freeipa.git/ipaserver/plugins, branch replica_kdc FreeIPA patches add whoami command 2017-03-09T13:10:02+00:00 Alexander Bokovoy abokovoy@redhat.com 2017-03-02T16:03:05+00:00 381c1c7a8fe63526d21cb65decb75fb5ffda676a Whoami command allows to query details about currently authenticated identity. The command returns following information: * object class name * function to call to get actual details about the object * arguments to pass to the function There are five types of objects that could bind to IPA using their credentials. `ipa whoami` call expects one of the following: * users * staged users * hosts * Kerberos services * ID user override from the default trust view The latter category of objects is automatically mapped by SASL GSSAPI mapping rule in 389-ds for users from trusted Active Directory forests. The command is expected to be used by Web UI to define proper view for the authenticated identity. It is not visible in the command line interface is `ipa` command. Below is an example of how communication looks like for a host principal: # kinit -k # ipa console (Custom IPA interactive Python console) >>> api.Command.whoami() {u'command': u'host_show/1', u'object': u'host', u'arguments': (u'ipa.example.com',)} >>> Fixes https://pagure.io/freeipa/issue/6643 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
Whoami command allows to query details about currently
authenticated identity. The command returns following information:

  * object class name
  * function to call to get actual details about the object
  * arguments to pass to the function

There are five types of objects that could bind to IPA using their
credentials. `ipa whoami` call expects one of the following:

  * users
  * staged users
  * hosts
  * Kerberos services
  * ID user override from the default trust view

The latter category of objects is automatically mapped by SASL GSSAPI
mapping rule in 389-ds for users from trusted Active Directory forests.

The command is expected to be used by Web UI to define proper view for
the authenticated identity. It is not visible in the command line
interface is `ipa` command.

Below is an example of how communication looks like for a host
principal:

   # kinit -k
   # ipa console
   (Custom IPA interactive Python console)
   >>> api.Command.whoami()
   {u'command': u'host_show/1', u'object': u'host', u'arguments': (u'ipa.example.com',)}
   >>>

Fixes https://pagure.io/freeipa/issue/6643

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
WebUI: Add cermapmatch module 2017-03-08T15:22:01+00:00 Pavel Vomacka pvomacka@redhat.com 2017-03-07T20:31:22+00:00 61cd4372e142662c06c881886709fe1b573102a9 Add module which can show users which are mapped to the provided certificate. Additionaly, the certificate is parsed and parsed information are also displayed. https://pagure.io/freeipa/issue/6601 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
Add module which can show users which are mapped to the provided certificate.
Additionaly, the certificate is parsed and parsed information are
also displayed.

https://pagure.io/freeipa/issue/6601

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
dns: fix `dnsrecord_add` interactive mode 2017-03-08T14:52:41+00:00 Jan Cholasta jcholast@redhat.com 2017-02-23T13:21:59+00:00 1e912f5b83166154806e0382f3f028d0eac81731 `dnsrecord_add` interactive mode might prompt for value of non-existent arguments `a_part_create_reverse` and `aaaa_part_create_reverse`. This happens because `dnsrecord_add` extra flags are incorrectly defined as parts of the respective DNS records. Remove extra flags from DNS record parts to fix the interactive mode on old clients talking to new servers. Skip non-existent arguments in the interactive mode to fix new clients talking to old servers. https://fedorahosted.org/freeipa/ticket/6457 Reviewed-By: Martin Basti <mbasti@redhat.com> 
`dnsrecord_add` interactive mode might prompt for value of non-existent
arguments `a_part_create_reverse` and `aaaa_part_create_reverse`. This
happens because `dnsrecord_add` extra flags are incorrectly defined as
parts of the respective DNS records.

Remove extra flags from DNS record parts to fix the interactive mode on old
clients talking to new servers. Skip non-existent arguments in the
interactive mode to fix new clients talking to old servers.

https://fedorahosted.org/freeipa/ticket/6457

Reviewed-By: Martin Basti <mbasti@redhat.com>
IdM Server: list all Employees with matching Smart Card 2017-03-08T14:08:41+00:00 Florence Blanc-Renaud flo@redhat.com 2017-02-23T17:04:47+00:00 ea34e17a46a60efb9c4dc81dab919a1639dec73b Implement a new IPA command allowing to retrieve the list of users matching the provided certificate. The command is using SSSD Dbus interface, thus including users from IPA domain and from trusted domains. This requires sssd-dbus package to be installed on IPA server. https://fedorahosted.org/freeipa/ticket/6646 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Implement a new IPA command allowing to retrieve the list of users matching
the provided certificate.
The command is using SSSD Dbus interface, thus including users from IPA
domain and from trusted domains. This requires sssd-dbus package to be
installed on IPA server.

https://fedorahosted.org/freeipa/ticket/6646

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Add support for custom table pagination size 2017-03-08T13:54:56+00:00 Pavel Vomacka pvomacka@redhat.com 2016-08-11T13:58:23+00:00 e1dfc51e48050ac1ad431d56003dc26e17ca653e New customization button opens dialog with field for setting the number of lines in tables. After saving the new value there is new topic which starts refreshing current table facet (if shown) and set all other facets expired. Therefore all tables are immediately regenerated. https://fedorahosted.org/freeipa/ticket/5742 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
New customization button opens dialog with field for setting the number of lines
in tables. After saving the new value there is new topic which starts refreshing
current table facet (if shown) and set all other facets expired. Therefore all
tables are immediately regenerated.

https://fedorahosted.org/freeipa/ticket/5742

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
WebUI: Add certmap module 2017-03-08T09:14:21+00:00 Pavel Vomacka pvomacka@redhat.com 2017-01-16T13:16:47+00:00 19426f32ff99feb7c64a4174728cd2b6b946a49a Add facets for certmaprule and certmapconfigure entities. https://fedorahosted.org/freeipa/ticket/6601 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
Add facets for certmaprule and certmapconfigure entities.

https://fedorahosted.org/freeipa/ticket/6601

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
WebUI: Change structure of Identity submenu 2017-03-07T19:04:01+00:00 Pavel Vomacka pvomacka@redhat.com 2017-03-02T09:31:48+00:00 070bc48dd6c9bce32caa0f0f2de8d44b4e5bbbb1 Previously there were 'User Groups', 'Host Groups' and 'Netgroups' separately, now these three items are grouped into one named 'Groups' which has sidebar with three items mentioned above. This change allows us to move ID views into Identity submenu. https://pagure.io/freeipa/issue/6717 Reviewed-By: Simo Sorce <ssorce@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
Previously there were 'User Groups', 'Host Groups' and 'Netgroups'
separately, now these three items are grouped into one named 'Groups'
which has sidebar with three items mentioned above.

This change allows us to move ID views into Identity submenu.

https://pagure.io/freeipa/issue/6717

Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Add SHA256 fingerprints for certs 2017-03-07T18:52:43+00:00 Tomas Krizek tkrizek@redhat.com 2017-02-23T16:03:01+00:00 a06c71b1268850e485e89049ed3654f893edff0b https://fedorahosted.org/freeipa/ticket/6701 Reviewed-By: Pavel Vomacka <pvomacka@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> 
https://fedorahosted.org/freeipa/ticket/6701

Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
rabase.get_certificate: make serial number arg mandatory 2017-03-07T12:24:16+00:00 Fraser Tweedale ftweedal@redhat.com 2017-03-06T02:50:55+00:00 3ba0375c831eca673c2df146b565a32dbc03fdb3 In rabase.get_certificate it does not make sense for the serial_number argument to be optional. Make it a mandatory positional argument. Part of: https://pagure.io/freeipa/issue/3473 Part of: https://pagure.io/freeipa/issue/5011 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
In rabase.get_certificate it does not make sense for the
serial_number argument to be optional.  Make it a mandatory
positional argument.

Part of: https://pagure.io/freeipa/issue/3473
Part of: https://pagure.io/freeipa/issue/5011

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Extract method to map principal to princpal type 2017-03-03T11:09:57+00:00 Fraser Tweedale ftweedal@redhat.com 2017-01-25T06:14:59+00:00 11c9df25774fbc8ed24b30f75c205d12ca3c5b90 Part of: https://pagure.io/freeipa/issue/5011 Reviewed-By: Tomas Krizek <tkrizek@redhat.com> 
Part of: https://pagure.io/freeipa/issue/5011

Reviewed-By: Tomas Krizek <tkrizek@redhat.com>