Recover from connection failures in IPAdmin LDAP bind functions and
rather try reconnect in scope of a given timeout instead of giving
up after the first failed connection.
The recovery fixes ipa-ldap-updater on F-16 which always failed
because of a missing dirsrv socket.
https://fedorahosted.org/freeipa/ticket/2175
The value stored in certmonger is not guaranteed to be normalized
nor is the value passed-in (could be a relative path and may or not
contain trailing slash). We do direct string compares so they need
to match exactly or we won't find the request.
https://fedorahosted.org/freeipa/ticket/1942
If "make rpms" fails it doesn't clean up the rpmbuild directory it created.
The next make-lint will also fail because it finds files under rpmbuild.
make-lint is invoked by "make rpms", a vicous cycle.
The patch contains two sets of changes
Include "rpmbuild" in the IGNORE_PATHS list of make-lint.
Fix the Makefile to use $(RPMBUILD) consistently, there were a number
of hardcoded uses of "rpmbuild" as a direcotry.
Created format method for getting translated messages for boolean values - IPA.boolean_format.
Used in hosts, sudo rules, hbac rules and hbac test.
https://fedorahosted.org/freeipa/ticket/2027
Summarize entered IPA server configuration so that user can examine
it and stop the installation process in case of error. Before this
patch, user had to know which question is the last one and check
the values he entered in various places during the interactive
wizard.
https://fedorahosted.org/freeipa/ticket/1083
This is the initial implementation of HBAC Test page. Currently it
can select user, source/target group, service, rules, and execute
the test. Other functionalities to be implemented include the search
filter, external users/hosts, back/next buttons, validation, styling,
and internalization.
Ticket #388
The load() in IPA.facet has been modified to accept the complete
data returned by the server instead of just the result. This is
needed by HBAC Test to access other attributes returned in the
test result.
Ticket #388
The current code assumes that an entity will always have a corresponding
LDAPObject on the server, so it looks for the metadata in a fixed location.
This assumption doesn't work for HBAC Test since it is a Command, not an
LDAPObject, so the metadata has to be obtained from a different location.
A new method get_default_metadata() has been added to allow each entity
to find the metadata from the correct location.
Ticket #388
The table widget has been modified to support single-valued attribute
using radio buttons needed by some facets in HBAC Test. The widget now
uses 'pagination' flag to determine whether to show the pagination
control. The test data has also been updated.
Ticket #388
The json_metadata command has been modified to accept some new
options and return the commands metadata. The API.txt has been
updated as well. The UI has been modified to use commands metadata
instead of methods metadata.
Ticket #388
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of one of nss_ldap configuration files.
This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap module and hence the presence of it is checked by looking for
'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against
existence of 'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by two different
functions, the function returns tuple containing return code and dictionary
structure - its key is name of target function and value is list of existing
configuration files. Files to check are specified inside the
nssldap_exists() function. nssldap_exists() also returns True if any of
the mandatory files was found, otherwise returns False.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They accept one more
parameter which is list of existing files. They are not checking existence
of above mentioned files anymore.
https://fedorahosted.org/freeipa/ticket/2063
This makes no changes to the functionality in the command-line or
GUI because these all have defaults anyway. This is mostly to show
them properly in the UI and prevent someone from trying to erase the
value (and getting a nasty schema error in response).
https://fedorahosted.org/freeipa/ticket/2015
JavaScript &= and |= are bitwise operators. They are shortened version of:
foo = foo & bar
foo = foo | bar
In some places they were used as shortened version of logical operation and assignment.
foo = foo && bar
It lead to type conversion to Number which is wrong (0 !== false).
This patch replaces such occurances with full version of logical operation and asignment.
https://fedorahosted.org/freeipa/ticket/2040
After deleting section as a special type of object a new way of defining inter-field logic is needed.
For this purpose a facet_policy was created. It is a simple object with init() method. Init method should contain logic for attaching to fields' or widgets' events.
When a policy is added to facet or dialog its container property should be set to that facet or dialog. It gives the policy an access to fields and widgets.
Init method should be called after widgets creation.
https://fedorahosted.org/freeipa/ticket/2040
Sections are changed into pure widget objects. Introduced IPA.composite_widget, basic widget for widget nesting (it's using IPA.widget_container). It's base class for section widgets.
TODO: change old custom sections into custom fields and widgets.
Note: usage of section in HBAC and SUDO is kept - whole logic will be removed in #1515 patch.
https://fedorahosted.org/freeipa/ticket/2040
Introduced IPA.field_container and IPA.widget_container.
IPA.field_container: collection for fields. Can set logical container (facet, dialog...) to fields.
IPA.widget_container: collection for widgets. Has basic searching capability withing widget tree.
Introduced field_builder, widget_builder, section_builder, details_builder. All are used for building fields and widgets. Field_builder and widget_builder have the main building logic. Section_builder can create content based on current section spec. Details builder defines a strategy for building content.
https://fedorahosted.org/freeipa/ticket/2040
'ipa pwpolicy-find' output is now sorted by priority of the policies.
Lower position means lower priority. Global policy is then at the bottom.
The changes has also affected LDAPSearch class in baseldap.py:
LDAPSearch class sorts the search results by primary key be default
(which is usually 'cn'). Therefor a function pointer entries_sortfn
was added. If no sorting function exists, default sorting by primary key
is used.
Sorting function had to be introduced due to the fact that pwpolicy's
primary key is also it's 'cn' and global policy is not allowed to have any
priority.
https://fedorahosted.org/freeipa/ticket/2045
