to be able to distinguish between the two. 438706
* Re-root the IPA web UI to /ipa and the XML-RPC interface to /ipaxml.Rob Crittenden2008-03-242-18/+14
| | | | 438021
* We are really changing the kerberos principal key and not the password whenRob Crittenden2008-03-241-4/+4
| | | | | | | | | | we do updates, so use the right terminology internally. Also fix the actual field we update (and grant permission appropriately in delegations). The DS password handles updating userPassword and any Samba passwords as necessary. 438256
* Allow the realm to be included in the name passed to add_service_principal()Rob Crittenden2008-03-171-3/+6
| | | | | | | This is more kerberos-like and it doesn't hurt anything, we just won't allow realms other than our own to be used. 437566
* Adding items to the set needs to be lower case to prevent duplicates.Rob Crittenden2008-03-101-1/+1
| | | | | | | This function was assuming that the target list was all lower-case so the set could end up with duplicate values which would get kicked out by LDAP. 433680
* Filter out K/M and krbtgt principals from the service principals list.Rob Crittenden2008-03-031-2/+3
| | | | 435713
* Do argument type checking in the XML-RPC interfaceRob Crittenden2008-02-291-60/+149
| | | | | Fix error in service principals where the service wasn't being removed before doing the DNS lookup.
* In the UI we don't want to display Edit links unless someone can actuallyRob Crittenden2008-02-271-1/+8
| | | | | | | | | | | | edit things. We use the 'editors' group for this. This group itself grants no permission other than displaying certain things in the UI. In order to be in the editors group a user must be a member of a group that is the source group in a delegation. The memberof plugin will do all the hard work to be sure that a user's memberof contains cn=editors if they are in a delegated group. 432874
* The admins group cannot be renamed.Rob Crittenden2008-02-271-0/+3
| | | | 433880
* Require that service principals resolve to a DNS A record.Rob Crittenden2008-02-261-2/+21
| | | | | | There is a --force option for those who know what they are doing. 433483
* Add failover to the XML-RPC clientRob Crittenden2008-02-222-1/+7
| | | | 433506
* Don't allow a group to be a member of itself.Rob Crittenden2008-02-221-1/+5
| | | | 434542
* Syntax error, ')' in the worng place throws nasty 500 errors on ldap errors :)Simo Sorce2008-02-211-1/+1
|
* Redirect users when they don't use the FQDN on both SSL and non-SSL portsRob Crittenden2008-02-213-12/+14
| | | | | | | We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054
* Fix bug that prevented single-character fieldsRob Crittenden2008-02-112-4/+10
| | | | | | | | | | Fix bug in exception handling where we were sending the wrong thing as detail. Basically we were catching an LDAP error, generating an IPAError from it, catching that, then setting the detail of the 2nd exception to another IPAError rather than the root exception. This caused anything looking at e.detail to crap out Resolves 432136
* Switch 'below' to 'above' to point to the right location of the CA on the pageRob Crittenden2008-02-071-1/+1
|
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-043-6/+3
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-183-7/+8
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Service principal deletionRob Crittenden2008-01-112-0/+21
|
* Remove registration of get_keytabRob Crittenden2008-01-031-1/+0
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-042-0/+8
| | | | easier to use.
* In add_service_principal() don't let the user pass in the realm.Rob Crittenden2008-01-071-0/+4
| | | | This could result in a principal of the form: service/host@something@REALM
* Finishe removing previous code to fetch keytabsSimo Sorce2007-12-211-33/+0
|
* Fix minor typo in unauthorized page.Karl MacMillan2007-12-121-1/+1
|
* Add automatic browser configuration for kerberos SSO using javascript.Rob Crittenden2007-12-122-1/+18
| | | | | | This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript.
* Make the old entry option in update_*, check for empty parameters andRob Crittenden2007-12-111-58/+222
| | | | fix some problems reported by pychecker.
* Enable searching for multiple things at onceRob Crittenden2007-12-111-1/+1
|
* Tie the logging module to 'PythonOption IPADebug' in /etc/httpd/conf.d/ipa.confRob Crittenden2007-12-112-10/+10
|
* Merge.Karl MacMillan2007-12-112-9/+160
|\
| * Remove some debugging statementsRob Crittenden2007-12-101-2/+0
| |
| * Make uid an editable field in the Edit UI so we can do RDN changesRob Crittenden2007-12-061-3/+6
| | | | | | | | | | | | | | Fix group RDN changes Remove a copy/paste error in the group UI update that caused 2 updates Fix variable name so groups don't get user objectclasses Remove color CSS for field backgrounds as they override disabled field display
| * Utilize user and group objectclass lists in cn=ipaconfigRob Crittenden2007-12-061-4/+22
| | | | | | | | Change the syntax on user and group objectclasses in cn=ipaconfig
| * Move dn removal to the XML-RPC side and remove empty attributesRob Crittenden2007-12-051-2/+23
| |
| * Add UI for service principal creation and keytab retrievalRob Crittenden2007-12-052-1/+73
| |
| * Phase 1 of allowing admins to set the default object classes for users & groupsRob Crittenden2007-12-041-0/+39
| | | | | | | | | | | | | | This adds the UI and does error checking of the selected object classes but it doesn't actually use the values yet. It also generalizes some functions for doing multi-valued fields.
* | mergeJohn Dennis2007-12-041-30/+63
|\|
| * Convert krbmaxpwdlife and krbminpwdlife from seconds into days and hoursRob Crittenden2007-12-031-5/+16
| |
| * Compatibility changes to work on RHEL 5 with python 2.4rcritten@redhat.com2007-11-301-5/+6
| |
| * Revert logging setup change because it has unintendedKarl MacMillan2007-12-031-3/+3
| | | | | | | | consequences during ipa-server-install.
| * Require that the default users group existsRob Crittenden2007-11-301-8/+19
| | | | | | | | Fix some copy-paste errors from the password policy update
generated by cgit (git 2.34.1) at 2025-09-06 22:59:03 +0000