summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Display token type when viewing tokenNathaniel McCallum2014-10-203-5/+28
| | | | | | | | | When viewing a token from the CLI or UI, the type of the token should be displayed. https://fedorahosted.org/freeipa/ticket/4563 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Update contributorsMartin Kosek2014-10-202-28/+68
| | | | | | | | | Add missing developers contributing to project git. Cancel "Past and Occcasional" section and merge the people in the right categories. Update .mailmap so that the Developer list can be easily re-generated. Reviewed-By: Gabe Alford <redhatrises@gmail.com>
* webui: add new iduseroverride fieldsPetr Vobornik2014-10-171-1/+12
| | | | | | | | - add gecos, gidnumber, loginshell, sshkeys fields https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add link to OTP token appPetr Vobornik2014-10-173-1/+11
| | | | | | | | | - display info message which points user to FreeOTP project page - the link or the text can be easily changed by a plugin if needed https://fedorahosted.org/freeipa/ticket/4469 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: error out if appling Default Trust View on hostsPetr Vobornik2014-10-171-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4615 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* tests: management of keytab permissionsPetr Vobornik2014-10-172-0/+730
| | | | | | https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* keytab manipulation permission managementPetr Vobornik2014-10-176-11/+360
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds new API: ipa host-allow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-retrieve-keytab HOSTNAME --users=STR --groups STR ipa host-allow-create-keytab HOSTNAME --users=STR --groups STR ipa host-disallow-create-keytab HOSTNAME --users=STR --groups STR ipa service-allow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-retrieve-keytab PRINCIPAL --users=STR --groups STR ipa service-allow-create-keytab PRINCIPAL --users=STR --groups STR ipa service-disallow-create-keytab PRINCIPAL --users=STR --groups STR these methods add or remove user or group DNs in `ipaallowedtoperform` attr with `read_keys` and `write_keys` subtypes. service|host-mod|show outputs these attrs only with --all option as: Users allowed to retrieve keytab: user1 Groups allowed to retrieve keytab: group1 Users allowed to create keytab: user1 Groups allowed to create keytab: group1 Adding of object class is implemented as a reusable method since this code is used on many places and most likely will be also used in new features. Older code may be refactored later. https://fedorahosted.org/freeipa/ticket/4419 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* dns: fix privileges' memberof during dns installPetr Vobornik2014-10-171-0/+30
| | | | | | | | | | Permissions with member attrs pointing to privileges are created before the privileges. Run memberof plugin task to fix other ends of the relationships. https://fedorahosted.org/freeipa/ticket/4637 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Check LDAP instead of local configuration to see if IPA CA is enabledJan Cholasta2014-10-1716-65/+144
| | | | | | | | The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not fix trust flags in the DS NSS DB in ipa-upgradeconfigJan Cholasta2014-10-171-6/+5
| | | | | | | | | It is necessary to fix trust flags only in the HTTP NSS DB, as it is used as a source in the upload_cacrt update plugin. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfigJan Cholasta2014-10-171-1/+5
| | | | | | | | This fixes upgrade from CA-less to CA-full after IPA upgrade. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove changetype attribute from update pluginMartin Kosek2014-10-171-1/+0
| | | | The attribute addition had no effect, but it should not be there.
* Add ipa-client-install switch --request-cert to request cert for the hostJan Cholasta2014-10-162-12/+97
| | | | | | | | | The certificate is stored in /etc/ipa/nssdb under the nickname "Local IPA host". https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix certmonger.request_certJan Cholasta2014-10-161-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4550 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix CA cert validity check for CA-less and external CA installer optionsJan Cholasta2014-10-161-1/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/4612 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove token vendor, model and serial defaultsNathaniel McCallum2014-10-163-13/+7
| | | | | | | | | These defaults are pretty useless and cause more confusion than they are worth. The serial default never worked anyway. And now that we are displaying the token type separately, there is no reason to doubly record these data points. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove token ID from self-service UINathaniel McCallum2014-10-161-6/+2
| | | | | | Also, fix labels to properly use i18n strings for token types. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Raise better error message for permission added to generated treeMartin Kosek2014-10-161-1/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4523 Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-ca-installJan Cholasta2014-10-162-2/+12
| | | | | | | | | The --ca-signing-algorithm option is available in ipa-server-install, make it available in ipa-ca-install as well. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix typo causing certmonger is provided with wrong path to ipa-submit.David Kupka2014-10-161-3/+4
| | | | | | | | | Using strip() instead split() caused that only first character of path was specified. Also using shlex for more robust parsing. https://fedorahosted.org/freeipa/ticket/4624 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix printing of reverse zones in ipa-dns-install.David Kupka2014-10-161-2/+2
| | | | | | | This was forgotten in patch for ticket https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Stop dogtag when updating its configuration in ipa-upgradeconfig.David Kupka2014-10-152-23/+30
| | | | | | | | | Modifying CS.cfg when dogtag is running may (and does) result in corrupting this file. https://fedorahosted.org/freeipa/ticket/4569 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-143-4/+9
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-144-0/+157
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ignore irrelevant subtrees in schema compat pluginLudwig Krispenz2014-10-141-0/+14
| | | | | | | | | | For changes in cn=changelog or o=ipaca the scheam comapat plugin doesn't need to be executed. It saves many internal searches and reduces contribution to lock contention across backens in DS. https://fedorahosted.org/freeipa/ticket/4586 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Set IPA CA for freeipa certificates.David Kupka2014-10-141-1/+5
| | | | | | | | | | In previous versions (before moving certmonger.py to DBus) it was set and some tools and modules depends on it. For example: ipa-getcert uses this to filter freeipa certificates. https://fedorahosted.org/freeipa/ticket/4618 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-136-4/+41
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Require slapi-nis 0.54 or later for ID views supportAlexander Bokovoy2014-10-131-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update API version for ID views supportAlexander Bokovoy2014-10-131-2/+2
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow override of gecos field in ID viewsAlexander Bokovoy2014-10-133-6/+12
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify GID of the userAlexander Bokovoy2014-10-132-4/+12
| | | | | | Resolves https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify SSH public keysAlexander Bokovoy2014-10-132-2/+48
| | | | | | | | | | | | | Overrides for users can have SSH public keys. This, however, will not enable SSH public keys from overrides to be actually used until SSSD gets fixed to pull them in. SSSD ticket for SSH public keys in overrides: https://fedorahosted.org/sssd/ticket/2454 Resolves https://fedorahosted.org/freeipa/ticket/4509 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Support overridding user shell in ID viewsAlexander Bokovoy2014-10-133-6/+13
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Check that port 8443 is available when installing PKI.David Kupka2014-10-104-0/+27
| | | | | | https://fedorahosted.org/freeipa/ticket/4564 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix certmonger configuration in installer codeJan Cholasta2014-10-106-104/+78
| | | | | | https://fedorahosted.org/freeipa/ticket/4619 Reviewed-By: David Kupka <dkupka@redhat.com>
* Support building RPMs for RHEL/CentOS 7.0Jan Cholasta2014-10-091-8/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add RHEL platform moduleJan Cholasta2014-10-095-1/+149
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Split off generic Red Hat-like platform code from Fedora platform codeJan Cholasta2014-10-099-552/+707
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix ipactl service orderingMartin Basti2014-10-091-1/+5
| | | | | | | | | Ipactl sorted service start order as string, which causes service with start order 100 starts before service with start order 30. Patch fixes ipactl to use integers for ordering. Reviewed-By: David Kupka <dkupka@redhat.com>
* Missing requires on python-dns in spec fileGabe2014-10-091-3/+3
| | | | | | | | - Updated to required python-dns version 1.11.1 https://fedorahosted.org/freeipa/ticket/4613 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS missing testsMartin Basti2014-10-091-0/+20
| | | | | | | * try to remove non-existent permission * try to remove idnssoamname using dnszone-mod --name-server= Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix example usage in ipa man page.David Kupka2014-10-081-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4587 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove misleading authorization error message in cert-request with --addJan Cholasta2014-10-081-5/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4540 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* sudo integration test: Remove the local user testPetr Viktorin2014-10-031-23/+0
| | | | | | | | | SSSD does not support sudo rules for local users; these should be added in a local sudoers file. https://fedorahosted.org/freeipa/ticket/4608 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui-ci: adjust dnszone-add test to recent DNS changesPetr Vobornik2014-10-031-3/+0
| | | | | | | | 'idnssoamname', 'ip_address' and 'force' fields were removed from DNS zone adder dialog in #4149 https://fedorahosted.org/freeipa/ticket/4604 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* backup/restore: Add files from /etc/ipa/nssdbPetr Viktorin2014-10-022-6/+6
| | | | | | | | | | Add files from /etc/ipa/nssdb (IPA_NSSDB_DIR), which now used instead of /etc/pki/nssdb (NSS_DB_DIR). The old location is still supported. https://fedorahosted.org/freeipa/ticket/4597 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* test_forced_client_reenrollment: Don't check for host certificatesPetr Viktorin2014-10-021-1/+1
| | | | | | | Since ticket 4449 we no longer generate host certificates by defailt. Checdk that they are not present. https://fedorahosted.org/freeipa/ticket/4601
* Sudorule RunAsUser should work with external groupsMartin Kosek2014-10-021-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4600 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_service_plugin: Do not lowercase memberof_rolePetr Viktorin2014-10-011-1/+1
| | | | | | This adjusts the test for the change in commit 792c3f9c8c65e24953241247a242490c8fb32492 Related ticket: https://fedorahosted.org/freeipa/ticket/4192
* Refactor selinuxenabled checkFrancesco Marella2014-09-301-23/+20
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4571 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 22:08:01 +0000