freeipa.git/ipalib, branch kdc-fixes FreeIPA patches Fix incorrect type comparison in trust-fetch-domains 2015-08-06T08:16:30+00:00 Tomas Babej tbabej@redhat.com 2015-08-05T15:31:47+00:00 7688bbcc33eb24a86ede7dc12ea9c64a27006aa8 Value needs to be unpacked from the list and converted before comparison. https://fedorahosted.org/freeipa/ticket/5182 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Value needs to be unpacked from the list and converted before comparison.

https://fedorahosted.org/freeipa/ticket/5182

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fix otptoken-remove-managedby command summary 2015-08-05T10:27:48+00:00 Fraser Tweedale ftweedal@redhat.com 2015-08-05T05:50:07+00:00 e28a45072004d93ced9bf81b3810fbd2652664b5 Reviewed-By: Tomas Babej <tbabej@redhat.com> 
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Port from python-kerberos to python-gssapi 2015-08-05T06:08:00+00:00 Michael Simacek msimacek@redhat.com 2015-07-16T16:22:00+00:00 f0b4c4487ed77a3037cbbc46206d598c58f06bb1 kerberos library doesn't support Python 3 and probably never will. python-gssapi library is Python 3 compatible. https://fedorahosted.org/freeipa/ticket/5147 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Robbie Harwood <rharwood@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> 
kerberos library doesn't support Python 3 and probably never will.
python-gssapi library is Python 3 compatible.

https://fedorahosted.org/freeipa/ticket/5147

Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
store certificates issued for user entries as userCertificate;binary 2015-08-04T11:57:33+00:00 Martin Babinsky mbabinsk@redhat.com 2015-08-03T11:36:29+00:00 3257ac6b876e9e62cae58060c96c525ff0df1ae3 This patch forces the user management CLI command to store certificates as userCertificate;binary attribute. The code to retrieve of user information was modified to enable outputting of userCertificate;binary attribute to the command line. The modification also fixes https://fedorahosted.org/freeipa/ticket/5173 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
This patch forces the user management CLI command to store certificates as
userCertificate;binary attribute. The code to retrieve of user information was
modified to enable outputting of userCertificate;binary attribute to the
command line.

The modification also fixes https://fedorahosted.org/freeipa/ticket/5173

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
user-show: add --out option to save certificates to file 2015-07-31T14:11:17+00:00 Fraser Tweedale ftweedal@redhat.com 2015-07-24T13:31:26+00:00 896783bae817ef16ca1cb31a0c434fe863287cc3 Add the --out option to user-show, bringing it into line with host-show and service-show with the ability to save the user's certificate(s) to a file. https://fedorahosted.org/freeipa/ticket/5171 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Add the --out option to user-show, bringing it into line with
host-show and service-show with the ability to save the user's
certificate(s) to a file.

https://fedorahosted.org/freeipa/ticket/5171

Reviewed-By: Martin Basti <mbasti@redhat.com>
certprofile-import: do not require profileId in profile data 2015-07-31T14:00:57+00:00 Christian Heimes cheimes@redhat.com 2015-07-23T15:48:56+00:00 a4ade199aa594307cdd6bc43d1729cc42e92fd1e certprofile-import no longer requires profileId in profile data. Instead the profile ID from the command line is taken and added to the profile data internally. If profileId is set in the profile, then it still has to match the CLI option. https://fedorahosted.org/freeipa/ticket/5090 Reviewed-By: Martin Basti <mbasti@redhat.com> 
certprofile-import no longer requires profileId in profile data. Instead
the profile ID from the command line is taken and added to the profile
data internally.

If profileId is set in the profile, then it still has to match the CLI
option.

https://fedorahosted.org/freeipa/ticket/5090

Reviewed-By: Martin Basti <mbasti@redhat.com>
Validate vault's file parameters 2015-07-31T13:33:49+00:00 Christian Heimes cheimes@redhat.com 2015-07-30T13:48:40+00:00 8e28ddd8fab40e985756729f23e8f352d2dab071 A user can pass file names for password, public and private key files to the vault plugin. The plugin attempts to read from these files. If any file can't be, an internal error was raised. The patch wraps all reads and turns any IOError and UnicodeError into a ValidationError. https://fedorahosted.org/freeipa/ticket/5155 Reviewed-By: Martin Basti <mbasti@redhat.com> 
A user can pass file names for password, public and private key files to
the vault plugin. The plugin attempts to read from these files. If any
file can't be, an internal error was raised. The patch wraps all reads
and turns any IOError and UnicodeError into a ValidationError.

https://fedorahosted.org/freeipa/ticket/5155

Reviewed-By: Martin Basti <mbasti@redhat.com>
Modernize number literals 2015-07-31T13:22:19+00:00 Petr Viktorin pviktori@redhat.com 2015-07-15T14:38:06+00:00 b8c46f2a32d0d8c2dc6ef0867f85f63cf076a004 Use Python-3 compatible syntax, without breaking compatibility with py 2.7 - Octals literals start with 0o to prevent confusion - The "L" at the end of large int literals is not required as they use long on Python 2 automatically. - Using 'int' instead of 'long' for small numbers is OK in all cases except strict type checking checking, e.g. type(0). https://fedorahosted.org/freeipa/ticket/4985 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Use Python-3 compatible syntax, without breaking compatibility with py 2.7

- Octals literals start with 0o to prevent confusion
- The "L" at the end of large int literals is not required as they use
  long on Python 2 automatically.
- Using 'int' instead of 'long' for small numbers is OK in all cases except
  strict type checking checking, e.g. type(0).

https://fedorahosted.org/freeipa/ticket/4985

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ULC: Fix stageused-add --from-delete command 2015-07-29T15:06:54+00:00 Martin Basti mbasti@redhat.com 2015-07-23T08:52:54+00:00 cea52ce186d9341f126ef6a9ac5f0287c4f16ada Nonexistent method was used to move deleted user to staged area. Minor fixes added: * handle not found error * return new DN https://fedorahosted.org/freeipa/ticket/5145 Reviewed-By: David Kupka <dkupka@redhat.com> 
Nonexistent method was used to move deleted user to staged area.
Minor fixes added:
 * handle not found error
 * return new DN

https://fedorahosted.org/freeipa/ticket/5145

Reviewed-By: David Kupka <dkupka@redhat.com>
ACI plugin: correctly parse bind rules enclosed in parentheses 2015-07-29T14:40:32+00:00 Martin Babinsky mbabinsk@redhat.com 2015-07-23T13:45:35+00:00 a2ba9373070b19c158be8be78f7fbeee5ccab081 Since bind rule such as `(userdn = "ldap:///anyone")` is also a valid statement, the ipalib ACI parser was updated to handle this case. https://fedorahosted.org/freeipa/ticket/5037 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Since bind rule such as `(userdn = "ldap:///anyone")` is also a valid
statement, the ipalib ACI parser was updated to handle this case.

https://fedorahosted.org/freeipa/ticket/5037

Reviewed-By: Martin Basti <mbasti@redhat.com>