| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
With previous behavior there was no difference between Flag and Bool if
- autofill == True
- default = some value
It prevented to have a boolean which is set by default to true, but could
be set to False if users wants to without prompting in interactive shell.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
It pollutes error_log.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
it's no longer used anywhere
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
New option --use-default-group=False could be used to disable adding of
migrated users into default group.
By default, the default group is no longer POSIX therefore it doesn't
fulfill the original idea of providing GID and therefore it could be
skipped during migration.
https://fedorahosted.org/freeipa/ticket/4950
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate-ds searches for user without a group and adds them to default group.
There is no point in checking if the user's selected by previous queary are
not member of default group because they are not member of any group.
The operation is also speeded up by not fetching the default group. Users
are added right away.
https://fedorahosted.org/freeipa/ticket/4950
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Destroy connection is an internal function of Connectible and therefore
it should not be used directly.
https://fedorahosted.org/freeipa/ticket/4991
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4926
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
pylint added 'confidence' parameter to 'add_message' method of PyLinter.
To be compatible with both, pre- and post- 1.4 IPALinter must accept
the parameter but not pass it over.
Also python3 checker was added and enabled by default. FreeIPA is still
not ready for python3.
Additionally few false-positives was marked.
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the old implementation tried to get all entries which are member of group.
That means also user. User can't have any members therefore this costly
processing was unnecessary.
New implementation reduces the search only to entries which have members.
Also page size was removed to avoid paging by small pages(default size: 100)
which is very slow for many members.
https://fedorahosted.org/freeipa/ticket/4947
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
| |
A workaround to avoid usage of slow LDAPEntry._sync_attr #4946
https://fedorahosted.org/freeipa/ticket/4965
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
enhance update_entry_rdn so that is allows
to move an entry a new superior
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add 'plugin' directive
* specify plugins order in update files
* remove 'run plugins' options
* use ldapupdater API instance in plugins
* add update files representing former PreUpdate and PostUpdate order of plugins
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a accounts plugin (accounts class) that defines
variables and methods common to 'users' and 'stageuser'.
accounts is a superclass of users/stageuser
Add the stageuser plugin, with support of stageuser-add verb.
Reviewed By: David Kupka, Martin Basti, Jan Cholasta
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since API is not singleton anymore, ldap2 connections should not be
shared by default.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4190
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
| |
This patch should fix both https://fedorahosted.org/freeipa/ticket/4846 and
https://fedorahosted.org/freeipa/ticket/4952.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4565
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
NSEC3PARAM is configurable only from zone commands. This patch removes
this record type from DNS records.
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
| |
Do not show parts options in help output, if record is marked as unsupported.
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Show records which are unsupported, if they are in LDAP.
Those records are not editable, and web UI doesnt show them.
Fixes traceback caused by --structured option
Ticket: https://fedorahosted.org/freeipa/ticket/4930
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Merged the Registrar class into the Registry class. Plugins are now
registered globally instead of in ipalib.api and are instantiated per-API
instance. Different set of plugin base classes can be used in each API
instance.
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The usage of lowercased varsion of 'Default Trust View' can no
longer be used to bypass the validation.
https://fedorahosted.org/freeipa/ticket/4915
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes the invalid attribute name reference in the
'System: Read User Addressbook Attributes' permission.
https://fedorahosted.org/freeipa/ticket/4883
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This works if the change is made to a token which is owned and managed by the
same person. The new owner then automatically becomes token's manager unless
the attribute 'managedBy' is explicitly set otherwise.
https://fedorahosted.org/freeipa/ticket/4681
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4874
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
| |
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
- Add flag "ask_create" to ipalib/plugins/permission.py
- Bump API version
https://fedorahosted.org/freeipa/ticket/4872
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
'ipa migrate-ds' will now exit with error message if no suitable users/groups
are found on LDAP server during migration.
https://fedorahosted.org/freeipa/ticket/4846
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add message about only on server side.
https://fedorahosted.org/freeipa/ticket/4793
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Additionally, fix a small bug in ipa-kdb so that the disabled User
Auth Type is properly handled.
https://fedorahosted.org/freeipa/ticket/4720
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4868
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4722
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new PassSync Service privilege that have sufficient access to
let AD PassSync service search for NT users and update the password.
To make sure existing PassSync user keeps working, it is added as
a member of the new privilege.
New update plugin is added to add link to the new privilege to the
potentially existing PassSync user to avoid breaking the PassSync
service.
https://fedorahosted.org/freeipa/ticket/4837
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Shows warning if forward and parent authoritative zone do not have
proper NS record delegation, which can cause the forward zone will be
ineffective and forwarding will not work.
Ticket: https://fedorahosted.org/freeipa/ticket/4721
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The find_entries function in ipaldap does not differentiate between
a LDAP search that returns error code 32 (No such object) and LDAP
search returning error code 0 (Success), but returning no results.
In both cases errors.NotFound is raised. In turn, LDAPSearch
commands interpret NotFound exception as no results.
To differentiate between the cases, a new error EmptyResult
was added, which inherits from NotFound to preserve the compatibility
with the new code.
This error is raised by ipaldap.find_entries in case it is performing
a search with and the target dn does not exist.
https://fedorahosted.org/freeipa/ticket/4659
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4787
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
| |
wait_for_dns value should be an integer so default value was changed from
False to 0.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
| |
`json.dumps` is not able to process some IPA's object types and therefore requires to preprocess it with `json_encode_binary` call. This step was not used in rpcclient's verbose output.
https://fedorahosted.org/freeipa/ticket/4773
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
After ACI refactoring, admin cannot read Schema Compatibility plugin configuration and therefore migrade-ds won't find if compat plugin is enabled.
Now the check si done by looking if cn=compat subtree is present.
https://fedorahosted.org/freeipa/ticket/4825
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since passing --hosts= or --hostsgroups= to idview-apply or unapply
commands does not make sense, ignore it.
https://fedorahosted.org/freeipa/ticket/4806
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When running a idview-apply command, the hosts that were already assigned
the desired view were silently ignored. Make sure such hosts show up in
the list of failed hosts.
https://fedorahosted.org/freeipa/ticket/4743
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
SSHFP records added by nsupdate contains extra space (valid), framework
couldn't handle it.
Ticket: https://fedorahosted.org/freeipa/ticket/4790
Ticket: https://fedorahosted.org/freeipa/ticket/4789
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Makes ipaassignedidview a default attribute and takes care about the
conversion from the DN to the proper ID view name.
https://fedorahosted.org/freeipa/ticket/4774
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
This allows the various OTP related commands to be grouped together
in the IPA CLI documentation.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This introduces two new CLI commands:
* otpconfig-show
* otpconfig-mod
https://fedorahosted.org/freeipa/ticket/4511
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
