| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
WebUI counterpart of: https://fedorahosted.org/freeipa/ticket/5588
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The confirmation of revoke and remove the certificate hold action is simplier
and more consistent with another parts of WebUI.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not initialize the plugins for all in-server API instances, as they are
used only in the server context.
This prevents code using in-server API instances from attempting to
initialize the session manager.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Removes the side effect of attempting to connect to memcached when the
session module is imported, which caused user visible warnings and/or
SELinux AVC denials.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The module is used only on the server, so there's no need to have it in
ipalib, which is shared by client and server.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Also move strings which are connected with authentication indicators to authtype dict.
This place is more general than have them in service dict. It's nicer when these strings are
not used only on service page.
Part of: https://fedorahosted.org/freeipa/ticket/5872
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/433
Reviewed-By: Sumit Bose <sbose@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It is hard to translate whole dosctring again and again aftear each
minor change. This split will make life for translators easier. (Just note: dosctring was
changed and that is the reason why I'm sending this, because translators
must translate it again anyway)
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
|
|
|
|
| |
Part of: https://fedorahosted.org/freeipa/ticket/5905
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The certificate widget is used for each certificate in certs_widget. It allows to
view, get, download, revoke and restore certificate.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Certs widget is based on multivalued widget and adds ability to add new certificate
and delete it. Each line is cert_widget.
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
While the code was really dead, it should serve a purpose elsewhere.
This reverts commit c56d65b064e1e0410c03cf1206816cad4d8d86cc.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'issuer' option of cert-find was recently changed from Str to
DNParam, however, 'ra.find' expects a string and throws when it
receives a DN.
When constructing the dict that gets passed to 'ra.find', turn
DNParams into strings.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
Update API schema server and client code to support plugin versioning.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow multiple incompatible versions of a plugin using the same name. The
current plugins are assumed to be version '1'.
The unique identifier of plugins was changed from plugin name to plugin
name and version. By default, the highest version available at build time
is used. If the plugin is an unknown remote plugin, version of '1' is used
by default.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Move the code that generated result of the `plugins` command from API to
the command itself.
https://fedorahosted.org/freeipa/ticket/4427
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Properly mark `cn` as primary key of `automember` object.
This fixes automember crashing on output validation expecting primary key
value of None.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Advertise param's default value even when `autofill` is False. When
`autofill` is False, set `alwaysask` to True in the schema, as it is
semantically equivallent and removes redundancy.
This fixes default value disappearing in CLI for some params.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is required for replica promotion to work, since the ACI allowing hosts
to add their own services uses this objectclass as target filter.
This partially reverts changes from commit
705f66f7490c64de1adc129221b31927616c485d
https://fedorahosted.org/freeipa/ticket/5996
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When checking for presence of IssuerDN in certificate search result,
we mistakenly check for the presence of the SubjectDN field, then
unsafely index into the IssuerDN field. Check the presence of
IssuerDN correctly.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5985
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Statement used for detection if objeclass change is needed was logically
wrong, this fixes it.
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This patch removes the ability to add segment between hosts where
either does not support the requested suffix.
https://fedorahosted.org/freeipa/ticket/5967
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
topologysuffix-verify would have checked connectivity even between hosts that
are not managed by the given suffix.
https://fedorahosted.org/freeipa/ticket/5967
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Services on replica to be removed must be deleted first, otherwise
update of system records will not take this change into account
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Hosts, services, and (stage)-users will now have krbcanonicalname attribute
set to the same value as krbprincipalname on creation. Moreover, new services
will not have ipakrbprincipalalias set anymore.
Part of https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
host/service-show/find methods would have failed if the first
certificate they had in userCertificate attribute were invalid.
Expected behavior is that they just show the rest of the reqested
attributes.
https://fedorahosted.org/freeipa/ticket/5797
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current implementation of check for last CA/DNS server and DNSSec key
master in `server-del` is quite fragile and wroks with quite a few assumptions
which may not be always true (CA and DNS is always configured etc.).
This patch hardens the check so that it does not break when the above
assuptions do not hold.
https://fedorahosted.org/freeipa/ticket/5960
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
| |
To avoid generating schema for every schema command call store schema in
api instance when first generated and reuse it in next calls.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When client requests schema it can list fingerprints of cached schemas
and server responds with SchemaUpToDate exception specifying fingeprint
of schema to use.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Calculate fingerprint for schema in deterministic way. Send fingerprint
value together with schema. Send TTL with schema to inform client about
caching interval.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
|
|
|
|
|
| |
'Autogenerated' placeholder is shown when adding new segment.
https://fedorahosted.org/freeipa/ticket/5867
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Realmdomains integration into DNS commands pre-dates split of DNS forward zones
and DNS master zones into two distinct commands.
There was an forgotten condition in dnszone_add command which caused omission
of DNS master zones with non-empty forwarders from realmdomain list.
https://fedorahosted.org/freeipa/ticket/5980
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a server attribute such as DNSSec Key master is unset, None is passed as
the attribute value into the upper API layers and displayed in the output of
`dnsconfig-show` et al. We should not show this and leave the attribute empty
instead.
https://fedorahosted.org/freeipa/ticket/5960
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2008
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
| |
bind-dyndb-ldap 10.0 has to be restarted after each change to default
TTL.
https://fedorahosted.org/freeipa/ticket/2956
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/2956
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Allow search by certificate data or file in cert-find.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Get owner information from LDAP in cert-show and cert-find. Allow search by
owner in cert-find.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Implement cert as an object with methods rather than a bunch of loosely
related commands.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Instead, support excluding commands from specified contexts and exclude
commands with NO_CLI set from the 'cli' context.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the `autofill` kwarg from param schema. On the server, include
default value only if autofill is set. On the client, set autofill if param
has a default value.
Remove the `deprecated_cli_aliases`, `hint` and `sortorder` kwargs, and the
`dnsrecord_extra`, `dnsrecord_part` and `suppress_empty` flags from param
schema, as they are now handled exclusively on the client.
Replace the `no_option` and `no_output` flags in param schema with
exclusion of the param in 'cli' and 'webui' contexts.
Remove the `no_display` flag from output schema, as it is now handled
exclusively on the client.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Rather than having args and options separately in command schema, merge
them together and use new `positional` param flag to differentiate between
them.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since output params are copied from object plugins, remove them from
command schema and include object name instead.
One exception to this are the output params used for failed members in
member add/remove commands. Move these to the client side, as they will
be replaced by warnings.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support object classes defined by object plugins in API schema.
Added new commands `class-show` and `class-find` to retrieve information
about object classes. `param-show` and `param-find` now support both
commands and classes.
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4739
Reviewed-By: David Kupka <dkupka@redhat.com>
|