| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
Clarify that dns removes only A, AAAA, PTR, SSHFP records of the host(s) managed by IPA DNS.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
only A, AAAA, SSHPF and PTR records are managed by IPA. The other
records should be removed by user.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This change is needed because A/AAAA and PTR record will be handled
separately.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This command has no effect in that block of code, dnsrecord_show is
enough for detection if records exists.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Due the configuration of dnsrecord_find, it works as dnsrecord-show,
thus it can be replaced.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Originally only the first A/AAAA record is removed, and one other record. This commit fixes it
and all records are removed.
https://fedorahosted.org/freeipa/ticket/5675
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5800
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This pre_callback contains method to preprocessing usercertificate that
was not called during stageuser-add. This commit adds missing
pre_common_callback call to stageuser_add.
https://fedorahosted.org/freeipa/ticket/5759
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following testcases were automated:
1. Test one command replica installation
2. Test csreplica-manage-(del, connect, disconnect) are disabled in domain
level 1
3. Client enrollment and replica promotion by an unprivileged user are
prohibited
4. Replica uninstallation is prohibited if it disconnects a part of existing
topology (is possible only with --ignore-topology-disconnect option)
https://fedorahosted.org/freeipa/ticket/5723
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5741
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
| |
Reviewed-By: Milan Kubik <mkubik@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The python-qrcode print_ascii() method does not work in terminals with
non-UTF-8 encoding. When this is the case do not render QR code but print a
warning instead. Also print a warning when the QR code size is greater that
terminal width if the output is a tty.
https://fedorahosted.org/freeipa/ticket/5700
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5748
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Some integration tests expect the members of topology to have the testfolder.
The testfolder however was created during master and client installations. In
case the client is not intalled from the very beginning of the test execution,
the test would complain about missing testfolder.
https://fedorahosted.org/freeipa/ticket/5723
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Those values differ among distributions and there is no guarantee that they're
reserved. It's better to look them up based on HTTPD_USER's name.
https://fedorahosted.org/freeipa/ticket/5712
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5481
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Trying to install the package depending on python-polib breaks
when the system has newer (and renamed) version python2-polib.
*This patch is an workaround* for the issue described in [1].
If a renamed package's provides is equal to an older package's
name, dnf tries to install the older package.
When the newer package is in the system, this leads to a conflict.
[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1096506
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5343
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5343
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Use ipaplatform.constants in every corner instead of importing other bits or calling
some platform specific things, and remove most of the remaining hardcoded uid's.
https://fedorahosted.org/freeipa/ticket/5343
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
teardown_method is a standard pytest method used to put any code to be executed
after each test method is executed. While treated correctly by our integration
tests, this method is misinterpreted by in-tree tests in the following way:
in-tree tests try to execute it even if all the test methods are skipped due to
test resources being not configured. This causes the tests, that otherwise would
have been skipped, to fail
https://fedorahosted.org/freeipa/ticket/5723
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5619
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The size of svg element is calculated when the topology graph facet is load
and then every time when the window is resized. The resize event listener
is removed after the topology graph facet emits hide event.
https://fedorahosted.org/freeipa/ticket/5647
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
| |
Regression caused by commit 491447cc5ab8c5eff2be57d609201cefb79f7053,
ValueErrori and AttributeError are too much specific for these cases, multiple types of
exception can be raised.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5723
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
| |
Print the traceback to stdout to maintain backwards compatibility.
https://fedorahosted.org/freeipa/ticket/5380
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5619
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
| |
Running upgrade when IPA is not installed produces false positive errors
https://fedorahosted.org/freeipa/ticket/5704
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
This check can be enabled, there is no errors in current code, and
it should stay in that way.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Iteration over indexes without calling enumeration fuction is not pythonic and should not be used.
In this case iteration can be replaced by list comprehension. Fixing this allows to enable
pylint consider-using-enumerate check.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Fixes current reimports and enables pylint check for them
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
This check can be enabled, there is no errors in current code, and it
should stay in that way.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Global variables should be defined in the outer space, not just marked
as global inside functions.
Removes unused global variables
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Bare except should not be used.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When generating keys for custodia service, the key material is stored in
python-cryptography's OpenSSL backend encoded as DER. This only works in
python-cryptography 0.9 and newer so we need to make sure this version pulled
in during RPM build and install.
https://fedorahosted.org/freeipa/ticket/5744
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Topology plugin may merge (aka DEL) segments that would trigger
internal search for groups owning that segment. The problem
is that it is searching those groups into the full suffix and
so need the schema compat map lock.
If any other operation holding schema compat map lock need to
access the page involved in the DEL, there is a deadlock.
This fix is to prevent useless group searching if the target entry
is a segment or is in compat tree.
https://fedorahosted.org/freeipa/ticket/5637
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5696
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order to enable SSSD smart prompting and allow it to ask for 1FA and
2FA separately, ChallengeResponseAuthentication should be set to yes.
This change will enable better processing of the 2FA value and it will
also enable other features, like allow SSSD to make the 2FA option in
some cases and have a way of informing user that 2FA is optional.
https://fedorahosted.org/freeipa/ticket/5703
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Standalone instalation of python*-ipalib packages does not pull all
required packages and results into import errors.
https://fedorahosted.org/freeipa/ticket/5680
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
Warning should be shown only for parent entries of trust domain. Subdomains do not contain ipaNTSecurityIdentifier attribute at all.
https://fedorahosted.org/freeipa/ticket/5737
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The -r option makes certutil output certificates in DER. If there are
multiple certificates sharing the same nickname, certutil will output
them concatenated into a single blob. The blob is not a valid DER
anymore and causes failures further in the code.
Use the -a option instead to output the certificates in PEM and convert
them to DER on demand.
https://fedorahosted.org/freeipa/ticket/5117
https://fedorahosted.org/freeipa/ticket/5720
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
The path to SSSD log directory is platform specific and should be in
ipaplatform module.
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bind DN is not used for client certificate authentication so they can be
safely removed.
https://fedorahosted.org/freeipa/ticket/5298
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Manager(s) were returned as list od DN, this commit fixes behavior and
managers are returned as list of logins.
https://fedorahosted.org/freeipa/ticket/5481
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a list of servers is passed to ipa-client-{install,automount} the search
of Kerberos and LDAP SRV records should be suppressed and the specified
hostnames used directly as LDAP servers/KDCs. We thus should not performed
search for KDCs when the autodiscovery was actually not requested.
https://fedorahosted.org/freeipa/ticket/4305
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5723
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
