summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins
Commit message (Collapse)AuthorAgeFilesLines
* Add an address for a nameserver when a new zone is created during installJakub Hrozek2011-01-311-1/+10
| | | | https://fedorahosted.org/freeipa/ticket/881
* Rename permissions and privileges to be more readable.Rob Crittenden2011-01-311-20/+16
| | | | | | | This also drops description from permissions since it seems redundant and fixes up the help text a little. ticket 792
* Fixed permission lookupJan Zeleny2011-01-313-12/+16
| | | | | | | | Lookup based on --filter wasn't implemented at all. It did't show until now, because of bug sitting on top of it which was resulting in internal error. This patch fixes the bug and adds the filtering functionality. https://fedorahosted.org/freeipa/ticket/818
* ipa permission-mod --rename does not workMartin Kosek2011-01-281-5/+22
| | | | | | | | | | | This patch fixes nonfunctional rename operation in permission plugin. Also makes sure, that no change is made to the underlying ACI in pre_callback() when the target permission already exists. Several tests for the rename operation have been created to ensure that the it won't break again unnoticed. https://fedorahosted.org/freeipa/ticket/814
* Fix delegation helpJakub Hrozek2011-01-281-6/+6
|
* Enforce that all NS records are resolvableJakub Hrozek2011-01-281-0/+61
| | | | | | | Bind cannot load a zone if any of its name server records is not resolvable. https://fedorahosted.org/freeipa/ticket/838
* Add example of DNS SRV record and a simple validatorJakub Hrozek2011-01-281-0/+23
| | | | https://fedorahosted.org/freeipa/ticket/846
* Delete the whole DNS record with no parametersJakub Hrozek2011-01-281-4/+48
| | | | | | | | | Error out when deleting a nonexistent DNS record Also fixes the DNS unit tests. https://fedorahosted.org/freeipa/ticket/816 https://fedorahosted.org/freeipa/ticket/829
* host-add should not add a PTR record with --no-reverseJakub Hrozek2011-01-281-7/+10
| | | | https://fedorahosted.org/freeipa/ticket/866
* Add support for account unlockingJan Zeleny2011-01-281-0/+24
| | | | | | | | This patch adds command ipa user-unlock and some LDAP modifications which are required by Kerberos for unlocking to work. Ticket: https://fedorahosted.org/freeipa/ticket/344
* dirtyAdam Young2011-01-271-1/+2
| | | | | If a page is dirty, do not allow additional navigation until changes are saved or committed https://fedorahosted.org/freeipa/ticket/726
* adding label for RBACAdam Young2011-01-271-1/+2
|
* ACI plugin supports prefixesMartin Kosek2011-01-264-44/+131
| | | | | | | | | | | | | | | | | | | | | | | | When more than one plugin produce ACIs, they share common namespace of ACI name. This may lead to name collisions between the ACIs from different plugins. This patch introduces a mandatory "prefix" attribute for non-find ACI operations which allow plugins to use their own prefixes (i.e. namespaces) which is then used when a name of the ACI is generated. Permission, Delegation and Selfservice plugins has been updated to use their own prefixes thus avoiding name collisions by using their own namespaces. Default ACIs in LDIFs has been updated to follow this new policy. Permission plugin now uses its CN (=primary key) instead of description in ACI names as Description may not be unique. This change requires an IPA server reinstall since the default ACI set has been changed. https://fedorahosted.org/freeipa/ticket/764
* Raise ValidationError when adding unallowed attribute to search fields.Pavel Zuna2011-01-261-0/+16
| | | | Ticket #845
* Tab I18NAdam Young2011-01-261-0/+7
| | | | | | | Makes the values for the Top level tabs internationizable, and no longer just passes through their names Also uses the I18N values for SUDO and HBAC as the static text in the Action p[anel title
* Add flags to enforce asking for object attributeJan Zeleny2011-01-261-6/+6
| | | | | | | So far the only flag to enforce asking in interactive mode was the alwaysask attribute, which is not sufficient any more. This patch adds the ability to control for which actions the atrribute shall be asked for.
* Fix assorted bugs found by pylintJakub Hrozek2011-01-253-3/+2
|
* Enforce uniqueness on (key,info) pairs in automount keysJakub Hrozek2011-01-251-9/+166
| | | | https://fedorahosted.org/freeipa/ticket/293
* Disable renaming to empty stringJan Zeleny2011-01-241-0/+2
| | | | | | | | So far it was possible to rename any object using LDAPUpdate to a name with empty primary key. Since this can cause nasty problems, this patch disables empty string in --rename argument. https://fedorahosted.org/freeipa/ticket/827
* Make a copy of objectclasses so a call can't update them globally.Rob Crittenden2011-01-242-5/+6
| | | | | | In the host plugin we may change the default objectclasses based on the options selected. This was affecting it globally and causing subsequent calls to fail.
* Removed 'name' from 'Sudo Command Group name'.Endi S. Dewata2011-01-241-1/+1
|
* Added scrollable panel for delete dialog box.Endi S. Dewata2011-01-241-1/+1
|
* Make ipa permission-add ask for optional attributesJan Zeleny2011-01-211-0/+6
| | | | | | | Either one of type, filter, subtree, targetgroup, attrs or memberof is required. https://fedorahosted.org/freeipa/ticket/819
* Rename INTERNAL to NO_CLI for commands we hide from the cli.Rob Crittenden2011-01-217-22/+24
| | | | | | Also make i18n_messages and json_metadata NO_CLI. ticket 821
* Add some basic filter validation to permissions and disallow empty filtersRob Crittenden2011-01-211-4/+14
| | | | | | | Try a query with a filter to see if it is at least legal. This doesn't guarantee that the filter is at all otherwise sane. ticket 808
* Fix dns_is_enabled commandSimo Sorce2011-01-201-3/+3
|
* Provide API to check if IPA DNS is enabled on some serverSimo Sorce2011-01-191-0/+25
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/600
* Fix password/random logic in host plugin.Pavel Zuna2011-01-181-6/+9
| | | | Fix #798
* Fix updating of DNS records by the host plugin.Pavel Zuna2011-01-181-5/+5
| | | | Fix #799
* Remove SOA maximum parameters from DNS zone.Pavel Zuna2011-01-181-5/+0
| | | | | | | | There's no such thing as "maximum" in SOA record RDATA format according to RFC 1035 and there's also no such attribute in the schema. Fix #788
* Fix crash when building DN of host with name ending with period.Pavel Zuna2011-01-181-4/+5
| | | | Fix #797
* Modified description of nsaccountlock attributeJan Zeleny2011-01-181-1/+1
| | | | | | | The original one was misleading, giving the value exactly opposite meaning than it actually was. https://fedorahosted.org/freeipa/ticket/741
* Details to SettingsAdam Young2011-01-151-4/+8
| | | | Using I18N messages for most of the details
* Rename DNS2 to DNSJakub Hrozek2011-01-142-1/+1
|
* Port installer and host plugin to the new DNS pluginJakub Hrozek2011-01-143-964/+66
| | | | | | * move ipa dns-resolve to the new plugin * port the installer and the host plugin to the new interface * remove the old plugin
* Add API version and have server reject incompatible clients.Rob Crittenden2011-01-142-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | This patch contains 2 parts. The first part is a small utility to create and validate the current API. To do this it needs to load ipalib which on a fresh system introduces a few problems, namely that it relies on a python plugin to set the default encoding to utf8. For our purposes we can skip that. It is also important that any optional plugins be loadable so the API can be examined. The second part is a version exchange between the client and server. The version has a major and a minor version. The major verion is updated whenever existing API changes. The minor version is updated when new API is added. A request will be rejected if either the major versions don't match or if the client major version is higher than then server major version (though by implication new API would return a command not found if allowed to proceed). To determine the API version of the server from a client use the ping command. ticket 584
* Move Virtual Operations container under cn=etcSimo Sorce2011-01-141-1/+1
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/759
* Fixed typo in ipa help serviceGowrishankar Rajaiyan2011-01-141-1/+1
|
* python-ldap fails gloriously if the search time limit is 0. Don't allow it.Rob Crittenden2011-01-141-1/+7
| | | | | | | | | Don't allow the time limit to be set in the API. Also add a failsafe in the ldap driver because such bad things happen if this value is 0. I think it literally spends 0 time on the request and just returns immediately. ticket 752
* Use correct option name in host pluginJakub Hrozek2011-01-121-9/+9
|
* Fixes for the DNS pluginJakub Hrozek2011-01-121-3/+9
| | | | https://fedorahosted.org/freeipa/ticket/730
* fix sudorule runas user/groups https://fedorahosted.org/freeipa/ticket/570Jr Aquino2011-01-121-1/+111
|
* Fix output of failed managedby hosts, allow a host to manage itself.Rob Crittenden2011-01-112-1/+7
| | | | | | | | | | | The output problem was a missing label for failed managedby. This also fixes a call to print_entry that was missing the flags argument. Add a flag to specify whether a group can be a member of itself, defaulting to False. ticket 708
* Exit if a DNS A or AAAA record doesn't exist for the replica we are preparing.Rob Crittenden2011-01-111-3/+11
| | | | | | | | | Without this it is possible to prepare a replica for a host that doesn't exist in DNS. The result when this replica file is installed is that replication will fail because the master won't be able to communicate to the replica by name. ticket 680
* Display the entries that failed when deleting with --continue.Rob Crittenden2011-01-104-5/+9
| | | | | | | | | | | | We collected the failures but didn't report it back. This changes the API of most delete commands so rather than returning a boolean it returns a dict with the only current key as failed. This also adds a new parameter flag, suppress_empty. This will try to not print values that are empty if included. This makes the output of the delete commands a bit prettier. ticket 687
* Setting an empty set of target attributes should raise an exception.Rob Crittenden2011-01-102-29/+34
| | | | | | | | | | | It is possible to create an ACI with attributes and then try to set that to None via a mod command later. We need to catch this and raise an exception. If all attributes are set to None in an aci then the attr target is removed from the ACI. This could result in an illegal ACI if there are no other targets. Having no targets is a legal state, just not a legal final state. ticket 647
* Fix 'ipa help permissions'; add 'dns' in allowed types.Pavel Zuna2011-01-071-1/+1
|
* Initial grouping of ipalib plugins for ipa helpJan Zeleny2011-01-076-0/+7
| | | | | This patch makes one group for all HBAC plugins and one group for all sudo plugins.
* Rename hbac module to hbacruleJan Zeleny2011-01-072-50/+50
| | | | | | The renaming follows previous discussion on mailing list and it leads to name compatibility with other plugins (e.g. sudorule). It is also necessary for following changes in ipa help.
* Rename --ipaddr option of host-add commandJan Zeleny2011-01-071-1/+1
| | | | | | | The option is renamed to --ip-address to be consistent with ipa-replica-prepare. https://fedorahosted.org/freeipa/ticket/655
generated by cgit (git 2.34.1) at 2025-09-03 13:58:31 +0000