| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Now also facets other than details facet can use facet policies.
Facet policies purpose is to extend facets behavior without
overriding base class. This shared behavior could be reused in
several other facets which may have completely different
base classes.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
basically implementation of #4625 but atm there is no time to properly
test #4625 in the whole UI, therefore, it will be limited only to
active/stage/preserved user search page.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring of facet groups. This new widget has an html structure which
could be used for current facet tabs but also for PatternFly two column
layout with either accordion or nav-category
- https://www.patternfly.org/wp-content/uploads/patternfly/tests/form.html
- https://www.patternfly.org/wp-content/uploads/patternfly/tests/tab.html
Will be useful for #4625.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Facets use to inherit facet groups from entity. There was no option to define
cross-entity facet groups for different facets which belong one entity.
In other words it was not possible to have 'user search' and 'stage user search'
tab in one facet group.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
| |
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes issue where it is not possible to define under the same parent:
{ entity: 'bar', facet: 'baz' }
{ entity: 'foo', facet: 'baz' }
Error reporting of invalid menu item names was improved.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Remove behavior which navigated to previously selected child if navigating
to its parent.
It makes navigation more consistent.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While selecting menu item based on a facet which have an entity defined,
prefer entity fallback over facet name fallback.
It solves an issue which appears when a menu item of a different entity
has the same facet name specified. In such case this menu item was selected
instead of the desired one.
E.g.: there are menu items:
{ entity: 'foo' }
{ entity: 'bar', facet: 'search'}
Showing a foo's search facet resulted in selecting
{ entity: 'bar', facet: 'search'} item.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
| |
I.e. remove memory from bare entity navigation
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All entity facets are automatically registered as a new type in
reg.facet.
The type name is: <entity_name>_<facet_name>
The name of facets is kept same, mainly to support the same url routes.
This change allows to get facet instance by calling, e.g.:
reg.facet.get('user_details')
It allows to make declarative links to facet which are not yet instantiated.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
| |
Useful for declarative inheritance. E.g. base new facet on details
facet with all registered preops and default spec object.
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A search facet could be defined with an option which is always applied
during entity-find command on facet refresh.
e.g.
ipa user-find --preserved
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Or in other words, move all objects which belong to user module to the module.
Therefore they no longer pollutes the main 'IPA' module.
Therefore:
require('freeipa/ipa').user == require('freeipa/user')
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
|
|
|
|
| |
Not all functionality is available. Mostly because IPA doesn't require them yet.
Missing: bootstrap combobox, datatables js, PF font with icons, spinner for old IEs
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
| |
|
|
| |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is required modification to be able move to new installers.
DNS subsystem will be installed by functions in this module in each of
ipa-server-install, ipa-dns-install, ipa-replica-install install
scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When both 'mod_auth_kerb' and 'mod_auth_gssapi' are installed at the same
time, they use common directory for storing Apache ccache file. Uninstallation
of 'mod_auth_kerb' removes this directory leading to invalid CCache path for
httpd and authentication failure.
Using an IPA-specific directory for credential storage during apache runtime
avoids this issue.
https://fedorahosted.org/freeipa/ticket/4973
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* remove unneeded parts
* increase KSK key length to 3072
* increase KSK key lifetime to 2 years (see NIST SP 800-81-2 section 11.2)
Update is not required, as template contains just recommended values
which should by reviewed by administrators.
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due previous changes (in master branch only) the uniqueness plugins
became misconfigured.
After this patch:
* whole $SUFFIX will be checked by unique plugins
* just staged users are exluded from check
This reverts some changes in commit
52b7101c1148618d5c8e2ec25576cc7ad3e9b7bb
Since 389-ds-base 1.3.4.a1 new attribute 'uniqueness-exclude-subtrees'
can be used.
https://fedorahosted.org/freeipa/ticket/4921
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ipa-ldap-updater is now just util which applies changes specified in update
files or schema files.
ipa-ldap-updater will not do overall server upgrade anymore, use
ipa-server-upgrade instead.
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
Add the ability for 'Stage user provisioning' priviledge to add
stage users.
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of stage user administrator
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Set the DNAexcludescope on provisioning part of the DIT
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add plugin commands to stageuser plugin:
stageuser_activate: activate entries created by IPA CLIs
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5007
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
map attribute is redundant and not used.
Use `get` method instead.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
| |
Creation of map with e.g. 30K values was very slow. Map checked if a value is
in in the map but it used Array's indexOf method therefore the complexity was
quadratic instead of linear.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch allows to use base64 encoded values in update files.
Double colon ('::') must be used as separator between attribute name
and base64 encoded value.
add:attr::<base64-value>
replace:attr::<old-base64-value>::<new-base64-value>
https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CSV values are not supported in upgrade files anymore
Instead of
add:attribute: 'first, part', second
please use
add:attribute: firts, part
add:attribute: second
Required for ticket: https://fedorahosted.org/freeipa/ticket/4984
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4936
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Option '-P' was used in older version of FreeIPA to set up KDC master password
during server install. This is no longer neccessary or desirable since the
password of sufficient strength can be generated automatically during
installation.
https://fedorahosted.org/freeipa/ticket/4516
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4982
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4926
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
To avoid cyclic imports realm_to_serverid function had to be moved to
installutils from dsinstance.
Required for: https://fedorahosted.org/freeipa/ticket/4925
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4575
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Verify version and platform before upgrade or ipactl start|restart
Upgrade:
* do not allow upgrade on different platforms
* do not allow upgrade data with higher version than build has
Start:
* do not start services if platform mismatch
* do not start services if upgrade is needed
* do not start services if data with higher version than build has
New ipactl options:
--skip-version-check: do not validate IPA version
--ignore-service-failures (was --force): ignore if a service start fail
and continue with starting other services
--force: combine --skip-version-check and --ignore-service-failures
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the old implementation tried to get all entries which are member of group.
That means also user. User can't have any members therefore this costly
processing was unnecessary.
New implementation reduces the search only to entries which have members.
Also page size was removed to avoid paging by small pages(default size: 100)
which is very slow for many members.
https://fedorahosted.org/freeipa/ticket/4947
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In the wiki we say it's not longer necessary to make the IPA LDAP server not
reachable by any AD domain controller. To be consistence, the setup tool
should reflext this statement.
https://fedorahosted.org/freeipa/ticket/4977
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Calls to ipautil.run using kinit were replaced with calls
kinit_keytab/kinit_password functions implemented in the PATCH 0015.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* add 'plugin' directive
* specify plugins order in update files
* remove 'run plugins' options
* use ldapupdater API instance in plugins
* add update files representing former PreUpdate and PostUpdate order of plugins
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Use only ldapi connection to execute upgrade
https://fedorahosted.org/freeipa/ticket/4904
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Obtaining member information for entity selects is not needed and it
causes unwanted performance hit, especially with larger groups.
This patch removes it.
https://fedorahosted.org/freeipa/ticket/4948
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
| |
Fix: If editable combobox has one value, the value is selected and changed by hand, it can't be re-selected by enter key.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a accounts plugin (accounts class) that defines
variables and methods common to 'users' and 'stageuser'.
accounts is a superclass of users/stageuser
Add the stageuser plugin, with support of stageuser-add verb.
Reviewed By: David Kupka, Martin Basti, Jan Cholasta
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
|
