A couple of the ACI definitions were incorrect, and the end result was that fields were not getting initialized. USing the declarative approach cleaned up the cause.
Also fixed a few broken unit tests
Delay the creation of entities until after ipa init is called
made the user and group entity definitions declarative
removed unused facet from groups
adjusted unit tests
made review changes:
factories are now in an associative array
entity init called right after factory
init dialogs in entity init
fixed type on search
When more than one plugin produce ACIs, they share common namespace
of ACI name. This may lead to name collisions between the ACIs
from different plugins.
This patch introduces a mandatory "prefix" attribute for non-find
ACI operations which allow plugins to use their own prefixes
(i.e. namespaces) which is then used when a name of the ACI is
generated.
Permission, Delegation and Selfservice plugins has been updated
to use their own prefixes thus avoiding name collisions by using
their own namespaces. Default ACIs in LDIFs has been updated to
follow this new policy.
Permission plugin now uses its CN (=primary key) instead of
description in ACI names as Description may not be unique.
This change requires an IPA server reinstall since the default ACI
set has been changed.
https://fedorahosted.org/freeipa/ticket/764
Makes the values for the Top level tabs internationizable, and no longer just
passes through their names
Also uses the I18N values for SUDO and HBAC as the static text in the Action p[anel title
So far the only flag to enforce asking in interactive mode was the
alwaysask attribute, which is not sufficient any more. This patch adds
the ability to control for which actions the atrribute shall be asked
for.
Re-arrange doc and defattr to clean up rpmlint warnings
Remove conditionals on older releases
Move some man pages into admintools subpackage
Remove some explicit Requires in client that aren't needed
Consistent use of buildroot vs RPM_BUILD_ROOT
Ticket 804
Even if the replica is not running a DNS server other replicas might.
So if the DNS container is present, then try to add DNS records.
Fixes: https://fedorahosted.org/freeipa/ticket/824
So far it was possible to rename any object using LDAPUpdate to a name
with empty primary key. Since this can cause nasty problems, this patch
disables empty string in --rename argument.
https://fedorahosted.org/freeipa/ticket/827
In the host plugin we may change the default objectclasses based on
the options selected. This was affecting it globally and causing
subsequent calls to fail.
Prevents an unauthenticated user from accessing HBAC and role
information as well as memberof which could disclose roles,
memberships in HBAC, etc.
ticket 811
