IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,482 Commits 11 Branches 60 Tags
6fa14fd21e664925268d80a2263c556b2bc35139
Commit Graph

8482 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomas Babej
c6e6b216e9 l10n: Add configuration file for Zanata 
Zanata cliens require the presence of a XML configuration file
inside the git repository of the project.

https://fedorahosted.org/freeipa/ticket/4832

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2015-07-07 12:07:15 +02:00
Endi S. Dewata
475ade4bec Added ipaVaultPublicKey attribute. 
A new attribute ipaVaultPublicKey has been added to replace the
existing ipaPublicKey used to store the vault public key.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-07 07:44:56 +00:00
Endi S. Dewata
fc5c614950 Added symmetric and asymmetric vaults. 
The vault plugin has been modified to support symmetric and asymmetric
vaults to provide additional security over the standard vault by
encrypting the data before it's sent to the server. The encryption
functionality is implemented using the python-cryptography library.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-07 07:44:56 +00:00
Petr Spacek
8ee975b276 DNSSEC: Detect attempt to install & disable master at the same time. 
https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-07 08:37:15 +02:00
Petr Spacek
c0271b9c87 DNSSEC: ipa-dns-install: Detect existing master server sooner. 
User should get the error before he installs missing packages etc.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-07 08:37:15 +02:00
Martin Basti
f7c98c650a Allow to run subprocess with suplementary groups 
Param suplementary_groups allows to specify list of group names to be
used for subprocess.
suplementary_groups param requires runas param to be specified.

Required for ticket: https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-07 08:37:15 +02:00
Martin Basti
2e4e8d759d DNSSEC: update message 
https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-07 08:37:15 +02:00
Martin Basti
e151492560 DNSSEC: allow to disable/replace DNSSEC key master 
This commit allows to replace or disable DNSSEC key master

Replacing DNSSEC master requires to copy kasp.db file manually by user

ipa-dns-install:
--disable-dnssec-master  DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE  This configure new DNSSEC master server,  kasp.db from old server is required for sucessful replacement
--force Skip checks

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2015-07-07 08:37:15 +02:00
Petr Vobornik
b258bcee83 webui: add mangedby tab to otptoken 
Added managedby_user tab to manage users who can manage the token.

https://fedorahosted.org/freeipa/ticket/5003

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-07 05:51:28 +02:00
Petr Vobornik
2a976334c2 webui: API browser 
First part of API browser - displaying metadata in more consumable way.

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Petr Vobornik
392809f984 webui: menu and navigation fixes 
fixes:

1. When navigation is initiated from clicking and a link with hash, update
of facet state causes that subsequent click on a link with hash will be
ignored. Caused by a code which prevents infinite loop because of facet
state update. Now hash update is done only if it was really changed.

2. registered correct handler for standalone pages

3. fix selection of menu item where the items differ only in args. Chooses
the item with the most similar state to current facet.

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Petr Vobornik
8d8aa60dbd webui: fix webui specific metadata 
Mark all Web UI specific metadata so they could be filtered out
in the API Browser.

Fix cert name.

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Petr Vobornik
114f11fe5a webui: ListViewWidget 
A widget for rendering a list of groups of items. Intended to be
used in sidebar. Plan is to serve also as a base for FacetGroupsWidget.

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Petr Vobornik
ba0a1c6b33 include more information in metadata 
added to commands: doc, proper args, NO_CLI

added to options: default_from, cli_name, cli_short_name and others

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Martin Basti
884afb5d38 Server Upgrade: use debug log level for upgrade instead of info 
Upgrade contains too many unnecessary info logs.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-03 07:47:59 +00:00
Petr Vobornik
66ea322e7e topology: make cn of new segment consistent with topology plugin 
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
2b8e1caa7b topologysegment: hide direction and enable options 
These options should not be touched by users yet.

https://fedorahosted.org/freeipa/ticket/5061

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
fa4954c35d ipa-replica-manage del: add timeout to segment removal check 
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
6be7d41ba1 ipa-replica-manage del: relax segment deletement check if topology is disconnected 
https://fedorahosted.org/freeipa/ticket/5072

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Martin Babinsky
76eea85701 new commands to manage user/host/service certificates 
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is

ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]

Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Martin Babinsky
53b11b6117 reworked certificate normalization and revocation 
Validation of certificate is now handled by `x509.validate_certificate'.

Revocation of the host and service certificates was factored out to a separate
function.

Part of http://www.freeipa.org/page/V4/User_Certificates

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Martin Babinsky
93dab56ebf baseldap: add support for API commands managing only a single attribute 
This patch extends the API framework with a set of classes which add/remove
 values to a single LDAPObject attribute.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Tomas Babej
8d30feb539 winsync_migrate: Generalize membership migration 
https://fedorahosted.org/freeipa/ticket/4943

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e5fe79a0f4 winsync_migrate: Migrate memberships of the winsynced users 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
199358112e man: Add manpage for ipa-winsync-migrate 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
6462530440 idviews: Fallback to AD DC LDAP only if specifically allowed 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
f8d1458fda winsync-migrate: Include the tool parts in Makefile and friends 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
19d62e9aa4 winsync-migrate: Move the tool under ipaserver.install package 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e9a3b99717 winsync-migrate: Rename to tool to achive consistency with other tools 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
7017d9e8a6 winsync-migrate: Delete winsync agreement prior to migration 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
d584eb7001 winsync-migrate: Require explicit specification of the target server and validate existing agreement 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
bff7a748d6 idviews: Do not abort the find & show commands on conversion errors 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0e11a87090 winsync-migrate: Require root privileges 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e6a2a67d7a dcerpc: Add debugging message to failing kinit as http 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
69c6a33216 dcerpc: Change logging level for debug information 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
cf61e2ad94 winsync-migrate: Move the api initalization and LDAP connection to the main method 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e7d7f01d5f migrate-winsync: Add option validation and handling 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
2104e07fa8 migrate-winsync: Create user ID overrides in place of winsynced user entries 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
4c6ff80140 winsync-migrate: Add a way to find all winsync users 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0cb87fc31a winsync-migrate: Add initial plumbing 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
ccbf267872 ipaplatform: Remove redundant definitions 
The variables path_namespace and task_namespace in the base platform
are not used anywhere in the rest of the codebase and are just
debris from previous implementation.

This patch removes them.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 13:04:23 +02:00
Martin Basti
2e329ecdc7 KRA Install: check replica file if contains req. certificates 
https://fedorahosted.org/freeipa/ticket/5059

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 10:59:53 +00:00
Thierry Bordaz
b5cb95431b Display the wrong attribute name when mandatory attribute is missing 
When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing
	it displays an error with 'cn'

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 12:01:07 +02:00
Ludwig Krispenz
6f916b0ac9 allow deletion of segment if endpoint is not managed 
in the preop check do not reject the deletion of a segment, if not both endpoints
are managed servers for the suffix

thisis part of work for ticlet #5072

Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-07-02 11:54:01 +02:00
Martin Basti
96c23659fc DNS: Do not traceback if DNS is not installed 
Instead of internal error show 'DNS is not configured' message, when a
dns* command is executed.

https://fedorahosted.org/freeipa/ticket/5017

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 20:19:01 +02:00
Petr Vobornik
25a5e38b85 replication: fix regression in get_agreement_type 
dcb6916a3b introduced a regression where
get_agreement_type does not raise NotFound error if an agreement for host
does not exist. The exception was swallowed by get_replication_agreement.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 19:44:11 +02:00
Jan Cholasta
e43296ba9a replica prepare: Do not use entry after disconnecting from LDAP 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
5b39bc1003 plugable: Remove unused call method of Plugin 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
2b12bca660 plugable: Specify plugin base classes and modules using API properties 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
4b277d0477 plugable: Change is_production_mode to method of API 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00