UI: /ipa/ui
XML-RPC: /ipa/xml
errors: /ipa/errors
config: /ipa/config
I had to hardcode that URI into the CSS pages but TurboGears handles the
rest of the translations with tg.url().
Added a version to ipa.conf and ipa-rewrite.conf so we can update them
in the future if needed with ipa-upgradeconfig
440443
The file VERSION is now the sole-source of versioning.
The generated .spec files will been removed in the maintainer-clean targets
and have been removed from the repository.
By default a GIT build is done. To do a non-GIT build do:
$ make TARGET IPA_VERSION_IS_GIT_SNAPSHOT=no
When updating the version you can run this to regenerate the version:
$ make version-update
The version can be determined in Python by using ipaserver.version.VERSION
FreeIPA relies on RedHat's Directory Server, which uses mozldap.
A FreeIPA build using mozldap would reduce the project's dependencies and
redundant code. In addition, mozldap uses NSS instead of OpenSSL.
This is beneficial for the reasons listed in [1].
[1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
I've changed the variable name searchlimit to sizelimit to match the
name in python-ldap (and hopefully therefore be more readable).
The big change was changing the default value from 0 to -1. As 0 we were
never using the value from cn=ipaconfig
python-ldap expects this to be an int type
In the UI sizelimit was hardcoded at 0 for users
439880
Users are considered activated by default so don't need to be in the
activated group explicitly. Ignore the "not in group" error when trying
to remove them.
442470
If plugin isn't configured then the kerberos attributes don't get populated.
User's will get Preauthentication errors from the kerberos libraries
because there is no krbPrincipalKey to match against.
442134
- don't let a user set a password identical to the current one.
- don't check more then the policy defined number of passwords in history
- don't set an history longer than policy defined
Because the ipa.config() object raises an error if there is no configuration
file and auto-detection fails, ipa_webgui may fail to start at install time.
440475
Latest patch used the wrong path and all files where actually going to /tmp
even if a different path was specified.
Makes also StateFile behave the same as FileStore, and be a public class, this
way a common path can be used too.
We do account activation by using a Class of Service based on group
membership. A problem can happen if the entry itself has an nsaccountlock
attribute and you try doing Class of Service work as well because the
local attribute has priority. So try to detect that the entry has a local
nsAccountLock attribute and report an appropriate error.
Don't allow the admins or editors groups to be de-activated.
Return a better error message if account [in]activation fails.
Catch errors when doing group [in]activation.
439230
using nsswitch calls that read it and also take in account any other name
resolution mechanism that might be installed (like NIS lol :-).
This also should make the check support IPv6 transparently too (not tested)
is created.
We basically just need to add a check to see if we're to use a group
DN as the memberOf value when performing an operation on itself for
all operation types.
439450
values without specifying the values to delete in the memberOf
plug-in. Member entries were not being updated because the code
used the values in the mod to find the member entries to update.
The fix is to detect when a delete modify has no values specified
and just use the replace code since it compares the pre-op and
post-op copies of the group to figure out what member entries to
update.
439097
Change backup format so files are all in a single directory (no dir
hierarchies) and use an index file so we can save also ownership and
permission info for the restore (and eventually other data later on).
current value to prevent unnecessary LPAP updates (and failed writes)
Don't check against these lists on updates, only add them on new entries.
Disable the ability to configure in the UI these values for now.
438256
