Commit Graph

2954 Commits

Author SHA1 Message Date
Rob Crittenden
81fe26bdcf Add missing options to ipa-getkeytab man page.
ticket 229
2010-10-11 22:35:47 -04:00
Rob Crittenden
d2a9ccf407 Accept an incoming certificate as either DER or base64 in the service plugin.
The plugin required a base64-encoded certificate and always decoded it
before processing. This doesn't work with the UI because the json module
decodes binary values already.

Try to detect if the incoming value is base64-encoded and decode if
necessary. Finally, try to pull the cert apart to validate it. This will
tell us for sure that the data is a certificate, regardless of the format
it came in as.

ticket 348
2010-10-08 13:15:03 -04:00
Adam Young
dccb386d57 record limit 2010-10-08 16:59:01 -04:00
Rob Crittenden
be6aa7039b Return non-zero when group membership change fails, no empty fail list.
There is no point (and it is confusing) to print an empty list when
modifying group membership fails, so suppress it.

If any membership change fails we should return non-zero.

tickets 271, 273, 274
2010-10-08 10:11:54 -04:00
Rob Crittenden
71a032db19 Detect if DNS is already configured in IPA, or if IPA is not yet installed.
ipa-dns-manage could fail in very odd ways depending on the current
configuration of the server. Handle things a bit better.

ticket 210
2010-10-08 10:11:49 -04:00
Rob Crittenden
90e716460e Include time duration hints when configuring services in ipa-server-install.
Give a better heads-up on how long the installation will take. Particularly
important when configuring dogtag.

ticket 139
2010-10-08 10:11:45 -04:00
Rob Crittenden
bed6e81935 If an HBAC category is 'all' don't allow individual objects to be added.
Basically, make 'all' mutually exclusive. This makes debugging lots easier.
If say usercat='all' there is no point adding specific users to the rule
because it will always apply to everyone.

ticket 164
2010-10-08 10:11:41 -04:00
Adam Young
b09467e448 default search
Populate the entity search pages with the results of a search with a blank filter even if no filter has been specified
2010-10-07 15:11:14 -04:00
Adam Young
82455fdb12 policy and config sample data 2010-10-07 14:52:34 -04:00
Adam Young
9cb3a07aca policy and config
Population of the policy and entites tabs.
    DNS and ACI are broken due to PLugin issues
    Fix for entities without search
    Added new files to Makefile.am
    used rolegroup.js file as the start point, renamed to serverconfig.js
2010-10-07 14:51:02 -04:00
Simo Sorce
016f889a51 Improve logging facilities
Provide simplified logging macros that appropriately use __func__ __FILE__,
__LINE__, or the plugin name depending on the log level.
2010-10-07 11:23:51 -04:00
Simo Sorce
ec33e38e9a pwd-plugin: Fix unresolve symbol
This fixes a har crash when someone tries to fetch a keytab
2010-10-07 11:16:19 -04:00
Simo Sorce
3e98d8ddad install-script: Do not ask to remove DNS data
When we uninstall we wipe out the entire LDAP database, so it doesn't really
make mush sense to try to also remove single entries from it.
This avoids the --uninstall procedure to fail because the DM password is not
available or the LDAP server is down, and we are just trying to cleanup
everything.
2010-10-07 07:54:06 -04:00
Simo Sorce
475c064227 When dealing with samba password set also the sambaPwdLastSet
This attribute is required for samba to properly identify a user has changed
it's password and doesn't need to change it again at next login.

At the same time, if we are forcing a pssword reset we also need to let samba
know the user must change its password.
2010-10-07 07:53:36 -04:00
Simo Sorce
ceb91a3f71 Always detect openldap and mozldap at the same time
Slapi plugins must use mozldap because 389 ds is compiled against that.
ipa_kpasswd, instead, should be linked against openldap.
So always make sure both are available.
2010-10-07 07:53:36 -04:00
Rob Crittenden
68604a7982 Fix a couple of typos in some ACIs.
One typo was mis-spelling the admins group name
The second was an extraneous 'aci' in the name of two acis.

ticket 335
2010-10-06 21:52:11 -04:00
Rob Crittenden
8ded383b62 Use correct description in hostgroup acis.
This also corrects a duplication problem in acis.
2010-10-06 21:52:03 -04:00
Endi S. Dewata
de35a3e341 Displaying AJAX URL in error message.
The ipa_error_handler() has been modified to display the AJAX URL
that is having a problem. The ipa_cmd() error handler is now invoked
using call() to pass 'this' object which contains the URL.
2010-10-06 21:30:55 -04:00
Pavel Zuna
127ff317ce Fix attribute callbacks on details pages in the webUI.
Ticket #326
2010-10-06 17:01:45 -04:00
Pavel Zuna
8a2ea9a7e0 Fix inconsistent error message when deleting groups that don't exist.
Ticket #292
2010-10-06 10:01:59 -04:00
Pavel Zuna
6606b2a9c5 Rename user-lock and user-unlock to user-enable user-disable.
Ticket #165
2010-10-06 09:20:44 -04:00
Pavel Zuna
9832780414 Add 'continuous' mode to LDAPDelete. Fix *-del unit tests.
Ticket #321
2010-10-06 09:20:41 -04:00
Pavel Zuna
bf053652bc Generate additional positional arguments for baseldap commands from takes_args. 2010-10-06 09:20:38 -04:00
Jr Aquino
bfd2e383dc Added modifications to the sudorule plugin to reflect the schema update. 2010-10-05 21:37:59 -04:00
Endi S. Dewata
7058df65ac UI Unit Test Docs
A README file for the UI Unit Test has been added. It contains a link
to the online documentation: http://www.freeipa.org/page/UI_Unit_Tests
2010-10-05 21:18:05 -04:00
Simo Sorce
6682b63438 pwd-plugin: Remove the correct password from the history
We were mistakenly removeing the latest password from the passwordHistory
once the max history values were reached. Make sure we remove the oldest one
instead.
2010-10-05 08:54:08 -04:00
Simo Sorce
9cd0330e5d Fix ipapwd_start() style
Trun tabs into quartets of spaces. Fit lines to not exceed 80 columns.
2010-10-05 08:54:08 -04:00
Simo Sorce
c594ab88ba Add options to control NTLM hashes
By default LM hash is disabled.
Of course generation still depends on whether the SamAccount objectclass is
present in the user object.
2010-10-05 08:54:08 -04:00
Simo Sorce
3b38e74da5 Add Generic config class.
Helps when you need to add random snippets of config that really do not deserve
a full atttribute, but are still something you want to put in LDAP and have
replicated.
2010-10-05 08:54:07 -04:00
Simo Sorce
b9c02a50c2 Fix descriptions 2010-10-05 08:54:06 -04:00
Simo Sorce
19d3ba9733 pwd-plugin: format/style changes
Use __func__ in log functions instead of the explicit function name
so that if the function need to be renamed later logs reflect the
change automatically w/o the need to change all occurrences.

Also makes a grep for the function name less noisy avoiding tons of
false positives.
2010-10-05 08:52:43 -04:00
Simo Sorce
fea9181eaf pwd-plugin: Remove 14 chars limitation from the NT hash 2010-10-05 08:52:43 -04:00
Dmitri Pal
9ca7ea71b1 Allow and deny commands in one rule
1) Added new attribute memberDenyCommand
2) Renamed memberCmd to memberAllowCmd
3) Changed the object class:
 * removed type
 * reflected the rename change
 * added the new attribute
4) Renumbered the attributes (while we still can) for consistency.
2010-10-04 17:00:59 -04:00
Endi S. Dewata
ea334939ba Tooltips for quick links.
The ipa_entity_quick_links() has been modified to show tooltips when
hovering on quick links.
2010-10-04 18:48:13 -04:00
Rob Crittenden
f94a3d1751 Fix a couple of test cases broken by the POSIX group change.
They were made as non-POSIX originally, keep them that way.
2010-10-04 09:53:42 -04:00
Endi S. Dewata
b7097fc8c9 Entity association configuration.
The ipa_entity_set_association_definition() has been added to configure
the association between 2 entitites. By default the associator is
BulkAssociator and the method is add_member. The entities have been
updated to use the right configurations.

The ipa_cmd() has been modified to detect IPA errors and invoke the
error handler.

A bug in refresh_on_success() has been fixed as well.
2010-10-02 18:13:30 -04:00
Endi S. Dewata
aa7ecb6f5f Autogenerating Quick Links.
ipa_entity_quick_links() has been added to generate quick links
automatically from object's attribute_members, the same logic used
for generating facet list. The search definition for each entity
has been updated to use the new function. A unit test has been
added for this function.
2010-10-01 16:17:51 -04:00
Adam Young
38490d35d3 phonenumbers
Added in params for phone number  types: phone, fax, mobile ,pager
2010-10-01 16:05:08 -04:00
Rob Crittenden
f906aaf376 Groups are now created as POSIX by default.
ticket 241
2010-10-01 14:16:36 -04:00
Rob Crittenden
88bd2a0a45 Fix LDAP client backend failing test case 2010-10-01 13:42:32 -04:00
Rob Crittenden
25848ed173 Quote passwords when calling pkisilent
ticket 243
2010-10-01 13:41:45 -04:00
Rob Crittenden
aac7badb77 Remove reliance on the name 'admin' as a special user.
And move it to the group 'admins' instead. This way the admin user can
be removed/renamed.

ticket 197
2010-10-01 13:38:52 -04:00
Rob Crittenden
3703062ab2 Use consistent, specific nickname for the IPA CA certificate.
Also fix some imports for sha. We have a compat module for it, use it.

ticket 181
2010-10-01 13:37:34 -04:00
Simo Sorce
3127df2aee Split ipa_pwd_extop plugin in multiple files
The plugin was getting difficult to read and maintain.
Split it (and apply cosmetic cleanups to some functions) in smaller
pieces that perform specific tasks.
2010-10-01 11:17:40 -04:00
Adam Young
58f1026e34 Corrected Language Codes The Gnu document incorrectly listed Japanese as jp and Hebrew as iw. That was why the Plurals line passed through directly from the template. 2010-10-01 10:14:20 -04:00
Pavel Zuna
c106922c13 Add Delete capabilities to Search facet in the WebUI.
Ticket #206
2010-10-01 10:00:10 -04:00
Pavel Zuna
838c1f2c94 Add LDAPMultiQuery base class and make it the base of LDAPDelete.
In other words: make *-del commands accept 1 or more primary keys
of entries to be deleted.

Ticket #20
2010-10-01 10:00:01 -04:00
Endi S. Dewata
c53831037c Refactoring navigation.js.
The navigation.js has been modified to make it more abstract, i.e.
unaware of entity facets. The nav_update_tabs() has been modified
such that it activates and updates the tabs based on the current
state stored in the URL.

The facets are now handled in entity.js. The ipa_entity_setup() has
been modified to update the facets based on the current state and
cached state.

The navigation.js also has been modified to be more class-like. The
nav_create() has been modified to store the tab configuration and
the tab container in internal variables nav_tabs_lists and
nav_container. The nav_update_tabs() now can be called without any
parameters.

Functions nav_push_state(), nav_get_state(), and nav_remove_state()
have been added to wrap BBQ API. This is to allow unit tests to
replace them with mockup functions to remove dependency on BBQ.
2010-10-01 09:06:47 -04:00
Adam Young
4f2d2fda93 telephone
Typo in attribute name.
2010-09-30 19:10:39 -04:00
Rob Crittenden
b5fcfb1495 Fix sizelimit/timelimit options not working in user_find 2010-09-30 17:48:00 -04:00