Commit Graph

6619 Commits

Author SHA1 Message Date
Tomas Babej
01a0249a40 ipatests: Perform a connection test before preparing the client
When the host is down, the preparation of the host fails. This
produces misleading errors, since the test framework reports that
the actual command being executed failed, when in fact (in case
of SSHTransport), the cause of failure was unability to establish
a SSH session.

https://fedorahosted.org/freeipa/ticket/4132

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2014-02-10 10:37:26 +01:00
Tomas Babej
033c354709 ipatests: legacy_clients: Test legacy clients with non-posix trust
Adds test cases for legacy client support with IPA that has estabilish
trust with AD that does not leverage POSIX attributes defined on AD.

https://fedorahosted.org/freeipa/ticket/4134

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
2014-02-10 10:37:23 +01:00
Jan Cholasta
4e207b4c88 Remove sourcehostcategory from the default HBAC rule.
https://fedorahosted.org/freeipa/ticket/4158

Reviewed-By: Martin Kosek <mkosek@redhat.com>
2014-02-06 16:46:24 +01:00
Martin Kosek
03ba31b8ca Migration does not add users to default group
When users with missing default group were searched, IPA suffix was
not passed so these users were searched in a wrong base DN. Thus,
no user was detected and added to default group.

https://fedorahosted.org/freeipa/ticket/4141

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 16:47:37 +01:00
Tomas Babej
1601860023 ipatests: Run restoring backup files and restoring their context in one session
Restoring backup files and restoring their context were two separate commands,
what means that in case we use SSHTrasport, which creates a separate SSH
session for each command, we try to restore the SELinux context of the
changed files in a new session.

This causes problems, if the access to files themselves are necessary
for the creation of the new SSH session.

https://fedorahosted.org/freeipa/ticket/4133

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Tomas Babej
baf9b4c02a ipatests: Add records for all hosts in master's domain
All the hosts in the domain have IPA master set as their only
nameserver. However, the IPA master does not create records for
these machines by default. This is not an big issue for clients
or replicas, since those records do get created in other ways,
but external hosts using their internal hostnames will not resolve.

Adds an A record for each host in master's domain.

https://fedorahosted.org/freeipa/ticket/4130

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Tomas Babej
03d093d793 ipatests: test_legacy_clients: Change "test group" to "testgroup"
The integration test for legacy clients used incorrectly "test group"
instead of "testgroup" as group used on AD for test purposes. This
is inconsistent with the usage of "testuser".

https://fedorahosted.org/freeipa/ticket/4131

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2014-02-05 15:38:53 +01:00
Petr Viktorin
894b70a164 ipa tool: Print the name of the server we are connecting to with -v
The logging level for these messages was decreaed so that they
do not show up in ipa-advise output.
Reset the log level to INFO and configure ipa-advise to not display
INFO messages from xmlclient by default.

Partially reverts commit efe5a96725

https://fedorahosted.org/freeipa/ticket/4135

Reviewed-By: Tomáš Babej <tbabej@redhat.com>
2014-02-05 15:35:36 +01:00
Petr Viktorin
7b5124416b integration tests OpenSSHTransport: Expand tilde to home in root_ssh_key_filename
Expand paths beginning with a tilde, such as the default ~/.ssh/id_rsa,
to the home directory.

https://fedorahosted.org/freeipa/ticket/4115
2014-02-05 08:35:07 +01:00
Martin Kosek
b351b210be ipa-lockout: do not fail when default realm cannot be read
When ipa-lockout plugin is started during FreeIPA server installation,
the default realm may not be available and plugin should then not end
with failure.

Similarly to other plugins, start in degraded mode in this situation.
Operation is fully restored during the final services restart.

https://fedorahosted.org/freeipa/ticket/4085
2014-02-04 12:44:45 +01:00
Martin Kosek
d85e2c9a82 Fallback to global policy in ipa-lockout plugin
krbPwdPolicyReference is no longer filled default users. Instead, plugins
fallback to hardcoded global policy reference.

Fix ipa-lockout plugin to fallback to it instead of failing to apply
the policy.

https://fedorahosted.org/freeipa/ticket/4085
2014-02-03 08:57:14 +01:00
Petr Spacek
df3fa943ab Use reserved domain names for tests
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:46:11 +01:00
Petr Spacek
558be8e102 Rename variables in test xmlrpc/dns_plugin
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:37:38 +01:00
Petr Spacek
3aa9a8b9be Use private IPv4 addresses for tests
https://fedorahosted.org/freeipa/ticket/4139
2014-01-30 13:32:58 +01:00
Lukas Slebodnik
a4faa2f444 BUILD: Fix portability of NSS in file ipa_pwd.c
Tested-by: Timo Aaltonen <tjaalton@ubuntu.com>
2014-01-28 16:35:34 +01:00
Petr Spacek
c919363538 Remove working directory for bind-dyndb-ldap plugin.
The working directory will be provided directly
by bind-dyndb-ldap package.

This partially reverts commit 689382dc83.

https://fedorahosted.org/freeipa/ticket/3967
2014-01-27 16:04:33 +01:00
Petr Spacek
04627b72d6 Limit memberOf and refInt DS plugins to main IPA suffix.
This drastically improves performance of retro changelog trimming.

https://fedorahosted.org/freeipa/ticket/3967
2014-01-27 14:40:36 +01:00
Jan Cholasta
c2bd6f365d Convert remaining frontend code to LDAPEntry API. 2014-01-24 20:38:15 +01:00
Jan Cholasta
5737eaf134 Raise an exception when legacy LDAP API is used. 2014-01-24 20:29:32 +01:00
Jan Cholasta
9d863e9a96 Convert remaining test code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
Jan Cholasta
97c1c95f20 Convert remaining update code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
Jan Cholasta
08051f1651 Convert remaining installer code to LDAPEntry API. 2014-01-24 20:29:31 +01:00
Jan Cholasta
a5f322cb7b Get original entry state from LDAP in LDAPUpdate. 2014-01-24 20:29:31 +01:00
Martin Kosek
e218f282a0 ntpconf: remove redundant comment
https://fedorahosted.org/freeipa/ticket/4094
2014-01-24 14:40:22 +01:00
Jan Cholasta
923e9d8bed Fix ntpd config on clients.
https://fedorahosted.org/freeipa/ticket/4094
2014-01-24 13:01:32 +01:00
Sumit Bose
2bb2aa8c48 CLDAP: add unit tests for make_netbios_name 2014-01-23 18:14:23 +01:00
Sumit Bose
311b2b1acf CLDAP: generate NetBIOS name like ipa-adtrust-install does
Fixes  https://fedorahosted.org/freeipa/ticket/4116
2014-01-23 18:14:23 +01:00
Petr Viktorin
b4401a1770 ipa-replica-install: Move check for existing host before DNS resolution check
The checks for existing host and existing replication agreement
set a flag that caused an exit() if any of them failed.

Between these checks there was an unrelated check, DNS resolution.
If the host and DNS checks both failed, this made it look like
the DNS check was the cause of failed install. Especially if the user
ignored the DNS check in unattended mode, the output was confusing.

Remove the flag and fail directly.
Do the replication agreement check first; fixing this with
ipa-replica-manage del will also remove the host entry.

Also, use the logger for error messages so they appear in the log
file as well as on the console.

https://fedorahosted.org/freeipa/ticket/3889
2014-01-23 09:53:52 +01:00
Petr Viktorin
6bdc75ea24 Implement XML introspection
https://fedorahosted.org/freeipa/ticket/2937
2014-01-14 13:41:19 +01:00
Petr Viktorin
6a2b70946f rpcserver: Consolidate __call__ in xmlclient and jsonclient_kerb
The two classes had very similar __call__ methods, but the JSON
server lacked error handling.

Create a common class for the __call__ method.

https://fedorahosted.org/freeipa/ticket/4069
2013-12-10 17:36:32 +01:00
Martin Kosek
b7f1531262 httpd should destroy all CCACHEs
Use "kdestroy -A" command to destroy all CCACHEs, both the primary
and the non-primary ones to make sure that the non-primary ones are
not used later.

https://fedorahosted.org/freeipa/ticket/4084
2014-01-22 17:00:46 +01:00
Martin Kosek
f49c26db2c Switch httpd to use default CCACHE
Stock httpd no longer uses systemd EnvironmentFile option which is
making FreeIPA's KRB5CCNAME setting ineffective. This can lead in hard
to debug problems during subsequent ipa-server-install's where HTTP
may use a stale CCACHE in the default kernel keyring CCACHE.

Avoid forcing custom CCACHE and switch to system one, just make sure
that it is properly cleaned by kdestroy run as "apache" user during
FreeIPA server installation process.

https://fedorahosted.org/freeipa/ticket/4084
2014-01-22 10:14:05 +01:00
Martin Kosek
252ad0b8c1 Add runas option to run function
Run function can now run the specified command as different user by
setting the both real and effective UID and GID for executed process.

Add both the missing run function attribute doc strings as well as
a doc string for the runas attribute.
2014-01-22 10:14:05 +01:00
Alexander Bokovoy
c29211671c ipasam: delete trusted child domains before removing the trust
LDAP protocol doesn't allow deleting non-leaf entries. One needs to
remove all leaves first before removing the tree node.

https://fedorahosted.org/freeipa/ticket/4126
2014-01-21 12:31:54 +01:00
Petr Vobornik
622f9ab11f Trust domains Web UI
Add Web UI counterpart of following CLI commands:

* trust-fetch-domains Refresh list of the domains associated with the trust
* trustdomain-del Remove infromation about the domain associated with the trust.
* trustdomain-disable Disable use of IPA resources by the domain of the trust
* trustdomain-enable Allow use of IPA resources by the domain of the trust
* trustdomain-find Search domains of the trust

https://fedorahosted.org/freeipa/ticket/4119
2014-01-21 12:24:54 +01:00
Petr Vobornik
3e0ae97268 Use only system fonts
This commit changes how fonts are used.

- remove usage of bundled fonts and only system fonts are used instead
  - by using alias in httpd conf
  - by using local("Font Name") directive in font-face
- removed usage of overpass font
- redefined Open Sans font-face declarations. Note: upstream is doing the
  same change so we will be fine on upgrade.
- introduce variable.less for variable definitions and overrides. This file
  will be very useful when we upgrade to newer RCUE so we will be able to
  redefine their and bootstrap's variables.

Fixes: https://fedorahosted.org/freeipa/ticket/2861
2014-01-21 12:05:09 +01:00
Petr Vobornik
6b71d1a167 Web UI integration tests: maximize browser window by default 2014-01-21 12:04:04 +01:00
Petr Vobornik
33359d25ef Use fluid layout in host adder dialog fqdn widget 2014-01-21 12:04:04 +01:00
Petr Vobornik
0b428b8326 About dialog
https://fedorahosted.org/freeipa/ticket/4018
2014-01-21 12:04:04 +01:00
Petr Vobornik
e8c3db4295 Increase distance between control buttons and facet-tabs
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:04 +01:00
Petr Vobornik
fe23350432 New header spinner
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:04 +01:00
Petr Vobornik
266a39de7f Fix association adder dialog table-body position
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:04 +01:00
Petr Vobornik
046560220a Increase margin between facet control buttons
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:04 +01:00
Petr Vobornik
2bfe2b8c51 Font awesome glyphs as checkboxes and radios
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:04 +01:00
Petr Vobornik
0f1a756eae Use font awesome glyph for dialog close button
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00
Petr Vobornik
f0b42ed060 Facet title status icons
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00
Petr Vobornik
af26018c0d Status widgets icons
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00
Petr Vobornik
c4abe3a2d9 Replace icons with the ones from Font Awesome
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00
Petr Vobornik
4bc1942f53 Font Awesome icons in header
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00
Petr Vobornik
40ad71726e Change font-awesome to be compilable by lesscpy
https://fedorahosted.org/freeipa/ticket/3904
2014-01-21 12:04:03 +01:00