It was decided not to change the OID space for FreeIPA 4.0+ objectclasses.
However, we should still at least properly mark the X-ORIGIN to make
analyzing schema easier.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.
https://fedorahosted.org/freeipa/ticket/4382
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
When manipulating a permission for an entry that has an ACI
that the parser cannot process, skip this ACI instead of
failing.
Add a test that manipulates permission in cn=accounts,
where there are complex ipaAllowedOperation-based ACIs.
Workaround for: https://fedorahosted.org/freeipa/ticket/4376
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The code has been moved to its own, separate repository at
git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The make-ui.sh script builds both app.js and core.js,
but only one was specified in the Makefile.
Correct the mistake.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Host Administrators could not write to service keytab attribute and
thus they could not run the host-disable command.
https://fedorahosted.org/freeipa/ticket/4284
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
To ensure new NIS domain name is loaded after ipa-client-install
even in case when nisdomainname service is already running, we
need to restart the service rather than starting it.
https://fedorahosted.org/freeipa/ticket/4393
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Call user-unlock command from Web UI.
It will unlock displayed user on current master.
https://fedorahosted.org/freeipa/ticket/4407
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
standalone page for OTP token synchronization. It reuses SyncOTPScreen
widget instead of reimplementing the logic as in other standalone pages.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Current compiled Web UI layer (app.js) contains every FreeIPA plugin and
not just the UI framework. It's not possible to start just a simple facet.
This commit creates a basis for a layer (core.js) which contains only
framework code and not entity related code.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Simple plugin which handles transition from login facet to OTP sync facet
and vice versa.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Global notifications were limited to "main" container. Now they have their
own container which is displayed over other ones. It makes them usable
everywhere.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
When a new objectclass was defined as "objectclass" and not
"objectClass", it made the schema updater skip some objectclasses.
https://fedorahosted.org/freeipa/ticket/4405
Reviewed-By: Rich Megginson <rmeggins@redhat.com>
Class PreSchemaUpdate is executed before ldap schema update
This is required by ticket: https://fedorahosted.org/freeipa/ticket/3210
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Currently there is an incorrect behavior that server doesn't send datetime
and dnsname data in new format.
This patch adds the version to each RPC request making the UI look as the
latest client. Server then sends data in correct format. It also removes
the "unknown version" warning from each RPC response.
https://fedorahosted.org/freeipa/ticket/4394
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
old detection did not work with the static version used for test and
demonstration purposes.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Regular update of static metadata for testing and presentation purposes.
It should also contain new DNS Forward Zones metadata.
https://fedorahosted.org/freeipa/ticket/4357
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
A mixture of implicit and explicit tagging was being used and this caused
a bug in retrieving the enctype number due to the way ber_scanf() loosely
treat sequences and explicit tagging.
The ASN.1 notation used to describe the getkeytab operation uses implicit
tagging, so by changing the code we simply follow to the specified encoding.
Resolves: https://fedorahosted.org/freeipa/ticket/4404
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This command calls the token sync HTTP POST call in the server providing
the CLI interface to synchronization.
https://fedorahosted.org/freeipa/ticket/4260
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This command behaves almost exactly like otptoken-add except:
1. The new token data is written directly to a YubiKey
2. The vendor/model/serial fields are populated from the YubiKey
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This HTTP call takes the following parameters:
* user
* password
* first_code
* second_code
* token (optional)
Using this information, the server will perform token synchronization.
If the token is not specified, all tokens will be searched for synchronization.
Otherwise, only the token specified will be searched.
https://fedorahosted.org/freeipa/ticket/4218
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
login_password did not work properly in timezones other than +0h because
local time was compared with utc time.
Bug introduced in:
https://fedorahosted.org/freeipa/ticket/4339
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
