freeipa.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Support for Certificate Identity Mapping	Florence Blanc-Renaud	2017-02-23	1	-2/+21
\| \| \| \| \| \|	See design http://www.freeipa.org/page/V4/Certificate_Identity_Mapping https://fedorahosted.org/freeipa/ticket/6542
*	Allow nsaccountlock to be searched in user-find command	Gabe	2017-02-14	1	-1/+17
\| \| \| \| \| \| \| \|	This patch provides the ability to search and find users who are enabled/disabled in `ipa user-find` command without breaking API compatibility. Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	stageuser: Add stageuser-{add,remove}-cert	David Kupka	2017-02-07	1	-37/+5
\| \| \| \| \| \| \| \| \|	Move {add,remove}-cert implementation from user to baseuser and inherit {,stage}user-{add,remove}-cert from it. https://fedorahosted.org/freeipa/ticket/6623 Reviewed-By: Martin Basti <mbasti@redhat.com>
*	ipa_generate_password algorithm change	Petr Spacek	2017-01-06	1	-3/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	A change to the algorithm that generates random passwords for multiple purposes throught IPA. This spells out the need to assess password strength by the entropy it contains rather than its length. This new password generation should also be compatible with the NSS implementation of password requirements in FIPS environment so that newly created databases won't fail with wrong authentication. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
*	Pylint: remove unused variables in ipaserver package	Martin Basti	2016-10-06	1	-4/+2
\| \| \| \|	Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
*	Pylint: enable check for unused-variables	Martin Basti	2016-09-27	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Unused variables may: * make code less readable * create dead code * potentialy hide issues/errors Enabled check should prevent to leave unused variable in code Check is locally disabled for modules that fix is not clear or easy or have too many occurences of unused variables Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
*	Raise DuplicatedEnrty error when user exists in delete_container	Martin Basti	2016-08-30	1	-2/+13
\| \| \| \| \| \| \| \| \| \| \|	We do not have right to write to users delete_container. In case that user already exists in that container and we tried to add entry, we receive ACIError. This must be checked and DuplicationEntry error must be raised before. https://fedorahosted.org/freeipa/ticket/6199 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	Increase default length of auto generated passwords	Martin Basti	2016-08-03	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Installer/IPA generates passwords for warious purpose: * KRA * kerberos master key * NSSDB password * temporary passwords during installation Length of passwords should be increased to 22, ~128bits of entropy, to be safe nowadays. https://fedorahosted.org/freeipa/ticket/6116 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
*	Provide API for management of host, service, and user principal aliases	Martin Babinsky	2016-07-01	1	-1/+23
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	New commands (-{add,remove}-principal [PKEY] [PRINCIPAL ...]) were added to manage principal aliases. 'add' commands will check the following: the correct principal type is supplied as an alias * the principals have correct realm and the realm/alternative suffix (e.g. e-mail) do not overlap with those of trusted AD domains If the entry does not have canonical principal name, the first returned principal name will be set as one. This is mostly to smoothly operate on entries created on older servers. 'remove' commands will check that there is at least one principal alias equal to the canonical name left on the entry. See also: http://www.freeipa.org/page/V4/Kerberos_principal_aliases https://fedorahosted.org/freeipa/ticket/1365 https://fedorahosted.org/freeipa/ticket/3961 https://fedorahosted.org/freeipa/ticket/5413 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	Allow for commands that use positional parameters to add/remove attributes	Martin Babinsky	2016-07-01	1	-4/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Commands that modify a single multivalued attribute of an entry should use positional parameters to specify both the primary key and the values to add/remove. Named options are redundant in this case. The `--certificate option` of `*-add/remove-cert` commands was turned mandatory to avoid EmptyModlist when it is omitted. https://fedorahosted.org/freeipa/ticket/3961 https://fedorahosted.org/freeipa/ticket/5413 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
*	user: add object plugin for user_status	Jan Cholasta	2016-06-30	1	-7/+45
\| \| \| \| \| \| \| \| \| \| \|	Change user_status from a method of user to a method of a new userstatus class, which defines the extra attributes returned by user_status. This fixes user_status CLI output. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
*	ipalib: move server-side plugins to ipaserver	Jan Cholasta	2016-06-03	1	-0/+1151
	Move the remaining plugin code from ipalib.plugins to ipaserver.plugins. Remove the now unused ipalib.plugins package. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>