makeapi script is used to check if ipalib API is consistent with the
known state in API.txt. When the API is changed, major API version
should be updated. However, when new options/arguments/outputs were
added to an ipalib command, `makeapi --validate' call did not capture
this.
This patch fixes this issue and ensures that also the last command
in API.txt is checked (it was not before this patch).
https://fedorahosted.org/freeipa/ticket/868
Out of the blue update_file() and set_directive() changed file
ownership to root:root when it updated some files. This was causing
dogtag to break. So grab the owner before opening the file and reset
it after closing.
ticket 928
Since some LDAP attributes have their cli_name value defined,
so they can be more user friendly, it can be difficult for user to find
out which attributes do the parameteres given to CLI really represent.
This patch provides new command, which will take another IPA command as
and argument and display attributes which given command takes and what
LDAP attributes are they mapped to.
https://fedorahosted.org/freeipa/ticket/447
The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.
When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.
Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.
ticket 918
If not then sssd spits out a warning message:
sssd: nscd socket was detected. As nscd caching capabilities may conflict
with SSSD, it is recommended to not run nscd in parallel with SSSD
Stop nscd before configuring sssd so we don't confuse our users.
ticket 743
The state is read only at initialization time. This works ok when
individual services remove their state data but when worked upon again
at the top-level it still has the full state in memory, so when the
state file is re-written all of the data that was removed is re-added.
ticket 916
Previously all certificate & Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.
Previously the IPA.details_list_section can only be used with widgets
that generates <dd> tag because it uses the following structure:
<dl>
<dt>Telephone Number:</dt>
<span name="teleponenumber">
<dd>111-1111</dd>
<dd>222-2222</dd>
</span>
</dl>
The <dd> tag was previously used to handle multi-valued attributes.
Since multi-valued attributes are now handled by the recently added
IPA.multivalued_text_widget, the structure can be changed as follows:
<dl>
<dt>Telephone Number:</dt>
<dd>
<span name="telephonenumber">
<div>111-1111</div>
<div>222-2222</div>
</span>
</dd>
</dl>
This allows IPA.details_list_section to be used with any widgets
without requiring the <dd> tag.
A multi-valued text widget has been created to replace the old
IPA.details_field. The old code was designed to handle all data
types, and it uses one <dd> tag for each value, so the code is
still incomplete and complex. The new code was designed to handle
only multi-valued text attributes, and it uses one <dd> tag for
all values, so it's easier to maintain. There are already other
widgets that can be used to handle other data types.
The new code supports line-level undo and line-out for removal
like the old code, but there are some changes:
- Undoing a newly added line will remove the entire line.
- Editing the value of a removed line will cancel the removal.
- It provides 'undo all' link to reset the entire attribute.
The old code will be cleaned up in a subsequent patch.
A cosmetic patch to IPA server installation output aimed to make
capitalization in installer output consistent. Several installation
tasks started with a lowercase letter and several installation
task steps started with an uppercase letter.
https://fedorahosted.org/freeipa/ticket/776
When attempting to detach a private group that doesn't exist, the
error message returned is not consistent with the error returned by
the other topic commands. This patch adds a standard message.
https://fedorahosted.org/freeipa/ticket/291
This patch fixes several reported typos in IPA messages and
in comments.
Contributors file has been updated + the original author of the
patch reporting the typos was added.
https://fedorahosted.org/freeipa/ticket/848
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
There wasn't an exception in the "is the server already installed"
check for a two-stage CA installation.
Made the installer slightly more robust. We create a cache file of
answers so the next run won't ask all the questions again. This cache
is removed when the installation is complete. Previously nothing would work
if the installer was run more than once, this should be fixed now.
The cache is encrypted using the DM password.
The second problem is that the tomcat6 init script returns control
before the web apps are up. Add a small loop in our restart method
to wait for the 9180 port to be available.
This also adds an additional restart to ensure that nonces are disabled.
ticket 835
revise