The concept is now following:
topic: either a module or a group of modules containing registered
commands. All these commands will usually handle common entity
type (e.g. hbac rules)
subtopic: each topic can have a number of subtopics. In this case topic
is a group of modules and each module represents a subtopic.
grouping modules to topics is possible by assigning a 2-tuple to module
variable:
topic = ('topic-name','topic description')
The topic description has to be the same in all modules in the topic.
These are examples of commands now available in IPA help:
ipa help - display a list of all topics
ipa help hbac - display help for hbac topic
ipa help hbacrule - display help for a subtopic of hbac
ipa help hbacrule-add - display help for a particular command
https://fedorahosted.org/freeipa/ticket/410
The renaming follows previous discussion on mailing list and it leads to
name compatibility with other plugins (e.g. sudorule). It is also
necessary for following changes in ipa help.
Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.
https://fedorahosted.org/freeipa/ticket/576
THis patch updates the metadata with the changes for the facet groups names. It is a large patch only in that the metadata is huge, but the change is trivial
THe client aread class is added after the create call. THe logic assumes that there are two divs under the tabs. THe records facet broke that assumption. THis fixes it
The title attribute in various HTML elements in SUDO details page
has been set to show the proper tooltips. Most of the values are
taken from the 'doc' attribute of sudorule parameters.
make clickable links blue
change spacing to keep headers from wrapping
convert most px values to em, to support scaling
indent action controls and place them under the active facet
set default font size to 11px
Only a generic error message were displayed when a non-existing
host was passed to host-del or host-disable operations.
This patch adds catching these generic exceptions and raising
new exceptions with the correct error message.
https://fedorahosted.org/freeipa/ticket/303
Do not call status after pkisilent, it will return non-zero.
Instead restart server after pkisilent so configuration
changes take effect, the check the status.
The SUDO details page has been modified to support external users
and hosts. In the backend, the internal and external users are kept
in separate attributes, but in the UI they will be displayed as a
single list. The same thing is done for hosts.
The ipa_sudorule_association_adder_dialog() has been modified such
that it only displays the external field if there is an external
attribute for that field.
TAKE 1
- Enrollement links in the action panel are now sorted by relationships.
- You can only enroll members.
(The webUI made the impression you can enroll parents as well, but it was
broken.)
- When enrolling new members, you can choose not to display already enrolled
ones. (On by default.)
- Couple cosmetic changes.
This is required for effective filtering of enrollments search
results in the webUI and also gives an edge to the CLI.
After this patch, each LDAPObject can define its relationships
to other LDAPObjects. For now, this is used only for filtering
search results by enrollments, but there are probably more
benefits to come.
You can do this for example:
# search for all users not enrolled in group admins
ipa user-find --not-in-groups=admins
# search for all groups not enrolled in group global with user Pavel
ipa group-find --users=Pavel --not-in-groups=global
# more examples:
ipa group-find --users=Pavel,Jakub --no-users=Honza
ipa hostgroup-find --hosts=webui.pzuna
To support group-based account disablement we created a Class of Service
where group membership controlled whether an account was active or not.
Since we aren't doing group-based account locking drop that and use
nsaccountlock directly.
ticket 568
