IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
3,374 Commits 11 Branches 60 Tags 60 MiB
18ec29c42b
Commit Graph

3374 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Crittenden
1967aafa39 Implement the password policy UI and finish IPA policy UI 
This includes a default password policy
Custom fields are now read from LDAP. The format is a list of
  dicts with keys: label, field, required.
The LDAP-based configuration now specifies:
    ipaUserSearchFields: uid,givenName,sn,telephoneNumber,ou,title
    ipaGroupSearchFields: cn,description
    ipaSearchTimeLimit: 2
    ipaSearchRecordsLimit: 0
    ipaCustomFields:
    ipaHomesRootDir: /home
    ipaDefaultLoginShell: /bin/sh
    ipaDefaultPrimaryGroup: ipausers
    ipaMaxUsernameLength: 8
    ipaPwdExpAdvNotify: 4
This could use some optimization.
 2007-11-16 12:59:32 -05:00
Rob Crittenden
0a3ed69746 Completely remove attributes when delattr argument in ipa-groupmod 2007-11-15 14:44:09 -05:00
Rob Crittenden
b01c468e8c Completely remove attributes when delattr argument 2007-11-15 14:39:54 -05:00
Rob Crittenden
49aa82e932 Use same labels as UI for ipa-finduser and ipa-findgroup 
Add -a option to ipa-findgroup to print all attributes
 2007-11-15 14:20:50 -05:00
Rob Crittenden
3e24df161b Replace references to Person and People with User and Users 2007-11-15 13:13:35 -05:00
Karl MacMillan
816b3e2ea5 Add memberof-task.ldif. 0001-01-01 00:00:00 +00:00
Rob Crittenden
949b4a0bf7 Check for existance of of the target file in update_file. It used to silently 
fail if the file it was to update didn't exist.
 2007-11-15 11:09:17 -05:00
Rob Crittenden
6f268a185c Broke invididual Requires and BuildRequires onto separate lines and 
reordered them
Added python-tgexpandingformwidget as a dependency
Require at least fedora-ds-base 1.1
 2007-11-15 10:57:26 -05:00
Rob Crittenden
bfcc044db2 If unable to connect to the XML-RPC server print a more useful error msg. 2007-11-15 10:27:59 -05:00
Karl MacMillan
27f0aab667 Rename memberOf to group_members in xml-rpc interface. 0001-01-01 00:00:00 +00:00
Karl MacMillan
4d96b37de1 Initialize memberof patch from Pete Rowley. 0001-01-01 00:00:00 +00:00
Rob Crittenden
abdd344073 Remove reference to a bogus system and make the error message more generic 2007-11-14 14:11:29 -05:00
Rob Crittenden
02e5a6599b Forgot to include FQDN in the substitition list 2007-11-13 17:51:29 -05:00
Rob Crittenden
cb0476f223 Make the group cn an editable field though protected by default. 
Fix some issues with the multi-value to single-value reversion.
 2007-11-14 23:33:49 -05:00
Rob Crittenden
83dd42797e Include multi-value fields on the Add Person page 
Remove multi-valued cn from groups
 2007-11-14 17:50:46 -05:00
Rob Crittenden
3e715a04cf Add an editors group. This is used to generally grant access for users 
to edit other users (the Edit link won't appear otherwise). Additional
delegation is need to grant permission to individual attributes.
Update the failed login page to indicate that it is a permission issue.
Don't allow access to policy at all for non-admins.
By default users can only edit themselves.
 2007-11-14 10:49:03 -05:00
Simo Sorce
7502ebe479 Initial implementation of policies support. 
This patch uses the kerberos schema policy, this is the same policy used by
kadmin.
While this patch allows for krbPwdPolicy objects anywhere the kldap module
will make the kdc fail to provide tickets if the "krbPwdPolicyReference"
points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=....
To let us set policies anywhere in the tree I enabled the code to actually
look at parent entries and the user entry itself and specify policies directly
on these objects by adding the krbPwdPolicy objectclass to them (I know its
structural but DS seem to allow multiple Structural classes on the same
entry).
The only side effect is that kadmin will not understand this, but we don't
want to use kadmin anyway as it does not understand way too many things about the
directory.

I've tested a few scenarios and all seem working as expected, but further
testing is welcome of course.
 2007-11-13 16:21:03 -05:00
Rob Crittenden
bd78fe0687 Add more fields to the IPA Policy form 2007-11-13 15:36:52 -05:00
Rob Crittenden
83dd26c6e3 Remove non-existent files from Makefile targets 2007-11-13 17:24:00 -05:00
Rob Crittenden
eecbaf91e2 Use the dna plugin to automatically assign uid 
Set gid to the group "ipausers"
Add the user to this default group
 2007-11-13 15:03:20 -05:00
Rob Crittenden
79544637d6 The e-mail field should not be required. 2007-11-13 15:49:06 -05:00
Rob Crittenden
5011f64243 Restrict access to some parts of the UI to those in the admins group 2007-11-13 11:15:07 -05:00
Rob Crittenden
cd489f0a73 Allow a user or group to change an attribute in its RDN 
Add secretary to the list of indexes otherwise RDN changing could be slow
Port --addattr, --setattr and --delattr from usermod to groupmod
 2007-11-12 23:11:55 -05:00
Rob Crittenden
99b84bfd01 Handle ldap.UNWILLING_TO_PERFORM more gracefully 2007-11-09 16:34:52 -05:00
Rob Crittenden
f7358533d0 Add the capability to completely delete a user from the database. The 
default remains to inactivate them.
 2007-11-09 15:45:11 -05:00
Rob Crittenden
d9194cdd09 Don't continue if a kerberos credentials cache is not available 
forked-model detection was incorrect.
Both of these return an error instead of raising one
 2007-11-09 14:55:41 -05:00
Rob Crittenden
b7506a5ea6 Fix editing groups when cn is a single-valued field 
Fix some error messages that were printing the entire detail message
 2007-11-09 14:01:28 -05:00
Rob Crittenden
705d68ddcb Require uniqueness in the name/comment field of delegations 
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
 2007-11-09 13:58:36 -05:00
Rob Crittenden
6f03dde1ab Underline columns on sort results page so users will know it is a link 
Restore the CSS to display the up/down arrow on sort columns
 2007-11-12 15:14:35 -05:00
Rob Crittenden
547e6e920e Redirect to the FQDN otherwise kerberos auth may fail 2007-11-12 14:47:48 -05:00
Rob Crittenden
e1ca8c235c Initial support for policy editing 
More work is needed as the values are currently hardcoded and not saved
 2007-11-12 14:19:05 -05:00
Rob Crittenden
e9dfbfa773 Enable multi-value field support for some attributes on the edit pages 
Better error reporting in the GUI
Include a document describing how multi-valued fields work
 2007-11-08 22:12:42 -05:00
Karl MacMillan
3b66d27383 Allow set/add/del to be called multiple times. 
Allow the --set/add/del options to be called multiple
times during the same invocation. Also add more robust
checking of errors.
 0001-01-01 00:00:00 +00:00
Rob Crittenden
303d5ebad9 Have the GUI use memberOf() instead of looping through the member DNs 
Fix a bug in the local transport version of memberOf()
 2007-10-31 10:08:16 -04:00
Rob Crittenden
1d6e88565c Add memberOf API call to the XML-RPC interface 
Make find-groups use memberOf to have a prettier dispaly of members
 2007-10-30 15:07:02 -04:00
Rob Crittenden
402274af4b Allow adding, setting, deleting arbitrary attributes 2007-10-31 09:32:25 -04:00
Pete Rowley
1871e8dbf6 Add user self service aci 2007-10-29 14:52:19 -07:00
Karl MacMillan
39dcd194ca Allow setting of lib directory to correct non-rpm builds on x86_64. 
With this patch you will need to run:
  make autogen LIBDIR=/usr/lib64
Also works for 'make all'.
 0001-01-01 00:00:00 +00:00
Karl MacMillan
4f4f947283 Update server deps to include acl and freeipa-admintools. 0001-01-01 00:00:00 +00:00
Rob Crittenden
ed387e2ebb Add inetUser to the admin user so memberOf will work 2007-10-30 14:42:19 -04:00
Rob Crittenden
3c8cfd94bd Create LDAP indeces on installation for fields the web GUI searches against 2007-10-30 13:41:41 -04:00
Rob Crittenden
c116f8d739 Install the delegation tools 2007-10-29 14:16:44 -04:00
Rob Crittenden
6f5b692b5c Fix minor spelling issue 2007-10-29 14:15:21 -04:00
Rob Crittenden
e40c583b12 Create configuration for MIT Windows kerberos client and install into 
http://hostname/config so users can point their MIT client at the IPA
server and automatically fetch the configuration.
 2007-10-29 12:00:48 -04:00
Kevin McCarthy
859291a706 Add delete user and group to webgui. 
NOTE: this doesn't handle referential integrity.
 2007-10-23 16:46:50 -07:00
Rob Crittenden
28641544e7 Set the user password when adding a user 2007-10-26 12:35:32 -04:00
Kevin McCarthy
1d746c9fc2 Rename the form fields parameter to be clearer: 
user -> user_fields
group -> group_fields
delegate -> delegate_fields
 2007-10-25 09:18:45 -07:00
Kevin McCarthy
358d279a53 webgui side of custom fields. 2007-10-24 16:04:17 -07:00
Mark McLoughlin
6e6237e54a Fix host_name buglet in ipa-server-install 
This patch fixes a couple of buglets with read_ip_address():

  1) It writes host_name to /etc/hosts, but isn't currently
     being passed host_name

  2) It doesn't return the IP address even though the caller
     expects it

Signed-off-by: Mark McLoughlin <markmc@redhat.com>
 2008-02-21 15:23:29 +00:00
Mark McLoughlin
d01da9a566 Change the layout of the dist dir 
Rather than lumping everything together into the dist/ dir,
this patch separates them out into sources/, rpms/ and srpms/.

Signed-off-by: Mark McLoughlin <markmc@redhat.com>
 2008-02-21 15:23:29 +00:00