Commit Graph

2506 Commits

Author SHA1 Message Date
Rob Crittenden
9922f47ecb Do a better query so we can optimize seeing if a cospriority is unique 2010-03-23 14:03:26 -04:00
John Dennis
04cb57eeb6 Update Polish and Chinese translations 2010-03-22 13:46:10 -04:00
John Dennis
1b31415343 update Polish translations 2010-03-22 13:46:05 -04:00
Pavel Zuna
c9831d1cc6 Use ldap2.make_*dn* methods in pwpolicy plugin.
Fixes #572423.
2010-03-22 11:49:20 -04:00
Pavel Zuna
43ab2c483d Add INTERNAL flag to frontend plugins. If set, the plugin won't show in UI. 2010-03-22 10:41:36 -04:00
Rob Crittenden
c19911845d Use GSSAPI auth for the ipa-replica-manage list and del commands.
This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.

Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.
2010-03-19 17:17:14 -04:00
Rob Crittenden
664ae51eb6 Raise an error if no modifications were performed in an update.
This will alert the user that nothing was done and is handy when used
with --attr=''. This can be used to delete a non-required attribute but
can be set to any valid attribute, present or not. We should alert the
user if they attempt to delete a non-existant value.
2010-03-19 08:33:42 -06:00
Rob Crittenden
99da0d88f0 Provide mechanism in ipautil.run() to not log all arguments.
This is primarily designed to not log passwords but it could have other
uses.

567867
2010-03-19 07:59:24 -06:00
rcrit
a887922fa9 Add option to enable pam_mkhomedirs in the IPA client installer 2010-03-19 07:58:47 -06:00
rcrit
3998078461 Fix the client and client-rpms make targets 2010-03-19 07:57:55 -06:00
Rob Crittenden
d13fcb6a0c Ensure that the group policy priority is unique.
We use CoS to determine the order in which group policy is applied. The
behavior in CoS is undefined for multiple entries with the same
cospriority.
2010-03-19 07:13:33 -06:00
Rob Crittenden
ff4ddbbb72 Better customize the message regarding the CA based on the install options.
There are now 3 cases:

- Install a dogtag CA and issue server certs using that
- Install a selfsign CA and issue server certs using that
- Install using either dogtag or selfsign and use the provided PKCS#12 files
  for the server certs. The installed CA will still be used by the cert
  plugin to issue any server certs.
2010-03-19 04:55:33 -06:00
Rob Crittenden
f4cb248497 Make CA PKCS#12 location arg for ipa-replica-prepare, default /root/cacert.p12
pki-silent puts a copy of the root CA into /root/tmp-ca.p12. Rename this
to /root/cacert.p12.
2010-03-19 04:45:41 -06:00
Rob Crittenden
99cb2fe64a Initialize the api so imports work, trust all CAs included in the PKCS#12. 2010-03-19 04:41:05 -06:00
Rob Crittenden
00f27fe8c9 Fix a number of bugs in the pwpolicy plugin
This fixes:
- Consistent usage of priority vs cospriority in options
- Fixes bug introduced with recent patch where global policy couldn't be
  updated
- Doesn't allow cospriority to be removed for groups (#570536)
- returns the priority with group policy so it can be displayed
- Properly unicode encode group names for display
2010-03-19 04:36:56 -06:00
Rob Crittenden
b46f262a60 Include params in Method.output_params
Method overrides the Command get_output_params() method and only returns
the object params, not anything defined within the method itself. Return
those as well so they are displayed in output. Some care needs to be taken
to avoid returning duplicate values. In the case of duplicates the
value in obj.params wins.
2010-03-19 04:31:40 -06:00
Rob Crittenden
1400c85188 Catch modifications with no updates and raise an error
569848
2010-03-17 23:52:15 -06:00
Rob Crittenden
f0d51b65f1 Retrieve the LDAP schema using kerberos credentials.
This is required so we can disable anonymous access in 389-ds.
2010-03-17 23:36:53 -06:00
John Dennis
c1b828563b Update Ukrainian translations 2010-03-17 10:58:44 -04:00
Rob Crittenden
53d1cf1644 Handle the case where the DS group exists but the user does not
If the group exists but the user doesn't then useradd blows up
trying to create the user and group. So test to see if the group
exists and if it does pass along the -g argument to useradd.

Resolves #502960
2010-03-16 22:42:39 -06:00
Rob Crittenden
4216a627c3 Proper use of set up vs setup (verb vs noun)
Resolves #529787
2010-03-16 22:37:26 -06:00
Rob Crittenden
7ff4efecaa Fix typo in automount doc message.
Update the po to pick up this change too.

573979
2010-03-16 17:23:06 -04:00
John Dennis
f932123e4d Add Ukrainian translations 2010-03-16 13:59:48 -04:00
John Dennis
ae1d6d38f0 remove .pot target from Makefile.in
We want to manually make the .pot file, we shouldn't have anything
in the Makefile which will cause the .pot file to be rebuilt
because of dependencies.
2010-03-16 13:58:17 -04:00
Jason Gerard DeRose
c350f84134 Finish deferred translation mechanism 2010-03-16 11:41:22 -06:00
John Dennis
a0a94a9a04 Update Spanish translations 2010-03-09 17:28:42 -05:00
John Dennis
f72c26f956 Add Chinese Simplified (zh_CN) translation 2010-03-09 17:28:37 -05:00
Pavel Zuna
b0f302bd99 Provide more detailed NotFound error messages from baseldap classes. 2010-03-09 16:52:47 -05:00
John Dennis
b75d06e189 localize doc strings
A number of doc strings were not localized, wrap them in _().
Some messages were not localized, wrap them in _()

Fix a couple of failing tests:
The method name in RPC should not be unicode.
The doc attribute must use the .msg attribute for comparison.

Also clean up imports of _() The import should come from
ipalib or ipalib.text, not ugettext from request.
2010-03-08 21:10:36 -07:00
Rob Crittenden
b9df4f7f29 Don't create /var/log/ipa_error.log since we aren't using TurboGears any more. 2010-03-08 15:16:34 -05:00
Rob Crittenden
f7b512b826 When raising an error about a required attribute, use cli_name not name.
name is an LDAP attribute and may not be easily identifiable (e.g. sn).
2010-03-07 13:04:50 +01:00
Rob Crittenden
96d7de9cae Don't calculate min/max lifetime if None is passed in.
None is passed if the option is set with --minlife=''. This is a valid
use case to delete a non-required attribute. In this case we simply
don't do the math on None and things work as expected.

569847
2010-03-07 12:29:31 +01:00
John Dennis
789cba4378 fix bug 570392, command help traceback
As a consequence of using doc=_('some message') the _()
method was returning a Gettext instance, thus when optparse
was handed the help text it received a Gettext instance instead
of a basestring. optparse tried to operate on the Gettext instance
as if it were a basestring and since it wasn't threw an exception.
The fix is to promote (e.g. cast) the option.doc to unicode.
If the option.doc was a str it becomes unicode, if it was unicode
nothing happens, if it was Gettext (or any other object implementing
the __unicode__() method) object is converted to unicode via the
objects rules.

By the way, while debugging this I discovered strings which were not
localized, sometimes option.doc would be a str and sometimes a Gettext
object. In a subsequent patch I'll fix all those unlocalized doc
strings, but I don't want to bury this fix along with a load of
string fixes.
2010-03-05 10:03:41 -05:00
John Dennis
1289285d49 Fix JSON binary encode and decode errors
Traverse the objects passed to JSON for encoding and decoding.
When binary data is seen during encode replace the binary
data with a dict {'__base64__' : base64_encoding_of_binary_value}.

On decode if a dict is seen whose single key is '__base64__' replace
that dict with the base64 decoded value of the key's value.
2010-03-04 15:30:16 -05:00
John Dennis
06e5b8bd6b Install Contributors.txt 2010-03-04 14:52:39 -05:00
John Dennis
00d67b6a2c Rework contributors list from Simo's input 2010-03-04 14:51:52 -05:00
John Dennis
abe4e4526d update POT 2010-03-02 18:22:13 -05:00
Rob Crittenden
bc47ad0c22 Make the CA a required component and configured by default.
To install IPA without dogtag use the --selfsign option.

The --ca option is now deprecated.

552995
2010-03-02 18:21:12 -05:00
Rob Crittenden
d6a79f9cd8 Add the popt auto-help/usage macro for enhanced help output. 2010-03-02 18:20:13 -05:00
Rob Crittenden
889cf124d8 Update available options and descriptions in client man pages 2010-03-02 18:20:07 -05:00
Jason Gerard DeRose
3b4c4acfd2 Fixed ipa.spec.in to include share/ipa/wsgi.py* 2010-03-01 21:41:41 -07:00
Jason Gerard DeRose
1d529a8d09 Run ipaserver under mod_wsgi 2010-03-01 20:22:22 -07:00
Jason Gerard DeRose
942919bef7 Consolidate to single WSGI entry point 2010-03-01 20:21:38 -07:00
John Dennis
5220c949a4 More Kannada translations 2010-03-01 16:59:36 -05:00
John Dennis
2ddaf09802 full Spanish translations as of 20100225 2010-03-01 16:58:49 -05:00
Pavel Zuna
41312ca166 Code cleanup: remove unused stuff, take 1. 2010-03-01 16:53:30 -05:00
John Dennis
9873ec1ca3 Add more Spanish translations 2010-02-26 12:36:18 -05:00
Rob Crittenden
766757e4d4 Fix unicode failures in Env tests and dn failures in XML-RPC tests 2010-02-26 12:31:11 -05:00
Rob Crittenden
0700f4d7ca Don't try to revoke a cert that is already revoked.
We get a bit of an unusual error message back from dogtag when trying
to revoke a revoked cert so check its status first.
2010-02-26 12:30:01 -05:00
John Dennis
fc13134455 Add contributors file.
This gets installed along side the LICENSE and README files in the doc
dir for each rpm package.
2010-02-24 15:01:24 -05:00