UI: /ipa/ui
XML-RPC: /ipa/xml
errors: /ipa/errors
config: /ipa/config
I had to hardcode that URI into the CSS pages but TurboGears handles the
rest of the translations with tg.url().
Added a version to ipa.conf and ipa-rewrite.conf so we can update them
in the future if needed with ipa-upgradeconfig
440443
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).
The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig
python-ldap expects this to be an int type
In the UI sizelimit was hardcoded at 0 for users
439880
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
current value to prevent unnecessary LPAP updates (and failed writes)
Don't check against these lists on updates, only add them on new entries.
Disable the ability to configure in the UI these values for now.
438256
The memberOf attribute includes members that are directly in the group
via the "member" attribute and those that are included as a result of
being in a group that is in the group.
The UI needs to be able to distinguish between the two.
438706
This runs the risk of showing too much and confusing users but on the other
hand it often includes required information detailing why the error
occurred such as what attribute the user lacks write access too and why
changing a password failed.
438057
we do updates, so use the right terminology internally. Also fix the actual
field we update (and grant permission appropriately in delegations).
The DS password handles updating userPassword and any Samba passwords
as necessary.
438256
edit things. We use the 'editors' group for this. This group itself grants
no permission other than displaying certain things in the UI.
In order to be in the editors group a user must be a member of a group that
is the source group in a delegation. The memberof plugin will do all the
hard work to be sure that a user's memberof contains cn=editors if they
are in a delegated group.
432874
- Removing shebangs (#!) from a bunch of python libraries
- Don't use a variable name in init scripts for the lock file
- Keep the init script name consistent with the binary name, so renamed
ipa-kpasswd.init to ipa_kpasswd.init
- Add status option to the init scripts
- Move most python scripts out of /usr/share/ipa and into the python
site-packages directories (ipaserver and ipaclient)
- Remove unnecessary sys.path.append("/usr/share/ipa")
- Fix the license string in the spec files
- Rename ipa-webgui to ipa_webgui everywhere
- Fix a couple of issues reported by pychecker in ipa-python
