| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Global variables should be defined in the outer space, not just marked
as global inside functions.
Removes unused global variables
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Bare except should not be used.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Lukas Slebodnik <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Topology plugin may merge (aka DEL) segments that would trigger
internal search for groups owning that segment. The problem
is that it is searching those groups into the full suffix and
so need the schema compat map lock.
If any other operation holding schema compat map lock need to
access the page involved in the DEL, there is a deadlock.
This fix is to prevent useless group searching if the target entry
is a segment or is in compat tree.
https://fedorahosted.org/freeipa/ticket/5637
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add new field in user add dialog. This combo box lists all posix groups
so user can choose one. It is also possible to fill a GID number
which is not in the list.
https://fedorahosted.org/freeipa/ticket/5505
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is an animation of nodes layout after first load of graph or adding new node.
Then all nodes of the graph are set to the fixed state. The node is set to fixed even after
manual turn off of fixed state.
https://fedorahosted.org/freeipa/ticket/5649
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add zooming and panning functionality to the topology graph. Also the page rememberes
the old setting of the graph position and size. So, after refreshing the graph has
the same position and size as it had before.
https://fedorahosted.org/freeipa/ticket/5502
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
'yes' is also valid value in krb5.conf but we should be consistent and
use only 'true' as we do for other options.
https://fedorahosted.org/freeipa/ticket/5518
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Like for services setting the ipaKrbAuthzData attribute on a user object will
allow us to control exactly what authz data is allowed for that user.
Setting NONE would allow no authz data, while setting MS-PAC would allow only
Active Directory compatible data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2579
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
nsSSLCiphers: "default" provides only secure ciphers that should be used when
connecting to DS
https://fedorahosted.org/freeipa/ticket/5684
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The AC_PROG_LIBTOOL macro is obsoleted by since libtool-2.0
which is already in rhel6+
https://fedorahosted.org/FedoraReview/wiki/AutoTools
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Reworks also sessionStorage test because disablement of cookies might be connected
with sessionStorage and localStorage. E.g. Chrome raises exception when *Storage
is accessed with "Block sites from setting any data" settings set in
"Content Settings/Cookies" section.
https://fedorahosted.org/freeipa/ticket/4338
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
pylint 1.5 prints many false positive no-member errors which are
supressed by this commit.
https://fedorahosted.org/freeipa/ticket/5615
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
| |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.
slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.
https://fedorahosted.org/freeipa/ticket/4403
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The scripts in this directory are simple python scripts, nothing arch-specific
in them. Having them under libexec would simplify the code a bit too, since
there would be no need to worry about lib vs lib64 (which also cause trouble
on Debian).
https://fedorahosted.org/freeipa/ticket/5586
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This permission cannot be MANAGED permission because it is located in
nonreplicating part of the LDAP tree.
As side effect, the particular ACI has not been created on all replicas.
This commit makes Read Replication Agreements non managed permission and
also fix missing ACI on replicas.
https://fedorahosted.org/freeipa/ticket/5631
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During upgrade to IPA 4.2, literally "$SUFFIX" value was added to
configuration of sidgen and extdom plugins. This cause that SID are not properly configured.
Upgrade must fix "$SUFFIX" to reals suffix DN, and run sidgen task
against IPA domain (if exists).
All trusts added when plugins configuration was broken must be re-added.
https://fedorahosted.org/freeipa/ticket/5665
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
similar issue and cause as in https://fedorahosted.org/freeipa/ticket/5567
root cause is that binding triggers validation which clears messages in
validation summary. Maybe it could be refactored in a future to not use
the same validation summary field for API calls and fields.
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
| |
To be consistent with backend code.
https://fedorahosted.org/freeipa/ticket/5622
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Also move com.redhat.idm.trust-fetch-domains to /usr/libexec/ipa/oddjob.
https://fedorahosted.org/freeipa/ticket/5550
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
'Issue new certificate' dialog now validates whether user fills 'principal' and 'csr' field.
In case that one of these fields is empty then it does not allow to submit the dialog.
https://fedorahosted.org/freeipa/ticket/5432
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5411
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5411
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/5495
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5636
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
add module 'libs/d3' to a list of modules provided by third party libraries
it is provided by d3 library in libs directory
https://fedorahosted.org/freeipa/ticket/5641
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Import all external CA certs to the Dogtag NSS database on IPA CA cert
renewal. This fixes Dogtag not being able to connect to DS which uses 3rd
party server cert after ipa-certupdate.
https://fedorahosted.org/freeipa/ticket/5595
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5643
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
| |
|
|
|
|
|
|
| |
The /ipa/ui/reset_password.html page is now able to use url paramater 'user'. The value of this parameter is used for pre-filling the username field.
https://fedorahosted.org/freeipa/ticket/5001
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add tool tips for buttons in detail view. New tooltips:
Reload - Reload current settings from the server.
Revert - Undo all unsaved changes.
Undo - Undo this change.
Undo all - Undo all changes in this field.
https://fedorahosted.org/freeipa/ticket/5428
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make ipaclient a Python library like ipapython, ipalib, etc.
Use setup.py instead of autotools for installing it.
Move C client tools, Python scripts, and man pages, to client/.
Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS).
Remove /setup-client.py (ipalib/setup.py should be used instead).
Update Makefiles and the spec file accordingly.
https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
CA and DS have issues with Retro Changelog plugin. CA subtree should be
excluded from syncrepl.
This should improve speed of CA related operations too.
https://fedorahosted.org/freeipa/ticket/5538
Reviewed-By: Christian Heimes <cheimes@redhat.com>
|
| |
|
|
|
|
| |
Stops IE10 from closing the dialog on an enter keypress.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix added for showing error message returned from server to client
browser. User is now notified with proper error messages returned by
server.
https://bugzilla.redhat.com/show_bug.cgi?id=1293870
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a change where suffixes in server are not longer returned as DNs
but rather a cn of related topology suffix. I.e. they share "memberof" logic.
This caused that search page doesn't get the data because it uses
"no_member: true" option by default.
This patch overrides the behavior because it is OK for server search page
to fetch also member data - it is not so costly as e.g. in users.
https://fedorahosted.org/freeipa/ticket/5609
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
| |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During IPA server upgrade from pre-4.3 versions, the ACIs permitting
manipulation of replication agreements are removed from the
'cn="$SUFFIX",cn=mapping tree,cn=config' and 'cn=o\3Dipaca,cn=mapping
tree,cn=config'. However they are never re-added breaking management and
installation of replicas.
This patch modifies the update process so that the ACIs are first added to the
'cn=mapping tree,cn=config' and then removed from the child entries.
https://fedorahosted.org/freeipa/ticket/5575
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
ipactl is not aware of new services installed later, if ipactl restart
or start has not been executed.
This commit is workaround, proper fix may need to improve ipactl.
https://fedorahosted.org/freeipa/ticket/5262
Reviewed-By: David Kupka <dkupka@redhat.com>
|
| |
|
|
|
|
|
|
| |
Enables check and fixes one issue.
get_entries can be replaced by get_entry, filter is not needed because
check of 'originfilter' attribute is done later.
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remove des3 and arcfour from the defaults for new installs.
NOTE: the ipasam/dcerpc code sill uses arcfour
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/4740
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5583
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Former upgrade file always created the NIS Server container, that caused
the ipa-nis-manage did not set all required NIS maps. Default creation
of container has been removed.
Updating of NIS Server configuration and
NIS maps is done only if the NIS Server container exists.
https://fedorahosted.org/freeipa/ticket/5507
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5553
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
| |
|
|
|
|
|
| |
https://fedorahosted.org/freeipa/ticket/5532
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Gabe Alford <redhatrises@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enables check and fixes:
************* Module ipa-replica-conncheck
install/tools/ipa-replica-conncheck:150:
[W0106(expression-not-assigned), parse_options] Expression
"(replica_group.add_option('-w', '--password', dest='password',
sensitive=True, help='Password for the principal'), )" is assigned to
nothing)
************* Module ipatests.test_xmlrpc.test_automount_plugin
ipatests/test_xmlrpc/test_automount_plugin.py:437:
[W0106(expression-not-assigned),
test_automount_indirect.test_1a_automountmap_add_indirect] Expression
"api.Command['automountmap_add_indirect'](self.locname, self.mapname,
**self.map_kw)['result']" is assigned to nothing)
************* Module ipatests.test_ipaserver.test_otptoken_import
ipatests/test_ipaserver/test_otptoken_import.py:128:
[W0106(expression-not-assigned), test_otptoken_import.test_mini]
Expression "[(t.id, t.options) for t in doc.getKeyPackages()]" is
assigned to nothing)
************* Module ipatests.test_ipaserver.test_ldap
ipatests/test_ipaserver/test_ldap.py:221:
[W0106(expression-not-assigned), test_LDAPEntry.test_popitem] Expression
"list(e) == []" is assigned to nothing)
************* Module ipa-client-install
ipa-client/ipa-install/ipa-client-install:114:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-p', '--principal', dest='principal',
help='principal to use to join the IPA realm'), )" is assigned to
nothing)
ipa-client/ipa-install/ipa-client-install:116:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-w', '--password', dest='password',
sensitive=True, help='password to join the IPA realm (assumes bulk
password unless principal is also set)'), )" is assigned to nothing)
ipa-client/ipa-install/ipa-client-install:118:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-k', '--keytab', dest='keytab', help='path to
backed up keytab from previous enrollment'), )" is assigned to nothing)
ipa-client/ipa-install/ipa-client-install:120:
[W0106(expression-not-assigned), parse_options] Expression
"(basic_group.add_option('-W', dest='prompt_password',
action='store_true', default=False, help='Prompt for a password to join
the IPA realm'), )" is assigned to nothing)
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Wildcard imports should not be used.
Check for wildcard imports has been enabled in pylint.
Pylint note: options 'wildcard-import' causes too much false positive
results, so instead it I used 'unused-wildcard-import' option which has almost
the same effect.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
| |
This patch removes unused imports, alse pylint has been configured to
check unused imports.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When DNS is already installed somewhere in topology we should not check for
zone overlap because it would always say that we are overlapping our own domain.
ipa-replica-install already does that but ipa-dns-install did not.
https://fedorahosted.org/freeipa/ticket/5564
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
