summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Do not allow installation in FIPS modeFlorence Blanc-Renaud2016-06-296-3/+39
| | | | | | | https://fedorahosted.org/freeipa/ticket/5761 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
* Add new custom command multivalued widgetPavel Vomacka2016-06-291-0/+292
| | | | | | | | | Add general class for multivalued widget which uses special commands which are performed immediately. Part of: https://fedorahosted.org/freeipa/ticket/5108 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Updated certificates tablePavel Vomacka2016-06-291-0/+6
| | | | | | | | | All certificates which are not issued by IPA CA are grey and not clickable. That's because these certificates are not maintained by IPA CA. Part of: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the service details pagePavel Vomacka2016-06-291-15/+38
| | | | | | | https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the host details page. Also extends evaluator ↵Pavel Vomacka2016-06-292-23/+79
| | | | | | | | | and add support for adapters. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add new certificates widget to the user details pagePavel Vomacka2016-06-291-2/+31
| | | | | | | https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add certificate widgetPavel Vomacka2016-06-294-24/+311
| | | | | | | | | | The certificate widget is used for each certificate in certs_widget. It allows to view, get, download, revoke and restore certificate. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add widget for showing multiple certificatesPavel Vomacka2016-06-294-64/+111
| | | | | | | | | | Certs widget is based on multivalued widget and adds ability to add new certificate and delete it. Each line is cert_widget. https://fedorahosted.org/freeipa/ticket/5108 https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove old useless actions - get and viewPavel Vomacka2016-06-291-68/+0
| | | | | | | | These two actions are not available any more. So that code is never called. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Changed the way how to handle remove hold and revoke actionsPavel Vomacka2016-06-291-17/+40
| | | | | | | | | Method calling in actions is moved to another function - these calls may be used by another functions, not only by actions. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Refactored certificate view and remove hold dialogPavel Vomacka2016-06-295-112/+192
| | | | | | | | | Removed old layout created using html tables. Now table layout is made by div and modern css styling. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add Object adapterPavel Vomacka2016-06-291-0/+40
| | | | | | | | | Object adapter changes data to more useful format. Single value is reachable as single value, property with more values is transformed to array. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add ability to turn off activity iconPavel Vomacka2016-06-291-4/+42
| | | | | | | | | By specifying correct attribute when creating command it turn off showing activity icon when webui waits for response from the server. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add working widgetPavel Vomacka2016-06-292-0/+77
| | | | | | | | | This widget can be used as notification that some other widget is working. It shows spinner and cover the other widget by specified color. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Extends functionality of DropdownWidgetPavel Vomacka2016-06-291-0/+36
| | | | | | | | | Adds methods which are able to enable and disable options according to the name of option and methods which set or get whole item list. https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add support for custom menu in multivalued widgetPavel Vomacka2016-06-291-16/+66
| | | | | | | | | | Every single widget which is in multivalued widget can now have custom action menu and the delete button is included in this custom action menu. Part of this ticket: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* test: cert: Reflect change in behavior in testsDavid Kupka2016-06-291-2/+3
| | | | | | | | | | | | | Command cert-find with parameter sizelimit set to 0 no longer returns 0 certificates but returns all. More precise ConversionError is returned when parameter is not convertible to its type. https://fedorahosted.org/freeipa/ticket/5381 https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS: Remove unnecessary DNS check from installerPetr Spacek2016-06-291-9/+1
| | | | | | | | | | | | | | Previously we were checking content of DNS before actually adding DNS records for replicas. This is causing cycle in logic and adds weird corner cases to the installer which can blow up on DNS timeout or so. The check was completely unnecessary because the installer knows IP addresses and name of the machine. Removal of the check makes the installer more reliable. https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Use NSS for name->resolution in IPA installerPetr Spacek2016-06-293-6/+43
| | | | | | | | | | | | This fixes scenarios where IPA server is not able to resolve own name and option --ip-address was not specified by the user. This partially reverts changes from commit dc405005f537cf278fd6ddfe6b87060bd13d9a67 https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client-install: do not fail if DNS times out during DNS update generationPetr Spacek2016-06-291-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/5962 Reviewed-By: Martin Basti <mbasti@redhat.com>
* test: automember: Fix expected exception messageDavid Kupka2016-06-291-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* The LDAP*ReverseMember shouldn't imply --all is always specifiedStanislav Laznicka2016-06-293-11/+2
| | | | | | | | | | | The LDAP*ReverseMember methods would always return the whole LDAP object even though --all is not specified. Also had to fix some tests as objectClass will not be returned by default now. https://fedorahosted.org/freeipa/ticket/5892 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Revert "Removed dead code from LDAP{Remove,Add}ReverseMember"Stanislav Laznicka2016-06-291-0/+16
| | | | | | | | | While the code was really dead, it should serve a purpose elsewhere. This reverts commit c56d65b064e1e0410c03cf1206816cad4d8d86cc. https://fedorahosted.org/freeipa/ticket/5892 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* schema: fix Flag arguments on the clientJan Cholasta2016-06-291-1/+1
| | | | | | | | Fix Flag arguments appearing as Bool on the client. https://fedorahosted.org/freeipa/ticket/6009 Reviewed-By: David Kupka <dkupka@redhat.com>
* cert-find: fix 'issuer' optionFraser Tweedale2016-06-291-0/+2
| | | | | | | | | | | | | The 'issuer' option of cert-find was recently changed from Str to DNParam, however, 'ra.find' expects a string and throws when it receives a DN. When constructing the dict that gets passed to 'ra.find', turn DNParams into strings. Part of: https://fedorahosted.org/freeipa/ticket/5381 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipa-certupdate: track lightweight CA certificatesFraser Tweedale2016-06-292-9/+82
| | | | | | | | | | | | | | Enhance the ipa-certupdate program to add Certmonger tracking requests for lightweight CA certificates. Also update the dogtag-ipa-ca-renew-agent-submit to not store or retrieve lightweight CA certificates, becaues Dogtag clones observe renewals and update their NSSDBs on their own, and allow the helper to request non-self-signed certificates. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Update lightweight CA serial after renewalFraser Tweedale2016-06-292-18/+72
| | | | | | | | | | | | | | | For CA replicas to pick up renewed lightweight CA signing certificates, the authoritySerial attribute can be updated with the new serial number. Update the renew_ca_cert script, which is executed by Certmonger after writing a renewed CA certificate to the NSSDB, to update the authoritySerial attribute if the certificate belongs to a lightweight CA. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Skip CS.cfg update if cert nickname not knownFraser Tweedale2016-06-293-8/+9
| | | | | | | | | | | | After CA certificate renewal, the ``renew_ca_cert`` helper updates certificate data in CS.cfg. An unrecognised nickname will raise ``KeyError``. To allow the helper to be used for arbitrary certificates (e.g. lightweight CAs), do not fail if the nickname is unrecognised - just skip the update. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* ipaldap: turn LDAP filter utility functions into class methodsFraser Tweedale2016-06-291-16/+19
| | | | | | | | | The LDAP filter utilities do not use any instance attributes, so collectively turn them into class methods to promote reuse. Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Set default OCSP URI on install and upgradeFraser Tweedale2016-06-283-3/+30
| | | | | | | | | | | | | | Dogtag has been updated to support a default OCSP URI when the profile includes AuthInfoAccess with URI method but does not specify the URI (instead of constructing one based on Dogtag's hostname and port). Add the pkispawn config to ensure that the OCSP URI is set before issuing CA and system certificates, and add the config to existing CA instances on upgrade. Fixes: https://fedorahosted.org/freeipa/ticket/5956 Reviewed-By: Martin Basti <mbasti@redhat.com>
* CA replica promotion: add proper CA DNS recordsMartin Basti2016-06-283-6/+13
| | | | | | | | Update 'ipa-ca' records with A/AAAA records of the newly added replica https://fedorahosted.org/freeipa/ticket/5966 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS Locations: cleanup of bininstanceMartin Basti2016-06-287-84/+30
| | | | | | | | | | | | | | | | We don't need anymore: * sample of zone file - list of all records required by IPa will be provided * NTP related params - DNS records will be updated automatically, based on LDAP values * CA related params - DNS records will be updated automatically based * on LDAP values https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* schema: Caching on schema on clientDavid Kupka2016-06-282-10/+223
| | | | | | | | | Store schema in per user cache. Together with schemas also information about mapping between server and fingerprint is stored to reduce traffic. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* env: Add 'server' variable to api.envDavid Kupka2016-06-282-0/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* DNS: Fix tests for realm domains integration with DNS zone addPetr Spacek2016-06-281-5/+5
| | | | | | | | | We forgot to update tests after change in 22f4045f72daf182c44ce574291c0d8a7733713b. https://fedorahosted.org/freeipa/ticket/5980 Reviewed-By: David Kupka <dkupka@redhat.com>
* client: Share validator and domain name normalization with server installPetr Spacek2016-06-281-1/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5976 Reviewed-By: Martin Basti <mbasti@redhat.com>
* frontend: forward command calls using full nameJan Cholasta2016-06-281-1/+6
| | | | | | | | Forward commands to remote server using the full versioned name. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* schema: support plugin versioningJan Cholasta2016-06-284-77/+127
| | | | | | | | Update API schema server and client code to support plugin versioning. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* plugable: support plugin versioningJan Cholasta2016-06-2811-448/+1056
| | | | | | | | | | | | | | Allow multiple incompatible versions of a plugin using the same name. The current plugins are assumed to be version '1'. The unique identifier of plugins was changed from plugin name to plugin name and version. By default, the highest version available at build time is used. If the plugin is an unknown remote plugin, version of '1' is used by default. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* plugable: use plugin class as the key in API namespacesJan Cholasta2016-06-284-69/+83
| | | | | | | | | When iterating over APINameSpace objects, use plugin class rather than its name as the key. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* misc: generate `plugins` result directly in the commandJan Cholasta2016-06-282-6/+8
| | | | | | | | | Move the code that generated result of the `plugins` command from API to the command itself. https://fedorahosted.org/freeipa/ticket/4427 Reviewed-By: David Kupka <dkupka@redhat.com>
* Tests: Make ID views tests reflect new krbcanonicalname attributeLenka Doudova2016-06-281-0/+7
| | | | | | https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* test-{service,host}-plugin: only expect krbcanonicalname when all=TrueMartin Babinsky2016-06-282-6/+0
| | | | | | | | | fixes incorrect assertions in tests that create, retrieve, and search for services https://fedorahosted.org/freeipa/ticket/3864 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* test_serverroles: ensure that test API is initialized with correct ldap_uriMartin Babinsky2016-06-281-1/+6
| | | | | | | | | This ensures that the serverroles test works also when run together with other iaserver test suites. https://fedorahosted.org/freeipa/ticket/6000 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* schema: client-side code cleanupJan Cholasta2016-06-271-242/+190
| | | | | | | | Move client-side code scattered in global functions into neat classes. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* automember: fix automember to work with thin clientJan Cholasta2016-06-273-26/+32
| | | | | | | | | | | Properly mark `cn` as primary key of `automember` object. This fixes automember crashing on output validation expecting primary key value of None. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* schema: do not crash in command_defaults if argument is NoneJan Cholasta2016-06-271-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* schema: fix param default value handlingJan Cholasta2016-06-272-13/+16
| | | | | | | | | | | | Advertise param's default value even when `autofill` is False. When `autofill` is False, set `alwaysask` to True in the schema, as it is semantically equivallent and removes redundancy. This fixes default value disappearing in CLI for some params. https://fedorahosted.org/freeipa/ticket/4739 Reviewed-By: David Kupka <dkupka@redhat.com>
* keep setting ipakrbprincipal objectclass on new service entriesMartin Babinsky2016-06-273-1/+13
| | | | | | | | | | | | | this is required for replica promotion to work, since the ACI allowing hosts to add their own services uses this objectclass as target filter. This partially reverts changes from commit 705f66f7490c64de1adc129221b31927616c485d https://fedorahosted.org/freeipa/ticket/5996 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS Locations: optimization: use server-find to get informationMartin Basti2016-06-271-6/+4
| | | | | | | | | | | Because separated calls for of server-show, getting server data is quite slow. This commit replaces several server-show with one server-find command. There are future plans to improve speed of server-find that will be beneficial for DNS locations. https://fedorahosted.org/freeipa/ticket/2008 Reviewed-By: Petr Spacek <pspacek@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 12:00:20 +0000