freeipa.git/install, branch webui-cleanup

Add container and initial ACIs for entitlement support

2010-07-29T14:50:29+00:00

The entitlement entries themselves will be rather simple, consisting
of the objectClasses ipaObject and pkiUser. We will just store
userCertificate in it. The DN will contain the UUID of the entitlement.

ticket #27

This patch removes the existing UI functionality, as a prep for adding the Javascript based ui.

2010-07-29T14:44:56+00:00

1. Schema cleanup

2010-07-21T15:40:25+00:00

The ipaAssociation is the core of different association object.
It seems that the service is an exception rather then rule.
So it is moved into the object where it belongs.

Fixed matching rules and some attribute types.

Addressing ticket: https://fedorahosted.org/freeipa/ticket/89

Removed unused password attribute and realigned OIDs.

Fix nis netgroup configuration

2010-07-15T15:18:15+00:00

This was originally configured to pull from the compat area but Nalin
thinks that is a bad idea (and it stopped working anyway). This configures
the netgroup map to create the triples on its own.

Ticket #87

Fix ipa-compat-manage and ipa-nis-manage

2010-07-15T15:18:11+00:00

Neither of these was working properly, I assume due to changes in the ldap
backend. The normalizer now appends the basedn if it isn't included and
this was causing havoc with these utilities.

After fixing the basics I found a few corner cases that I also addressed:
- you can't/shouldn't disable compat if the nis plugin is enabled
- we always want to load the nis LDAP update so we get the netgroup config
- LDAPupdate.update() returns True/False, not an integer

I took some time and fixed up some things pylint complained about too.

Ticket #83

Handle errors raised by plugins more gracefully in mod_wsgi.

2010-07-12T13:32:33+00:00

This started as an effort to display a more useful error message in the
Apache error log if retrieving the schema failed. I broadened the scope
a little to include limiting the output in the Apache error log
so errors are easier to find.

This adds a new configuration option, startup_traceback. Outside of
lite-server.py it is False by default so does not display the traceback
that lead to the StandardError being raised. This makes the mod_wsgi
error much easier to follow.

Add support for User-Private Groups

2010-07-06T19:39:34+00:00

This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).

Add maintainer-clean target

2010-06-24T18:23:27+00:00

Add separate role group for enrolling hosts, enrollhost

2010-06-22T17:56:17+00:00

Remove unused attribute serviceName and re-number schema

2010-06-21T13:53:02+00:00

serviceName was originally part of the HBAC rules. We dropped it
to use a separate service object instead so we could more easily
do groups of services in rules.