summaryrefslogtreecommitdiffstats
path: root/ipalib
Commit message (Collapse)AuthorAgeFilesLines
* Fix service-disable in CA-less install.Jan Cholasta2013-08-291-20/+21
| | | | https://fedorahosted.org/freeipa/ticket/3886
* Fix tests which fail after ipa-adtrust-installAna Krivokapic2013-08-281-0/+44
| | | | | | | | | | Some unit tests were failing after ipa-adtrust-install has been run on the IPA server, due to missing attributes ('ipantsecurityidentifier') and objectclasses ('ipantuserattrs' and 'ipantgroupattrs'). This patch detects if ipa-adtrust-install has been run, and adds missing attributes and objectclasses where appropriate. https://fedorahosted.org/freeipa/ticket/3852
* Fix incorrect error message occurence when re-adding the trustTomas Babej2013-08-271-1/+1
| | | | | | | | | You cannot re-add the trust and modify the range in the process. The check in the code was malfunctioning since it assumed that range_size parameter has default value. However, default value is assigned only later in the add_range function. https://fedorahosted.org/freeipa/ticket/3870
* Add base-id, range-size and range-type options to trust-add dialogPetr Vobornik2013-08-221-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3049
* Allow API plugin registration via a decoratorPetr Viktorin2013-08-142-3/+32
| | | | | | | | | | | | This makes plugin registration easier to read, less error-prone, and, for many Plugins in a single module, faster to write. Functionally, the decorator is equivalent to current plugin registration. However, in the future this style will allow cleaner semantics. As an example, and to exercise the new syntax to prevent regressions, the ping plugin is converted to this style.
* Prevent *.pyo and *.pyc multilib problemsMartin Kosek2013-08-131-1/+1
| | | | | | | | | | | | | Differences in the python byte code fails in a build validation (rpmdiff) done on difference architecture of the same package. This patch: 1) Ensures that timestamps of generated *.pyo and *.pyc files match 2) Python integer literals greater or equal 2^32 and lower than 2^64 are converted to long right away to prevent different type of the integer on architectures with different size of int https://fedorahosted.org/freeipa/ticket/3858
* Remove support for IPA deployments with no persistent searchTomas Babej2013-08-091-6/+4
| | | | | | | | | Drops the code from ipa-server-install, ipa-dns-install and the BindInstance itself. Also changed ipa-upgradeconfig script so that it does not set zone_refresh to 0 on upgrades, as the option is deprecated. https://fedorahosted.org/freeipa/ticket/3632
* Add new command compat-is-enabledAna Krivokapic2013-08-071-0/+44
| | | | | | | | | Add a new API command 'compat-is-enabled' which can be used to determine whether Schema Compatibility plugin is configured to serve trusted domain users and groups. The new command is not visible in IPA CLI. https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Enable running API commands in ipa-advise pluginsAna Krivokapic2013-08-071-2/+2
| | | | | https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Add a word wrapping for comment log messages to AdviceLoggerTomas Babej2013-08-061-2/+7
| | | | | The comments logged through AdviceLogger are now wrapped up to 70 characters. This change has been documented in the docstrings.
* Improve help entry for ipa hostTomas Babej2013-08-061-5/+7
| | | | | | | | Updates old information produced by the ipa help host command. Also adds a section to ipa-client-install manpage about client re-enrollment. https://fedorahosted.org/freeipa/ticket/3820
* Limit pwpolicy maxlife to 20000 daysTomas Babej2013-08-051-0/+1
| | | | | | | | | | | | Since krbMaxPwdLife attribute is represented as number of seconds, setting maxlife to high values such as 999 999 days (~2739 years) would result to overflow when parsing this attribute in kdb plugin, and hence default maxlife of 90 days would be applied. Limit the maximum value of maxlife that can be set through the framework to 20 000 days (~ 54 years). https://fedorahosted.org/freeipa/ticket/3817
* Expose ipaRangeType in Web UIAna Krivokapic2013-07-291-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3759
* Refactor the interactive prompt logic in idrange_addTomas Babej2013-07-261-27/+34
| | | | | | | | | | | | | | | | Make the interactive prompts interpret the following logic: - AD range (dom-sid/dom-name set): require RID base if not set - local range(dom-sid/dom-name not set): a) server with adtrust support: require both RID base and secondary RID base b) server without adtrust support: if any of RID base, secondary RID base set, require both of them https://fedorahosted.org/freeipa/ticket/3786
* Use valid LDAP search base in migration pluginMartin Kosek2013-07-261-1/+2
| | | | | | One find_entry_by_attr call did not set a search base leading to LDAP search call with zero search base. This leads to false negative results from LDAP.
* Remove word 'field' from GECOS param labelPetr Vobornik2013-07-231-1/+1
| | | | No other param/field has 'field' in a label.
* ipaserver/dcerpc: attempt to resolve SIDs through SSSD firstAlexander Bokovoy2013-07-231-6/+3
| | | | | | | | Attempt to resolve SIDs through SSSD first to avoid using trust account password. This makes possible to run HBAC test requests without being in 'trusted admins' group. https://fedorahosted.org/freeipa/ticket/3803
* Use AD LDAP probing to create trusted domain ID rangeTomas Babej2013-07-231-12/+99
| | | | | | | | | | When creating a trusted domain ID range, probe AD DC to get information about ID space leveraged by POSIX users already defined in AD, and create an ID range with according parameters. For more details: http://www.freeipa.org/page/V3/Use_posix_attributes_defined_in_AD https://fedorahosted.org/freeipa/ticket/3649
* Add new hidden command option to suppress processing of membership attributes.Jan Cholasta2013-07-231-18/+50
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Fix internal error in idrange-addAna Krivokapic2013-07-221-1/+1
| | | | | | | Fix internal error in idrange-add, caused by a missing 'name' argument of ValidationError. https://fedorahosted.org/freeipa/ticket/3781
* Provide ipa-advise toolTomas Babej2013-07-173-2/+52
| | | | | | | | | | | | | | Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670
* Add --range-type option that forces range type of the trusted domainTomas Babej2013-07-112-4/+40
| | | | | | | | | | Adds --range-type option to ipa trust-add command. It takes two allowed values: 'ipa-ad-trust-posix' and 'ipa-ad-trust'. When --range-type option is not specified, the range type should be determined by ID range discovery. https://fedorahosted.org/freeipa/ticket/3650
* Use LDAP search instead of *group_show to check for a group objectclass.Jan Cholasta2013-07-113-37/+41
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Use LDAP search instead of *group_show to check if a group exists.Jan Cholasta2013-07-116-9/+15
| | | | https://fedorahosted.org/freeipa/ticket/3706
* Skip cert issuer validation in service and host commands in CA-less install.Jan Cholasta2013-07-091-0/+3
| | | | https://fedorahosted.org/freeipa/ticket/3736
* Remove entitlement supportMartin Kosek2013-06-263-772/+0
| | | | | | | Entitlements code was not tested nor supported upstream since version 3.0. Remove the associated code. https://fedorahosted.org/freeipa/ticket/3739
* Require rid-base and secondary-rid-base in idrange-add after ipa-adtrust-installAna Krivokapic2013-06-242-5/+62
| | | | | | | | | | | | | Add a new API command 'adtrust_is_enabled', which can be used to determine whether ipa-adtrust-install has been run on the system. This new command is not visible in IPA CLI. Use this command in idrange_add to conditionally require rid-base and secondary-rid-base options. Add tests to cover the new functionality https://fedorahosted.org/freeipa/ticket/3634
* Fail when adding a trust with a different rangeAna Krivokapic2013-06-241-69/+148
| | | | | | | | When adding a trust, if an id range already exists for this trust, and options --base-id/--range-size are provided with the trust-add command, trust-add should fail. https://fedorahosted.org/freeipa/ticket/3635
* Return ipaRangeType as a list in idrange commandsTomas Babej2013-06-191-1/+1
| | | | | | | To be consistent with the rest of the LDAP commands, return ipaRangeType as a list of unicode strings. Regression caused by https://fedorahosted.org/freeipa/ticket/3647
* PEP8 fixes in idrange.pyTomas Babej2013-06-101-8/+17
|
* Extend idrange commands to support new range origin typesTomas Babej2013-06-101-14/+54
| | | | | | | | | | | | | | Following values of ipaRangeType attribute are supported and translated accordingly in the idrange commands: 'ipa-local': 'local domain range' 'ipa-ad-winsync': 'Active Directory winsync range' 'ipa-ad-trust': 'Active Directory domain range' 'ipa-ad-trust-posix': 'Active Directory trust range with POSIX attributes' 'ipa-ipa-trust': 'IPA trust range' Part of https://fedorahosted.org/freeipa/ticket/3647
* Prevent error when running IPA commands with su/sudoAna Krivokapic2013-06-071-5/+5
| | | | https://fedorahosted.org/freeipa/ticket/3685
* Remove redundant u'' characterMartin Kosek2013-06-062-2/+2
| | | | | | One Python's unicode marking character was being printed by RPC plugin which then appeared in ipa-client-install output. This patch removes it.
* Incorporate interactive prompts in idrange-addTomas Babej2013-06-051-3/+38
| | | | | | | | | | | In idrange-add command, ensure that RID base is prompted for in the interactive mode if domain SID or domain name was specified. If domain name nor SID was specified, make sure rid base is prompted for if secondary rid base was specified and vice versa. https://fedorahosted.org/freeipa/ticket/3602
* Add prompt_param method to avoid code duplicationTomas Babej2013-06-053-42/+55
| | | | | | | | | | Extracted common code from ipalib/plugins/cli.py and ipalib/plugins/dns.py that provided way to prompt user for the value of specific attribute. Added prompt_param method to Command class in ipalib/frontend.py Done as part of https://fedorahosted.org/freeipa/ticket/3602
* Remove redundant check for env.interactiveTomas Babej2013-06-051-1/+0
| | | | | Fixed as part of https://fedorahosted.org/freeipa/ticket/3602
* Deprecate options --dom-sid and --dom-name in idrange-modAna Krivokapic2013-05-311-7/+10
| | | | https://fedorahosted.org/freeipa/ticket/3636
* Do not allow removal of ID range of an active trustTomas Babej2013-05-311-1/+18
| | | | | | | | | | When removing an ID range using idrange-del command, validation in pre_callback ensures that the range does not belong to any active trust. In such case, ValidationError is raised. Unit tests to cover the functionality has been added. https://fedorahosted.org/freeipa/ticket/3615
* Do not translate trust type and direction with --raw in trust_show and ↵Tomas Babej2013-05-291-6/+28
| | | | | | | | | | | trust-find In trust_show command, make sure that --raw flag is honoured. Attributes ipanttrusttype and ipanttrustdirection are no longer translated to strings from their raw ldap values when --raw is used. https://fedorahosted.org/freeipa/ticket/3525
* Do not display success message on failure in web UIAna Krivokapic2013-05-171-6/+6
| | | | https://fedorahosted.org/freeipa/ticket/3591
* Add IPA OTP schema and ACLsNathaniel McCallum2013-05-171-0/+1
| | | | | | | | | | This commit adds schema support for two factor authentication via OTP devices, including RADIUS or TOTP. This schema will be used by future patches which will enable two factor authentication directly. https://fedorahosted.org/freeipa/ticket/3365 http://freeipa.org/page/V3/OTP
* Prompt for nameserver IP address in dnszone-addAna Krivokapic2013-05-161-0/+21
| | | | | | | | | | | | | | Prompt for nameserver IP address in interactive mode of dnszone-add. Add a corresponding field to dnszone creation dialog in the web UI. This parameter is required if and only if: * New zone is a forward zone * Nameserver is defined inside the new zone Add a new unit test to cover this functionality. https://fedorahosted.org/freeipa/ticket/3603
* Remove redundancy from hbactest help textTomas Babej2013-05-151-2/+2
| | | | | | | I modified the SID in the second example so that result corresponds with the 5. example. https://fedorahosted.org/freeipa/ticket/3625
* Resolve SIDs in Web UIAlexander Bokovoy2013-05-061-0/+55
| | | | | | | | | | | | | | | | | Introduce new command, 'trust-resolve', to aid resolving SIDs to names in the Web UI. The command uses new SSSD interface, nss_idmap, to resolve actual SIDs. SSSD caches resolved data so that future requests to resolve same SIDs are returned from a memory cache. Web UI code is using Dojo/Deferred to deliver result of SID resolution out of band. Once resolved names are available, they replace SID values. Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved at the same time. They all sent within the single request to the server. https://fedorahosted.org/freeipa/ticket/3302
* Add userClass attribute for hostsMartin Kosek2013-04-261-0/+7
| | | | | | | | | This new freeform host attribute will allow provisioning systems to add custom tags for host objects which can be later used for in automember rules or for additional local interpretation. Design page: http://www.freeipa.org/page/V3/Integration_with_a_provisioning_systems Ticket: https://fedorahosted.org/freeipa/ticket/3583
* Allow underscore in record targetsTomas Babej2013-04-251-1/+1
| | | | | | | Makes record target validation less strict and allows underscore. This is requirement for IPA sites. https://fedorahosted.org/freeipa/ticket/3550
* Improve help text for HBAC service groupsAna Krivokapic2013-04-181-4/+0
| | | | | | | | Remove the part of help text for HBAC service groups which contains an example suggesting that nested groups are supported. Nested groups are not supported in HBAC service groups. https://fedorahosted.org/freeipa/ticket/3548
* Integrate realmdomains with IPA DNSAna Krivokapic2013-04-162-0/+73
| | | | | | | | | | | | | Add an entry to realmdomains when a DNS zone is added to IPA. Delete the related entry from realmdomains when the DNS zone is deleted from IPA. Add _kerberos TXT record to DNS zone when a new realmdomain is added. Delete _kerberos TXT record from DNS zone when realmdomain is deleted. Add unit tests to cover new functionality. https://fedorahosted.org/freeipa/ticket/3544
* Drop --selfsign server functionalityPetr Viktorin2013-04-151-3/+1
| | | | | Design: http://freeipa.org/page/V3/Drop_selfsign_functionality Ticket: https://fedorahosted.org/freeipa/ticket/3494
* Remove obsolete self-sign references from man pages, docstrings, commentsPetr Viktorin2013-04-151-3/+2
| | | | Part of the work for https://fedorahosted.org/freeipa/ticket/3494
generated by cgit (git 2.34.1) at 2024-11-13 00:30:28 +0000