EmptyModlist exception was generated by pwpolicy2-mod when modifying
policy priority only. It was because the priority attribute is stored
outside of the policy entry (in a CoS entry) and there was nothing
left to be changed in the policy entry.
This patch uses the new exception callbacks in baseldap.py classes
to catch the EmptyModlist exception and checks if there was really
nothing to be modified before reraising the exception.
It enables plugin authors to supply their own handlers for
ExecutionError exceptions generated by calls to ldap2 made from
the execute method of baseldap.py classes that extend CallbackInterface.
The DNS plugin is getting old, tired and already looking forward to his
pension in the Carribean. It will be replaced soon by a younger, faster,
safer, shorter (in terms of code) and more maintainable version.
Until that happens, here's some medicine for the old guy:
- proper output definitions: the DNS plugin was created before we
had the has_output attribute in place
- --all: this is related to the output definitions as
Command.get_options() adds the --all and --raw options automatically
if has_output contains entries
- dns-add-rr overwritting: missing .lower() caused records to be
overwritten everytime a new one was added from the CLI
This will alert the user that nothing was done and is handy when used
with --attr=''. This can be used to delete a non-required attribute but
can be set to any valid attribute, present or not. We should alert the
user if they attempt to delete a non-existant value.
This fixes:
- Consistent usage of priority vs cospriority in options
- Fixes bug introduced with recent patch where global policy couldn't be
updated
- Doesn't allow cospriority to be removed for groups (#570536)
- returns the priority with group policy so it can be displayed
- Properly unicode encode group names for display
A number of doc strings were not localized, wrap them in _().
Some messages were not localized, wrap them in _()
Fix a couple of failing tests:
The method name in RPC should not be unicode.
The doc attribute must use the .msg attribute for comparison.
Also clean up imports of _() The import should come from
ipalib or ipalib.text, not ugettext from request.
None is passed if the option is set with --minlife=''. This is a valid
use case to delete a non-required attribute. In this case we simply
don't do the math on None and things work as expected.
569847
The attributes displayed is now dependant upon their definition in
a Param. This enhances that, giving some level of control over how
the result is displayed to the user.
This also fixes displaying group membership, including failures of
adding/removing entries.
All tests pass now though there is still one problem. We need to
return the dn as well. Once that is fixed we just need to comment
out all the dn entries in the tests and they should once again
pass.
Let the user, upon installation, set the certificate subject base
for the dogtag CA. Certificate requests will automatically be given
this subject base, regardless of what is in the CSR.
The selfsign plugin does not currently support this dynamic name
re-assignment and will reject any incoming requests that don't
conform to the subject base.
The certificate subject base is stored in cn=ipaconfig but it does
NOT dynamically update the configuration, for dogtag at least. The
file /var/lib/pki-ca/profiles/ca/caIPAserviceCert.cfg would need to
be updated and pki-cad restarted.
Add a new get_subject() helper and return the subject when retrieving
certificates.
Add a normalizer so that everything before and after the BEGIN/END
block is removed.
