summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Update of confirmation of actionsPetr Vobornik2012-09-066-10/+105
| | | | | | | | | | | This patch is changing confirmation of actions according to ticket #3035, see the ticket description. It does following changes: * Confirmation of update action was removed. * Action lists resets to first action (which is usually a NOP: '-- select action --') on change of displayed entry. * New confirmation dialog was implemented. It is used for action confirmation. It is used in IPA.action to replace the call of window.confirm(message). The old call is a modal window which blocks all JS functionality and has different style than other dialogs in Web UI. The new one has same design and doesn't block background operations. https://fedorahosted.org/freeipa/ticket/3035
* Set minimum of 389-ds-base to 1.2.11.8 to pick up cache warning.Rob Crittenden2012-09-051-1/+5
| | | | | | | If the DB is bigger than nsslapd-cachememsize then a warning will be logged by 389-ds-base. https://fedorahosted.org/freeipa/ticket/2739
* Fix DNS SOA serial parameters boundariesMartin Kosek2012-09-064-20/+52
| | | | | | | Set correct boundaries for DNS SOA serial parameters (see RFC 1035, 2181). https://fedorahosted.org/freeipa/ticket/2568
* Transfer long numbers over XMLRPCMartin Kosek2012-09-062-8/+11
| | | | | | | | | | | | Numeric parameters in ipalib were limited by XMLRPC boundaries for integer (2^31-1) which is too low for some LDAP attributes like DNS SOA serial field. Transfer numbers which are not in XMLRPC boundary as a string and not as a number to workaround this limitation. Int parameter had to be updated to also accept Python's long type as valid int type. https://fedorahosted.org/freeipa/ticket/2568
* Support the new Winsync POSIX API.Rob Crittenden2012-09-062-6/+55
| | | | | | | | | | | This will sync down the POSIX attributes from AD so we need to be careful to not mess with them when they are already set. This includes uidNumber, gidNumber, homeDirectory, loginShell and gecos. http://port389.org/wiki/WinSync_Posix http://port389.org/wiki/Windows_Sync_Plugin_API#Version_3_API_functions https://fedorahosted.org/freeipa/ticket/3007
* Allow localhost in zone ACIs - Web UIPetr Vobornik2012-09-061-8/+2
| | | | | Loopback address, "localhost" and "localnets" ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our Web UI validators as well.
* Allow localhost in zone ACIsMartin Kosek2012-09-061-6/+3
| | | | | Loopback address, "localhost" and "localnets" ACIs are no longer an issue for bind-dyndb-ldap. Allow them in our validators.
* Fixed problem while deleting entry with unsaved changesPetr Vobornik2012-09-062-0/+11
| | | | | | While deleting an entry it now resets a facet if there are unsaved changes. It prevents pop up of various error dialogs when UI tries to redirect to search page after successful delete. https://fedorahosted.org/freeipa/ticket/3047
* Generated metadata for testing updatedPetr Vobornik2012-09-062-144/+371
| | | | | | Testing metadata needs to be updated because of fix in json serialization. https://fedorahosted.org/freeipa/ticket/3052
* Added decimal checks to metadata validatorPetr Vobornik2012-09-063-3/+15
| | | | | | Medatadata validator didn't have check for decimal values. It was added. https://fedorahosted.org/freeipa/ticket/3052
* Fixed metadata serialization of Numbers and DNsPetr Vobornik2012-09-063-4/+8
| | | | | | | | There were following problems: 1. DNs and Decimals weren't properly serialized. Serialization output was object with empty __base64__ attribute. It was fixed by converting them to string. 2. numberical values equal to 0 were excluded from metadata. It broke many of minvalue checks in Web UI. Now excluding only None and False values as initally intended. https://fedorahosted.org/freeipa/ticket/3052
* Notify success on add, delete and updatePetr Vobornik2012-09-0610-10/+54
| | | | | | | | | | | Notification of success was added to: * details facet: update * association facet and association widget: add, delete items * attribute facet: delete items (notification of add should be handled in entity adder dialog) * sudo rule: add, remove option * dnsrecord: add, update, delete https://fedorahosted.org/freeipa/ticket/2977
* Permissions: select only applicable options on type changePetr Vobornik2012-09-061-47/+43
| | | | | | | | | | | | | | | | | | | Problem: When a permission is edited, and Type switched, the attributes selected for previous Type are still selected, and update fails, if they are invalid for the new Type. But it should get deselected or not even listed if Type changes. Fix: When Type is changed, attribute list is refreshed and still applicable attributes are chosen. If Type is reverted back, previously chosen attributes are back as chosen. If attributes are extended outside Web UI by not listed attr, this attr is listed at the list end. Note: If user makes change in attribute list before type change, this change is forgotten. https://fedorahosted.org/freeipa/ticket/2617
* Fixed search in HBAC testPetr Vobornik2012-09-061-3/+12
| | | | | | Search in HBAC test wasn't working because expired flag wasn't set. https://fedorahosted.org/freeipa/ticket/2931
* ipasam: replace trim_char() with trim_string()Sumit Bose2012-09-061-2/+1
|
* ipasam: remove fetch_ldap_pw()Sumit Bose2012-09-061-10/+2
|
* ipasam: replace get_global_sam_sid()Sumit Bose2012-09-061-4/+12
|
* ipasam: add libsss_idmap context and replace string_to_sid()Sumit Bose2012-09-062-31/+89
|
* ipasam: Replace global_sid_BuiltinSumit Bose2012-09-061-1/+3
|
* ipasam: Replace sid_peek_check_rid()Sumit Bose2012-09-061-1/+17
|
* ipasam: Replace sid_check_is_our_sam()Sumit Bose2012-09-061-2/+1
|
* ipasam: Replace dom_sid_compare_domain()Sumit Bose2012-09-061-1/+27
|
* ipasam: Replace is_null_sid()Sumit Bose2012-09-061-1/+24
|
* ipasam: replace sid_compose()Sumit Bose2012-09-061-1/+14
|
* ipasam: replace sid_copy()Sumit Bose2012-09-061-1/+15
|
* ipasam: remove talloc_asprintf_strupper_m()Sumit Bose2012-09-061-3/+8
|
* ipasam: remove strlower_m()Sumit Bose2012-09-061-3/+1
|
* ipasam: replace strnequal()Sumit Bose2012-09-061-1/+16
|
* ipasam: remove sid_peek_rid()Sumit Bose2012-09-061-11/+18
|
* ipasam: remove nt_lm_owf_gen() and dependency to libcliauth.soSumit Bose2012-09-061-12/+59
|
* Make encode_ntlm_keys() publicSumit Bose2012-09-066-197/+242
|
* ipasam: cleanup explicit dependencies to samba libsSumit Bose2012-09-061-2/+0
|
* Add safe updates for objectClassesMartin Kosek2012-09-042-2/+52
| | | | | | | | | | | | | | | | | | | Current objectclass updates in a form of "replace" update instruction dependent on exact match of the old object class specification in the update instruction and the real value in LDAP. However, this approach is very error prone as object class definition can easily differ as for example because of unexpected X-ORIGIN value. Such objectclass update failures may lead to serious malfunctions later. When comparing the objectclasses, make sure we normalize them both before we compare them to mitigate these kinds of errors. python-ldap's objectclass model can be utilized to do the normalization part. One objectclass update instruction was changed to do a replace of an objectclass separately from add update instruction so that we really only replace what's stored in LDAP. https://fedorahosted.org/freeipa/ticket/2440
* ipadb_iterate(): handle match_entry == NULLSumit Bose2012-09-052-0/+10
| | | | | | | | | If match_entry == NULL all principals should be iterated. Additionally this patch adds a check in ipadb_filter_escape() to make sure that the input is not NULL. Fixes: https://fedorahosted.org/freeipa/ticket/3011
* Add nsds5ReplicaStripAttrs to replica agreementsPetr Viktorin2012-09-044-84/+125
| | | | | | | | | | Generalize the fix_replica_memberof update plugin to allow updating more replication attributes. Add nsds5ReplicaStripAttrs to replication agreements on update and replica install. https://fedorahosted.org/freeipa/ticket/2534
* Sort policies numerically in pwpolicy-findTomas Babej2012-09-032-3/+5
| | | | | | | | Password policies in pwpolicy-find are now sorted in the expected numerical manner. Also tweaks one of the unit tests so that it tests this behaviour. https://fedorahosted.org/freeipa/ticket/3039
* Make replica install more robustMartin Kosek2012-09-031-12/+26
| | | | | | | | | | | | | | | | | Under certain circumstances, replica installation may fail in "enable GSSAPI for replication" step when it cannot sync LDAP service principals. There is often not much we can do as Directory Server may be in an unrecoverable state but we should at least wait longer before we give up. A function checking replication status was also fixed to give more accurate results by properly comparing start/end time of the replication process and returning an error message to calling function. This error message is then returned to user if do not manage to get the LDAP service principals to give him a pointer to the actual issue. https://fedorahosted.org/freeipa/ticket/2950
* Run ntpdate in verbose mode, not debug (i.e. no-op) modePetr Viktorin2012-09-042-8/+6
| | | | | | | Remove the debug argument to synconce_ntp since we always want the logs to be verbose. https://fedorahosted.org/freeipa/ticket/3048
* Change slapi_mods_init in ipa_winsync_pre_ad_mod_user_mods_cbTomas Babej2012-09-041-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2953
* Internationalization for public errorsPetr Viktorin2012-09-0330-123/+175
| | | | | | | | | | | | Currently, we throw many public exceptions without proper i18n. Wrap natural-language error messages in _() so they can be translated. In the service plugin, raise NotFound errors using handle_not_found helper so the error message contains the offending service. Use ScriptError instead of NotFoundError in bindinstance install. https://fedorahosted.org/freeipa/ticket/1953
* prevent last admin from being disabledJohn Dennis2012-09-033-173/+303
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We prevent the last member of the admin group from being deleted. The same check needs to be performed when disabling a user. * Moved the code in del_user to the common subroutine check_protected_member() and call it from both user_del and user_disable. Note, unlike user_del user_disable does not have a 'pre' callback therefore the check function is called in user_disable's execute routine. * Make check_protected_member() aware of disabled members. It's not sufficient to check which members of the protected group are present, one must only consider those members which are enabled. * Add tests to test_user_plugin.py. - verify you cannot delete nor disable the last member of the admin group - verify when the admin group contains disabled users in addition to enabled users only the enabled users are considered when determining if the last admin is about to be disabled or deleted. * Replace duplicated hardcoded values in the tests with variables or subroutines, this makes the individual tests a bit more succinct and easier to copy/modify. * Update error msg to reflect either deleting or disabling is an error. https://fedorahosted.org/freeipa/ticket/2979
* ipa user-find --manager does not find matchesJohn Dennis2012-09-032-0/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The manager LDAP attribute is a dn pointing inside the user container. When passed on the command it is typically a bare user uid. The search filter will only succeed if the bare uid is converted to a full dn because that is what is stored in the value for the manager attribute. The search failure is solved by calling _normalize_manager() which does the conversion to a dn (if not already a dn). It feels like this type of conversion should be performed in the pre callback which allows one to modify the filter. But when the pre callback is invoked it's complex string with the manager attribute already inserted. This is because the LDAPSearch.execute() method processes the options dict and constructs a filter component for each key/value in the options dict prior to invoking the pre callback. If we wanted to modify the manager value in the filter in the pre callback we would have to decompose the filter string, perform dn checking and then reassemble the filter. It's much cleaner to perform the dn operations on the manager value before it gets embedded into what otherwise might be a very complex filter. This is the reason why the normalization is perfored in the execute method as opposed to the pre callback. Other classes do similar things in their execute methods as opposed to their callbacks's, selinuxusermap_find is one example. Patch also introduces new unit test to verify. https://fedorahosted.org/freeipa/ticket/2264
* Fixes different behaviour of permission-mod and show.Tomas Babej2012-08-292-1/+88
| | | | | | | Both commands now produce the same output regarding the attributelevelrights. https://fedorahosted.org/freeipa/ticket/2875
* Password policy paging with proper sortingPetr Vobornik2012-08-292-3/+6
| | | | | | | | This patch adds option to disable sorting when paging. It allowed to enable paging in password policy with order of items untouched (they are sorted on server side by priority). Also fixing issue when paging is disabled and command summary = null. It displayed 'null' in facet footer. https://fedorahosted.org/freeipa/ticket/2677
* Successful action notificationPetr Vobornik2012-08-2915-81/+135
| | | | | | | | | | | | | | | | | | | User was not notified about success of actions executed from action list, action panel or facet cotrol bar. This patch adds IPA.notify_success(message) call. It creates a yellow notification area with supplied message in Web UI header in the middle of the green area (empty space of first level navigation). This area is displayed for 3s and then it fades out (800ms). It also fades out when it is clicked. This call is used(directly or indirectly) in: * search facets: delete, disable, enable actions * details facets: delete action * user details facet: reset password action * host details facet: unprovision, set OTP actions * service details facet: unprovision action * host and service details facet: request, revoke, restore certificates actions * group details facet: change to POSIX/external actions * dns zone details facet: add/remove permission actions https://fedorahosted.org/freeipa/ticket/2977
* Fix issue which broke setup of Web UI unit testsPetr Vobornik2012-08-291-1/+3
| | | | | | Web UI itself wasn't negatively affected. https://fedorahosted.org/freeipa/ticket/2897
* Revert change causing failure in test automationPetr Vobornik2012-08-291-3/+3
| | | | | | | | Move of click handler in patch for #2834 causes failure of automation tests. This patch reverts the problematic part. It should not affect function of fix for #2824. https://fedorahosted.org/freeipa/ticket/3014
* Restrict the SELinux user map user MLS value to 0-1023Rob Crittenden2012-08-292-1/+13
| | | | https://fedorahosted.org/freeipa/ticket/3001
* Update Contributors.txt fileMartin Kosek2012-08-281-8/+14
| | | | Update list of active developers working on IPA.
* Improves deletion of PTR records in ipa host-delTomas Babej2012-08-281-1/+6
| | | | | | | Command ipa host-del with --updatedns now can deal both with hosts which zones are in FQDN form with or without a trailing dot. https://fedorahosted.org/freeipa/ticket/2809
generated by cgit (git 2.34.1) at 2024-11-19 07:14:36 +0000