The DNS records list page was not loaded correctly due to a recent
change in HBAC Test. The page has been updated to use the load_all()
to show all records in the zone.
Ticket #388
The checkboxes in HBAC Test run page have been fixed to show/hide
matched or unmatched rules. The New Test button has been fixed to
deselect the inputs in all facets. The test data has been updated
as well.
Ticket #388
This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.
https://fedorahosted.org/freeipa/ticket/755
Tables columns have computed width. If value in one column is very long it widens the column and shortens others. This change causes that body columns are not aligned with header columns which makes the table less readable.
Applying 'word-break: break-all' style breaks the word to multiple lines and solves the problem.
Simililar problem is in details facet when displaying text values. Very long values widens the table and a horizontal slider is displayed, which is bad. Applying same solution.
In facet headers and breadcrumb navigation breaking the pkey looks bad - there should be only on line of pkey. To solve this, the pkey is limited to 63 characters (empirically measured). Long pkeys are cut. Uncut pkey is set as a title to avoid losing information.
Whole breadcrump could be about 140 chars (with current styles). 10 chars is reserved for entity link, 60 for pkey the rest (about 60) for parent pkeys. The assumtion is that the parent pkeys wouldn't be so long so they won't be cut anyway.
Column width calculation in tables was iproved. Now it counts with cell spacing, padding, border. It uses these assumtions:
cell-spacing: 2px
cell-padding: 6px th:right, left; td: left
cell-border: th:1px; td:0px
It would be better to get these measures dynamically. Right now it is good enough - better than previous calculation.
Result: data cells are aligned with their header. This alignment fails if vertical scrollbar is displayed (existing problem).
Also added padding to headers in association adder dialog.
https://fedorahosted.org/freeipa/ticket/1890
Recover from connection failures in IPAdmin LDAP bind functions and
rather try reconnect in scope of a given timeout instead of giving
up after the first failed connection.
The recovery fixes ipa-ldap-updater on F-16 which always failed
because of a missing dirsrv socket.
https://fedorahosted.org/freeipa/ticket/2175
The value stored in certmonger is not guaranteed to be normalized
nor is the value passed-in (could be a relative path and may or not
contain trailing slash). We do direct string compares so they need
to match exactly or we won't find the request.
https://fedorahosted.org/freeipa/ticket/1942
If "make rpms" fails it doesn't clean up the rpmbuild directory it created.
The next make-lint will also fail because it finds files under rpmbuild.
make-lint is invoked by "make rpms", a vicous cycle.
The patch contains two sets of changes
Include "rpmbuild" in the IGNORE_PATHS list of make-lint.
Fix the Makefile to use $(RPMBUILD) consistently, there were a number
of hardcoded uses of "rpmbuild" as a direcotry.
Created format method for getting translated messages for boolean values - IPA.boolean_format.
Used in hosts, sudo rules, hbac rules and hbac test.
https://fedorahosted.org/freeipa/ticket/2027
Summarize entered IPA server configuration so that user can examine
it and stop the installation process in case of error. Before this
patch, user had to know which question is the last one and check
the values he entered in various places during the interactive
wizard.
https://fedorahosted.org/freeipa/ticket/1083
This is the initial implementation of HBAC Test page. Currently it
can select user, source/target group, service, rules, and execute
the test. Other functionalities to be implemented include the search
filter, external users/hosts, back/next buttons, validation, styling,
and internalization.
Ticket #388
The load() in IPA.facet has been modified to accept the complete
data returned by the server instead of just the result. This is
needed by HBAC Test to access other attributes returned in the
test result.
Ticket #388
The current code assumes that an entity will always have a corresponding
LDAPObject on the server, so it looks for the metadata in a fixed location.
This assumption doesn't work for HBAC Test since it is a Command, not an
LDAPObject, so the metadata has to be obtained from a different location.
A new method get_default_metadata() has been added to allow each entity
to find the metadata from the correct location.
Ticket #388
The table widget has been modified to support single-valued attribute
using radio buttons needed by some facets in HBAC Test. The widget now
uses 'pagination' flag to determine whether to show the pagination
control. The test data has also been updated.
Ticket #388
The json_metadata command has been modified to accept some new
options and return the commands metadata. The API.txt has been
updated as well. The UI has been modified to use commands metadata
instead of methods metadata.
Ticket #388
In order to check presence of nss_ldap or nss-pam-ldapd when installing
client with '--no-sssd' option there was added code into ipa-client-install.
Checking is based on existence of one of nss_ldap configuration files.
This configuration could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
'/etc/libnss_ldap.conf'. Optionaly the nss_ldap could cooperate with
pam_ldap module and hence the presence of it is checked by looking for
'pam_ldap.conf' file. Existence of nss-pam-ldapd is checked against
existence of 'nslcd.conf' file. All this checking is done by function
nssldap_exists(). Because both modules are maintained by two different
functions, the function returns tuple containing return code and dictionary
structure - its key is name of target function and value is list of existing
configuration files. Files to check are specified inside the
nssldap_exists() function. nssldap_exists() also returns True if any of
the mandatory files was found, otherwise returns False.
In order to fit the returned values, the functions
configure_{ldap|nslcd}_conf() were slightly modified. They accept one more
parameter which is list of existing files. They are not checking existence
of above mentioned files anymore.
https://fedorahosted.org/freeipa/ticket/2063
This makes no changes to the functionality in the command-line or
GUI because these all have defaults anyway. This is mostly to show
them properly in the UI and prevent someone from trying to erase the
value (and getting a nasty schema error in response).
https://fedorahosted.org/freeipa/ticket/2015
JavaScript &= and |= are bitwise operators. They are shortened version of:
foo = foo & bar
foo = foo | bar
In some places they were used as shortened version of logical operation and assignment.
foo = foo && bar
It lead to type conversion to Number which is wrong (0 !== false).
This patch replaces such occurances with full version of logical operation and asignment.
https://fedorahosted.org/freeipa/ticket/2040
