| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
| |
The NSSConnection class has been modified not to shutdown the
existing NSS database if the database is already opened to
establish an SSL connection, or is already opened by another
code that uses an NSS database without establishing an SSL
connection such as vault CLIs.
https://fedorahosted.org/freeipa/ticket/4638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4663
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4664
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
Fix tests, validation in dnsconfig mod, wuser warning
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417
Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417
Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417
Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417
Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4616
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Allow to use --force when changing authoritative nameserver address in DNS zone.
Same for dnsrecord-add for NS record.
https://fedorahosted.org/freeipa/ticket/4573
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4419
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When viewing a token from the CLI or UI, the type of the token
should be displayed.
https://fedorahosted.org/freeipa/ticket/4563
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
- display info message which points user to FreeOTP project page
- the link or the text can be easily changed by a plugin if needed
https://fedorahosted.org/freeipa/ticket/4469
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4615
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds new API:
ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR
ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR
ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR
ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR
ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR
ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR
ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR
ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR
these methods add or remove user or group DNs in `ipaallowedtoperform` attr with
`read_keys` and `write_keys` subtypes.
service|host-mod|show outputs these attrs only with --all option as:
Users allowed to retrieve keytab: user1
Groups allowed to retrieve keytab: group1
Users allowed to create keytab: user1
Groups allowed to create keytab: group1
Adding of object class is implemented as a reusable method since this code is
used on many places and most likely will be also used in new features. Older
code may be refactored later.
https://fedorahosted.org/freeipa/ticket/4419
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
| |
These defaults are pretty useless and cause more confusion than
they are worth. The serial default never worked anyway. And now
that we are displaying the token type separately, there is no
reason to doubly record these data points.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4523
Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
Resolves https://fedorahosted.org/freeipa/ticket/4617
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Overrides for users can have SSH public keys. This, however, will not enable
SSH public keys from overrides to be actually used until SSSD gets fixed to
pull them in.
SSSD ticket for SSH public keys in overrides:
https://fedorahosted.org/sssd/ticket/2454
Resolves https://fedorahosted.org/freeipa/ticket/4509
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4540
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4600
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4535
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4535
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4535
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
|
|
|
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enumerating hosts is a potentially expensive operation (uses paged
search to list all the hosts the ID view applies to). Show the list
of the hosts only if explicitly asked for (or asked for --all).
Do not display with --raw, since this attribute does not exist in
LDAP.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
name to anchor
When resolving non-existent objects, domain validator will raise ValidationError. We need
to anticipate and properly handle this case.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that:
1.) IPA users cannot be added to the Default Trust View
2.) Default Trust View cannot be deleted or renamed
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Description of any object should not be required.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Replace all occurences of "ID view(s)" with "ID View(s)".
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
For slapi-nis plugin, we need to cache the original uid value of the user in the override
object.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When running idview-show, users will expect a proper object name instead of a object anchor.
Make sure the anchors are resolved to the object names unless --raw option was passed.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If the object user wishes to override cannot be found, we should properly raise a
NotFound error.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain
of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept
to be able to resolve the anchor.
Change the IPA anchor format to :IPA:<domain>:<object_uuid>
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
To be able to better deal with the conflicting user / group names, we split the
idoverride objects in the two types. This simplifies the implementation greatly,
as we no longer need to set proper objectclasses on each idoverride-mod operation.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Improve usability of the ID overrides by allowing user to specify the common name of
the object he wishes to override. This is subsequently converted to the ipaOverrideAnchor,
which serves as a stable reference for the object.
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/3979
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|