Commit Graph

1443 Commits

Author SHA1 Message Date
Rob Crittenden
ac23fa7e54 Fix migration to work between v2 servers and remove search/size limits.
Migration from a v2 server would fail because of our fake memberofindirect
attribute. This isn't in any objectclass so would cause entries to fail
to migrate. We can safely just remove it.

Also remove any limits on time/size when searching for entries on the
remote server. Otherwise only the number of entries configured in the
local IPA server can be migrated.

ticket 1124
2011-05-26 16:37:03 -04:00
Adam Young
1636d64926 automount UI
automount implemented using standard facets and containing_entity pkey generation

sample data fixtures for automount.

messages for automount and HBAC.

modified form of the search facet used to nest the automount entities

Add works for nested entities.  Delete works for all but keys.  Since the API for this is going to change, I'm not going to fix it pre-checkin.

All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title.

update ipa_init sample data

add redirect logic for pages without pkeys.

add and delete link to appropriate entities for nested search facet.

Using on demand entities.  Fixed breadcrumbs.
2011-05-26 14:53:40 -04:00
Martin Kosek
dea578a357 A new flag to disable creation of UPG
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.

https://fedorahosted.org/freeipa/ticket/1131
2011-05-25 08:39:47 +02:00
Endi S. Dewata
2a4edbda4d Fixed adder dialog title.
The IPA.entity_builder has been fixed to use the correct title
for the entity's adder dialog.

Ticket #1239
2011-05-24 12:41:11 -04:00
Rob Crittenden
4027b12371 Test for forwarded Kerberos credentials cache in wsgi code.
We should more gracefully handle if the TGT has not been forwarded
than returning a 500 error.

Also catch and display KerberosErrors from ping() in the client better.

ticket 1101
2011-05-18 09:35:04 +02:00
Endi S. Dewata
a7f9814ab7 Read-only association facet.
The IPA.association_facet has been modified to take a read_only parameters.
If the parameter is set to true, the Enroll and Delete buttons will not be
shown. All facets under the memberindirect and memberofindirect facet groups
are marked as read-only.

Ticket #1030
2011-05-16 21:05:49 -04:00
Endi S. Dewata
f9a8d772e3 Customizable facet groups.
The IPA.entity has been modified to support customizable facet groups.
The default list of facet groups is defined in IPA.entity_header and can
be overriden in the entity definition.

Ticket #1219
2011-05-16 13:18:51 -04:00
Jan Cholasta
6c66d37655 Assume ipa help for plugins.
ticket 914
2011-05-13 13:25:34 -04:00
Martin Kosek
8d35089780 Limit passwd plugin to user container
Improve performance by specifying basedn to find_entry_by_attr()
function in ldap2 and passwd plugins.

https://fedorahosted.org/freeipa/ticket/1165
2011-05-12 16:22:06 -04:00
Jan Cholasta
3edb8ed545 Fix regressions introduced by pylint false positive fixes.
ticket 1198
2011-05-11 16:50:01 +02:00
Yuri Chornoivan
be0308cf68 Typos in freeIPA messages and man page
https://fedorahosted.org/freeipa/ticket/1128
2011-05-10 08:46:57 +02:00
Endi S. Dewata
a4aba826a0 Added facet container.
Facet container has been added to hold facet header (i.e. title,
search fields, buttons, links) and facet content. Each facet now
occupies separate container, so it can be shown/hidden without
having to redraw the content.
2011-05-05 14:57:45 -05:00
Jan Cholasta
7e0d4531c3 Several improvements of the lint script.
Report missing python packages, inform about false positives, fail
gracefully if pylint isn't installed. Fixed a bug in the ignore
list and added few more files/directories to it.

ticket 1184
2011-05-05 11:54:07 +02:00
Martin Kosek
7811200c62 pwpolicy-mod doesn't accept old attribute values
When the pwpolicy attribute "cospriority" is passed to pwpolicy-mod
command and the old value is kept, the command should succeed
if there was at least one other attribute changed. Current
pwpolicy-mod raises exception in this case which may lead to issues
in the WebUI.

https://fedorahosted.org/freeipa/ticket/1104
2011-04-29 09:27:52 +02:00
Rob Crittenden
d3b0c64fce Modify the default attributes shown in user-find to match the UI design.
This change means the UI can stop using the --all option and have to
retrieve significantly less information from the server. It also
speeds up user-find as it doesn't have to calculate membership.

This adds a new baseclass parameter, search_display_attributes, which
can provide a separate list from default_attributes just for find
commands.

The UI will need to be changed to switch from using cn to using
givenname and sn.

ticket 1136
2011-04-22 14:49:20 -04:00
Rob Crittenden
f746121824 Convert manager from userid to dn for storage and back for displaying.
ticket 1151
2011-04-22 14:49:20 -04:00
Martin Kosek
bc6f9accd9 Need force option in DNS zone adder dialog
When adding a new DNS zone in the WebUI, IPA server will verify
whether the nameserver is in DNS. Sometimes it is necessary to
skip the verification.

This patch adds a --force option already available in CLI which
can skip this the verification.

https://fedorahosted.org/freeipa/ticket/1105
2011-04-21 19:03:38 +00:00
Jan Cholasta
5700920627 Fix uninitialized attributes. 2011-04-21 10:41:29 +02:00
Rob Crittenden
ccde115421 Provide attributelevelrights for the aci components in permission_show.
Since the broken-out components are just part of the aci just copy right
access rights for aci.

ticket 943
2011-04-21 08:25:53 +02:00
Rob Crittenden
740416c8fb Always ask members in LDAP*ReverseMember commands.
This changes the API but alwaysask is enforced on the client only
so doesn't change the wire API so I'm not updating the API version.

ticket 1081
2011-04-15 13:12:16 +02:00
Endi S. Dewata
e3ec1fb7ef Entitlement registration.
The entitlement facet will show buttons according to the entitlement
status. If it's unregistered, the facet will show a Register button.
If it's registered, the facet will show a Consume button.
2011-04-14 23:05:09 +00:00
Rob Crittenden
9cac1d88fc Sort entries returned by *-find by the primary key (if any).
Do a server-side sort if there is a primary key.

Fix a couple of tests that were failing due to the new sorting.

ticket 794
2011-04-13 17:29:16 +02:00
Jan Cholasta
1ac3ed2c27 Fix lint false positives. 2011-04-13 15:58:45 +02:00
Jan Cholasta
b007233470 Fix double definition of output_for_cli. 2011-04-13 12:09:45 +02:00
Endi S. Dewata
9645d50912 Entitlements. 2011-04-11 16:04:12 +00:00
Martin Kosek
960e730f3e Improve DNS PTR record validation
Current PTR validation is unclear and may misled the user. This
patch improves the validation process so that the eventual exception
is clearer. New check that the PTR record is fully qualified has
been added to ensure that the reverse zone resolution behaves as
expected.

Additionally, several strings in the DNS plugin were prepared for
localization.

https://fedorahosted.org/freeipa/ticket/1129
2011-04-11 10:20:13 +02:00
Martin Kosek
6784ebe169 Password policy commands do not include cospriority
Most of the pwpolicy_* commands do include cospriority in the result
and potentially in the attribute rights (--all --rights). Especially
when --raw output is requested. This patch fixes it for all
pwpolicy commands.

https://fedorahosted.org/freeipa/ticket/1103
2011-04-11 10:20:07 +02:00
Rob Crittenden
316efbc32f postalCode should be a string not an integer.
postalCode is defined as an Int. This means you can't define one that has
a leading zero nor can you have dashes, letters, etc.

This changes the data type on the server. It will still accept an int
value if provided and convert it into a string.

Bump the API version to 2.1.

ticket 1150
2011-04-05 21:51:34 -04:00
Rob Crittenden
deaf029023 Change default gecos from uid to first and last name.
ticket 1146
2011-04-05 14:18:55 -04:00
Adam Young
dd2d9fc1c4 Fixed labels for sudo and hbac rules 2011-03-31 17:29:33 -04:00
Martin Kosek
e7fda0652d Inconsistent error message for duplicate user
When duplicate user is added an inconsistent error message to the rest
of the framework is printed. This patch changes this to standard
duplicate error message.

https://fedorahosted.org/freeipa/ticket/1116
2011-03-29 13:54:32 -04:00
Pavel Zuna
509c772f13 Fix gidnumber option of user-add command.
Ticket #1127
2011-03-29 13:45:40 -04:00
Martin Kosek
0693b67f20 Prevent stacktrace when DNS AAAA record is added
This patch fixes a stacktrace that is printed out when a IPv6
AAAA record with subnet prefix length (e.g. /64) is added.
The same error message as when IPv4 record with subnet prefix
length is used.

https://fedorahosted.org/freeipa/ticket/1115
2011-03-22 13:37:23 -04:00
Endi S. Dewata
ba5e0c4307 Removed nested role from UI.
Nested role is not supported in 2.0.x, so the association facet
for it should be removed from the UI. The attribute_members in
role.py needs to be fixed because it is used to generate the
association facet automatically.

Ticket 1092.
2011-03-18 16:52:10 -04:00
Rob Crittenden
4d0e739345 Fix style and grammatical issues in built-in command help.
There is a rather large API.txt change but it is only due to changes
in the doc string in parameters.

ticket 729
2011-03-04 11:09:43 -05:00
Adam Young
bd3e4990fe Better truncated message 2011-03-03 19:33:49 -05:00
Pavel Zuna
eb6b3c7afc Fix error in user plugin email normalizer for empty --setattr=email=.
ticket 1048
2011-03-03 14:01:22 -05:00
Adam Young
07c896e204 typo in truncation message 2011-03-03 17:12:40 -05:00
Endi S. Dewata
697af3e1f8 Save changes before modifying association.
In a details page, usually any changes done to the fields will not be
applied until the user clicks the Update button. However, if the page
contains an association table, any addition/deletion to the table will
be applied immediately.

To avoid any confusion, the user is now required to save or reset all
changes to the page before modifying the association. A dialog box will
appear if the page contains any unsaved changes.
2011-03-02 12:26:24 -05:00
Adam Young
3f88bc1484 Revert "Set hard limit on number of commands in batch request to 256."
This reverts commit 79d22f8341.
2011-03-01 17:35:56 -05:00
Rob Crittenden
07ba40f33e Use Sudo rather than SUDO as a label.
ticket 1005
2011-03-01 16:48:35 -05:00
Pavel Zuna
1eb3033311 Final i18n unit test fixes. 2011-03-01 10:31:43 -05:00
Pavel Zuna
fc842e3650 Use pygettext to generate translatable strings from plugin files.
This patch replaces xgettext with a custom pygettext to generate
translatable strings from plugin files in ipalib/plugins. pygettext
was modified to handle plural forms (credit goes to Jan Hendrik Goellner)
and had some bugs fixed by myself. We only use it for plugins, because
it's the only place where we need to extract docstrings for the built-in
help system.

I also had to make some changes to the way the built-in documentation
systems gets docstrings from modules for this to work.
2011-03-01 10:31:42 -05:00
Pavel Zuna
f3de95ce99 Fix translatable strings in ipalib plugins.
Needed for xgettext/pygettext processing.
2011-03-01 10:31:40 -05:00
Pavel Zuna
8145952752 Translate docstrings. 2011-03-01 10:31:39 -05:00
Pavel Zuna
bbc94034b0 Fallback to default locale (en_US) if env. setting is corrupt. 2011-03-01 10:31:37 -05:00
Pavel Zuna
bfca99b420 Send Accept-Language header over XML-RPC and translate on server.
Fix #904
Fix #917
2011-03-01 10:31:37 -05:00
Pavel Zuna
6eb70ea8e2 Remove deprecated i18n code from ipalib/request and all references to it.
Ticket #903
2011-03-01 10:31:36 -05:00
Rob Crittenden
d57dfc4e98 Sudo command groups are not supposed to allow nesting.
It was a design decision to not allow nesting sudo command groups,
remove it.

ticket 1004
2011-02-23 18:44:28 -05:00
Rob Crittenden
af9f905239 Collect memberof information for sudo commands.
We weren't searching the cn=sudo container so all members of a
sudocmdgroup looked indirect.

Add a label for sudo command groups.

Update the tests to include verifying that membership is done
properly.

ticket 1003
2011-02-23 18:44:23 -05:00