summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add support for re-enrolling hosts using keytabTomas Babej2013-03-124-10/+50
| | | | | | | | | | | | | | | | | | A host that has been recreated and does not have its host entry disabled or removed, can be re-enrolled using a previously backed up keytab file. A new option --keytab has been added to ipa-client-install. This can be used to specify path to the keytab and can be used instead of -p or -w options. A new option -f has been added to ipa-join. It forces client to join even if the host entry already exits. A new certificate, ssh keys are generated, ipaUniqueID stays the same. Design page: http://freeipa.org/page/V3/Client_install_using_keytab https://fedorahosted.org/freeipa/ticket/3374
* Change DNA magic value to -1 to make UID 999 usablePetr Viktorin2013-03-1113-28/+144
| | | | | | | | | | | | | Change user-add's uid & gid parameters from autofill to optional. Change the DNA magic value to -1. For old clients, which will still send 999 when they want DNA assignment, translate the 999 to -1. This is done via a new capability, optional_uid_params. Tests included https://fedorahosted.org/freeipa/ticket/2886
* Perform secondary rid range overlap check for local ranges onlyTomas Babej2013-03-111-16/+25
| | | | | | | | | | | Any of the following checks: - overlap between primary RID range and secondary RID range - overlap between secondary RID range and secondary RID range is performed now only if both of the ranges involved are local domain ranges. https://fedorahosted.org/freeipa/ticket/3391
* Fix installing server with external CAPetr Viktorin2013-03-083-65/+74
| | | | | | | | | | | | | | Reorganize ipa-server-instal so that DS (and NTP server) installation only happens in step one. Change CAInstance to behave correctly in two-step install. Add an `init_info` method to DSInstance that includes common attribute/sub_dict initialization from create_instance and create_replica. Use it in ipa-server-install to get a properly configured DSInstance for later tasks. https://fedorahosted.org/freeipa/ticket/3459
* Disable schema retrieval and attribute decoding when talking to AD GC.Jan Cholasta2013-03-081-5/+2
|
* Allow disabling attribute decoding in LDAPClient and IPAdmin.Jan Cholasta2013-03-081-3/+13
|
* Allow disabling LDAP schema retrieval in LDAPClient and IPAdmin.Jan Cholasta2013-03-081-3/+8
|
* Do not fail if schema cannot be retrieved from LDAP server.Jan Cholasta2013-03-081-9/+15
|
* Allow 'nfs:NONE' in global configurationSumit Bose2013-03-083-4/+4
| | | | | | | | | | | | This patch adds 'nfs:NONE' as an allowed entry for the global authorization data type in the CLI and WebUI. This is an ad-hoc solution to make sure that the new default value for the NFS service is not removed by chance. This patch should be removed if a more generic solution is implemented to modify service:TYPE style values of the authorization data type. https://fedorahosted.org/freeipa/ticket/2960
* Mention PAC issue with NFS in service plugin docSumit Bose2013-03-081-1/+7
| | | | https://fedorahosted.org/freeipa/ticket/2960
* Add unit test for get_authz_data_types()Sumit Bose2013-03-082-0/+246
| | | | https://fedorahosted.org/freeipa/ticket/2960
* ipa-kdb: add PAC only if requestedSumit Bose2013-03-081-2/+140
| | | | | | | | Instead of always adding a PAC to the Kerberos ticket the global default for the authorization data and the authorization data of the service entry is evaluated and the PAC is added accordingly. https://fedorahosted.org/freeipa/ticket/2960
* ipa-kdb: Read ipaKrbAuthzData with other principal dataSumit Bose2013-03-082-0/+18
| | | | | | | | The ipaKrbAuthzData LDAP attribute is read together with the other data of the requestedprincipal and the read value(s) are stored in the e-data of the entry for later use. https://fedorahosted.org/freeipa/ticket/2960
* ipa-kdb: Read global defaul ipaKrbAuthzDataSumit Bose2013-03-082-1/+29
| | | | | | | The ipaKrbAuthzData LDAP attribute is read from the ipaConfig object and the read value(s) are stored in the ipadb context. https://fedorahosted.org/freeipa/ticket/2960
* Add NFS specific default for authorization data typeSumit Bose2013-03-081-0/+5
| | | | | | | Since the hardcoded default fpr the NFS service was removed the default authorization data type is now set in the global server configuration. https://fedorahosted.org/freeipa/ticket/2960
* Revert "MS-PAC: Special case NFS services"Sumit Bose2013-03-081-35/+1
| | | | | | | | This reverts commit 5269458f552380759c86018cd1f30b64761be92e. With the implementation of https://fedorahosted.org/freeipa/ticket/2960 a special hardcoded handling of NFS service tickets is not needed anymore.
* Don't base64-encode the CA cert when uploading it during an upgrade.Rob Crittenden2013-03-071-2/+1
| | | | | | | | We want to store the raw value. Tools like ldapsearch will automatically base64 encode the value because it's binary so we don't want to duplicate that. https://fedorahosted.org/freeipa/ticket/3477
* ipa-replica-manage: migrate to single_value after LDAPEntry updatesAlexander Bokovoy2013-03-061-2/+2
|
* Fix internal error in output_for_cli method of sudorule_{enable,disable}.Jan Cholasta2013-03-061-4/+4
| | | | | | | Also fix incorrect super method call in output_for_cli method of sudorule_{add,remove}_option. https://fedorahosted.org/freeipa/ticket/3489
* Remove disabled entries from sudoers compat tree.Jan Cholasta2013-03-062-1/+3
| | | | | | | The removal is triggered by generating an invalid RDN when ipaEnabledFlag of the original entry is FALSE. https://fedorahosted.org/freeipa/ticket/3437
* ipaserver/dcerpc: enforce search_s without schema checks for GC searchingAlexander Bokovoy2013-03-061-1/+1
|
* Fix remove while iterating in suppress_netgroup_memberof.Jan Cholasta2013-03-063-3/+2
| | | | https://fedorahosted.org/freeipa/ticket/3464
* Web UI: configurable SID blacklistsPetr Vobornik2013-03-063-0/+16
| | | | | | | Added blacklists section, with ipantsidblacklistincoming and ipantsidblacklistoutgoing multivalued textbox fields, into trust details page. https://fedorahosted.org/freeipa/ticket/3289
* Fix handling of no_update flag in Web UIPetr Vobornik2013-03-061-2/+2
| | | | | | There was an incorrect check for no_update flag. Check was performed as if the flag was an attribute of object not an item of array. Hence, the flag never caused any effect.
* Fix dirty state update of editable comboboxPetr Vobornik2013-03-062-25/+3
| | | | | | Editable combobox didn't update it's dirty state correctly. CB had it's own internal value changed event, which was incorrectly used. It was removed and widget's value_changed event was used instead.
* Combobox keyboard supportPetr Vobornik2013-03-061-27/+186
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combobox can be controlled just by using keyboard. When value list is closed, user can: * use UP and DOWN error to open list, it will focus the list and select previous/next value * when CB is non-editable, user can start typing, first character will open list, second will be entered into search input. Note: I wanted to copy the first char to the search box as well, but I did not figure out reliable method for converting keycode to char for non ASCII keyboard layouts * ESCAPE, ENTER, TAB keys are handled to allow keyboard operations in a container When value list is opened: * CB tries to keep focus on either search input or a select * when focus is lost, the value list is closed. So user can click anywhere on a page to close it - two comboboxes can't be opened on the same time * hitting TAB key switches between search and select * if CB is not searchable, hitting TAB will close the value list and select input textbox * hitting ESCAPE on will close the value list * hitting ENTER on search input will invoke search operation * hitting ENTER on select will close the value list * hitting UP/DOWN arrows will select previous/next values Additional modifications: * opening arrow and search button were made non-focusable. It fixes the 'wrong focus area' bug and simplifies keyboard usage. It doesn't affect mouse usage. https://fedorahosted.org/freeipa/ticket/3324
* Improve LDAPEntry testsPetr Viktorin2013-03-011-18/+86
|
* Remove support for DN normalization from LDAPClient.Jan Cholasta2013-03-019-85/+41
|
* Remove DN normalization from the baseldap plugin.Jan Cholasta2013-03-017-56/+27
|
* Use full DNs in plugin code.Jan Cholasta2013-03-0115-42/+59
|
* Support attributes with multiple names in LDAPEntry.Jan Cholasta2013-03-013-4/+20
|
* Aggregate IPASimpleLDAPObject in LDAPEntry.Jan Cholasta2013-03-013-14/+57
|
* Preserve case of attribute names in LDAPEntry.Jan Cholasta2013-03-015-35/+97
|
* Use the dn attribute of LDAPEntry to set/get DNs of entries.Jan Cholasta2013-03-0111-43/+73
| | | | | Convert all code that uses the 'dn' key of LDAPEntry for this to use the dn attribute instead.
* Remove some uses of raw python-ldapPetr Viktorin2013-03-019-201/+142
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in ipactlPetr Viktorin2013-03-012-44/+35
| | | | | | Add a new init argument, ldap_uri, to IPAdmin to make this possible. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Use IPAdmin rather than raw python-ldap in migration.bindPetr Viktorin2013-03-011-8/+11
| | | | | | | | The get_base_dn function still uses python-ldap because get_ipa_basedn is shared with client code, which doesn't have access to uor LDAP wrappers. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Do not use global variables in migration.pyPetr Viktorin2013-03-011-18/+18
|
* Use ldap instead of _ldap in ipaldapPetr Viktorin2013-03-011-47/+47
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.unbind_s(), keep unbind()Petr Viktorin2013-03-016-16/+7
| | | | | | | | The unbind and unbind_s functions do the same thing (both are synchronous). In the low-level IPASimpleLDAPObject, unbind_s rather than unbind is kept. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.simple_bind_sPetr Viktorin2013-03-013-9/+6
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove IPAdmin.sasl_interactive_bind_sPetr Viktorin2013-03-013-13/+6
| | | | | | | Also, rename remaining uses of SASL_AUTH to SASL_GSSAPI to better reflect what it is. Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Replace IPAdmin.start_tls_s by an __init__ argumentPetr Viktorin2013-03-012-11/+11
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Remove search_s and search_ext_s from IPAdminPetr Viktorin2013-03-017-31/+29
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Proxy LDAP methods explicitly rather than using __getattr__Petr Viktorin2013-03-011-3/+38
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Inline waitForEntry in its only callerPetr Viktorin2013-03-012-43/+40
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Inline inactivateEntry in its only callerPetr Viktorin2013-03-012-20/+3
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* replace getEntry with get_entry (or get_entries if scope != SCOPE_BASE)Petr Viktorin2013-03-0110-66/+56
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
* Fix typo and traceback suppression in replication.pyPetr Viktorin2013-03-011-3/+4
|
* Replace deleteEntry with delete_entryPetr Viktorin2013-03-016-18/+13
| | | | Part of the work for: https://fedorahosted.org/freeipa/ticket/2660
generated by cgit (git 2.34.1) at 2024-11-09 19:38:41 +0000