summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* Make host objects aware of their membership and that l==localityName.Pavel Zuna2010-01-141-0/+6
|
* Add Kerberos Ticket Policy management plugin.Pavel Zuna2010-01-132-27/+167
|
* Allow creation of new connections by unshared instances of backend.Connectible.Pavel Zuna2010-01-112-14/+22
|
* Add --all to LDAPCreate and make LDAP commands always display default ↵Pavel Zuna2010-01-117-14/+30
| | | | attributes.
* Use the caIPAserviceCert profile for issuing service certs.Rob Crittenden2010-01-081-2/+2
| | | | | | | | | | | This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed. This is the first step of allowing the subject to be set at installation time. Also fix 2 more issues related to the return results migration.
* Add messages, declarative tests for rolegroup, taskgroup pluginsJason Gerard DeRose2009-12-182-7/+29
|
* Handle base64-encoded certificates better, import missing functionRob Crittenden2009-12-183-0/+11
|
* Make hosts more like real services so we can issue certs for host principalsRob Crittenden2009-12-162-12/+56
| | | | | This patch should make joining a client to the domain and using certmonger to get an initial certificate work.
* host and hostgroup summary messages, declarative tests; fix tests for 'dn'Jason Gerard DeRose2009-12-161-3/+11
|
* Add some missing labelsRob Crittenden2009-12-142-0/+5
|
* Convert to using new result output handlingRob Crittenden2009-12-142-27/+85
| | | | | This also inserts the dn into the response when adding a record. We need this in the ACI plugin when adding a taskgroup
* This plugin was replaced by the aci pluginRob Crittenden2009-12-111-93/+0
|
* Take 2: Extensible return values and validation; steps toward a single ↵Jason Gerard DeRose2009-12-1016-193/+677
| | | | output_for_cli(); enable more webUI stuff
* rebase dogtag clean-up patchJohn Dennis2009-12-093-21/+27
|
* Add idnsUpdatePolicy into the dns plug-inMartin Nagy2009-12-021-1/+5
| | | | | | The idnsUpdatePolicy takes a list of BIND dynamic update policies, each of which must be terminated by ";". Also fix a minor error in the documentation string.
* Add NotImplementedError type so CA plugins can return client-friendly errorsRob Crittenden2009-12-012-3/+18
| | | | | | | | Ignore NotImplementedError when revoking a certificate as this isn't implemented in the selfsign plugin. Also use the new type argument in x509.load_certificate(). Certificates are coming out of LDAP as binary instead of base64-encoding.
* Add type argument to x509.load_certificate() so it can handle binary certsRob Crittenden2009-12-011-9/+12
|
* Rename GeneralizedTime to AccessTime.Pavel Zuna2009-12-013-8/+8
|
* Add {user,host,sourcehost}Category to HBAC and make accessTime multivalue.Pavel Zuna2009-12-011-2/+94
|
* Use pyasn1-based PKCS#10 and X509v3 parsers instead of pyOpenSSL.Rob Crittenden2009-11-304-27/+784
| | | | | | | | | The pyOpenSSL PKCS#10 parser doesn't support attributes so we can't identify requests with subject alt names. Subject alt names are only allowed if: - the host for the alt name exists in IPA - if binding as host principal, the host is in the services managedBy attr
* Fix boolean attributes in DNS plugin.Pavel Zuna2009-11-301-3/+9
| | | | | Sometimes they worked fine and sometimes DS rejected them as invalid.
* Fix Bool parameter type. It was impossible to set it to FALSE.Pavel Zuna2009-11-302-3/+5
|
* Fix takes_options in automount plugin.Pavel Zuna2009-11-301-1/+1
|
* Print only one line of docstrings in command listings.Pavel Zuna2009-11-301-4/+3
| | | | Full docstring is shown on `ipa help COMMAND`.
* Use correct attribute for hosts.Rob Crittenden2009-11-251-1/+1
|
* Fix two bugs: one in parsing the ACI and one in comparing two ACIsRob Crittenden2009-11-251-4/+4
| | | | | | | | | | The parsing bug was looking for the string 'version' expecting to find the ACI version. This blew up with the attribute nsosversion. Use the string 'version 3.0' instead. The comparison bug appeared if neither ACI had a targetattr attribute. It was trying to create a set out of a None which is illegal. If an ACI doesn't have any targetattrs then return () instead.
* Reading INT parameter class should respect radix prefixJohn Dennis2009-11-231-0/+29
| | | | | | | | | | This modifies the original patch by including a unit test, handling floats when passed as unicode, and handling large magnitude values beyond maxint. The INT parameter class was not respecting any radix prefix (e.g. 0x) the user may have supplied. This patch implements _convert_scalar method for the Int class so that we can pass the special radix base of zero to the int constructor telling it to determine the radix from the prefix (if present).
* If plugin fails to load log the tracebackJohn Dennis2009-11-231-1/+2
| | | | | | | | | | Signed-off-by: John Dennis <jdennis@redhat.com> If plugin fails to load log the traceback If a plugin fails to load due to some kind of error it would be nice if the error log contained the traceback so you can examine what went wrong rather than being left blind as to why it failed to load.
* add new error class for certificate operationsJohn Dennis2009-11-191-1/+28
| | | | add new error class for certificate operations
* error strings in documentation were missing unicode specifierJohn Dennis2009-11-191-3/+3
| | | | error strings in documentation were missing unicode specifier
* Provide additional help to --help optionRob Crittenden2009-11-191-0/+7
|
* Handle ipaEnabledFlag as bool (TRUE/FALSE) instead of string (enabled/disabled).Pavel Zuna2009-11-181-4/+4
|
* Remove 'ipaObject' objectClass from rolegroups and taskgroups.Pavel Zuna2009-11-182-4/+2
|
* Add fail-safe so any kind of exception is handled in XML-RPC server.Rob Crittenden2009-11-181-0/+5
| | | | | | | If an exception is not handled here then the context isn't destroyed leaving at least an LDAP connection dangling. This means the next time this thread/process tries to handle a connection it will fail because a context already exists.
* Add support for setting/adding arbitrary attributesRob Crittenden2009-11-172-0/+106
| | | | | | | | | | | | | | | | | | | | | | | This introduces 2 new params: --setattr and --addattr Both take a name/value pair, ala: ipa user-mod --setattr=postalcode=20601 jsmith --setattr replaces or sets the current attribute to the value --addattr adds the value to an attribute (or sets a new attribute) OptionsParser allows multiple versions of this, so you can have multiple setattr and addattr, either for the same attribute or for different attributes. ipa user-mod --addattr=postalcode=20601 --addattr=postalcode=30330 jsmith Values are silent dropped if either of these on an existing param: ipa user-mod --setattr=givenname=Jerry jsmith Is a no-op.
* _convert_scalar() should throw an error if passed a tuple or listRob Crittenden2009-11-171-0/+12
| | | | | A parameter needs to have multivalue set in order to work on lists/tuples and even then _convert_scalar() will be sent one value at a time.
* Fix typo in name of exceptionRob Crittenden2009-11-121-1/+1
|
* Use File parameter for CSR in cert_request command plugin.Pavel Zuna2009-11-061-29/+12
|
* Add 'File' parameter type.Pavel Zuna2009-11-063-2/+47
| | | | Accepts filenames and loads file contents as parameter value.
* ipa-server-install now renders UI assetsJason Gerard DeRose2009-11-041-2/+1
|
* Use a new mechanism for delegating certificate issuance.Rob Crittenden2009-11-033-43/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | Using the client IP address was a rather poor mechanism for controlling who could request certificates for whom. Instead the client machine will bind using the host service principal and request the certificate. In order to do this: * the service will need to exist * the machine needs to be in the certadmin rolegroup * the host needs to be in the managedBy attribute of the service It might look something like: admin ipa host-add client.example.com --password=secret123 ipa service-add HTTP/client.example.com ipa service-add-host --hosts=client.example.com HTTP/client.example.com ipa rolegroup-add-member --hosts=client.example.com certadmin client ipa-client-install ipa-join -w secret123 kinit -kt /etc/krb5.keytab host/client.example.com ipa -d cert-request file://web.csr --principal=HTTP/client.example.com
* Add mod_python adapter and some UI tuningJason Gerard DeRose2009-10-271-1/+1
|
* Remove ipalib/plugins/basegroup.py. It's become obsolete.Pavel Zuna2009-10-231-551/+0
|
* Fix bug in print_attribute.Pavel Zuna2009-10-231-1/+1
| | | | | When the attribute had no values an exception was generated while trying to word-wrap it.
* Display membership attributes (member, memberOf) by default in show/find.Pavel Zuna2009-10-213-3/+5
|
* Require that a host exist before creating a service for it.Rob Crittenden2009-10-211-0/+5
|
* The name coming out of DNS will have a trailing dot (.). Remove it.Rob Crittenden2009-10-211-1/+1
|
* First pass at enforcing certificates be requested from same hostRob Crittenden2009-10-213-29/+91
| | | | | | | | | | | | We want to only allow a machine to request a certificate for itself, not for other machines. I've added a new taksgroup which will allow this. The requesting IP is resolved and compared to the subject of the CSR to determine if they are the same host. The same is done with the service principal. Subject alt names are not queried yet. This does not yet grant machines actual permission to request certificates yet, that is still limited to the taskgroup request_certs.
* Change Password param so (password, confirm_password) can be passed to ↵Jason Gerard DeRose2009-10-182-0/+18
| | | | _convert_scalar()
* Use the FQDN and not just the hostname internally.Rob Crittenden2009-10-161-2/+2
|
generated by cgit (git 2.34.1) at 2025-09-03 20:06:23 +0000