IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-13 01:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
6,547 Commits 11 Branches 59 Tags 60 MiB
8eb389c225
Commit Graph

6547 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Petr Viktorin
070868f435 ldapupdate: Factor out connection code 
The connection code will be the same for both the LDAP updater
and the new schema updater.

Preparation for: https://fedorahosted.org/freeipa/ticket/3454
 2013-11-18 16:54:21 +01:00
Martin Basti
e8fc70f149 Removed old firefox configuration scripts 
Part of ticket https://fedorahosted.org/freeipa/ticket/3821
 2013-11-15 13:30:39 +01:00
Martin Basti
478dc1e828 ipa-client-install: Added options to configure firefox 
Option --configure-firefox configures firefox to use Kerberos
credentials within IPA domain
Optional option --firefox-dir=DIR allows to user to specify non-standard
path where firefox install directory is placed.

Part of ticket: https://fedorahosted.org/freeipa/ticket/3821
 2013-11-15 13:30:39 +01:00
Ana Krivokapic
487865131c Add web UI integration tests for automember rebuild 
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3928
 2013-11-15 13:28:16 +01:00
Ana Krivokapic
6eff37f8a2 Web UI integration test driver enhancement 
Handle selecting an option from a select box.

https://fedorahosted.org/freeipa/ticket/3928
 2013-11-15 13:28:16 +01:00
Ana Krivokapic
b7c7eaf8d9 Add automember rebuild command to the web UI 
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3928
 2013-11-15 13:28:16 +01:00
Ana Krivokapic
6c9b3b02a4 Fix error message when adding duplicate automember rule 
Also fix object_name and object_name_plural for automember rules.

https://fedorahosted.org/freeipa/ticket/2708
 2013-11-15 12:46:07 +01:00
Ana Krivokapic
0ac6397632 Add unit tests for automember rebuild command 
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3752
 2013-11-15 12:46:07 +01:00
Ana Krivokapic
dfea5989f7 Add a privilege and a permission needed for automember rebuild command 
Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3752
 2013-11-15 12:46:06 +01:00
Ana Krivokapic
d97386de5b Add automember rebuild command 
Add a new command to IPA CLI: ipa automember-rebuild

The command integrates the automember rebuild membership task functionality
into IPA CLI. It makes it possible to rebuild automember membership for
groups/hostgroups.

Design: http://www.freeipa.org/page/V3/Automember_rebuild_membership
https://fedorahosted.org/freeipa/ticket/3752
 2013-11-15 12:46:06 +01:00
Ana Krivokapic
eaaf7ed0f2 Use EXTERNAL auth mechanism in ldapmodify 
Default to using the EXTERNAL authorization mechanism in calls to ldapmodify

https://fedorahosted.org/freeipa/ticket/3895
 2013-11-14 15:01:05 +01:00
Alexander Bokovoy
3693b8e51a Map NT_STATUS_INVALID_PARAMETER to most likely error cause: clock skew 
When we get NT_STATUS_INVALID_PARAMETER in response to establish
DCE RPC pipe with Kerberos, the most likely reason is clock skew.
Suggest that it is so in the error message.

https://fedorahosted.org/freeipa/ticket/4024
 2013-11-13 12:28:48 +01:00
Ana Krivokapic
f9a8a30b27 Fix regression which prevents creating a winsync agreement 
A regression, which prevented creation of a winsync agreement,
was introduced in the original fix for ticket #3989.

https://fedorahosted.org/freeipa/ticket/3989
 2013-11-13 08:14:41 +01:00
Martin Kosek
b4ee7da8e9 Server does not detect different server and IPA domain 
Server installer does not properly recognize a situation when server
fqdn is not in a subdomain of the IPA domain, but shares the same
suffix.

For example, if server FQDN is ipa-idm.example.com and domain
is idm.example.com, server's FQDN is not in the main domain, but
installer does not recognize that. proper Kerberos realm-domain
mapping is not created in this case and server does not work
(httpd reports gssapi errors).

https://fedorahosted.org/freeipa/ticket/4012
 2013-11-11 09:27:12 +01:00
Petr Viktorin
196379d126 Remove unused utf8_encode_value functions 
The utf8_encode_value/_values functions from ipautil are no longer used.
Remove them.
 2013-11-08 12:51:53 +01:00
Petr Viktorin
6c7a59a906 Add tests for user auth type management 
https://fedorahosted.org/freeipa/ticket/3368
 2013-11-08 12:48:43 +01:00
Nathaniel McCallum
3f85f09a83 Add support for managing user auth types 
https://fedorahosted.org/freeipa/ticket/3368
 2013-11-08 12:48:15 +01:00
Jan Cholasta
df5f4ee81d Turn LDAPEntry.single_value into a dictionary-like property. 
This change makes single_value consistent with the raw property.

https://fedorahosted.org/freeipa/ticket/3521
 2013-11-05 13:56:55 +01:00
Alexander Bokovoy
989493979d Guard import of adtrustinstance for case without trusts 
https://fedorahosted.org/freeipa/ticket/4011
 2013-11-04 16:37:24 +01:00
Petr Viktorin
1f6880c590 Fix debug output in integration test 
Recent ipaldap work has made LDAPEntry incompatible with python-ldap's
LDIFWriter.
Convert entry to dict before printing debug output.
 2013-11-04 11:59:34 +01:00
Tomas Babej
9cbb94cd66 ipatests: test_trust: use domain name instead of realm for user lookups 2013-11-01 16:24:30 +01:00
Tomas Babej
428aecec49 ipatests: Add integration tests for legacy clients 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-11-01 16:24:30 +01:00
Tomas Babej
00c0878b90 ipatests: Use command -v instead of which in legacy client advice 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-11-01 15:39:52 +01:00
Martin Kosek
44d1886d39 Remove deprecated AllowLMhash config 
Remove this ipaConfigString value as LM hash is deprecated and in
fact even insecure.

https://fedorahosted.org/freeipa/ticket/3795
 2013-11-01 09:30:10 +01:00
Sumit Bose
d876a22732 Remove generation and handling of LM hashes 
https://fedorahosted.org/freeipa/ticket/3795
 2013-11-01 09:28:35 +01:00
Sumit Bose
b5e60c2020 Remove AllowLMhash from the allowed IPA config strings 
Fixes https://fedorahosted.org/freeipa/ticket/3795
 2013-11-01 09:28:35 +01:00
Jan Cholasta
941e9686a3 Use encoded values from entry objects directly when adding new entries. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:52 +01:00
Jan Cholasta
e60eda3b3d Use encoded values from entry objects directly when generating modlists. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:52 +01:00
Jan Cholasta
78f0ca983b Store encoded attribute values from search results directly in entry objects. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:52 +01:00
Jan Cholasta
a7180ed021 Remove legacy toDict and origDataDict methods of LDAPEntry. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Jan Cholasta
463407ac6f Make sure attributeTypes updates are done before objectClasses updates. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Jan Cholasta
9ecf4b7aac Decode and encode attribute values in LDAPEntry on demand. 
This is achieved by storing both decoded and encoded attribute values in
LDAPEntry and synchronizing changes between them whenever an attribute is
accessed.

Added a new property "raw" to LDAPEntry. It provides a dictionary-like
object which can be used to directly access encoded attribute values.

https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Jan Cholasta
5d1d513849 Always use lists for values in LDAPEntry internally. 
Outside of LDAPEntry, it is still possible to use non-lists. Once we enforce
lists for attribute values, this will be removed.

https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Jan Cholasta
5aadaa6030 Introduce IPASimpleLDAPObject.decode method for decoding LDAP values. 
This method is intended as a counterpart of IPASimpleLDAPObject.encode and
replaces IPASimpleLDAPObject.convert_value_list.

https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Jan Cholasta
4f0814d7c0 Make LDAPEntry a wrapper around dict rather than a dict subclass. 
https://fedorahosted.org/freeipa/ticket/3521
 2013-10-31 18:09:51 +01:00
Tomas Babej
b1bffb5eca ipatests: Add support for extra roles referenced by a keyword 
Adds support for host definition by a environment variables of the
following form:

ROLE_<keyword>_envX, where X is the number of the environment
for which host referenced by a role <keyword> should be defined.

Adds a required_extra_roles attribute to the IntegrationTest class,
which can test developer use to specify the extra roles that this
particular test requires. If not all required extra roles are
available, the test will be skipped.

All extra (and static) roles are accessible to the IntegrationTests
via the host_by_role method, which returns a host of given role.

Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-10-31 16:52:12 +01:00
Tomas Babej
44998feace ipatests: Do not use /usr/bin hardcoded paths 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-10-31 14:10:53 +01:00
Tomas Babej
4fd88140b1 ipatests: Restore SELinux context after restoring files from backup 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-10-31 13:18:00 +01:00
Tomas Babej
775f2de4ec ipatests: Extend clear_sssd_cache to support non-systemd platforms 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-10-31 13:16:02 +01:00
Tomas Babej
57ccee4eae advice: Add legacy client configuration script using nss-ldap 
Part of: https://fedorahosted.org/freeipa/ticket/3833
 2013-10-31 09:22:34 +01:00
Martin Kosek
21137ab63c Remove ipa-pwd-extop and ipa-enrollment duplicate error strings 
Some error strings were duplicate which makes it then harder to
see what is the real root cause of it.

https://fedorahosted.org/freeipa/ticket/3988
 2013-10-30 17:59:46 +01:00
Petr Vobornik
e3d56597cd Fix password expiration notification 
- was broken by navigation and application controller refactoring

https://fedorahosted.org/freeipa/ticket/4003
 2013-10-30 13:31:12 +01:00
Petr Viktorin
70c1e4a185 beakerlib plugin: Don't try to submit logs if they are missing 2013-10-30 11:55:15 +01:00
Petr Viktorin
e6c06b08d8 Tests: mkdir_recursive: Don't fail when top-level directory doesn't exist 
When the directory directly under root (e.g. /etc) did not exist,
mkdir_recursive failed.
Fix the issue.
 2013-10-30 11:55:10 +01:00
Petr Viktorin
dbf10b83bd Improve permission plugin test cleanup 
The rename tests use names that were not being cleaned up when the
tests fail. Add cleanup steps for them.

Also, use --force so system permissions are removed as well.
 2013-10-30 11:50:05 +01:00
Petr Viktorin
2c433cdd7e Use new ipaldap entry API in aci and permission plugin 2013-10-30 11:50:05 +01:00
Petr Viktorin
dadf7cddf0 Help plugin: don't fail if a topic's module is not found 
Previously the help plugin failed when searching for the docstring
when a topic's module was not found. This can happen when some server
plugins are loaded (e.g. for tests).

Use empty documentation when the topic is not found.
 2013-10-30 11:50:05 +01:00
Petr Viktorin
15618beab6 Fix invalid assumption NSS initialization check in SSLTransport 
There code assumes that the `conn` in any Connection in the context is
a ServerProxy. This might not always be the case: ldap2 uses a
python-ldap connection here.
 2013-10-30 11:50:05 +01:00
Petr Viktorin
62890ca69b Fix indentation in permission plugin tests 2013-10-30 11:50:05 +01:00
Petr Viktorin
7051f510b6 Update Permission and ACI plugins to decorator registration API 2013-10-30 11:50:04 +01:00