summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove update_from_dict() methodStanislav Laznicka2016-09-222-109/+0
| | | | | | | | | update_from_dict() method is not used anywhere in the project, it only makes the tests fail. Removed it and its tests. https://fedorahosted.org/freeipa/ticket/6311 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Updated help/man information about hostnameStanislav Laznicka2016-09-224-4/+6
| | | | | | | | | The man page and help of ipa-client-install and ipa-replica-conncheck had an outdated information about what is used as a hostname. https://fedorahosted.org/freeipa/ticket/5754 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
* Tests: Remove usage of krb5 ccache from test_ipaserver/test_ldapLenka Doudova2016-09-211-5/+1
| | | | | | | | | | | | In test_ipaserver/test_ldap::test_ldap::test_GSSAPI a krb5 ccache is used to connect to ldap. The test tries to locate this cache in /tmp/krb5cc_$UID file, which is not there due to default settings in krb5.conf, and hence the whole test is skipped. Fix the test to use keyring to connect instead of ccache in /tmp. https://fedorahosted.org/freeipa/ticket/6323 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Fix host attributes in ipa-join host testLenka Doudova2016-09-211-0/+6
| | | | | | | | | Fixing discrepancies between returned and checked attributes in ipa-join host test, that arose after recent changes in behavior. https://fedorahosted.org/freeipa/ticket/6326 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Update host test with ipa-joinLenka Doudova2016-09-211-4/+9
| | | | | | | | | Updating path to ipa-join command to allow execution of test_xmlrpc/test_host::TestHostFalsePwdChange::test_join_host. https://fedorahosted.org/freeipa/ticket/6326 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Add krb5kdc.service restart to integration trust testsLenka Doudova2016-09-212-3/+2
| | | | | | | | | krb5kdc.service restart is necessary for proper running of integration trust related tests. https://fedorahosted.org/freeipa/ticket/6322 Reviewed-By: Martin Basti <mbasti@redhat.com>
* test_plugable: update the rest of test_initJan Cholasta2016-09-211-4/+5
| | | | | | | | | | | In commit ed4c2d9252a995d01dc098e5b761ded8cd9373d8, changes to the Plugin class were made, but the test was updated only partially. Update the rest to fix the failing test. https://fedorahosted.org/freeipa/ticket/6313 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Remove unnecessary attributes from base trackerLenka Doudova2016-09-211-2/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/6128 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Remove --force options from tracker base classLenka Doudova2016-09-2114-18/+32
| | | | | | | | | | Removing --force option from tracker base class so it would not be required to be implemented in every specific tracker, even though it's not necessary. Modifying existing trackers to reflect this change. https://fedorahosted.org/freeipa/ticket/6124 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Tests: Remove SSSD restart from integration testsLenka Doudova2016-09-211-1/+0
| | | | | | | | | | | SSSD restart has been mistakenly added to integration tests (test_integration/tasks.py::uninstall_master). When system setup is correct, this restart has no significance, moreover it makes tests fail, hence its removal is necessary. https://fedorahosted.org/freeipa/ticket/6338 Reviewed-By: Oleg Fayans <ofayans@redhat.com>
* Added a fix for setting Priority as required field in Password Policy ↵Abhijeet Kasurde2016-09-211-1/+4
| | | | | | | | | Details facet Fixes: https://fedorahosted.org/freeipa/ticket/6335 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* WebUI: Change group name from 'normal' to 'Non-POSIX'Pavel Vomacka2016-09-213-9/+7
| | | | | | | | It will correspond with CLI and will be more self-explanatory. https://fedorahosted.org/freeipa/ticket/6334 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Update ipa-server-install man page for hostnameTomas Krizek2016-09-211-1/+1
| | | | | | | | | | | Hostname is always set, remove the text that says hostname is set only if it does not match the current hostname. https://fedorahosted.org/freeipa/ticket/6330 Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add help info about certificate revocation reasonsTomas Krizek2016-09-211-1/+2
| | | | | | | | | | Inform the user where to find additional information about certificate revocation reasons. https://fedorahosted.org/freeipa/ticket/6327 Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add log messages for IP checks during client installTomas Krizek2016-09-211-2/+3
| | | | | | | | | | The added log messages allow easier debugging of IP related issues during ipa-client-install. https://fedorahosted.org/freeipa/ticket/6331 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Abhijeet Kasurde <akasurde@redhat.com>
* Show error message for invalid IPs in client installTomas Krizek2016-09-211-1/+4
| | | | | | | | | | Re-raise the thrown exception to get an error message instead of a traceback during ipa-client-install with invalid IP address. https://fedorahosted.org/freeipa/ticket/6340 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Use constant for user and group patternsMartin Basti2016-09-204-5/+14
| | | | | | | | | | User and groups regexp are the same and constant should be used to avoid any future misconfigurations. https://fedorahosted.org/freeipa/ticket/5822 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix regexp patterns in parameters to not enforce lengthMartin Basti2016-09-205-7/+7
| | | | | | | | | | | Regexp should not enforce lenght of string, we have different checks for that. Secondly regexp with length specified produces an incorrect error message. https://fedorahosted.org/freeipa/ticket/5822 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Keep NSS trust flags of existing certificatesTomas Krizek2016-09-191-0/+8
| | | | | | | | | | | Backup and restore trust flags of existing certificates during CA installation. This prevents marking a previously trusted certificate as untrusted, as was the case when CA-less was converted to CA-full with external CA when using the same certificate. https://fedorahosted.org/freeipa/ticket/5791 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* dns: re-introduce --raw in dnsrecord-delJan Cholasta2016-09-193-3/+8
| | | | | | | | | The flag was removed in commit ff52c25ae299abba8bed653fe324951979a41293 because it is unused. Add it back for compatibility with old clients. https://fedorahosted.org/freeipa/ticket/5644 Reviewed-By: Martin Basti <mbasti@redhat.com>
* client: remove hard dependency on pam_krb5Jan Cholasta2016-09-194-1/+7
| | | | | | | | | If ipa-client-install is executed with --no-sssd, check if pam_krb5 is available before proceeding with the install. https://fedorahosted.org/freeipa/ticket/5557 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add cert checks in ipa-server-certinstallFlorence Blanc-Renaud2016-09-191-2/+38
| | | | | | | | | | | | | | When ipa-server-certinstall is called to install a new server certificate, the prerequisite is that the certificate issuer must be already known by IPA. This fix adds new checks to make sure that the tool exits before modifying the target NSS database if it is not the case. The fix consists in creating a temp NSS database with the CA certs from the target NSS database + the new server cert and checking the new server cert validity. https://fedorahosted.org/freeipa/ticket/6263 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* WebUI: Add handling for HTTP error 404Pavel Vomacka2016-09-151-1/+8
| | | | | | | | | | In case that API is not accessible the 404 error is thrown. There was error dialog with almost no information. The new dialog says what error is there and what can be the main cause of the error. https://fedorahosted.org/freeipa/ticket/4821 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Xfailed a test that fails due to 6250Oleg Fayans2016-09-151-0/+24
| | | | | | | | | Also created a decorator that removes the segment that the next test does not expect. https://fedorahosted.org/freeipa/ticket/6250 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fixed segment naming in topology testsOleg Fayans2016-09-151-11/+22
| | | | | | | | | As the segment name is a stochastic valu, which can have either of the two nodes as the left node, we need to adapt the tests to not expect some particular segment name but rather to calculate it dynamically based on node names and the output of topologysegment-find ipa call Reviewed-By: Martin Basti <mbasti@redhat.com>
* Add check for IP addresses into DNS installerMartin Basti2016-09-143-6/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix missing config.ips in promote_checkMartin Basti2016-09-141-0/+1
| | | | | | | | When replica is installed with --setup-dns config.ips is not defined. https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Abstract procedures for IP address warningsMartin Basti2016-09-144-70/+46
| | | | | | | | | | | Originaly there should be only two occurencees of this warning, one for server, one for client. But obviously is not possible with current installers to achive this goal, so I have to extract code to not mess with 5 times copy and paste. https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Catch DNS exceptions during emptyzones named.conf upgradeMartin Basti2016-09-141-3/+14
| | | | | | | | | | For some reasons named may not be runnig and this cause fail of this upgrade step. This step is not critical so only ERROR message with recommendation is shown. https://fedorahosted.org/freeipa/ticket/6205 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Start named during configuration upgrade.Martin Basti2016-09-141-0/+12
| | | | | | | | | Some upgrade steps require bind running, to be succesfull. Upgrader makes sure that bind starts. https://fedorahosted.org/freeipa/ticket/6205 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* ipa passwd: use correct normalizer for user principalsMartin Babinsky2016-09-141-3/+4
| | | | | | | | | | | Commit c2af032c0333f7e210c54369159d1d9f5e3fec74 introduced a regression in the handling of user principals supplied to the`ipa passwd` command. This patch restores the original behavior which lowercases the username portion of the principal. https://fedorahosted.org/freeipa/ticket/6329 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Tests: Fix integration sudo tests setup and checksLenka Doudova2016-09-141-2/+29
| | | | | | | | | | Adding 'defaults' sudorule to prevent requesting further user authentication. Adding checks that if a user should be rejected access, a proper error message is displayed. https://fedorahosted.org/freeipa/ticket/6262 Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
* trust-fetch-domains: contact forest DCs when fetching trust domain infoMartin Babinsky2016-09-141-3/+11
| | | | | | | | | | | | The code should always contact forest root DCs when requesting trust domain info. In the case of one-way or external trusts `com.redhat.idm.trust-fetch-domains` helper is leveraged, otherwise forest root domain is contacted directly through Samba using the credentials of HTTP principal. https://fedorahosted.org/freeipa/ticket/6328 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Xfailed the tests due to a known bug with replica preparationOleg Fayans2016-09-141-0/+6
| | | | | | https://fedorahosted.org/freeipa/ticket/6274 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Changed addressing to the client hosts to be replicasOleg Fayans2016-09-141-5/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/6287 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Several fixes in replica_promotion testsOleg Fayans2016-09-141-3/+7
| | | | | | | | | | | | In test_one_command_installation the ipa-replica-install was missing '--server' and '-U' options which resulted in false negative result. In test_client_enrollment_by_unprivileged_user '--server' option was messing. test_replica_promotion_after_adding_to_admin_group lacked '-U' option. It leaded to 3 failed cases. https://fedorahosted.org/freeipa/ticket/6301 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Removed incorrect check for returncodeOleg Fayans2016-09-142-5/+7
| | | | | | | | | | | The server installation in most cases returns response code 0 no matter what happens except for really severe errors. In this case when we try to uninstall the middle replica of a line topology, it fails, notifies us that we should use '--ignore-topology-disconnect', but returns 0 https://fedorahosted.org/freeipa/ticket/6300 Reviewed-By: Martin Basti <mbasti@redhat.com>
* cert-request: raise error when request failsFraser Tweedale2016-09-131-0/+4
| | | | | | | | | | | Fix a regression in recent change to request cert via Dogtag REST API. 'ra.request_certificate' was no longer raising CertificateOperationError when the cert request failed. Inspect the request result to determine if the request completed, and raise if it did not. Fixes: https://fedorahosted.org/freeipa/ticket/6309 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: Fix failing ldap.backend testLenka Doudova2016-09-131-1/+1
| | | | | | | | | Test ipatests/test_ipaserver/test_ldap::test_Backend fails claiming service cannot be found. Fixing this by not using api with in_tree parameter. https://fedorahosted.org/freeipa/ticket/6312 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: Add cleanup to integration trust testsLenka Doudova2016-09-131-0/+5
| | | | | | | | | | Trust tests fail if they are executed after external trust tests. This is caused my missing cleanup. Providing cleanup that would enable correct execution of the tests regardless of their order. https://fedorahosted.org/freeipa/ticket/6306 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: Fix regex errors in integration trust testsLenka Doudova2016-09-091-4/+5
| | | | | | | | | | | In integration trust tests some values are checked using regular expressions. Some of these expressions from recently added coverage have minor mistakes which causes the comparisons to fail. Providing fix for these regular expressions. https://fedorahosted.org/freeipa/ticket/6285 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* netgroup: avoid extraneous LDAP search when retrieving primary key from DNMartin Babinsky2016-09-091-0/+20
| | | | | | | | | | | DNs for netgroup entries can contain either 'cn' or 'ipauniqueid' attribute in their leaf RDN depending on their origin. Since 'cn' is the primary key, we can return it in `get_primary_key_from_dn` right away and avoid any extraneous LDAP search. https://fedorahosted.org/freeipa/ticket/5855 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Fix regression introduced in ipa-certupdateFlorence Blanc-Renaud2016-09-091-1/+4
| | | | | | | | The fix for 6288 was overwritten by commit 08b768313020c45bfa82d67cd214afabf605f4b3. https://fedorahosted.org/freeipa/ticket/6288 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* Tests: extend DNS cmdline tests with lowercased record typeMartin Basti2016-09-081-0/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/6203 Reviewed-By: Lenka Doudova <ldoudova@redhat.com>
* advise: Use `name` instead of `__name__` to get plugin namesMartin Babinsky2016-09-081-2/+2
| | | | | | | This change will allow ipa-advise to correctly handle advise plugins with custom names. Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Add 'Restore' option to action dropdown menuPavel Vomacka2016-09-084-9/+36
| | | | | | | | Also moving activate_action method several lines up - correcting logical order of methods. https://fedorahosted.org/freeipa/ticket/5818 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
* Show warning when net/broadcast IP address is used in installerMartin Basti2016-09-073-0/+71
| | | | | | https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow multicast addresses in A/AAAA recordsMartin Basti2016-09-071-2/+4
| | | | | | | | | There is no reason (RFC) why we should prevent users to add multicast addresses to A/AAAA records https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow broadcast ip addressesMartin Basti2016-09-072-7/+7
| | | | | | | | | | | | | | | | | Currently environments may use prefix /31 on point-to-point connections what makes IPA validators to fail. IPA should not care if IP address is broadcast or not. In some cases (when prefix is not specified) IPA cannot decide properly if broadcast address is really broadcast. This commit allows usage of broadcast addresses in: * host plugin * dns plugin * server-installer * client-installer https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
* Allow network ip addressesMartin Basti2016-09-073-9/+11
| | | | | | | | | | | | | | Currently cloud environments uses heavily prefix /32 (/128) what makes IPA validators to fail. IPA should not care if IP address is network or not. This commit allows usage of network addresses in: * host plugin * dns plugin * server-installer * client-installer https://fedorahosted.org/freeipa/ticket/5814 Reviewed-By: David Kupka <dkupka@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-29 08:11:57 +0000