Previously the installer did not reinitialize resolver so queries for
records created using --ip-address option might not be answered. This led
to incorrect results during 'Updating DNS system records' phase at the
end of installation.
This is kind of hack but right now we do not have enough time to extend
python-dns's interface with resolver_reinit() method.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
Use the default context rather the server context for code not running
inside the server.
This prevents the affected code from attempting to initialize the session
manager.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Do not initialize the plugins for all in-server API instances, as they are
used only in the server context.
This prevents code using in-server API instances from attempting to
initialize the session manager.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Removes the side effect of attempting to connect to memcached when the
session module is imported, which caused user visible warnings and/or
SELinux AVC denials.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The module is used only on the server, so there's no need to have it in
ipalib, which is shared by client and server.
https://fedorahosted.org/freeipa/ticket/5988
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Strings which are used by widget which shows authentication indicators were moved.
Therefore the change in string paths.
Part of: https://fedorahosted.org/freeipa/ticket/5872
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Also move strings which are connected with authentication indicators to authtype dict.
This place is more general than have them in service dict. It's nicer when these strings are
not used only on service page.
Part of: https://fedorahosted.org/freeipa/ticket/5872
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
It is hard to translate whole dosctring again and again aftear each
minor change. This split will make life for translators easier. (Just note: dosctring was
changed and that is the reason why I'm sending this, because translators
must translate it again anyway)
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Test ipatests/test_ipalib/test_frontend.py::test_Command::test_validate fails due to attributes that are no longer present, therefore assertion for these values was removed.
https://fedorahosted.org/freeipa/ticket/5987
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
Test fails were caused mainly by assertion between unicode and nonunicode string, or due to changes in code related to thin client.
Fixes:
test_Command::test_default_from_chaining
test_Command::test_args_options_2_params
test_Command::test_params_2_args_options
test_Command::test_validate_output_per_type
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
Since DNS configuration is no longer needed for running trust tests, this method's contents are removed. Method is left empty as reference for others, should they have issues with DNS configuration.
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
If the version of the remote server is higher than the local version, don't
allow installing a replica of it.
https://fedorahosted.org/freeipa/ticket/5983
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Add possibility to add, remove, view, get and download custom certificates on ID override user page.
https://fedorahosted.org/freeipa/ticket/5926
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Some strings in the testsuite are unicode which wasn't reflected in the tests. This patch fixes the problem by changing concerned strings to unicode.
Reviewed-By: Ganna Kaihorodova <gkaihoro@redhat.com>
Add general class for multivalued widget which uses special commands which
are performed immediately.
Part of: https://fedorahosted.org/freeipa/ticket/5108
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.
Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Previously we were checking content of DNS before actually adding DNS
records for replicas. This is causing cycle in logic and adds weird
corner cases to the installer which can blow up on DNS timeout or so.
The check was completely unnecessary because the installer knows IP
addresses and name of the machine. Removal of the check makes
the installer more reliable.
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.
This partially reverts changes from commit
dc405005f5https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
The LDAP*ReverseMember methods would always return the whole LDAP
object even though --all is not specified.
Also had to fix some tests as objectClass will not be returned by
default now.
https://fedorahosted.org/freeipa/ticket/5892
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The 'issuer' option of cert-find was recently changed from Str to
DNParam, however, 'ra.find' expects a string and throws when it
receives a DN.
When constructing the dict that gets passed to 'ra.find', turn
DNParams into strings.
Part of: https://fedorahosted.org/freeipa/ticket/5381
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.
Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.
Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
After CA certificate renewal, the ``renew_ca_cert`` helper updates
certificate data in CS.cfg. An unrecognised nickname will raise
``KeyError``. To allow the helper to be used for arbitrary
certificates (e.g. lightweight CAs), do not fail if the nickname is
unrecognised - just skip the update.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The LDAP filter utilities do not use any instance attributes, so
collectively turn them into class methods to promote reuse.
Part of: https://fedorahosted.org/freeipa/ticket/4559
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Dogtag has been updated to support a default OCSP URI when the
profile includes AuthInfoAccess with URI method but does not specify
the URI (instead of constructing one based on Dogtag's hostname and
port).
Add the pkispawn config to ensure that the OCSP URI is set before
issuing CA and system certificates, and add the config to existing
CA instances on upgrade.
Fixes: https://fedorahosted.org/freeipa/ticket/5956
Reviewed-By: Martin Basti <mbasti@redhat.com>
