| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
http://fedorahosted.org/freeipa/ticket/4164
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Also rename load_certificate_chain_from_file to
load_certificate_list_from_file.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
| |
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
| |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When creating or modifying otptoken check that token validity start is not after
validity end.
https://fedorahosted.org/freeipa/ticket/4244
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4448
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4371
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The ipa-ipa-trust and ipa-ad-winsync ID Range types were allowed to
pass the validation tests, however, they are not implemented nor
checked by the 389 server plugin.
https://fedorahosted.org/freeipa/ticket/4323
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Returning non-unicode causes serialization into base64 which causes havoc
in Web UI.
https://fedorahosted.org/freeipa/ticket/4454
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
| |
LDAPRemoveReverseMember
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The preexisting code would execute two steps. First, it would perform a kinit.
If the kinit failed, it would attempt to bind using the same credentials to
determine if the password were expired. While this method is fairly ugly, it
mostly worked in the past.
However, with OTP this breaks. This is because the OTP code is consumed by
the kinit step. But because the password is expired, the kinit step fails.
When the bind is executed, the OTP token is already consumed, so bind fails.
This causes all password expirations to be reported as invalid credentials.
After discussion with MIT, the best way to handle this case with the standard
tools is to set LC_ALL=C and check the output from the command. This
eliminates the bind step altogether. The end result is that OTP works and
all password failures are more performant.
https://fedorahosted.org/freeipa/ticket/4412
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Web UI doesn't always know what are the possible attributes
for target object. This will allow to add custom attributes
if necessary.
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds filter field to attribute box in permissions for better user
experience. User can then quickly find the desired attribute.
Initial version of the patch authored by: Adam Misnyovszki
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4429
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Detect the situation if the user passes empty trust secret and
error out properly.
https://fedorahosted.org/freeipa/ticket/4266
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
DS returns the string "none" when no rights were found. All clients
would need to special-case this value when checking the rights.
Return empty string instead.
https://fedorahosted.org/freeipa/ticket/4359
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
Make the label of these buttons consistent with other buttons which have
capital first letters.
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4418
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4422
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The permission is required for DNS Administrators as realm domains
object is updated when a master zone is added.
https://fedorahosted.org/freeipa/ticket/4423
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
| |
Before IDNA support zone was normalized.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
| |
For ipatokennotbefore and ipatokennotafter attributes use DateTime
parameter class instead of Str, since these are represented as
LDAP Generalized Time in LDAP.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
Fixes ticket: https://fedorahosted.org/freeipa/ticket/4383
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4408
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
--forwarder have different semantic since
forward zones support.
Add warning if zone contains forwarders.
Ticket: https://fedorahosted.org/freeipa/ticket/3210#comment:16
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
| |
Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b
Ticket: https://fedorahosted.org/freeipa/ticket/4413
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
| |
Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord,
tlsarecord
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
| |
Ticket: https://fedorahosted.org/freeipa/ticket/4328
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.
https://fedorahosted.org/freeipa/ticket/4382
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When manipulating a permission for an entry that has an ACI
that the parser cannot process, skip this ACI instead of
failing.
Add a test that manipulates permission in cn=accounts,
where there are complex ipaAllowedOperation-based ACIs.
Workaround for: https://fedorahosted.org/freeipa/ticket/4376
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Host Administrators could not write to service keytab attribute and
thus they could not run the host-disable command.
https://fedorahosted.org/freeipa/ticket/4284
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Call user-unlock command from Web UI.
It will unlock displayed user on current master.
https://fedorahosted.org/freeipa/ticket/4407
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
| |
New SyncOTPScreen widget and related facet.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
All header actions should require confirmation.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This command calls the token sync HTTP POST call in the server providing
the CLI interface to synchronization.
https://fedorahosted.org/freeipa/ticket/4260
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
| |
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
| |
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4262
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
