summaryrefslogtreecommitdiffstats
path: root/ipa-server/xmlrpc-server
Commit message (Collapse)AuthorAgeFilesLines
* The admins group cannot be renamed.Rob Crittenden2008-02-271-0/+3
| | | | 433880
* Require that service principals resolve to a DNS A record.Rob Crittenden2008-02-261-2/+21
| | | | | | There is a --force option for those who know what they are doing. 433483
* Add failover to the XML-RPC clientRob Crittenden2008-02-222-1/+7
| | | | 433506
* Don't allow a group to be a member of itself.Rob Crittenden2008-02-221-1/+5
| | | | 434542
* Syntax error, ')' in the worng place throws nasty 500 errors on ldap errors :)Simo Sorce2008-02-211-1/+1
|
* Redirect users when they don't use the FQDN on both SSL and non-SSL portsRob Crittenden2008-02-213-12/+14
| | | | | | | We update the mod_nss configuration (nss.conf) during installation to include ipa-rewrite.conf to handle the SSL side. 433054
* Fix bug that prevented single-character fieldsRob Crittenden2008-02-112-4/+10
| | | | | | | | | | Fix bug in exception handling where we were sending the wrong thing as detail. Basically we were catching an LDAP error, generating an IPAError from it, catching that, then setting the detail of the 2nd exception to another IPAError rather than the root exception. This caused anything looking at e.detail to crap out Resolves 432136
* Switch 'below' to 'above' to point to the right location of the CA on the pageRob Crittenden2008-02-071-1/+1
|
* Set the license uniformly to GPLv2 only.Rob Crittenden2008-02-043-6/+3
|
* Fix issues reported by rpmlint.Rob Crittenden2008-01-183-7/+8
| | | | | | | | | | | | | | - Removing shebangs (#!) from a bunch of python libraries - Don't use a variable name in init scripts for the lock file - Keep the init script name consistent with the binary name, so renamed ipa-kpasswd.init to ipa_kpasswd.init - Add status option to the init scripts - Move most python scripts out of /usr/share/ipa and into the python site-packages directories (ipaserver and ipaclient) - Remove unnecessary sys.path.append("/usr/share/ipa") - Fix the license string in the spec files - Rename ipa-webgui to ipa_webgui everywhere - Fix a couple of issues reported by pychecker in ipa-python
* Service principal deletionRob Crittenden2008-01-112-0/+21
|
* Remove registration of get_keytabRob Crittenden2008-01-031-1/+0
|
* Add function to retrieve a short list of attributes to make ipa-adddelegationRob Crittenden2008-01-042-0/+8
| | | | easier to use.
* In add_service_principal() don't let the user pass in the realm.Rob Crittenden2008-01-071-0/+4
| | | | This could result in a principal of the form: service/host@something@REALM
* Finishe removing previous code to fetch keytabsSimo Sorce2007-12-211-33/+0
|
* Fix minor typo in unauthorized page.Karl MacMillan2007-12-121-1/+1
|
* Add automatic browser configuration for kerberos SSO using javascript.Rob Crittenden2007-12-122-1/+18
| | | | | | This uses the UniversalPreferencesWrite function to set the browser preferences to allow negotiation and ticket forwarding in the IPA domain. A self-signed certificate is generated to sign the javascript.
* Make the old entry option in update_*, check for empty parameters andRob Crittenden2007-12-111-58/+222
| | | | fix some problems reported by pychecker.
* Enable searching for multiple things at onceRob Crittenden2007-12-111-1/+1
|
* Tie the logging module to 'PythonOption IPADebug' in /etc/httpd/conf.d/ipa.confRob Crittenden2007-12-112-10/+10
|
* Merge.Karl MacMillan2007-12-112-9/+160
|\
| * Remove some debugging statementsRob Crittenden2007-12-101-2/+0
| |
| * Make uid an editable field in the Edit UI so we can do RDN changesRob Crittenden2007-12-061-3/+6
| | | | | | | | | | | | | | Fix group RDN changes Remove a copy/paste error in the group UI update that caused 2 updates Fix variable name so groups don't get user objectclasses Remove color CSS for field backgrounds as they override disabled field display
| * Utilize user and group objectclass lists in cn=ipaconfigRob Crittenden2007-12-061-4/+22
| | | | | | | | Change the syntax on user and group objectclasses in cn=ipaconfig
| * Move dn removal to the XML-RPC side and remove empty attributesRob Crittenden2007-12-051-2/+23
| |
| * Add UI for service principal creation and keytab retrievalRob Crittenden2007-12-052-1/+73
| |
| * Phase 1 of allowing admins to set the default object classes for users & groupsRob Crittenden2007-12-041-0/+39
| | | | | | | | | | | | | | This adds the UI and does error checking of the selected object classes but it doesn't actually use the values yet. It also generalizes some functions for doing multi-valued fields.
* | mergeJohn Dennis2007-12-041-30/+63
|\|
| * Convert krbmaxpwdlife and krbminpwdlife from seconds into days and hoursRob Crittenden2007-12-031-5/+16
| |
| * Compatibility changes to work on RHEL 5 with python 2.4rcritten@redhat.com2007-11-301-5/+6
| |
| * Revert logging setup change because it has unintendedKarl MacMillan2007-12-031-3/+3
| | | | | | | | consequences during ipa-server-install.
| * Require that the default users group existsRob Crittenden2007-11-301-8/+19
| | | | | | | | Fix some copy-paste errors from the password policy update
| * Don't allow the admins or editors groups to be removed.Rob Crittenden2007-11-301-0/+10
| | | | | | | | Don't allow the default group for users to be removed.
| * Remove optional arguments from the XML-RPC interfaceRob Crittenden2007-11-291-15/+15
| |
* | fix merge errorJohn Dennis2007-11-291-44/+0
| |
* | merged radius work with latest mainline tipJohn Dennis2007-11-284-66/+438
|\|
| * Add xml-rpc interface for getting keytabs.Karl MacMillan2007-11-212-0/+69
| | | | | | | | Warning: this lacks any sort of authorization.
| * Generate master password from Simo.Karl MacMillan2007-11-211-3/+3
| |
| * Use groupOfNames and member, not groupOfUniqueNames and uniqueMemberSimo Sorce2007-11-201-16/+16
| |
| * Enable group inactivation by using the Class of Service plugin.Rob Crittenden2007-11-202-17/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds 2 new groups: activated and inactivated. If you, or a group you are a member of, is in inactivated then you are too. If you, or a group you are a member of, is in the activated group, then you are too. In a fight between activated and inactivated, activated wins. The DNs for doing this matching is case and white space sensitive. The goal is to never have to actually set nsAccountLock in a user directly but move them between these groups. We need to decide where in the CLI this will happen. Right it is split between ipa-deluser and ipa-usermod. To inactivate groups for now just add the group to inactivate or active.
| * Implement the password policy UI and finish IPA policy UIRob Crittenden2007-11-162-56/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This includes a default password policy Custom fields are now read from LDAP. The format is a list of dicts with keys: label, field, required. The LDAP-based configuration now specifies: ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title ipaGroupSearchFields: cn,description ipaSearchTimeLimit: 2 ipaSearchRecordsLimit: 0 ipaCustomFields: ipaHomesRootDir: /home ipaDefaultLoginShell: /bin/sh ipaDefaultPrimaryGroup: ipausers ipaMaxUsernameLength: 8 ipaPwdExpAdvNotify: 4 This could use some optimization.
| * Remove reference to a bogus system and make the error message more genericRob Crittenden2007-11-141-1/+1
| |
| * Use the dna plugin to automatically assign uidRob Crittenden2007-11-131-7/+14
| | | | | | | | | | Set gid to the group "ipausers" Add the user to this default group
| * Allow a user or group to change an attribute in its RDNRob Crittenden2007-11-121-4/+84
| | | | | | | | | | Add secretary to the list of indexes otherwise RDN changing could be slow Port --addattr, --setattr and --delattr from usermod to groupmod
| * Handle ldap.UNWILLING_TO_PERFORM more gracefullyRob Crittenden2007-11-091-1/+4
| |
| * Don't continue if a kerberos credentials cache is not availableRob Crittenden2007-11-091-8/+8
| | | | | | | | | | forked-model detection was incorrect. Both of these return an error instead of raising one
| * Redirect to the FQDN otherwise kerberos auth may failRob Crittenden2007-11-121-2/+8
| |
* | add command line utilites for radius profilesJohn Dennis2007-11-261-5/+6
| |
* | Add radius profile implementations:John Dennis2007-11-212-25/+135
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | get_radius_profile_by_uid add_radius_profile update_radius_profile delete_radius_profile find_radius_profiles Rewrite command line arg handling, now support pair entry, interactive mode with auto completion, reading pairs from a file, better handling of mandatory values, better help, long arg names now match attribute name in pairs Establish mappings for all attributes and names used in clients and profiles Add notion of containers to radius clients and profiles in LDAP Move common code, variables, constants, and strings into the files radius_client.py, radius_util.py, ipautil.py to eliminate redundant elements which could get out of sync if modified and to provide access to other code which might benefit from using these items in the future. Add utility functions: format_list() parse_key_value_pairs() Add utility class: AttributeValueCompleter Unify attribute usage in radius ldap schema
* | add ipa-findradiusclient searchJohn Dennis2007-11-142-0/+32
| |
generated by cgit (git 2.34.1) at 2025-09-05 03:33:01 +0000