summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove token ID from self-service UINathaniel McCallum2014-10-161-6/+2
| | | | | | Also, fix labels to properly use i18n strings for token types. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Raise better error message for permission added to generated treeMartin Kosek2014-10-161-1/+8
| | | | | | https://fedorahosted.org/freeipa/ticket/4523 Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
* Allow specifying signing algorithm of the IPA CA cert in ipa-ca-installJan Cholasta2014-10-162-2/+12
| | | | | | | | | The --ca-signing-algorithm option is available in ipa-server-install, make it available in ipa-ca-install as well. https://fedorahosted.org/freeipa/ticket/4447 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix typo causing certmonger is provided with wrong path to ipa-submit.David Kupka2014-10-161-3/+4
| | | | | | | | | Using strip() instead split() caused that only first character of path was specified. Also using shlex for more robust parsing. https://fedorahosted.org/freeipa/ticket/4624 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix printing of reverse zones in ipa-dns-install.David Kupka2014-10-161-2/+2
| | | | | | | This was forgotten in patch for ticket https://fedorahosted.org/freeipa/ticket/3575 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Stop dogtag when updating its configuration in ipa-upgradeconfig.David Kupka2014-10-152-23/+30
| | | | | | | | | Modifying CS.cfg when dogtag is running may (and does) result in corrupting this file. https://fedorahosted.org/freeipa/ticket/4569 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Make named.conf template platform independentMartin Basti2014-10-143-4/+9
| | | | | Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add missing attributes to named.confMartin Basti2014-10-144-0/+157
| | | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3801#comment:31 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Ignore irrelevant subtrees in schema compat pluginLudwig Krispenz2014-10-141-0/+14
| | | | | | | | | | For changes in cn=changelog or o=ipaca the scheam comapat plugin doesn't need to be executed. It saves many internal searches and reduces contribution to lock contention across backens in DS. https://fedorahosted.org/freeipa/ticket/4586 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Set IPA CA for freeipa certificates.David Kupka2014-10-141-1/+5
| | | | | | | | | | In previous versions (before moving certmonger.py to DBus) it was set and some tools and modules depends on it. For example: ipa-getcert uses this to filter freeipa certificates. https://fedorahosted.org/freeipa/ticket/4618 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Support MS CS as the external CA in ipa-server-install and ipa-ca-installJan Cholasta2014-10-136-4/+41
| | | | | | | | | | | Added a new option --external-ca-type which specifies the type of the external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs" is selected, the CSR generated for the IPA CA will include MS template name extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA". https://fedorahosted.org/freeipa/ticket/4496 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Require slapi-nis 0.54 or later for ID views supportAlexander Bokovoy2014-10-131-1/+1
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Update API version for ID views supportAlexander Bokovoy2014-10-131-2/+2
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow override of gecos field in ID viewsAlexander Bokovoy2014-10-133-6/+12
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify GID of the userAlexander Bokovoy2014-10-132-4/+12
| | | | | | Resolves https://fedorahosted.org/freeipa/ticket/4617 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Allow user overrides to specify SSH public keysAlexander Bokovoy2014-10-132-2/+48
| | | | | | | | | | | | | Overrides for users can have SSH public keys. This, however, will not enable SSH public keys from overrides to be actually used until SSSD gets fixed to pull them in. SSSD ticket for SSH public keys in overrides: https://fedorahosted.org/sssd/ticket/2454 Resolves https://fedorahosted.org/freeipa/ticket/4509 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Support overridding user shell in ID viewsAlexander Bokovoy2014-10-133-6/+13
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Check that port 8443 is available when installing PKI.David Kupka2014-10-104-0/+27
| | | | | | https://fedorahosted.org/freeipa/ticket/4564 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix certmonger configuration in installer codeJan Cholasta2014-10-106-104/+78
| | | | | | https://fedorahosted.org/freeipa/ticket/4619 Reviewed-By: David Kupka <dkupka@redhat.com>
* Support building RPMs for RHEL/CentOS 7.0Jan Cholasta2014-10-091-8/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Add RHEL platform moduleJan Cholasta2014-10-095-1/+149
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Split off generic Red Hat-like platform code from Fedora platform codeJan Cholasta2014-10-099-552/+707
| | | | | | https://fedorahosted.org/freeipa/ticket/4562 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix ipactl service orderingMartin Basti2014-10-091-1/+5
| | | | | | | | | Ipactl sorted service start order as string, which causes service with start order 100 starts before service with start order 30. Patch fixes ipactl to use integers for ordering. Reviewed-By: David Kupka <dkupka@redhat.com>
* Missing requires on python-dns in spec fileGabe2014-10-091-3/+3
| | | | | | | | - Updated to required python-dns version 1.11.1 https://fedorahosted.org/freeipa/ticket/4613 Reviewed-By: Martin Basti <mbasti@redhat.com>
* DNS missing testsMartin Basti2014-10-091-0/+20
| | | | | | | * try to remove non-existent permission * try to remove idnssoamname using dnszone-mod --name-server= Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix example usage in ipa man page.David Kupka2014-10-081-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4587 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove misleading authorization error message in cert-request with --addJan Cholasta2014-10-081-5/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4540 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* sudo integration test: Remove the local user testPetr Viktorin2014-10-031-23/+0
| | | | | | | | | SSSD does not support sudo rules for local users; these should be added in a local sudoers file. https://fedorahosted.org/freeipa/ticket/4608 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui-ci: adjust dnszone-add test to recent DNS changesPetr Vobornik2014-10-031-3/+0
| | | | | | | | 'idnssoamname', 'ip_address' and 'force' fields were removed from DNS zone adder dialog in #4149 https://fedorahosted.org/freeipa/ticket/4604 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* backup/restore: Add files from /etc/ipa/nssdbPetr Viktorin2014-10-022-6/+6
| | | | | | | | | | Add files from /etc/ipa/nssdb (IPA_NSSDB_DIR), which now used instead of /etc/pki/nssdb (NSS_DB_DIR). The old location is still supported. https://fedorahosted.org/freeipa/ticket/4597 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* test_forced_client_reenrollment: Don't check for host certificatesPetr Viktorin2014-10-021-1/+1
| | | | | | | Since ticket 4449 we no longer generate host certificates by defailt. Checdk that they are not present. https://fedorahosted.org/freeipa/ticket/4601
* Sudorule RunAsUser should work with external groupsMartin Kosek2014-10-021-2/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4600 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* test_service_plugin: Do not lowercase memberof_rolePetr Viktorin2014-10-011-1/+1
| | | | | | This adjusts the test for the change in commit 792c3f9c8c65e24953241247a242490c8fb32492 Related ticket: https://fedorahosted.org/freeipa/ticket/4192
* Refactor selinuxenabled checkFrancesco Marella2014-09-301-23/+20
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4571 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Move OTP synchronization step to after counter writebackNathaniel McCallum2014-09-301-11/+7
| | | | | | | | This prevents synchronization when an authentication collision occurs. https://fedorahosted.org/freeipa/ticket/4493 Reviewed-By: Thierry bordaz (tbordaz) <tbordaz@redhat.com>
* VERSION,Makefile: Rename "pre" to "alpha"Petr Viktorin2014-09-302-11/+12
| | | | | | | Last time (2.1) we used "Preview/Testing" for the pre-beta release, but the Git tags were still named alpha_*. Use "alpha", remove "pre".
* idviews: Fix typo in upgrade handling of the Default Trust ViewTomas Babej2014-09-301-5/+5
| | | | | | | | | Fixed missing comma. Also removes leading spaces from the ldif, since this is not stripped by the updater. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: add link from host to idviewPetr Vobornik2014-09-305-1/+40
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: list only not-applied hosts in "apply to host" dialogPetr Vobornik2014-09-301-2/+22
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: facet group labels for idview's facetsPetr Vobornik2014-09-303-1/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: new ID views sectionPetr Vobornik2014-09-3010-5/+769
| | | | | | https://fedorahosted.org/freeipa/ticket/4535 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: add simple link column supportPetr Vobornik2014-09-302-1/+9
| | | | | | | | Usual link columns are link with primary key of current entity. This patch allows to create a link to arbitrary non-nested entity. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: allow to skip link widget link validationPetr Vobornik2014-09-301-3/+16
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: do not show internal facet name to userPetr Vobornik2014-09-301-1/+0
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: treat value as pkey in link widgetPetr Vobornik2014-09-301-3/+5
| | | | | | | | | | Current default mechanism of a link widget assumes that pkeys of a current facet are pkeys for the link. It works for the only usage - in password policy. It's rather inflexible since it can't be used if the keys are in other attribute. This behavior is also bad in nested entities - creates a link to itself which is pointless. This patch changes the default behavior to assume that the supplied value are the pkeys and that the last pkey is the value to display. It also keeps the old method of overriding `other_pkeys` method so if the last and only pkey is the actual value to display then the method can tranform it into the pkeys which keeps compatibility with descendant widgets (`host_dnsrecord_entity_link_widget`, `dnsrecord_host_link_widget`). Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: improve breadcrumb navigationPetr Vobornik2014-09-301-15/+29
| | | | | | | | | | | | | Fixes issue when: - user navigates to a nested facet - refreshes browser - uses breadcrumb navigation to go to parent entity page which requires a pkey. E.g. from automount keys to maps. The old code relies on the facet, that user visited the parent facet before and therefore the facet has pkey stored. It fails after the browser reload. Allows to specify a containing_facet. It allows breadcrumb navigation to return to a different facet than the 'default'. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* idviews: Create Default Trust View for upgraded serversTomas Babej2014-09-301-0/+48
| | | | | | | | | | | For upgraded servers with enabled AD trust support, we want to ensure that Default Trust View entry is created. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Make sure only regular IPA objects are allowed to be overridenTomas Babej2014-09-301-1/+17
| | | | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Display the list of hosts when using --allTomas Babej2014-09-301-1/+8
| | | | | | | | | | | | | | Enumerating hosts is a potentially expensive operation (uses paged search to list all the hosts the ID view applies to). Show the list of the hosts only if explicitly asked for (or asked for --all). Do not display with --raw, since this attribute does not exist in LDAP. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* idviews: Catch errors on unsuccessful AD object lookup when resolving object ↵Tomas Babej2014-09-301-8/+13
| | | | | | | | | | | | | name to anchor When resolving non-existent objects, domain validator will raise ValidationError. We need to anticipate and properly handle this case. Part of: https://fedorahosted.org/freeipa/ticket/3979 Reviewed-By: Petr Viktorin <pviktori@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 20:10:59 +0000