summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Move OTP synchronization step to after counter writebackNathaniel McCallum2014-09-301-11/+7
| | | | | | | | This prevents synchronization when an authentication collision occurs. https://fedorahosted.org/freeipa/ticket/4493 Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
* VERSION,Makefile: Rename "pre" to "alpha"Petr Viktorin2014-09-302-11/+12
| | | | | | | Last time (2.1) we used "Preview/Testing" for the pre-beta release, but the Git tags were still named alpha_*. Use "alpha", remove "pre".
* idviews: Fix typo in upgrade handling of the Default Trust ViewTomas Babej2014-09-301-5/+5
| | | | | | | | | Fixed missing comma. Also removes leading spaces from the ldif, since this is not stripped by the updater. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: add link from host to idviewPetr Vobornik2014-09-305-1/+40
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: list only not-applied hosts in "apply to host" dialogPetr Vobornik2014-09-301-2/+22
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: facet group labels for idview's facetsPetr Vobornik2014-09-303-1/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: new ID views sectionPetr Vobornik2014-09-3010-5/+769
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add simple link column supportPetr Vobornik2014-09-302-1/+9
| | | | | | | | Usual link columns are link with primary key of current entity. This patch allows to create a link to arbitrary non-nested entity. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow to skip link widget link validationPetr Vobornik2014-09-301-3/+16
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: do not show internal facet name to userPetr Vobornik2014-09-301-1/+0
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: treat value as pkey in link widgetPetr Vobornik2014-09-301-3/+5
| | | | | | | | | | Current default mechanism of a link widget assumes that pkeys of a current facet are pkeys for the link. It works for the only usage - in password policy. It's rather inflexible since it can't be used if the keys are in other attribute. This behavior is also bad in nested entities - creates a link to itself which is pointless. This patch changes the default behavior to assume that the supplied value are the pkeys and that the last pkey is the value to display. It also keeps the old method of overriding `other_pkeys` method so if the last and only pkey is the actual value to display then the method can tranform it into the pkeys which keeps compatibility with descendant widgets (`host_dnsrecord_entity_link_widget`, `dnsrecord_host_link_widget`). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improve breadcrumb navigationPetr Vobornik2014-09-301-15/+29
| | | | | | | | | | | | | Fixes issue when: - user navigates to a nested facet - refreshes browser - uses breadcrumb navigation to go to parent entity page which requires a pkey. E.g. from automount keys to maps. The old code relies on the facet, that user visited the parent facet before and therefore the facet has pkey stored. It fails after the browser reload. Allows to specify a containing_facet. It allows breadcrumb navigation to return to a different facet than the 'default'. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: Create Default Trust View for upgraded serversTomas Babej2014-09-301-0/+48
| | | | | | | | | | | For upgraded servers with enabled AD trust support, we want to ensure that Default Trust View entry is created. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Make sure only regular IPA objects are allowed to be overridenTomas Babej2014-09-301-1/+17
| | | | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Display the list of hosts when using --allTomas Babej2014-09-301-1/+8
| | | | | | | | | | | | | | Enumerating hosts is a potentially expensive operation (uses paged search to list all the hosts the ID view applies to). Show the list of the hosts only if explicitly asked for (or asked for --all). Do not display with --raw, since this attribute does not exist in LDAP. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Catch errors on unsuccessful AD object lookup when resolving object ↵Tomas Babej2014-09-301-8/+13
| | | | | | | | | | | | | name to anchor When resolving non-existent objects, domain validator will raise ValidationError. We need to anticipate and properly handle this case. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Make sure the dict.get method is not abused for MUST attributesTomas Babej2014-09-301-4/+4
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Handle Default Trust View properly in the frameworkTomas Babej2014-09-301-0/+39
| | | | | | | | | | | | Make sure that: 1.) IPA users cannot be added to the Default Trust View 2.) Default Trust View cannot be deleted or renamed Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add Default Trust View as part of adtrustinstallTomas Babej2014-09-303-0/+29
| | | | | | | | | | Add a Default Trust View, which is used by SSSD as default mapping for AD users. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Make description optional for the ID View objectTomas Babej2014-09-302-3/+3
| | | | | | | | | | Description of any object should not be required. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Fix casing of ID Views to be consistentTomas Babej2014-09-301-35/+35
| | | | | | | | | | Replace all occurences of "ID view(s)" with "ID View(s)". Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Update the referential plugin config to watch for ipaAssignedIDViewTomas Babej2014-09-302-0/+8
| | | | | | | | | | | We need the referential plugin config to watch for changes in the ID view objects, since hosts refer to them in ipaAssignedIDView attribute. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaOriginalUidTomas Babej2014-09-304-7/+38
| | | | | | | | | | | For slapi-nis plugin, we need to cache the original uid value of the user in the override object. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipatests: Add xmlrpc tests for idviews pluginTomas Babej2014-09-302-0/+1354
| | | | | | | | | | Add coverage for the ID views and ID overrides. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Resolve anchors to object names in idview-showTomas Babej2014-09-301-111/+128
| | | | | | | | | | | When running idview-show, users will expect a proper object name instead of a object anchor. Make sure the anchors are resolved to the object names unless --raw option was passed. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Raise NotFound errors if object to override could not be foundTomas Babej2014-09-301-0/+7
| | | | | | | | | | | If the object user wishes to override cannot be found, we should properly raise a NotFound error. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Change format of IPA anchor to include domainTomas Babej2014-09-301-2/+14
| | | | | | | | | | | | | | The old format of the IPA anchor, :IPA:<object_uuid> does not contain for the actual domain of the object. Once IPA-IPA trusts are introduced, we will need this information to be kept to be able to resolve the anchor. Change the IPA anchor format to :IPA:<domain>:<object_uuid> Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Alter idoverride methods to work with splitted objectsTomas Babej2014-09-301-40/+28
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Split the idoverride commands into iduseroverride and idgroupoverrideTomas Babej2014-09-303-23/+146
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Split the idoverride object into iduseroverride and idgroupoverrideTomas Babej2014-09-301-54/+103
| | | | | | | | | | | | To be able to better deal with the conflicting user / group names, we split the idoverride objects in the two types. This simplifies the implementation greatly, as we no longer need to set proper objectclasses on each idoverride-mod operation. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Support specifying object names instead of raw anchors onlyTomas Babej2014-09-302-0/+122
| | | | | | | | | | | | Improve usability of the ID overrides by allowing user to specify the common name of the object he wishes to override. This is subsequently converted to the ipaOverrideAnchor, which serves as a stable reference for the object. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* trusts: Add conversion from SID to object nameTomas Babej2014-09-301-0/+49
| | | | | | | | | | | Since SID is often used as a unique identifier for AD objects, we need to convert a SID to actual object name in the AD. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Extend idview-show command to display assigned idoverrides and hostsTomas Babej2014-09-302-41/+131
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipa idview-apply and idview-unapply commandsTomas Babej2014-09-302-3/+195
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* hostgroup: Selected PEP8 fixes for the hostgroup pluginTomas Babej2014-09-301-11/+4
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* hostgroup: Remove redundant and star importsTomas Babej2014-09-301-2/+5
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* hostgroup: Add helper that returns all members of a hostgroupTomas Babej2014-09-301-0/+8
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idvies: Add managed permissions for idview and idoverride objectsTomas Babej2014-09-302-0/+27
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Create basic idview plugin structureTomas Babej2014-09-302-0/+331
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: PEP8 fixes for host pluginTomas Babej2014-09-301-18/+22
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipalib: Remove redundant and star imports from host pluginTomas Babej2014-09-301-8/+8
| | | | | | | | | | Also fixes incorrect error catching for UnicodeDecodeError. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add ipaAssignedIDVIew reference to the host objectTomas Babej2014-09-303-8/+14
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Create container for ID views under cn=accountsTomas Babej2014-09-303-0/+6
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Add necessary schema for the ID viewsTomas Babej2014-09-304-1/+11
| | | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add missing imports to ipapython.certdbJan Cholasta2014-09-301-0/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4416 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Do not crash in CAInstance.__init__ when default argument values are usedJan Cholasta2014-09-301-2/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix certmonger search for the CA cert in ipa-certupdate and ipa-cacert-manageJan Cholasta2014-09-302-2/+6
| | | | | | | | The search criteria did not include the CA agent name. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Fix certmonger.wait_for_requestJan Cholasta2014-09-301-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4558 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Remove ipa-ca.crt from systemwide CA store on client uninstall and cert updateJan Cholasta2014-09-303-10/+30
| | | | | | | | | | | | | | | | The file was used by previous versions of IPA to provide the IPA CA certificate to p11-kit and has since been obsoleted by ipa.p11-kit, a file which contains all the CA certificates and associated trust policy from the LDAP certificate store. Since p11-kit is hooked into /etc/httpd/alias, ipa-ca.crt must be removed to prevent certificate import failures in installer code. Also add ipa.p11-kit to the files owned by the freeipa-python package. https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Get server hostname from jsonrpc_uri in ipa-certupdateJan Cholasta2014-09-301-4/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/3259 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-03 05:24:14 +0000