Commit Graph

3514 Commits

Author SHA1 Message Date
Jan Cholasta
06be021c72 Fix handling of /etc/hosts
ticket 971
2011-02-15 15:39:26 -05:00
Jan Zeleny
9c9a513664 Add group members to default output of sudorule-show
https://fedorahosted.org/freeipa/ticket/915
2011-02-15 14:44:27 -05:00
Pavel Zuna
fd0a6b4849 Fix setattr mail bug in user plugin.
The email normalizer expects a list or tuple, but when using setattr
it gets a string and interates on it as if it was a list/tuple.
2011-02-15 14:42:58 -05:00
Rob Crittenden
aab27a76e2 Require ipactl be run as root to avoid a lot of misleading error msgs.
Trying to run ipactl as non-root results in a slew of bogus
error messages, some of which come because dirsrv can't read certain
files as the wrong user, some based on our handling of that fact.

ticket 936
2011-02-15 14:21:08 -05:00
Rob Crittenden
edcdd87bc8 A privilege cannot be a member of a permission, remove it from metadata
ticket 970
2011-02-15 13:39:49 -05:00
Rob Crittenden
94395b2661 Become IPA v2 RC 1 (2.0.0.rc1) 2011-02-14 20:12:05 -05:00
Rob Crittenden
16b8d62968 Fix two problems with ipa-replica-prepare
1. Fix a unicode() problem creating the DNS entries
2. Fix a strange NSS error when generating the certificates against
   a dogtag server.

The NSS errors are quite strange. When generating the first certificate
nss_shutdown() fails because the database isn't initialized yet but
nss_is_initialized() returned True. The second pass fails because
something is in use.
2011-02-14 18:15:35 -05:00
Rob Crittenden
dab452442d The --out option wasn't working at all with cert-show.
Also fix some related problems in write_certificate(), handle
either a DER or base64-formatted incoming certificate and don't
explode if the filename is None.

ticket 954
2011-02-14 16:43:48 -05:00
Rob Crittenden
0e4f0528cf Add missing import for netaddr
ticket 964
2011-02-14 16:22:29 -05:00
Jr Aquino
72e315c936 Bugfix for ipa-client-install echo's password in cleartext to stdout https://fedorahosted.org/freeipa/ticket/959 2011-02-14 15:43:18 -05:00
Martin Kosek
309ed42865 Detection of v1 server during ipa-client-install
When v2 IPA client is trying to join an IPA v1 server
a strange exception is printed out to the user. This patch
detects this by catching an XML-RPC error reported by ipa-join
binary called in the process which fails on unexisting IPA server
'join' method.

https://fedorahosted.org/freeipa/ticket/553
2011-02-14 15:03:32 -05:00
Jakub Hrozek
04597f4e36 Remove obsolete record types from DNS
https://fedorahosted.org/freeipa/ticket/923
2011-02-14 14:50:57 -05:00
Rob Crittenden
81020a2ffa A mod command should not be able to remove a required attribute.
Some attribute enforcement is done by schema, others should be done
by the required option in a Parameter. description, for example, is
required by many plugins but not the schema. We need to enforce in the
framework that required options are provided.

After all the setattr/addattr work is done run through the modifications
and ensure that no required values will be removed.

ticket 852
2011-02-14 14:46:29 -05:00
Jakub Hrozek
22c3a681da Fine tuning DNS options
Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.

On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.

Set rdns to false on both server and client.

https://fedorahosted.org/freeipa/ticket/931
2011-02-14 14:45:22 -05:00
Rob Crittenden
c9431749a0 Let 389-ds start up even if Kerboros is not configured yet.
The situation is if during installation /etc/krb5.conf either doesn't
exist or configures no realms then 389-ds won't start up at all, causing
the installation to fail. This will let the server start up in a degraded
mode.

Also need to make the sub_dict in ldapupdate.py handle no realm otherwise
the installation will abort enabling the compat plugin.

ticket 606
2011-02-14 14:07:17 -05:00
Simo Sorce
b46faf9dfc Correctly report if this is a krb related password operation
Fixes: https://fedorahosted.org/freeipa/ticket/949
2011-02-14 13:57:00 -05:00
Rob Crittenden
77e1ef2f80 Add a replace option to ipa-ldap-updater.
We have no way to say "replace value X with Y". This would be useful
for us to replace a default value only if the user hasn't already
updated it.

related to ticket 930
2011-02-14 13:55:30 -05:00
Simo Sorce
5341a22ba2 Update krbExtraData too when changing passwords.
Fixes: https://fedorahosted.org/freeipa/ticket/937
2011-02-14 13:36:27 -05:00
Adam Young
03e83f6cc8 DNS record search
The current version of the DNS Plugin does not support searching by record, so that is commented out.

The search field wasn't working either.  The search criteria had to be appended to the params array, just after the zone.

https://fedorahosted.org/freeipa/ticket/907
2011-02-14 13:28:42 -05:00
Rob Crittenden
779f8da2f0 API fix for dns -> dnsrecord change in permission plugin 2011-02-14 11:48:12 -05:00
Nalin Dahyabhai
4d85fb18a2 drop the group.upg NIS map
The group.upg NIS map was an experiment in providing UPG groups
dynamically, and is not one of the maps that I'd ever expect a NIS
client to "know" to search.  We should probably just drop it.
2011-02-14 11:35:03 -05:00
Jan Zeleny
25c5c43ed4 Changed dns permission types
Recent change of DNS module to version caused that dns object type
was replaced by dnszone and dnsrecord. This patch corrects dns types
in permissions class.

https://fedorahosted.org/freeipa/ticket/646
2011-02-14 11:32:03 -05:00
Jakub Hrozek
856d890bb3 Make sure only root can run ipa-client-install
https://fedorahosted.org/freeipa/ticket/957
2011-02-14 10:43:56 -05:00
Jan Zeleny
da1fe966de Fixed type of argument in class help 2011-02-14 10:32:37 -05:00
Martin Kosek
34efc7bc24 Support of user default email domain
This patch fixes the default domain functionality for user email(s).
This setting may be configured via:

ipa config-mod --emaildomain=example.com

Then, when user is added/modified and --mail option is passed,
the default domain is appended if the passed attribute does not
contain another domain already.

https://fedorahosted.org/freeipa/ticket/598
2011-02-14 10:30:09 -05:00
Rob Crittenden
29706fb13b Add default success/failure output logging.
Request logging on the server only happened if you added verbose=True
or debug=True to the IPA config file. We should log the basics at
least: who, what, result.

Move a lot of entries from info to debug logging as well.

Related to ticket 873
2011-02-14 10:23:52 -05:00
Rob Crittenden
1315ba19d2 Add permission/privilege for updating IPA configuration.
ticket 950
2011-02-14 10:22:55 -05:00
Rob Crittenden
f2ed8de028 Move tools that are really only applicable to be run on the server
This moves a bunch of tools that only make sense to run on the actual
server from the admintools subpackage to the server subpackage.

ticket 947
2011-02-14 10:22:28 -05:00
Rob Crittenden
cb48ec3508 Ignore case when removing group members.
ticket 944
2011-02-14 10:22:28 -05:00
Jakub Hrozek
284dd32040 Fix checking for arguments in DNS plugins
https://fedorahosted.org/freeipa/ticket/956
2011-02-14 10:21:27 -05:00
Rob Crittenden
76f2d2eac2 Handle bad DM password in ipa-host-net-manage & ipa-copmat-manage.
This was resulting in a traceback because while conn was not None
it wasn't connected either.

ticket 920
2011-02-14 10:13:52 -05:00
Endi S. Dewata
6880daefee Fixed add service dialog box.
Previously the add service dialog box shows a 'Principal:' label with
no text field next to it. It now has been removed. The dialog box
has been widened to avoid line wrapping of the buttons.
2011-02-11 16:27:59 -05:00
Adam Young
29cf66046a remove deprecated record types 2011-02-11 16:26:09 -05:00
Adam Young
f1e46f36d2 allow null keys for show
https://fedorahosted.org/freeipa/ticket/951
2011-02-11 15:47:53 -05:00
Adam Young
d14ef576c3 column formatting Allow optional formatting for columns Provide Data formate for host modificaiton
date format
2011-02-11 15:04:31 -05:00
Adam Young
6f6d50f37f target section without radio buttons ACI target section refactored into an array of widget-like objects. The radio buttons have been replaced by a select box. THe select is not visible on the details page. 2011-02-11 15:04:31 -05:00
Rob Crittenden
3ac3130fc9 Convert json strings to unicode when they are unmarshalled.
This patch removes some individual work-arounds of converting strings
to unicode, they only masked the problem. String values are not
passed to the validator or normalizers so things like adding the
realm automatically to services weren't happening.

ticket 941
2011-02-11 13:36:15 -05:00
Jakub Hrozek
b069af3bc9 Fix migration page 2011-02-11 13:28:22 -05:00
Rob Crittenden
eed1130008 Don't include error.kw in the error response in the JSON server.
This can include a full exception which cannot be marshalled. This
value contains duplicate information and isn't used by the client.

ticket 905
2011-02-11 10:37:21 -05:00
Martin Kosek
30fdafcfbe ipa-dns-install does not exit on error
This patch fixes behavior of ipa-dns-install, which does not
exit when an invalid configuration of /etc/hosts is detected.

https://fedorahosted.org/freeipa/ticket/736
2011-02-11 10:34:03 -05:00
Martin Kosek
5768924710 Extend API validator
makeapi script is used to check if ipalib API is consistent with the
known state in API.txt. When the API is changed, major API version
should be updated. However, when new options/arguments/outputs were
added to an ipalib command, `makeapi --validate' call did not capture
this.

This patch fixes this issue and ensures that also the last command
in API.txt is checked (it was not before this patch).

https://fedorahosted.org/freeipa/ticket/868
2011-02-11 10:29:55 -05:00
Rob Crittenden
95b0563817 Ensure that file ownership doesn't change when config is updated.
Out of the blue update_file() and set_directive() changed file
ownership to root:root when it updated some files. This was causing
dogtag to break. So grab the owner before opening the file and reset
it after closing.

ticket 928
2011-02-11 09:51:44 -05:00
Rob Crittenden
a880396de9 Add pyOpenSSL as a BuildRequires 2011-02-11 09:35:38 -05:00
Rob Crittenden
2b2642e0c2 Rename ipa.spec.in to freeipa.spec.in in BUILD.txt.
This is the shortcut to installing the build-deps.

ticket 859
2011-02-10 17:52:43 -05:00
Jan Zeleny
978be50666 Provide a way to display CLI-LDAP relation
Since some LDAP attributes have their cli_name value defined,
so they can be more user friendly, it can be difficult for user to find
out which attributes do the parameteres given to CLI really represent.
This patch provides new command, which will take another IPA command as
and argument and display attributes which given command takes and what
LDAP attributes are they mapped to.

https://fedorahosted.org/freeipa/ticket/447
2011-02-10 15:11:26 -05:00
Rob Crittenden
456101bd29 Update API.txt with updated usercertificate in service-find 2011-02-10 14:51:39 -05:00
Martin Kosek
fb751686a1 Fix return codes for ipactl
This patch fixes ipactl to return non-zero value when something
goes wrong.

https://fedorahosted.org/freeipa/ticket/894
2011-02-10 13:59:03 -05:00
Rob Crittenden
b77046d550 Disable replication version plugin by default.
The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.

When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.

Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.

ticket 918
2011-02-10 13:54:39 -05:00
Rob Crittenden
c187b276ad Fix test failures caused by the performance patch.
It isn't safe to assume there is an environment or mode in any given
object. Only skip the extra work if the object explicitly has production
in it.
2011-02-10 13:52:29 -05:00
Rob Crittenden
f34c0ab916 Set minimum version of sssd to 1.5.1
ticket 926
2011-02-10 13:51:35 -05:00