This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.
Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.
This will alert the user that nothing was done and is handy when used
with --attr=''. This can be used to delete a non-required attribute but
can be set to any valid attribute, present or not. We should alert the
user if they attempt to delete a non-existant value.
There are now 3 cases:
- Install a dogtag CA and issue server certs using that
- Install a selfsign CA and issue server certs using that
- Install using either dogtag or selfsign and use the provided PKCS#12 files
for the server certs. The installed CA will still be used by the cert
plugin to issue any server certs.
This fixes:
- Consistent usage of priority vs cospriority in options
- Fixes bug introduced with recent patch where global policy couldn't be
updated
- Doesn't allow cospriority to be removed for groups (#570536)
- returns the priority with group policy so it can be displayed
- Properly unicode encode group names for display
Method overrides the Command get_output_params() method and only returns
the object params, not anything defined within the method itself. Return
those as well so they are displayed in output. Some care needs to be taken
to avoid returning duplicate values. In the case of duplicates the
value in obj.params wins.
If the group exists but the user doesn't then useradd blows up
trying to create the user and group. So test to see if the group
exists and if it does pass along the -g argument to useradd.
Resolves#502960
We want to manually make the .pot file, we shouldn't have anything
in the Makefile which will cause the .pot file to be rebuilt
because of dependencies.
A number of doc strings were not localized, wrap them in _().
Some messages were not localized, wrap them in _()
Fix a couple of failing tests:
The method name in RPC should not be unicode.
The doc attribute must use the .msg attribute for comparison.
Also clean up imports of _() The import should come from
ipalib or ipalib.text, not ugettext from request.
None is passed if the option is set with --minlife=''. This is a valid
use case to delete a non-required attribute. In this case we simply
don't do the math on None and things work as expected.
569847
As a consequence of using doc=_('some message') the _()
method was returning a Gettext instance, thus when optparse
was handed the help text it received a Gettext instance instead
of a basestring. optparse tried to operate on the Gettext instance
as if it were a basestring and since it wasn't threw an exception.
The fix is to promote (e.g. cast) the option.doc to unicode.
If the option.doc was a str it becomes unicode, if it was unicode
nothing happens, if it was Gettext (or any other object implementing
the __unicode__() method) object is converted to unicode via the
objects rules.
By the way, while debugging this I discovered strings which were not
localized, sometimes option.doc would be a str and sometimes a Gettext
object. In a subsequent patch I'll fix all those unlocalized doc
strings, but I don't want to bury this fix along with a load of
string fixes.
Traverse the objects passed to JSON for encoding and decoding.
When binary data is seen during encode replace the binary
data with a dict {'__base64__' : base64_encoding_of_binary_value}.
On decode if a dict is seen whose single key is '__base64__' replace
that dict with the base64 decoded value of the key's value.