The object_name attribute was used as both an identifier and a
label which sometimes require different values (e.g. hbacrule
vs. HBAC rule). The code that uses object_name as an identifier
has been changed to use the 'name' attribute instead. The values
of the object_name attribute have been fixed to become proper
labels.
Ticket #1217
The entitlement buttons are located serveral levels underneath
facet-controls, so the CSS selector has been fixed to extend beyond
facet-controls' immediate children.
Ticket #1419
The IPA.user_status_widget has been modified such that it checks
the facet dirty status and asks the admin to either Update or Reset
the changes. Then the widget shows a dialog to confirm whether
the admin wants to activate/deactivate the user.
Ticket #1395
Instead of looking for a match on the entity name, use the nesting structure
of containing entites to grab their pkeys.
Code review fixes
https://fedorahosted.org/freeipa/ticket/674
https://fedorahosted.org/freeipa/ticket/674
decrement depth for hidden tabs.
Initialize state from url
useing delete for removing state
stricter attribute matching
not incrementing depth for all hidden tabs.
whitespace cleanup
The entity labels in the following locations have been fixed:
- search facet title: plural
- details facet title: singular
- association facet title: singular
- breadcrumb: plural
- adder dialog title: singular
- deleter dialog title: plural
Some entity labels have been changed into the correct plural form.
Unused file install/ui/test/data/i18n_messages.json has been removed.
Ticket #1249
Ticket #1387
A new attribute label_singular has been added to all entities which
contains the singular form of the entity label in lower cases except
for acronyms (e.g. HBAC) or proper nouns (e.g. Kerberos). In the Web
UI, this label can be capitalized using CSS text-transform.
The existing 'label' attribute is intentionally left unchanged due to
inconsistencies in the current values. It contains mostly the plural
form of capitalized entity label, but some are singular. Also, it
seems currently there is no comparable capitalization method on the
server-side. So more work is needed before the label can be changed.
Ticket #1249
A dogtag replica file is created as usual. When the replica is installed
dogtag is optional and not installed by default. Adding the --setup-ca
option will configure it when the replica is installed.
A new tool ipa-ca-install will configure dogtag if it wasn't configured
when the replica was initially installed.
This moves a fair bit of code out of ipa-replica-install into
installutils and cainstance to avoid duplication.
https://fedorahosted.org/freeipa/ticket/1251
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.
Important changes:
- configure ipa_hostname in sssd on masters
- set PKI_HOSTNAME so the hostname is passed to dogtag installer
- set the hostname when doing ldapi binds
This also reorders some things in the dogtag installer to eliminate an
unnecessary restart. We were restarting the service twice in a row with
very little time in between and this could result in a slew of reported
errors, though the server installed ok.
ticket 1052
The content and the size of entity header changes depending on the
facet being displayed, so the entity header has been converted into
a facet header to allow better control via CSS.
The DNS record facet has been updated to use the same styling and
support scrolling.
To help styling and testing, all buttons have been assigned a name.
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.
https://fedorahosted.org/freeipa/ticket/1282
For the most part certificates will be treated as being in DER format.
When we load a certificate we will generally accept it in any format but
will convert it to DER before proceeding in normalize_certificate().
This also re-arranges a bit of code to pull some certificate-specific
functions out of ipalib/plugins/service.py into ipalib/x509.py.
This also tries to use variable names to indicate what format the certificate
is in at any given point:
dercert: DER
cert: PEM
nsscert: a python-nss Certificate object
rawcert: unknown format
ticket 32
Tests for dirty after the RPC call has completed and the select has updated
Passes the original value to the RPC completion, so it isn't lost upon RPC completion
https://fedorahosted.org/freeipa/ticket/1340
the tabs are required for natigation, but they should not be visible, as the breadcrub provides the navigation for them instead.
Moved the automount tabs up one level so that it uses the two level style
Implements a way to pass match_local and parse_netmask parameters
to IP option checker.
Now, there is just one common option type "ip" with new optional
attributes "ip_local" and "ip_netmask" which can be used to
pass IP address validation parameters.
https://fedorahosted.org/freeipa/ticket/1333
The association facet has been modified to store the current page
number in the browser's URL. This way page changes are stored in
browser's history allowing the back button to work properly.
Ticket #1264
The direct and indirect associations are now displayed in the same
facet. The type of association to be displayed can be selected
using radio buttons.
Ticket #1338
In self-service mode the user's association facets have been modified
such that the entries are not linked since the only available entity
is the user entity.
A 'link' parameter has been added to IPA.association_facet and
IPA.column to control whether to link the entries. The link_handler()
method can be used to define how to handle the link.
Ticket #1072
When a new DNS zone is being created a local hostname is set as a
nameserver of the new zone. However, when the zone is created
during ipa-replica-prepare, the the current master/replica doesn't
have to be an IPA server with DNS support. This would lead to DNS
zones with incorrect NS records as they wouldn't point to a valid
name server.
Now, a list of all master servers with DNS support is retrieved
during DNS zone creation and added as NS records for a new DNS
zone.
https://fedorahosted.org/freeipa/ticket/1261
The buttons were previously skipped during tab navigation because
they do not have an href attribute. The IPA.button has been fixed
to always provide an href attribute.
Ticket #983
The conditional used to determine if thd CA 389-ds instance was already
configured was rather poor so it was possible to pass command-line
arguments in to confuse it. This would cause it to not be installed at
all causing the dogtag installation to fail in a strange way.
https://fedorahosted.org/freeipa/ticket/1244
A selectable option has been added to the table widget to show/hide
the checkbox column for selecting table rows. By default it's set
to true. The indirect association facet has been modified to hide
the column because it is non-editable.
The UI has been modified to fix some resizing issues:
Previously the height of facet content was roughly calculated using
resize(). Now the height can be more accurately defined in CSS.
Previously the UI width was fixed. The HTML layout and background
images have been modified to support horizontal expansion if needed.
There was no point in limiting autobind root to just search cn=config since
it could always just modify its way out of the box, so remove the
restriction.
The upgrade log wasn't being created. Clearing all other loggers before
we calling logging.basicConfig() fixes this.
Add a global exception when performing updates so we can gracefully catch
and log problems without leaving the server in a bad state.
https://fedorahosted.org/freeipa/ticket/1243https://fedorahosted.org/freeipa/ticket/1254
--no-host-dns option should allow installing IPA server on a host
without a DNS resolvable name.
Update parse_ip_address and verify_ip_address functions has been
changed not to return None and print error messages in case of
an error, but rather let the Exception be handled by the calling
routine.
https://fedorahosted.org/freeipa/ticket/1246
When re-creating the CADS instance it needs to be more fully-populated
so we have enough information to create an SSL certificate and move
the principal to a real entry.
https://fedorahosted.org/freeipa/ticket/1245
When IPA replica is installed and the master machine record is not
in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer
a question about adding a host to this file.
This has, however, a potential to break automatic tests.
ipa-replica-conncheck should not require any further user interaction
when all mandatory options are filled.
https://fedorahosted.org/freeipa/ticket/1305
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
Previously when an internal error occurs on the server the UI will
display a blank error dialog box. To fix the problem the string
message thrown by Ajax has been converted into an object containing
the error message.
Ticket #1280
Since the group-show command doesn't return indirect members, the tabs
for group's indirect members have been reverted to call user-find with
the --in-groups parameter to get the entries.
However, this is only a temporary solution since the user-find command
returns both direct and indirect members (ticket #1273).
The Selenium test for groups has been modified to test nested groups
and verify indirect members. The verification currently will fail due
to the above issue.
Turn off the side scroll bars for pages.
Resizes the table when the browser resizes
For stables, the rows scroll, but not the header.
For details, the content area scrolls.
Reserves 400 picesl for the header/ footer. Resize is only done on reload
indirect automount maps
code review changes for automount:
Removed: fields for mount and parentmap in maps details since they are not present in show or mod
Hid undo link for adder dialog
set up click handler for checkboxes when row does not have primary key
removed add override in automountmap_adder_dialog
moved 'var input...' in automount.js line 158 to start of method.
changed logic in if statmenet ,dialog.js line 628 it if (!first) as suggested
The association facet has been modified to support pagination. The
UI will show 20 members per page. There are buttons to go to a
previous or next page. There is also an input text to jump directly
to a certain page.
Ticket #1011
Previously deleting a value in a text field did not work because
the field is not included in the modify operation when the value
is empty. The details facet's update() method has been modified
to update only dirty fields.
The section lists in details facet and dialog have been converted
into ordered maps.
Ticket #1256
The Dirty dialogs have been combined into IPA.dirty_dialog. It
provides the Update and Reset buttons with customizable callback.
Previously the widget's dirty status is computed by comparing the
old values with the new values. This method is sometimes inaccurate,
so the is_dirty() method has been modified to simply return a flag
which is set to true if the widget is changed.
Ticket #896.
When a new reverse zone was created in ipa-replica-prepare (this
may happen when a new replica is from different subnet), the master
DNS address was corrupted by invalid A/AAAA record. This caused
problems for example in installing replica.
https://fedorahosted.org/freeipa/ticket/1223
automount implemented using standard facets and containing_entity pkey generation
sample data fixtures for automount.
messages for automount and HBAC.
modified form of the search facet used to nest the automount entities
Add works for nested entities. Delete works for all but keys. Since the API for this is going to change, I'm not going to fix it pre-checkin.
All the places the PKEY prefix is needed uses a single function. Added breadcrumb trail into title.
update ipa_init sample data
add redirect logic for pages without pkeys.
add and delete link to appropriate entities for nested search facet.
Using on demand entities. Fixed breadcrumbs.
If you install a replica, delete the replica, then re-add it and then
try to re-initialize the agreement it will fail because the remote master
has the old service principals cached. It needs to be restarted to work.
ticket 1077
The Managed Entries plugin configurations weren't being created on
replica installs. The templates were there but the cn=config
portions were not.
This patch adds them as updates. The template portion will be added
in the initial replication.
ticket 1222
Automatic creation may of User Private Groups (UPG) may not be
wanted at all times. This patch adds a new flag --noprivate to
ipa user-add command to disable it.
https://fedorahosted.org/freeipa/ticket/1131
The IPA.add_dialog has been modified such that if the user clicks the
Add and Edit button it will read the primary key returned by the add
operation and use it to open the details page.
Ticket #1108
The IPA.command has been modified not to insert a title into the error
object thrown by Ajax operation because the object could be immutable.
Ticket #1240
The ordered map is a jQuery extension for creating a collection which can
be accessed both as an ordered list and as a map. This collection can be
used to store various objects including entities, fields, columns, and
dialogs. A test suite for this class has been added as well.
Ticket #1232
Enforce that the remote hostname matches the remote SSL server certificate
when 389-ds operates as an SSL client.
Also add an update file to turn this off for existing installations.
This also changes the way the ldapupdater modlist is generated to be more
like the framework. Single-value attributes are done as replacements
and there is a list of force-replacement attributes.
ticket 1069
The IPA.association_facet has been modified to take a read_only parameters.
If the parameter is set to true, the Enroll and Delete buttons will not be
shown. All facets under the memberindirect and memberofindirect facet groups
are marked as read-only.
Ticket #1030
The IPA.entity has been modified to support customizable facet groups.
The default list of facet groups is defined in IPA.entity_header and can
be overriden in the entity definition.
Ticket #1219
Logging errors are printed out when ipa-replica-manage is run
as a non-root user. Log has been disabled in such case to
prevent such messages.
https://fedorahosted.org/freeipa/ticket/1046
The IPA.records_facet has been converted into a subclass of
IPA.search_facet. This helps remove duplicate table code and provide
consistent DOM element attributes for Selenium tests.
Facet container has been added to hold facet header (i.e. title,
search fields, buttons, links) and facet content. Each facet now
occupies separate container, so it can be shown/hidden without
having to redraw the content.
Previously the entities and navigation are entangled inside a common
DOM structure which limits code reuse. Now they have been moved
into separate structures.
Previously the tab state is represented using numeric index such
as navigation=0&identity=1 which is not very user friendly. Now the
code has been modified to use entity names such as
navigation=identity&identity=group.
The singular object IPA.nav has been converted into an IPA.navigation
class. The admin and self-service navigation tabs have been converted
into subclasses of IPA.navigation and will be instantiated according
to user authorization.
Report missing python packages, inform about false positives, fail
gracefully if pylint isn't installed. Fixed a bug in the ignore
list and added few more files/directories to it.
ticket 1184
The --force option may be misused to reinstall an existing IPA
client. This is not supported and may lead to unexpected errors.
When required, the cleanest way to re-install IPA client is to
run uninstall and then install again.
This patch also includes few cosmetic changes in messages to user
to provide more consistent user experience with the script.
https://fedorahosted.org/freeipa/ticket/1117
The widget base class has been modified to validate integer value
if the type is specified in the metadata. This is used to validate
entitlement quantity.
replacing the action panel with the Design for 2.1
Significantly cleaned up implementation of intra-entity navigation
requires additional CSS work
still need to integrate the search controls onto each page
cleaning up interface between entity and facet
simplified nested tabs logic
Fixed role navigation
select default tab from the search widget
fixed unit tests and jsl
keep tabs area allocated
set default tab selected whenever the pkey changes.
Removing styling that is changing positions of buttons. The logic for that was for action-panel, but does not translate to entity-header.
change from metadata name to label for I18N
set selected tab in entity_init.
Default title for entities without search and pkeys
associations in table now link.
remove colon from title when not showing pkey
added Managed by facet group.
Removed entities that are, for some reason, invalid.
This was causing a replica DS instance to crash if the task was not
completed when we attempted a shutdown to do a restart.
In replication.py we were restarting the DS instance without waiting
for the ports to become available.
It is unlikely that the dn of the memberof task will change but just in
case I noted it in the two places it is referenced.
ticket 1188
When adding a new DNS zone in the WebUI, IPA server will verify
whether the nameserver is in DNS. Sometimes it is necessary to
skip the verification.
This patch adds a --force option already available in CLI which
can skip this the verification.
https://fedorahosted.org/freeipa/ticket/1105
UI trims whitespace at the beginning or at the end when user data
are being saved. This confuses is_dirty function which incorrectly
recognizes given field as modified.
This patch fixes this issue for both general text fields and
ACI filter field.
https://fedorahosted.org/freeipa/ticket/1096
The entitlement facet will invoke entitle_status to check the entitlement
status and show the appropriate buttons. If it's unregistered it will show
Register and Import button. If it's registered it will show the Consume
button only. If it's imported it will show the Import button only. The
Import button will open a dialog box for importing entitlement certificate.
Ticket #277
This adds a new directive to ipa-ldap-updater: addifnew. This will add
a new attribute only if it doesn't exist in the current entry. We can't
compare values because the value we are adding is automatically generated.
ticket 1177
The entitlement facet will show buttons according to the entitlement
status. If it's unregistered, the facet will show a Register button.
If it's registered, the facet will show a Consume button.
The root user cannot use ldapi because of the autobind configuration.
Fall back to a standard GSSAPI sasl bind if the external bind fails.
With --ldapi a regular user may be trying this as well, catch that
and report a reasonable error message.
This also gives priority to the DM password if it is passed in.
Also require the user be root to run the ipa-nis-manage command.
We enable/disable and start/stop services which need to be done as root.
Add a new option to ipa-ldap-updater to prompt for the DM password.
Remove restriction to be run as root except when doing an upgrade.
Ticket 1157
The IPA.entity_builder has been modified to take a 'factory' parameter
in custom facet's and custom dialog's spec. The IPA.dialog has been
modified to take an array of fields in the spec. The IPA.search_facet
has been modified to take an array of columns in the spec.
To improve code readability and extensibility the containers for action
panel and client area are now created in IPA.entity.setup(). The 'client area'
has been renamed into 'content'. The IPA.facet.create() has been renamed to
IPA.facet.create_content().
Looking at the schema in 60basev2.ldif there were many attributes that did
not have an ORDERING matching rule specified correctly. There were also a
number of attributeTypes that should have been just SUP
distinguishedName that had a combination of SUP, SYNTAX, ORDERING, etc.
This requires 389-ds-base-1.2.8.0-1+
ticket 1153
If the host has a one-time password but krbPrincipalName wasn't set yet
then the enrollment would fail because writing the principal is not
allowed. This creates an ACI that only lets it be written if it is not
already set.
ticket 1075
Re-enable ldapi code in ipa-ldap-updater and remove the searchbase
restriction when run in --upgrade mode. This allows us to autobind
giving root Directory Manager powers.
This also:
* corrects the ipa-ldap-updater man page
* remove automatic --realm, --server, --domain options
* handle upgrade errors properly
* saves a copy of dse.ldif before we change it so it can be recovered
* fixes an error discovered by pylint
ticket 1087
Priority is now a required field in order to add a new password policy. Thus, not having the field present means we cannot create one.
https://fedorahosted.org/freeipa/ticket/1102
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
Configure the dogtag 389-ds instance with SSL so we can enable TLS
for the dogtag replication agreements. The NSS database we use is a
symbolic link to the IPA 389-ds instance.
ticket 1060
There are cases when ipactl returns success even when it fails. Plus,
when the error really is detected the status codes are not LSB
compliant. This may result in consequent issues.
This patch improves error handling in ipactl and adds LSB compliant
status codes. Namely:
0 program is running or service is OK
3 program is not running
4 program or service status is unknown
for "status" action. Status code 4 is issued when IPA is not
configured to distinguish this state from not running IPA.
For other actions, the following non-zero status codes are
implemented:
1 generic or unspecified error
2 invalid or excess argument(s)
4 user had insufficient privilege
6 program is not configured
https://fedorahosted.org/freeipa/ticket/1055
The month in krblastpwdchange (LDAP Generalized Time) is 1-based
but the month in JavaScript Date.setUTCFullYear() is 0-based so it
needs a conversion.
Ticket 1053
Restart the 389-ds instance to ensure all schema is loaded that
dogtag may have installed as files.
According to bug
https://bugzilla.redhat.com/show_bug.cgi?id=680984 this it is only needed
on clones.
ticket 1024
IPA server/replica uninstallation may fail when it tries to restore
a Directory server configuration file in sysrestore directory, which
was already restored before.
The problem is in Directory Server uninstaller which uses and modifies
its own image of sysrestore directory state instead of using the
common uninstaller image.
https://fedorahosted.org/freeipa/ticket/1026
When IPA replica or server is configured it does not check for
possibly installed client. This will cause the installation to
fail in the very end.
This patch adds a check for already configured client and suggests
removing it before server/replica installation.
https://fedorahosted.org/freeipa/ticket/1002
In a details page, usually any changes done to the fields will not be
applied until the user clicks the Update button. However, if the page
contains an association table, any addition/deletion to the table will
be applied immediately.
To avoid any confusion, the user is now required to save or reset all
changes to the page before modifying the association. A dialog box will
appear if the page contains any unsaved changes.
By calling directly sasl_interactive_bind_s() we were not calling __lateinit()
This in turn resulted in some variables like dbdir not to be set on the
IPAadmin object.
Keep all bind types in the same place so the same common sbind steps can be
performed in each case.
Related to: https://fedorahosted.org/freeipa/ticket/1022
This patch replaces xgettext with a custom pygettext to generate
translatable strings from plugin files in ipalib/plugins. pygettext
was modified to handle plural forms (credit goes to Jan Hendrik Goellner)
and had some bugs fixed by myself. We only use it for plugins, because
it's the only place where we need to extract docstrings for the built-in
help system.
I also had to make some changes to the way the built-in documentation
systems gets docstrings from modules for this to work.
Read access is denied to the sudo container for unauthenticated users.
This shared user can be used to provide authenticated access to the
sudo information.
https://fedorahosted.org/freeipa/ticket/998
This patch fixes Entitlements privileges and ACIs. There were
missing descriptions or the ACIs could not be processed by
Permissino plugin because of missing prefix.
https://fedorahosted.org/freeipa/ticket/997
Created some default roles as examples. In doing so I realized that
we were completely missing default rules for HBAC, SUDO and password
policy so I added those as well.
I ran into a problem when the updater has a default record and an add
at the same time, it should handle it better now.
ticket 585
Many WebUI identifiers were defined in a global namespace. This is
not a good programming practice and may result in name clashes,
for example with other libraries.
This patch moves these variables to IPA namespace or its
sub-namespaces, when meaningful.
https://fedorahosted.org/freeipa/ticket/212
A link has been added into the details page to expand/collapse all
sections.
Previously each section's <div> container is identified using a long
ID. It is now identified using the section name.
Support of navigator.preferences that is used to access browser
configuration was dropped in Firefox 4. This disables automatic
configuration of user preferences in this browser that is needed
to use Kerberos single sign-on.
This patch detectes a lack of this interface and tries to
configure the browser using new Services module introduced in
Gecko 2 (used in Firefox 4, SeaMonkey 2.1).
https://fedorahosted.org/freeipa/ticket/975
The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets.
The service.py has been modified to specify the correct relationships. The API.txt has been updated.
https://fedorahosted.org/freeipa/ticket/960
Trying to run ipactl as non-root results in a slew of bogus
error messages, some of which come because dirsrv can't read certain
files as the wrong user, some based on our handling of that fact.
ticket 936
1. Fix a unicode() problem creating the DNS entries
2. Fix a strange NSS error when generating the certificates against
a dogtag server.
The NSS errors are quite strange. When generating the first certificate
nss_shutdown() fails because the database isn't initialized yet but
nss_is_initialized() returned True. The second pass fails because
something is in use.
Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.
On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.
Set rdns to false on both server and client.
https://fedorahosted.org/freeipa/ticket/931
The current version of the DNS Plugin does not support searching by record, so that is commented out.
The search field wasn't working either. The search criteria had to be appended to the params array, just after the zone.
https://fedorahosted.org/freeipa/ticket/907
The group.upg NIS map was an experiment in providing UPG groups
dynamically, and is not one of the maps that I'd ever expect a NIS
client to "know" to search. We should probably just drop it.
Previously the add service dialog box shows a 'Principal:' label with
no text field next to it. It now has been removed. The dialog box
has been widened to avoid line wrapping of the buttons.
The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.
When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.
Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.
ticket 918
The state is read only at initialization time. This works ok when
individual services remove their state data but when worked upon again
at the top-level it still has the full state in memory, so when the
state file is re-written all of the data that was removed is re-added.
ticket 916
Previously all certificate & Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.
Previously the IPA.details_list_section can only be used with widgets
that generates <dd> tag because it uses the following structure:
<dl>
<dt>Telephone Number:</dt>
<span name="teleponenumber">
<dd>111-1111</dd>
<dd>222-2222</dd>
</span>
</dl>
The <dd> tag was previously used to handle multi-valued attributes.
Since multi-valued attributes are now handled by the recently added
IPA.multivalued_text_widget, the structure can be changed as follows:
<dl>
<dt>Telephone Number:</dt>
<dd>
<span name="telephonenumber">
<div>111-1111</div>
<div>222-2222</div>
</span>
</dd>
</dl>
This allows IPA.details_list_section to be used with any widgets
without requiring the <dd> tag.
A multi-valued text widget has been created to replace the old
IPA.details_field. The old code was designed to handle all data
types, and it uses one <dd> tag for each value, so the code is
still incomplete and complex. The new code was designed to handle
only multi-valued text attributes, and it uses one <dd> tag for
all values, so it's easier to maintain. There are already other
widgets that can be used to handle other data types.
The new code supports line-level undo and line-out for removal
like the old code, but there are some changes:
- Undoing a newly added line will remove the entire line.
- Editing the value of a removed line will cancel the removal.
- It provides 'undo all' link to reset the entire attribute.
The old code will be cleaned up in a subsequent patch.
A cosmetic patch to IPA server installation output aimed to make
capitalization in installer output consistent. Several installation
tasks started with a lowercase letter and several installation
task steps started with an uppercase letter.
https://fedorahosted.org/freeipa/ticket/776
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
There wasn't an exception in the "is the server already installed"
check for a two-stage CA installation.
Made the installer slightly more robust. We create a cache file of
answers so the next run won't ask all the questions again. This cache
is removed when the installation is complete. Previously nothing would work
if the installer was run more than once, this should be fixed now.
The cache is encrypted using the DM password.
The second problem is that the tomcat6 init script returns control
before the web apps are up. Add a small loop in our restart method
to wait for the 9180 port to be available.
This also adds an additional restart to ensure that nonces are disabled.
ticket 835
revise
There are some permissions we can't display because they are stored
outside of the basedn (such as the replication permissions). We
are adding a new attribute to store extra information to make this
clear, in this case SYSTEM.
ticket 853
Also remove the option to choose a user.
It is silly to keep it, when you can't choose the group nor the CA
directory user.
Fixes: https://fedorahosted.org/freeipa/ticket/851
The reset and is_dirty functionality for permission has been fixed.
New widgets have been created for select and a collection of checkboxes.
New test data files have been added for each target type.
The reset and is_dirty functionality for permission has been fixed.
New widgets have been created for select and a collection of checkboxes.
New test data files have been added for each target type.
ipa_target_section does not overload is_dirty, and it alwayrs returns true, meaning you can never leave the page once you visit it.
THis commit pushes a simple placeholder function that always returns fales. Follow on work will be required to correctly inplement the is_dirty functonality
The IPA.dialog has been modified to support sections. The add
dialog for permission has been modified to include the target
section. The base dialog classes have been moved from widget.js
into a new file called dialog.js.
This patch also includes ayoung's fix for parameter name and
format for the permission attributes.
https://fedorahosted.org/freeipa/ticket/791
The API does a fair number of self tests and locking to assure that the
registered commands are consistent and will work. This does not need
to be done on a production system and adds additional overhead causing
somewhere between a 30 and 50% decrease in performance.
Because makeapi is executed when a build is done ensure that it is
executed in developer mode to ensure that the framework is ok.
ticket 751
Declaritive Service definition
Fixed a problem with multiple calls to create breaking the link between the select box and the text box
swapped the select and the text
https://fedorahosted.org/freeipa/ticket/442
This patch fixes several issues in delegation UI:
When adding a new delegation, only the first attribute selected
was saved. Now all attributes will be saved properly.
When loading the details page, the custom widgets did not store
the original values properly so is_dirty() did not work correctly.
Now this has been fixed except for the memberof attribute because
of these issues:
- https://fedorahosted.org/freeipa/ticket/869
- https://fedorahosted.org/freeipa/ticket/870
When saving the details page, the attrs were saved as an array
which was rejected by the server. Now it is stored as comma-
separated list.
