| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Before, the file provided in the --root-ca-file option was used directly for
the upload. However, it is the same file which is imported to the NSS
database, so the second code path is not necessary.
Also removed now unused upload_ca_dercert method of dsinstance.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The files are created later by ipa-client-install, there's no need to do it
twice.
This also fixes a bug in CA-less, where the CA certificate is not removed from
/etc/pki/nssdb after client uninstall, because it has a different nickname.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/3805
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The 'top' objectclass is added by DS if not present. On every
update the managed permission updater compared the object_class
list with the state from LDAP, saw that there's an extra 'top'
value, and tried deleting it.
Add 'top' to the list to match the entry in LDAP.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
| |
The default read permission is added for Netgroup as an example.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
Design: http://www.freeipa.org/page/V3/Managed_Read_permissions
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ":" character will be reserved for default permissions, so that
users cannot create a permission with a name that will later be
added as a default.
Allow the ":" character modifying/deleting permissions*, but not
when creating them. Also do not allow the new name to contain ":"
when renaming.
(* modify/delete have unrelated restrictions on managed permissions)
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test that searches with a limit of 1 assumes a specific order
LDAP returns entries in. Future patches will change this order.
Do not check the specific entry returned.
The test that searched for --bindtype assumed that no anonymous
permissions exist in a clean install. Again, this will be changed
in future patches.
Add a name to the bindtype test, and add a negatitive test to
verify the filtering works.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
| |
Previously the search term was only applied to the name.
Fix it so that it filters results based on any attribute.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows code like:
from ipalib.plugins.dns import dnszone_mod
api.Command[dnszone_mod]
This form should be preferred when getting specific objects
because it ensures that the appropriate plugin is imported.
https://fedorahosted.org/freeipa/ticket/4185
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
PKI change done in ticket https://fedorahosted.org/pki/ticket/816
requires the PKI Clone's SSL Server certificate to be issued by
it's associated PKI master.
Allow this call on IPA master.
https://fedorahosted.org/freeipa/ticket/4265
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
| |
Resolves: https://fedorahosted.org/freeipa/ticket/4264
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
As with the flags, the objectclass should be returned as it is
on the entry.
https://fedorahosted.org/freeipa/ticket/4257
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
| |
Host adder dialog differs on installations with and without DNS.
Previous test used values for adding hosts which were suitable only for IPA servers installed with DNS.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Information from the AD about the home directories is not leveraged at
all, but is generated from the username and domain. Fix the assumptions
in the tests.
Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more
consistent.
https://fedorahosted.org/freeipa/ticket/4184
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
| |
Remove 'u' from .po files as it is a typo and has been removed from other files.
https://fedorahosted.org/freeipa/ticket/2546
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
|
| |
|
|
|
|
|
|
| |
The old name is kept as a deprecated alias.
https://fedorahosted.org/freeipa/ticket/4231
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add a new Param kwarg, deprecated_cli_aliases, that lists
deprecated aliases.
The aliases will appear in a "Deprecated options" in the help,
and otherwise act as the normal variant.
Preparation for: https://fedorahosted.org/freeipa/ticket/4231
|
| |
|
|
|
|
| |
Previously only the StrEnum param type had the list of values
listed in the help.
Extend the functionality to any kind of Enum.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If the test backup directory was never created (for example if
there was an early failure, or install was never run),
we don't want the test to fail.
Do not restore if the backup dir is not there.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password
which the order could be confusing to some users. This changes ipa-client-install to synchronize time
before prompting for user kerberos authentication.
https://fedorahosted.org/freeipa/ticket/3957
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Reflects:
- adding of RCUE styles along with Bootstrap 2.0.
- removal of jQuery BBQ plugin
- removal of rhino enviroment for selenium which was used in old UI tests
Reviewed-By: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
reflect ipalib permission changes in Web UI.
- http://www.freeipa.org/page/V4/Permissions_V2
- http://www.freeipa.org/page/V4/Anonymous_and_All_permissions
- http://www.freeipa.org/page/V4/Managed_Read_permissions
- http://www.freeipa.org/page/V4/Multivalued_target_filters_in_permissions
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Child widgets are disabled when main widget is disabled. Also main
widget won't show "add" button.
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- section delimiter don't look good and limits UI
Their removal will allow:
- section hiding (needed in aci v2 UI)
- fluid section layout
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
| |
UI unit tests were broken since main RCUE work. This patch fixes them
all except aci, which will be fixed along with update of aci UI.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update JSON metadata files for static presentation of FreeIPA UI and
some tests. This regeneration did not happen for very long time and
an update is needed for upcoming ACI patch.
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4079
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Old implementation crawled DOM for gathering data from DOM. Such code
is very error prone. Little visual change somewhere else can break it
- as happened in main patch for #4217.
prerequisite for:
https://fedorahosted.org/freeipa/ticket/4217
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
checkboxes and radio buttons:
- do not change color on hover when disabled
- are focusable and checkable be keyboard again. This uses a little
trick where the real checkbox is hidden under the artificial
checkbox. That way it has the same position and therefore it
works even in containers with overflow set.
https://fedorahosted.org/freeipa/ticket/4217
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4256
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
We use Java classes which are bundled with rhino when uglifying
Javascript sources at build-time, so we need rhino at build-time.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When Dogtag 10 based FreeIPA replica is being installed for a Dogtag 9
based master, the PKI database is not updated and miss several ACLs
which prevent some of the PKI functions, e.g. an ability to create
other clones.
Add an update file to do the database update. Content is based on
recommendation from PKI team:
* https://bugzilla.redhat.com/show_bug.cgi?id=1075118#c9
This update file can be removed when Dogtag database upgrades are done
in PKI component. Upstream tickets:
* https://fedorahosted.org/pki/ticket/710 (database upgrade framework)
* https://fedorahosted.org/pki/ticket/906 (checking database version)
Also make sure that PKI service is restarted in the end of the installation
as the other services to make sure it picks changes done during LDAP
updates.
https://fedorahosted.org/freeipa/ticket/4243
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, setting/deleting the "--type" virtual attribute removed
all (objectclass=...) target filters.
Change so that only the filter associated with --type is removed.
The same change applies to --memberof: only filters associated
with the option are removed when --memberof is (un-)set.
Follow-up to https://fedorahosted.org/freeipa/ticket/4216
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The --memberof logic tried to convert the value of a (memberof=...)
filter to a DN, which failed with filters like (memberof=*).
Do not try to set memberof if the value is not a DN.
A test will be added in a subsequent patch.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The extratargetfilter behaves exactly like targetfilter, so that e.g.
ipa permission-find --filter=(objectclass=ipausergroup)
finds all permissions with that filter in the ACI.
Part of the work for https://fedorahosted.org/freeipa/ticket/4216
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
| |
Part of the work for: https://fedorahosted.org/freeipa/ticket/4216
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
| |
Since extratargetfilter is shown by default, change it to also have
the "default" (i.e. shorter) option name.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Extend the permission-add and permission-mod commands to process
extratargetfilter.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4216
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --filter, --type, and --memberof options interact in a way that's
difficult to recreate in the UI: type and memberof are "views" on the
filter, they affect it and are affected by it
Add a "extratagretfilter" view that only contains the filters
not linked to type or memberof.
Show extra target filter, and not the full target filter, by default;
show both with --all, and full filter only with --raw.
Write support will be added in a subsequent patch.
Part of the work for: https://fedorahosted.org/freeipa/ticket/4216
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
| |
|
|
|
|
|
| |
This is a follow up to patch for ticket 4247 - the raised
errors.DependentEntry changed, test needs to be change as well.
https://fedorahosted.org/freeipa/ticket/4247
|
| |
|
|
|
|
|
|
|
|
| |
Use basic math rather than timezone conversion to get
minutes and seconds.
Break out the message generation into a small tested function.
https://fedorahosted.org/freeipa/ticket/4242
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changes the code in the idrange_del method to not only check for
the root domains that match the SID in the IDRange, but for the
SIDs of subdomains of trusts as well.
https://fedorahosted.org/freeipa/ticket/4247
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this patch implements:
- output_formatter in field. It should be used in par with formatter. Formatter serves for datasource->widget conversion, output_formatter for widget->datasource format conversion.
- datetime module which parses/format strings in subset of ISO 8601 and LDAP generalized time format to Date.
- utc formatter replaced with new datetime formatter
- datetime_validator introduced
- new datetime field, extension of text field, which by default uses datetime formatter and validator
Dojo was regenerated to include dojo/string module
https://fedorahosted.org/freeipa/ticket/4194
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Using the in-tree binary makes testing outside the source tree
impossible.
Use ipa-getkeytab from $PATH, and add the directory to $PATH when
running the in-tree tests.
Part of the work for https://fedorahosted.org/freeipa/ticket/3654
Reviewed-By: Martin Kosek <mkosek@redhat.com>
|
