FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.
>=certmonger-0.75.13 is needed for this to work.
https://fedorahosted.org/freeipa/ticket/4280
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This is to avoid chicken-egg problem when directory server fails to start
without resolvable hostname and named fails to provide hostname without
directory server.
https://fedorahosted.org/freeipa/ticket/4220
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This patch adds an explicit build dependency to
python-backports-ssl_match_hostname.
Without it, the build-time lint would fail.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Without python-backports-ssl_match_hostname installed, an ipa-client
installation could have failed with:
from backports.ssl_match_hostname import match_hostname
ImportError: No module named ssl_match_hostname
This patch adds an explicit dependency to
python-backports-ssl_match_hostname.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Make error message more meaningful when a password policy is added for a non
existing group.
https://fedorahosted.org/freeipa/ticket/4334
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Certain operations against AD domain controller can only be done if its
FSMO role is primary domain controller. We need to use writable DC and
PDC when creating trust and updating name suffix routing information.
https://fedorahosted.org/freeipa/ticket/4479
Reviewed-By: Sumit Bose <sbose@redhat.com>
In patch 0001-3, the DNA plugins configuration was changed to scope only 'cn=accounts,SUFFIX'
This part of the fix was invalid as trust domain object (that need uid/gid allocation)
are under 'cn=trust,SUFFIX'. Revert that part of the fix.
Waiting on https://fedorahosted.org/389/ticket/47828, to exclude provisioning contains
https://fedorahosted.org/freeipa/ticket/3813
Reviewed-By: Martin Kosek <mkosek@redhat.com>
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'
https://fedorahosted.org/freeipa/ticket/3034
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This patch adds the capability of installing a Dogtag KRA
to an IPA instance. With this patch, a KRA is NOT configured
by default when ipa-server-install is run. Rather, the command
ipa-kra-install must be executed on an instance on which a Dogtag
CA has already been configured.
The KRA shares the same tomcat instance and DS instance as the
Dogtag CA. Moreover, the same admin user/agent (and agent cert) can
be used for both subsystems. Certmonger is also confgured to
monitor the new subsystem certificates.
To create a clone KRA, simply execute ipa-kra-install <replica_file>
on a replica on which a Dogtag CA has already been replicated.
ipa-kra-install will use the security domain to detect whether the
system being installed is a replica, and will error out if a needed
replica file is not provided.
The install scripts have been refactored somewhat to minimize
duplication of code. A new base class dogtagintance.py has
been introduced containing code that is common to KRA and CA
installs. This will become very useful when we add more PKI
subsystems.
The KRA will install its database as a subtree of o=ipaca,
specifically o=ipakra,o=ipaca. This means that replication
agreements created to replicate CA data will also replicate KRA
data. No new replication agreements are required.
Added dogtag plugin for KRA. This is an initial commit providing
the basic vault functionality needed for vault. This plugin will
likely be modified as we create the code to call some of these
functions.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3872
The uninstallation option in ipa-kra-install is temporarily disabled.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
action buttons associated with batch actions were enabled by default, but
they were disabled right after facet creation and a load of data. It caused
a visual flicker.
UX is enhanced by making them disabled by default.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- save one click by opening edit dialog right after adding new row
- add margin between fingerprint and "show/edit" button
- fix honoring of writable/read-only flags upon row creation
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- category radio line has line-height large enough to contain
undo button -> content doesn't move several pixels on change
- remove vertical padding from btns in table headers to maintain
about the same height
- remove invisible border from link buttons to have the same height
for disabled and enabled button
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Allow to set 'tooltip' attribute in spec. It displays info icon
with Bootstrap's tooltip near field's label.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- use title for input's elements 'title' attribute
- tooltip for Bootstrap's tooltip component
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- added cancel button to reset password view of login screen
- re-implemented buttons hiding mechanism
- switching between 'Reset Password' and 'Reset Password and Login' according to presence of value in OTP field
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
The notification is a primary information of the page. It should be more highlighted.
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Requiring a specific version of Java leads to breakages, like the
one happening on nightly builds in Fedora Rawhide right now.
We should use the more generic 'java' BuildRequires instead of the
versioned one.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
add_table_record call used old selector for add button which
caused 3 fails in CI:
- ERROR: Test automember rebuild membership feature for hosts
- ERROR: Test automember rebuild membership feature for users
- ERROR: Basic CRUD: dns
related to:
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
On page:
- styled to use proper line breaks
- "centered" by .container class and not by huge padding
Console:
- proper line breaks
- links in stack trace are clickable(Chrome)
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.
Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.
https://fedorahosted.org/freeipa/ticket/4208
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
When a CIFS service exists and adtrust agents group does not
have it as a member attribute (for whatever reason), re-running
ipa-adtrust-install does not fix the inconsistency.
Make the installer more robust by being able to fix the inconsistency.
https://fedorahosted.org/freeipa/ticket/4464
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
After login, CI checks if password needs a reset by checking if
reset password fields are displayed. This check failed since
login facet was removed from DOM after successful auth. Weakening
the selector fixes it.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
