The referint plugin does a substring search on these attributes each time an
entry is deleted, which causes a noticable slowdown for large directories if
the attributes are not indexed.
https://fedorahosted.org/freeipa/ticket/3706
There is a JS error.
Rule tables with external member has more than one column and therefore exclude parameter for adder dialog is not array of strings but array of objects. normalize_values function can't work with it and causes JS error.
This patch creates proper exclude array before passing it to adder dialog.
https://fedorahosted.org/freeipa/ticket/3711
This adds a new LDAP attribute ipaRangeType with
OID 2.16.840.1.113730.3.8.11.41 to the LDAP Schema.
ObjectClass ipaIDrange has been altered to require
ipaRangeType attribute.
Part of https://fedorahosted.org/freeipa/ticket/3647
Adds a new simple service called OtpdInstance, that manages
ipa-otpd.socket service. Added to server/replica installer
and ipa-upgradeconfig script.
https://fedorahosted.org/freeipa/ticket/3680
Default list of attributes that are checked with 7-bit plugin
for being 7-bit clean includes userPassword. Consecutively, one
is unable to set passwords that contain non-ascii characters.
https://fedorahosted.org/freeipa/ticket/3640
All installers that handle Kerberos auth, have been altered to use
private ccache, that is ipa-server-install, ipa-dns-install,
ipa-replica-install, ipa-ca-install.
https://fedorahosted.org/freeipa/ticket/3666
Manual configuration page for other browsers (ssbrowser.html) doesn't work in IE 10 - error page is displayed.
This patch is conditioning creation of Firefox configuration object so that configure.jar is requested only in Firefox. IE doesn't request it and so it does not fail.
https://fedorahosted.org/freeipa/ticket/3645
Since we depend on Dogtag 10 now, there is no need to keep code
that installs a Dogtag 9 CA.
Support for upgraded Dogtag-9-style instances is left in.
https://fedorahosted.org/freeipa/ticket/3529
Facet pre_ops defined in ./facet module were moved to modules where facet are actually defined. Moved pre_ops were united with the ones defined for the facets in these modules.
The move simplifies module dependencies - there is no reason to have general facet module dependent on specialized facet modules.
Pre_ops uniting makes the code simpler.
https://fedorahosted.org/freeipa/ticket/3605
Spec modifications in factories makes inheritance and extensibility more difficult.
Moving them to pre_ops allows modification of their output by other pre_ops.
https://fedorahosted.org/freeipa/ticket/3605
This schema addition will be useful for future commits. It allows us to
define permitted external authentication methods on both the user and
global config. The implementation is generic, but the immediate usage
is for otp support.
https://fedorahosted.org/freeipa/ticket/3365http://freeipa.org/page/V3/OTP
Prompt for nameserver IP address in interactive mode of dnszone-add.
Add a corresponding field to dnszone creation dialog in the web UI.
This parameter is required if and only if:
* New zone is a forward zone
* Nameserver is defined inside the new zone
Add a new unit test to cover this functionality.
https://fedorahosted.org/freeipa/ticket/3603
The DIR ccache format is now the default in krb5-server 1.11.2-4
but /run/user/<uid> isn't created for Apache by anything so it
has no ccache (and it doesn't have SELinux permissions to write here
either).
Use KRB5CCNAME to set a file path instead in /etc/sysconfig/dirsrv.
https://fedorahosted.org/freeipa/ticket/3628
The DIR ccache format is now the default in krb5-server 1.11.2-4
but /run/user/<uid> isn't created for Apache by anything so it
has no ccache (and it doesn't have SELinux permissions to write here
either).
Use KRB5CCNAME to set a file path instead in /etc/sysconfig/httpd.
https://fedorahosted.org/freeipa/ticket/3607
Introduce new command, 'trust-resolve', to aid resolving SIDs to names
in the Web UI.
The command uses new SSSD interface, nss_idmap, to resolve actual SIDs.
SSSD caches resolved data so that future requests to resolve same SIDs
are returned from a memory cache.
Web UI code is using Dojo/Deferred to deliver result of SID resolution
out of band. Once resolved names are available, they replace SID values.
Since Web UI only shows ~20 records per page, up to 20 SIDs are resolved
at the same time. They all sent within the single request to the server.
https://fedorahosted.org/freeipa/ticket/3302
