IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
9,815 Commits 11 Branches 60 Tags
447feb7f37803b9bad8aab52841c4d1db293727a
Commit Graph

3081 Commits

Author SHA1 Message Date
Martin Babinsky
b144bf527d Use server API in com.redhat.idm.trust-fetch-domains oddjob helper 
https://fedorahosted.org/freeipa/ticket/6082

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2016-07-19 14:11:39 +02:00
Martin Babinsky
a5efeb449b ipa-compat-manage: use server API to retrieve plugin status 
https://fedorahosted.org/freeipa/ticket/6033

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
 2016-07-12 10:59:59 +02:00
Martin Babinsky
c5cc79f1ad ipa-nis-manage: Use server API to retrieve plugin status 
https://fedorahosted.org/freeipa/ticket/6027

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
 2016-07-12 10:53:03 +02:00
Martin Basti
3f26702981 IPA 4.4.0 Translations 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-07-01 11:24:53 +02:00
Pavel Vomacka
2ec59b7f23 Add widget for kerberos aliases to service page 
Also changes the name of option which is send during adding new service from
'krbprincipalname' to 'krbcanonicalname'.

https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Pavel Vomacka
62c4e15d16 Add widget for kerberos aliases to hosts page 
https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Pavel Vomacka
2da3090a97 Add widget for kerberos aliases to user page 
https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Pavel Vomacka
4bc2e3164f Add widgets for kerberos aliases 
Create own custom_command_multivalued_widget for kerberos aliases.

https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Pavel Vomacka
2232a5bb09 Set default confirmation button label to 'Remove' 
Part of: https://fedorahosted.org/freeipa/ticket/5831

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Pavel Vomacka
df56fd3371 Change error handling in custom_command_multivalued_widget 
The custom_command_multivalued_widget now handles remove and add commands errors
correctly and shows error message.

Part of: https://fedorahosted.org/freeipa/ticket/5381

add_error

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-07-01 09:39:49 +02:00
Martin Babinsky
7e803aa462 replace an ACI relying on presence of deprecated objectclass 
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-07-01 09:37:25 +02:00
Martin Babinsky
d1517482b5 Add ACI for admins to modify principal attributes 
This is required for admins to utilize the APIs that enable them to add/remove
principal aliases to entities.

https://fedorahosted.org/freeipa/ticket/3864
https://fedorahosted.org/freeipa/ticket/3961
https://fedorahosted.org/freeipa/ticket/5413

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-07-01 09:37:25 +02:00
Martin Basti
08fcc7e25a Do not log to file in remote conncheck side 
https://fedorahosted.org/freeipa/ticket/5757

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-07-01 09:05:33 +02:00
Martin Basti
4ce0258c23 Add option --no-log for ipa-replica-conncheck script 
When option is sued, ipa-replica-conncheck will not log into file

https://fedorahosted.org/freeipa/ticket/5757

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-07-01 09:05:33 +02:00
Petr Vobornik
88f7154f7f webui: prevent infinite reload for users with krbbprincipal alias set 
Web UI has inbuilt mechanism to reload in case response from a server
contains a different principal than the one loaded during Web UI
startup.

see rpc.js:381

With kerberos aliases support the loaded principal could be different
because krbprincipalname contained multiple values.

In such case krbcanonicalname should be used - it contains the same
principal as the one which will be in future API responses.

https://fedorahosted.org/freeipa/ticket/5927

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-07-01 08:53:35 +02:00
Stanislav Laznicka
f3858be6e3 Fix wrong imports in copy-schema-to-ca.py 
Some imports were not possible in old versions of IPA. This caused
import exceptions on the script start.

https://fedorahosted.org/freeipa/ticket/6003

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-30 14:28:14 +02:00
Pavel Vomacka
7f4de88ea1 Add button for server-del command 
WebUI counterpart of: https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-30 14:22:51 +02:00
Pavel Vomacka
e65ce4fedc Add support to change button css class on confirm dialog 
Part of: https://fedorahosted.org/freeipa/ticket/5588

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-30 14:22:51 +02:00
Pavel Vomacka
a3c7f845e0 Simplify the confirmation messages 
The confirmation of revoke and remove the certificate hold action is simplier
and more consistent with another parts of WebUI.

Part of: https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-30 14:18:47 +02:00
Jan Cholasta
2615103c68 makeaci, makeapi, oddjob: use the default API context 
Use the default context rather the server context for code not running
inside the server.

This prevents the affected code from attempting to initialize the session
manager.

https://fedorahosted.org/freeipa/ticket/5988

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2016-06-30 14:09:24 +02:00
Pavel Vomacka
ec6925e775 Change paths of strings in auth indicators widget on service page 
Strings which are used by widget which shows authentication indicators were moved.
Therefore the change in string paths.

Part of: https://fedorahosted.org/freeipa/ticket/5872

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-30 13:42:58 +02:00
Pavel Vomacka
55049fceb9 Add authentication identificator to host page 
Also move strings which are connected with authentication indicators to authtype dict.
This place is more general than have them in service dict. It's nicer when these strings are
not used only on service page.

Part of: https://fedorahosted.org/freeipa/ticket/5872

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-30 13:42:58 +02:00
Martin Basti
a155f692e7 Fix replica install with CA 
The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-30 13:18:51 +02:00
Pavel Vomacka
aaf65e9c56 Add certificate widget to ID override user details page. 
Add possibility to add, remove, view, get and download custom certificates on ID override user page.

https://fedorahosted.org/freeipa/ticket/5926

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 16:46:12 +02:00
Pavel Vomacka
31a13c9e98 Add button for dns_update_system_records command 
Part of: https://fedorahosted.org/freeipa/ticket/5905

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-29 16:33:42 +02:00
Florence Blanc-Renaud
3c40d3aa9e Do not allow installation in FIPS mode 
https://fedorahosted.org/freeipa/ticket/5761

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
 2016-06-29 16:17:27 +02:00
Pavel Vomacka
d7898ac2eb Add new custom command multivalued widget 
Add general class for multivalued widget which uses special commands which
are performed immediately.

Part of: https://fedorahosted.org/freeipa/ticket/5108

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
2f048224d2 Updated certificates table 
All certificates which are not issued by IPA CA are grey and not clickable. That's
because these certificates are not maintained by IPA CA.

Part of: https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
82e69e4300 Add new certificates widget to the service details page 
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
79ec965a96 Add new certificates widget to the host details page. Also extends evaluator and add support for adapters. 
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
0b72571c5a Add new certificates widget to the user details page 
https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
55a0baf1c3 Add certificate widget 
The certificate widget is used for each certificate in certs_widget. It allows to
view, get, download, revoke and restore certificate.

https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
6d3622c600 Add widget for showing multiple certificates 
Certs widget is based on multivalued widget and adds ability to add new certificate
and delete it. Each line is cert_widget.

https://fedorahosted.org/freeipa/ticket/5108
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
3056f349b9 Remove old useless actions - get and view 
These two actions are not available any more. So that code is never called.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
260a00b81f Changed the way how to handle remove hold and revoke actions 
Method calling in actions is moved to another function - these calls may be used
by another functions, not only by actions.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
06a9a84876 Refactored certificate view and remove hold dialog 
Removed old layout created using html tables. Now table layout is made by div
and modern css styling.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
e7a55ef30b Add Object adapter 
Object adapter changes data to more useful format. Single value is reachable
as single value, property with more values is transformed to array.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
044d3c25de Add ability to turn off activity icon 
By specifying correct attribute when creating command it turn off showing activity icon
when webui waits for response from the server.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
3d61aca623 Add working widget 
This widget can be used as notification that some other widget is working.
It shows spinner and cover the other widget by specified color.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
f243bd2d65 Extends functionality of DropdownWidget 
Adds methods which are able to enable and disable options according to the name of option
and methods which set or get whole item list.

https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Pavel Vomacka
e3e83272c9 Add support for custom menu in multivalued widget 
Every single widget which is in multivalued widget can now have custom action menu
and the delete button is included in this custom action menu.

Part of this ticket:
https://fedorahosted.org/freeipa/ticket/5381

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
 2016-06-29 15:41:58 +02:00
Fraser Tweedale
0078e7a919 ipa-certupdate: track lightweight CA certificates 
Enhance the ipa-certupdate program to add Certmonger tracking
requests for lightweight CA certificates.

Also update the dogtag-ipa-ca-renew-agent-submit to not store or
retrieve lightweight CA certificates, becaues Dogtag clones observe
renewals and update their NSSDBs on their own, and allow the helper
to request non-self-signed certificates.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-29 08:52:29 +02:00
Fraser Tweedale
b720aa94e9 Update lightweight CA serial after renewal 
For CA replicas to pick up renewed lightweight CA signing
certificates, the authoritySerial attribute can be updated with the
new serial number.

Update the renew_ca_cert script, which is executed by Certmonger
after writing a renewed CA certificate to the NSSDB, to update the
authoritySerial attribute if the certificate belongs to a
lightweight CA.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-29 08:52:29 +02:00
Martin Basti
104040cf36 DNS Locations: cleanup of bininstance 
We don't need anymore:
* sample of zone file - list of all records required by IPa will be
provided

* NTP related params - DNS records will be updated automatically,
based on LDAP values

* CA related params - DNS records will be updated automatically based
* on LDAP values

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-28 15:23:51 +02:00
Martin Basti
218734ba5a DNS Locations: hide option --no-msdcs in adtrust-install 
Since DNS location mechanism is active, this option has no effect,
because records are generate dynamically.

https://fedorahosted.org/freeipa/ticket/2008

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2016-06-27 13:35:00 +02:00
Stanislav Laznicka
e136db0192 Add missing nsSystemIndex attributes 
https://fedorahosted.org/freeipa/ticket/5947

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2016-06-27 10:49:51 +02:00
Petr Vobornik
fd840a9cd7 mod_auth_gssapi: enable unique credential caches names 
mod_auth_gssapi > 1.4.0 implements support for unique ccaches names.
Without it ccache name is derived from pricipal name.

It solves a race condition in two concurrent request of the same
principal. Where first request deletes the ccache and the second
tries to use it which then fails. It may lead e.g. to a failure of
two concurrent ipa-client-install.

With this feature there are two ccaches so there is no clash.

https://fedorahosted.org/freeipa/ticket/5653

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Robbie Harwood <rharwood@redhat.com>
 2016-06-24 16:06:49 +02:00
Stanislav Laznicka
0db48e4d04 Fix to ipa-ca-install asking for host principal password 
With a ca_cert_file specified in options, the nss_db was used before the
certificates from the file were added to it, which caused an exception
that led to fallback to ssh which is broken.

https://fedorahosted.org/freeipa/ticket/5965

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2016-06-23 12:26:20 +02:00
Martin Babinsky
3f93f80557 add krbCanonicalName to attributes watched by MODRDN plugin 
https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2016-06-23 09:48:06 +02:00
Martin Babinsky
229ab40dd3 add case-insensitive matching rule to krbprincipalname index 
Part of https://fedorahosted.org/freeipa/ticket/3864

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2016-06-23 09:48:06 +02:00