bind-dyndb-ldap's bug caused test failure
https://fedorahosted.org/bind-dyndb-ldap/ticket/123
Owners with NS record works with the bug
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
add_table_record call used old selector for add button which
caused 3 fails in CI:
- ERROR: Test automember rebuild membership feature for hosts
- ERROR: Test automember rebuild membership feature for users
- ERROR: Basic CRUD: dns
related to:
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.
Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.
https://fedorahosted.org/freeipa/ticket/4208
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
After login, CI checks if password needs a reset by checking if
reset password fields are displayed. This check failed since
login facet was removed from DOM after successful auth. Weakening
the selector fixes it.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The ipagetkeytab command recently changed its failure output
to accomodate pre-4.0 servers.
Update the test to reflect this.
Related: https://fedorahosted.org/freeipa/ticket/4446
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Simplify code base by reuse of 'disable' feature of button_widget. All
occurrences of action-button which were disabled/enabled were replaced
by button-widget.
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Attributes widget layour was changed from tiny table which allowed
to display only few options to a checkbox list with multiple
columns (depends on container).
Check all attributes option was removed to force the user
to read through the attributes which he selects.
Initial version authored by: Adam Misnyovszki
https://fedorahosted.org/freeipa/ticket/4253
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Properly configure forwarders to the AD zone with respect to
newly created ipa dnsforwardzone commands.
https://fedorahosted.org/freeipa/ticket/4401
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Backward compability with older IPA versions which allow to use uppper
case. Only IDNA domains will be checked.
https://fedorahosted.org/freeipa/ticket/4382
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
When manipulating a permission for an entry that has an ACI
that the parser cannot process, skip this ACI instead of
failing.
Add a test that manipulates permission in cn=accounts,
where there are complex ipaAllowedOperation-based ACIs.
Workaround for: https://fedorahosted.org/freeipa/ticket/4376
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The code has been moved to its own, separate repository at
git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Call user-unlock command from Web UI.
It will unlock displayed user on current master.
https://fedorahosted.org/freeipa/ticket/4407
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Makes sure sudorules behave correctly both when adding new entries
with corresponding category set to ALL, and when setting the
category to all when corresponding entries exist.
The only exception of deny commands with cmdcategory ALL is
covered as well.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Covers functionality of external entries for:
* users
* runAsUsers
* groups of RunAsUsers
* runAsGroups
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.
This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.
https://fedorahosted.org/freeipa/ticket/4261
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Private groups don't have the 'ipausergroup' objectclass.
Add posixgroup to the objectclass filters to make
"--type group" permissions apply to all groups.
https://fedorahosted.org/freeipa/ticket/4372
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The recent conversions to managed permissions left behind a few
failing tests. Fix them.
Also fix a now incorrect docstring in ipalib.config.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
