freeipa.git/install, branch replace_private_samba_calls Unnamed repository; edit this file 'description' to name the repository. Password policy paging with proper sorting 2012-08-29T10:00:15+00:00 Petr Vobornik pvoborni@redhat.com 2012-08-27T15:41:28+00:00 edbcd28f44fb5c123440c246965166d5947554e6 This patch adds option to disable sorting when paging. It allowed to enable paging in password policy with order of items untouched (they are sorted on server side by priority). Also fixing issue when paging is disabled and command summary = null. It displayed 'null' in facet footer. https://fedorahosted.org/freeipa/ticket/2677 
This patch adds option to disable sorting when paging. It allowed to enable paging in password policy with order of items untouched (they are sorted on server side by priority).

Also fixing issue when paging is disabled and command summary = null. It displayed 'null' in facet footer.

https://fedorahosted.org/freeipa/ticket/2677
Successful action notification 2012-08-29T10:00:06+00:00 Petr Vobornik pvoborni@redhat.com 2012-08-27T08:57:47+00:00 81007ff38578588906737df3082b42fb7f2ee011 User was not notified about success of actions executed from action list, action panel or facet cotrol bar. This patch adds IPA.notify_success(message) call. It creates a yellow notification area with supplied message in Web UI header in the middle of the green area (empty space of first level navigation). This area is displayed for 3s and then it fades out (800ms). It also fades out when it is clicked. This call is used(directly or indirectly) in: * search facets: delete, disable, enable actions * details facets: delete action * user details facet: reset password action * host details facet: unprovision, set OTP actions * service details facet: unprovision action * host and service details facet: request, revoke, restore certificates actions * group details facet: change to POSIX/external actions * dns zone details facet: add/remove permission actions https://fedorahosted.org/freeipa/ticket/2977 
User was not notified about success of actions executed from action list, action panel or facet cotrol bar.

This patch adds IPA.notify_success(message) call. It creates a yellow notification area with supplied message in Web UI header in the middle of the green area (empty space of first level navigation).
This area is displayed for 3s and then it fades out (800ms). It also fades out when it is clicked.

This call is used(directly or indirectly) in:
 * search facets: delete, disable, enable actions
 * details facets: delete action
 * user details facet: reset password action
 * host details facet: unprovision, set OTP actions
 * service details facet: unprovision action
 * host and service details facet: request, revoke, restore certificates actions
 * group details facet: change to POSIX/external actions
 * dns zone details facet: add/remove permission actions

 https://fedorahosted.org/freeipa/ticket/2977
Fix issue which broke setup of Web UI unit tests 2012-08-29T09:59:37+00:00 Petr Vobornik pvoborni@redhat.com 2012-08-23T14:59:00+00:00 7d3aa96103b03ef50ec1f6d94e2f578d800163fc Web UI itself wasn't negatively affected. https://fedorahosted.org/freeipa/ticket/2897 
Web UI itself wasn't negatively affected.

https://fedorahosted.org/freeipa/ticket/2897
Revert change causing failure in test automation 2012-08-29T09:59:29+00:00 Petr Vobornik pvoborni@redhat.com 2012-08-21T15:27:21+00:00 36c345dd1d321149e21157b31832f55f11f44a18 Move of click handler in patch for #2834 causes failure of automation tests. This patch reverts the problematic part. It should not affect function of fix for #2824. https://fedorahosted.org/freeipa/ticket/3014 
Move of click handler in patch for #2834 causes failure of automation tests.

This patch reverts the problematic part. It should not affect function of fix for #2824.

https://fedorahosted.org/freeipa/ticket/3014
Ticket #2850 - Ipactl exception not handled well 2012-08-27T13:30:28+00:00 John Dennis jdennis@redhat.com 2012-08-20T20:47:52+00:00 2bf68115cea1bae09c3b45e88ed9e405c57e70d2 Ticket #2850 - Ipactl exception not handled well There were various places in ipactl which intialized IpactlError with None as the msg. If you called str() on that exception all was well because ScriptError.__str__() converted a msg with None to the empty string (IpactlError is subclassed from ScriptError). But a few places directly access e.msg which will be None if initialized that way. It's hard to tell from the stack traces but I'm pretty sure it's those places which use e.msg directly which will cause the problems seen in the bug report. I do not believe it is ever correct to initialize an exception message to None, I don't even understand what that means. On the other hand initializing to the empty string is sensible and for that matter is the default for the class. This patch makes two fixes: 1) The ScriptError initializer will now convert a msg parameter of None to the empty string. 2) All places that initialized IpactlError's msg parameter to None removed the None initializer allowing the msg parameter to default to the empty string. I don't know how to test the fix for Ticket #2850 because it's not clear how it got into that state in the first place, but I do believe initialing the msg value to None is clearly wrong and should fix the problem. 
Ticket #2850 - Ipactl exception not handled well

There were various places in ipactl which intialized IpactlError with
None as the msg. If you called str() on that exception all was well
because ScriptError.__str__() converted a msg with None to the empty
string (IpactlError is subclassed from ScriptError). But a few places
directly access e.msg which will be None if initialized that way. It's
hard to tell from the stack traces but I'm pretty sure it's those
places which use e.msg directly which will cause the problems seen in
the bug report.

I do not believe it is ever correct to initialize an exception message
to None, I don't even understand what that means. On the other hand
initializing to the empty string is sensible and for that matter is
the default for the class.

This patch makes two fixes:

1) The ScriptError initializer will now convert a msg parameter of
None to the empty string.

2) All places that initialized IpactlError's msg parameter to None
removed the None initializer allowing the msg parameter to default
to the empty string.

I don't know how to test the fix for Ticket #2850 because it's not
clear how it got into that state in the first place, but I do believe
initialing the msg value to None is clearly wrong and should fix the
problem.
Ask for admin password in ipa-adtrust-install 2012-08-24T13:16:58+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-08-17T12:26:58+00:00 191f5146401db8d6aa693b08b18322ef7df2aab2 The credentials of the admin user will be used to obtain Kerberos ticket before configuring cross-realm trusts support and afterwards, to ensure that the ticket contains MS-PAC information required to actually add a trust with Active Directory domain via 'ipa trust-add --type=ad' command. https://fedorahosted.org/freeipa/ticket/2852 
The credentials of the admin user will be used to obtain Kerberos ticket before
configuring  cross-realm  trusts  support and afterwards, to ensure that the
ticket contains MS-PAC information required to actually add a trust with Active
Directory domain via 'ipa trust-add --type=ad' command.

https://fedorahosted.org/freeipa/ticket/2852
Add ACI to allow regenerating ipaNTHash from ipasam 2012-08-22T14:21:27+00:00 Alexander Bokovoy abokovoy@redhat.com 2012-08-22T11:24:33+00:00 155d1efd488a25ff6c5847423c6a2f9d40410cbf ACI was lacking to allow actually writing MagicRegen into ipaNTHash attribute, Part 2 of https://fedorahosted.org/freeipa/ticket/3016 
ACI was lacking to allow actually writing MagicRegen into ipaNTHash attribute,

Part 2 of https://fedorahosted.org/freeipa/ticket/3016
Range Web UI 2012-08-21T12:35:19+00:00 Petr Vobornik pvoborni@redhat.com 2012-08-03T14:18:27+00:00 2d63e28c7825ced7d038d6ea655416f5648e6c23 Range web UI was implemented. It consist of: * new menu item - 'ranges' in 'IPA Server' tab * new search page * new details page https://fedorahosted.org/freeipa/ticket/2894 
Range web UI was implemented.

It consist of:
 * new menu item - 'ranges' in 'IPA Server' tab
 * new search page
 * new details page

https://fedorahosted.org/freeipa/ticket/2894
Read DM password from option in external CA install 2012-08-17T10:07:46+00:00 Martin Kosek mkosek@redhat.com 2012-08-17T07:51:36+00:00 489493e6903f23fbb174b87fa9604cff30ca6a79 ipa-server-install with external CA could not be run in an unattended mode as DM password was required to decipher answer cache. https://fedorahosted.org/freeipa/ticket/2793 
ipa-server-install with external CA could not be run in
an unattended mode as DM password was required to decipher answer
cache.

https://fedorahosted.org/freeipa/ticket/2793
Ticket #2584 - Installation fails when CN is set in certificate subject base 2012-08-16T10:53:57+00:00 John Dennis jdennis@redhat.com 2012-08-16T01:33:15+00:00 390d708e43a71bf45b5a6e168277ebea483f473f It is illegal to have more than one CN attribute in a certificate subject. The subject command line arg is actually inserting a dn between a leading RDN with a CN attribute and a suffix. The final subject must have only CN attribute therefore the subject command line arg must not contain CN. The patch modifies the subject validation to prohibit CN. It also improves the error messages to clearly indicate which command line parameter caused the failure and why. While fixing the above it discovered the logic used for subject validation with an external CA was flawed. DN objects were not being used when they should be (certificate subject and issuer fields are dn syntax). That code was also fixed so that the comparisions between subjects and issuers were performed with DN objects. While fixing this it was noted the object type relationship between IPA DN objects and x509 DN objects was awkward, ticket 3003 was opened to address this. 
It is illegal to have more than one CN attribute in a certificate
subject. The subject command line arg is actually inserting a dn
between a leading RDN with a CN attribute and a suffix. The final
subject must have only CN attribute therefore the subject command line
arg must not contain CN. The patch modifies the subject validation to
prohibit CN. It also improves the error messages to clearly indicate
which command line parameter caused the failure and why.

While fixing the above it discovered the logic used for subject
validation with an external CA was flawed. DN objects were not being
used when they should be (certificate subject and issuer fields are dn
syntax). That code was also fixed so that the comparisions between
subjects and issuers were performed with DN objects. While fixing this
it was noted the object type relationship between IPA DN objects and
x509 DN objects was awkward, ticket 3003 was opened to address this.