The IPA.command has been modified not to insert a title into the error
object thrown by Ajax operation because the object could be immutable.
Ticket #1240
The ordered map is a jQuery extension for creating a collection which can
be accessed both as an ordered list and as a map. This collection can be
used to store various objects including entities, fields, columns, and
dialogs. A test suite for this class has been added as well.
Ticket #1232
Enforce that the remote hostname matches the remote SSL server certificate
when 389-ds operates as an SSL client.
Also add an update file to turn this off for existing installations.
This also changes the way the ldapupdater modlist is generated to be more
like the framework. Single-value attributes are done as replacements
and there is a list of force-replacement attributes.
ticket 1069
Even with --no-sssd authconfig was setting nsswitch.conf to use sssd
for users, groups, shadow and netgroups. We need to pass in the
--enableforcelegacy option hwen configuring nss_ldap.
Also always back up and restore sssd.conf. It still gets configured for
kerberos.
ticket 1142
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.
Also catch and display KerberosErrors from ping() in the client better.
ticket 1101
When ipa-client-install autodiscovers IPA server values it
doesn't fill the fixed KDC address to Kerberos configuration
file. However, when realm != domain or the autodiscovered values
are overridden, installation may fail because it cannot find the
KDC.
This patch adds a failover to use static KDC address in case when
such an issue occurs.
https://fedorahosted.org/freeipa/ticket/1100
The IPA.association_facet has been modified to take a read_only parameters.
If the parameter is set to true, the Enroll and Delete buttons will not be
shown. All facets under the memberindirect and memberofindirect facet groups
are marked as read-only.
Ticket #1030
The IPA.entity has been modified to support customizable facet groups.
The default list of facet groups is defined in IPA.entity_header and can
be overriden in the entity definition.
Ticket #1219
It was discovered that using the batch plugin it was possible to
store duplicate data in parts of the ipa_config during iterations.
This was causing a cascading exec failures if any one of the batch
executions failed.
https://fedorahosted.org/freeipa/ticket/1220
Logging errors are printed out when ipa-replica-manage is run
as a non-root user. Log has been disabled in such case to
prevent such messages.
https://fedorahosted.org/freeipa/ticket/1046
Remove redundant ipa-client-install error message when optional nscd
daemon was not installed. Additionally, use standard IPA functions
for service manipulation and improve logging.
https://fedorahosted.org/freeipa/ticket/1207
Doc parts are not removed from the API completely. This leads to
unnecessary updates to API.txt when the option/argument documentation
is changed.
This patch replaces unreliable doc stripping function with a regular
expression. It works for all current doc strings (simple string or
GetText). The only limitation is that the RE supports only up to
2 levels of nested parentheses in doc string.
https://fedorahosted.org/freeipa/ticket/1057
Since selinux-policy-3.9.16-5.fc15 is out, the dogtag port 7390 is
handled via selinux-policy and there is no need to manage it in
FreeIPA installer.
https://fedorahosted.org/freeipa/ticket/1205
The IPA.records_facet has been converted into a subclass of
IPA.search_facet. This helps remove duplicate table code and provide
consistent DOM element attributes for Selenium tests.
This option does not behave properly in F15 as chkconfig does not list services
moved to use systemd service files.
Plus there are more direct ways than parsing its output, which are more
reliable.
Also just testing for the availability of the service calling 'chkconfig name'
is enough.
https://fedorahosted.org/freeipa/ticket/1206
Facet container has been added to hold facet header (i.e. title,
search fields, buttons, links) and facet content. Each facet now
occupies separate container, so it can be shown/hidden without
having to redraw the content.
Previously the entities and navigation are entangled inside a common
DOM structure which limits code reuse. Now they have been moved
into separate structures.
Previously the tab state is represented using numeric index such
as navigation=0&identity=1 which is not very user friendly. Now the
code has been modified to use entity names such as
navigation=identity&identity=group.
The singular object IPA.nav has been converted into an IPA.navigation
class. The admin and self-service navigation tabs have been converted
into subclasses of IPA.navigation and will be instantiated according
to user authorization.
Report missing python packages, inform about false positives, fail
gracefully if pylint isn't installed. Fixed a bug in the ignore
list and added few more files/directories to it.
ticket 1184
ipa-rmkeytab returns success even when the realm passed to the
program is not found in a keytab. This patch adds an explanatory
error message and returns error code 5 - Principal or realm not
found.
https://fedorahosted.org/freeipa/ticket/694
When replica with DNS is installed, NS records for the managed zone
are not updated with the replica FQDN. The administrator then has
to do it manually to enroll the new DNS server to the zone.
This patch also removes the newly created NS records when the
replica is removed via ipa-replica-manage command.
https://fedorahosted.org/freeipa/ticket/1034
The --force option may be misused to reinstall an existing IPA
client. This is not supported and may lead to unexpected errors.
When required, the cleanest way to re-install IPA client is to
run uninstall and then install again.
This patch also includes few cosmetic changes in messages to user
to provide more consistent user experience with the script.
https://fedorahosted.org/freeipa/ticket/1117
When the pwpolicy attribute "cospriority" is passed to pwpolicy-mod
command and the old value is kept, the command should succeed
if there was at least one other attribute changed. Current
pwpolicy-mod raises exception in this case which may lead to issues
in the WebUI.
https://fedorahosted.org/freeipa/ticket/1104
This patch prevents uninstalling IPA client when it is configured
as a part of IPA server. ipa-server-installation script is advised
for this situation.
https://fedorahosted.org/freeipa/ticket/1049
