| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
cookie.
|
| | | | | | | | | | | |
|
| | | |_|_|_|_|_|_|/
| |/| | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
- new call: ipa_details_update
* automatically retrieves values from form elements and updates
the entry in LDAP using JSON-RPC
- new calls: ipa_insert_first_dd, ipa_insert_other_dd
* used internally, but can be used by attribute callbacks as
well to easily populate definition lists
- extended attribute callbacks:
* attribute callbacks now have a third argument 'mode', that
is either IPA_DETAILS_UPDATE or IPA_DETAILS_POPULATE
* when called with IPA_DETAILS_UPDATE the callback should
fill the second argument with the attribute value
* when called with IPA_DETAILS_POPULATE the callback should
populate its part of the definition list
- entry attributes caching: ipa_details_cache
* updated after every success response from JSON-RPC
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
When the addattr argument was present, the code was assuming that
setattr is present as well, which doesn't have to be the case.
|
| | | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Most of the logic in the library is extracted from my work on the user
display/edit page. It provides universal functions that can be used to
populate specially crafted definition lists (<dl>) with entry data.
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
After this patch setattr and addattr can work togheter. You can use
setattr to reset an attribute and use addattr to populate it with new
values at the same time. We need this to save a few roundtrips in the
webUI.
|
| | | | | | | | |
|
| | | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | | |
Pushing just to sync with Adam. We might want to break this down into
smaller commits or merge with other commits before we go master.
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
/ipa/ui invokes the original ipawebui code (Wehjit)
/ipa/X invokes app A in api.Backend.session
if there's no such app, it returns X.html from
share/ipa/webui or 404
Also supports passing query string information to genshi.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This adds the first user page I did. Before the second pass of
mockups. It's just for reference and won't make it into master.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It would work if you ran the test from its location in tests/test_ipalib
but this isn't the most common method. If you want to run it individually
you can do:
$ ./make-test tests/test_ipalib/test_text.py
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The entitlement entries themselves will be rather simple, consisting
of the objectClasses ipaObject and pkiUser. We will just store
userCertificate in it. The DN will contain the UUID of the entitlement.
ticket #27
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This patch:
- bumps up the minimum version of python-nss
- will initialize NSS with nodb if a CSR is loaded and it isn't already
init'd
- will shutdown NSS if initialized in the RPC subsystem so we use right db
- updated and added a few more tests
Relying more on NSS introduces a bit of a problem. For NSS to work you
need to have initialized a database (either a real one or no_db). But once
you've initialized one and want to use another you have to close down the
first one. I've added some code to nsslib.py to do just that. This could
potentially have some bad side-effects at some point, it works ok now.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Javascript based ui.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The ipaAssociation is the core of different association object.
It seems that the service is an exception rather then rule.
So it is moved into the object where it belongs.
Fixed matching rules and some attribute types.
Addressing ticket: https://fedorahosted.org/freeipa/ticket/89
Removed unused password attribute and realigned OIDs.
|
| | |_|_|_|/
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
When the netgroup plugin was rebased it ended up using the member
attribute for its memberships and not memberuser/memberhost.
I also fixed this same attribute problem in the tests and tried to beef
them up a little. If nis/schema compat are enabled it will try to compare
the generated triplets with a known-good value.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This was originally configured to pull from the compat area but Nalin
thinks that is a bad idea (and it stopped working anyway). This configures
the netgroup map to create the triples on its own.
Ticket #87
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Neither of these was working properly, I assume due to changes in the ldap
backend. The normalizer now appends the basedn if it isn't included and
this was causing havoc with these utilities.
After fixing the basics I found a few corner cases that I also addressed:
- you can't/shouldn't disable compat if the nis plugin is enabled
- we always want to load the nis LDAP update so we get the netgroup config
- LDAPupdate.update() returns True/False, not an integer
I took some time and fixed up some things pylint complained about too.
Ticket #83
|
| | | | | |
| | | | |
| | | | |
| | | | | |
The import was only used when running the in-tree lite-server
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch does the following:
- drops our in-tree x509v3 parser to use the python-nss one
- return more information on certificates
- make an API change, renaming cert-get to cert-show
- Drop a lot of duplicated code
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
I have to do some pretty low-level LDAP work to achieve this. Since
we can't read the key using our modlist generator won't work and lots of
tricks would be needed to use the LDAPUpdate object in any case.
I pulled usercertificate out of the global params and put into each
appropriate function because it makes no sense for service-disable.
This also adds a new variable, has_keytab, to service/host_show output.
This flag tells us whether there is a krbprincipalkey.
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add an optional search_attributes variable in case the attributes you
want to display by default aren't what you want to search on.
Also link in any cn=ipaconfig attributes that contain a comma-separated
list of attributes to search on.
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This started as an effort to display a more useful error message in the
Apache error log if retrieving the schema failed. I broadened the scope
a little to include limiting the output in the Apache error log
so errors are easier to find.
This adds a new configuration option, startup_traceback. Outside of
lite-server.py it is False by default so does not display the traceback
that lead to the StandardError being raised. This makes the mod_wsgi
error much easier to follow.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
I used pylint to identify a bunch of unnecessary and too-broad imports
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.
If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.
The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The migration plugin uses a pre-op function to automatically create
kerberos credentials when binding using a password.
The problem is that we do a simple bind when doing password-base
host enrollment. This was causing krbPasswordExpiration to be set
which isn't what we want for hosts. They really shouldn't go through
this code at all.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Whenever we upgrade IPA such that any data incompatibilities might occur
then we need to bump the DATA_VERSION value so that data will not
replicate to other servers. The idea is that you can do an in-place
upgrade of each IPA server and the different versions own't pollute
each other with bad data.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The problem was trying to operate directly on the ACI itself. I
introduced a new function, _aci_to_kw(), that converts an ACI
into a set of keywords. We can take these keywords, like those passed
in when an ACI is created, to merge in any changes and then re-create the
ACI.
I also switched the ACI tests to be declarative and added a lot more
cases around the modify operation.
|
