Petr Vobornik
114f11fe5a
webui: ListViewWidget
...
A widget for rendering a list of groups of items. Intended to be
used in sidebar. Plan is to serve also as a base for FacetGroupsWidget.
https://fedorahosted.org/freeipa/ticket/3129
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-03 10:42:16 +02:00
Petr Vobornik
ba0a1c6b33
include more information in metadata
...
added to commands: doc, proper args, NO_CLI
added to options: default_from, cli_name, cli_short_name and others
https://fedorahosted.org/freeipa/ticket/3129
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-03 10:42:16 +02:00
Martin Basti
884afb5d38
Server Upgrade: use debug log level for upgrade instead of info
...
Upgrade contains too many unnecessary info logs.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-03 07:47:59 +00:00
Petr Vobornik
66ea322e7e
topology: make cn of new segment consistent with topology plugin
...
Reviewed-By: David Kupka <dkupka@redhat.com>
2015-07-03 08:47:23 +02:00
Petr Vobornik
2b8e1caa7b
topologysegment: hide direction and enable options
...
These options should not be touched by users yet.
https://fedorahosted.org/freeipa/ticket/5061
Reviewed-By: David Kupka <dkupka@redhat.com>
2015-07-03 08:47:23 +02:00
Petr Vobornik
fa4954c35d
ipa-replica-manage del: add timeout to segment removal check
...
Reviewed-By: David Kupka <dkupka@redhat.com>
2015-07-03 08:47:23 +02:00
Petr Vobornik
6be7d41ba1
ipa-replica-manage del: relax segment deletement check if topology is disconnected
...
https://fedorahosted.org/freeipa/ticket/5072
Reviewed-By: David Kupka <dkupka@redhat.com>
2015-07-03 08:47:23 +02:00
Martin Babinsky
76eea85701
new commands to manage user/host/service certificates
...
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is
ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]
Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-02 14:43:44 +00:00
Martin Babinsky
53b11b6117
reworked certificate normalization and revocation
...
Validation of certificate is now handled by `x509.validate_certificate'.
Revocation of the host and service certificates was factored out to a separate
function.
Part of http://www.freeipa.org/page/V4/User_Certificates
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-02 14:43:44 +00:00
Martin Babinsky
93dab56ebf
baseldap: add support for API commands managing only a single attribute
...
This patch extends the API framework with a set of classes which add/remove
values to a single LDAPObject attribute.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-02 14:43:44 +00:00
Tomas Babej
8d30feb539
winsync_migrate: Generalize membership migration
...
https://fedorahosted.org/freeipa/ticket/4943
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
e5fe79a0f4
winsync_migrate: Migrate memberships of the winsynced users
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
199358112e
man: Add manpage for ipa-winsync-migrate
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
6462530440
idviews: Fallback to AD DC LDAP only if specifically allowed
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
f8d1458fda
winsync-migrate: Include the tool parts in Makefile and friends
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
19d62e9aa4
winsync-migrate: Move the tool under ipaserver.install package
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
e9a3b99717
winsync-migrate: Rename to tool to achive consistency with other tools
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
7017d9e8a6
winsync-migrate: Delete winsync agreement prior to migration
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
d584eb7001
winsync-migrate: Require explicit specification of the target server and validate existing agreement
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
bff7a748d6
idviews: Do not abort the find & show commands on conversion errors
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
0e11a87090
winsync-migrate: Require root privileges
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
e6a2a67d7a
dcerpc: Add debugging message to failing kinit as http
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
69c6a33216
dcerpc: Change logging level for debug information
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
cf61e2ad94
winsync-migrate: Move the api initalization and LDAP connection to the main method
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
e7d7f01d5f
migrate-winsync: Add option validation and handling
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
2104e07fa8
migrate-winsync: Create user ID overrides in place of winsynced user entries
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
4c6ff80140
winsync-migrate: Add a way to find all winsync users
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
0cb87fc31a
winsync-migrate: Add initial plumbing
...
https://fedorahosted.org/freeipa/ticket/4524
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-02 13:23:21 +02:00
Tomas Babej
ccbf267872
ipaplatform: Remove redundant definitions
...
The variables path_namespace and task_namespace in the base platform
are not used anywhere in the rest of the codebase and are just
debris from previous implementation.
This patch removes them.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-02 13:04:23 +02:00
Martin Basti
2e329ecdc7
KRA Install: check replica file if contains req. certificates
...
https://fedorahosted.org/freeipa/ticket/5059
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2015-07-02 10:59:53 +00:00
Thierry Bordaz
b5cb95431b
Display the wrong attribute name when mandatory attribute is missing
...
When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing
it displays an error with 'cn'
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-02 12:01:07 +02:00
Ludwig Krispenz
6f916b0ac9
allow deletion of segment if endpoint is not managed
...
in the preop check do not reject the deletion of a segment, if not both endpoints
are managed servers for the suffix
thisis part of work for ticlet #5072
Reviewed-By: Simo Sorce <ssorce@redhat.com>
2015-07-02 11:54:01 +02:00
Martin Basti
96c23659fc
DNS: Do not traceback if DNS is not installed
...
Instead of internal error show 'DNS is not configured' message, when a
dns* command is executed.
https://fedorahosted.org/freeipa/ticket/5017
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-01 20:19:01 +02:00
Petr Vobornik
25a5e38b85
replication: fix regression in get_agreement_type
...
dcb6916a3b
introduced a regression where
get_agreement_type does not raise NotFound error if an agreement for host
does not exist. The exception was swallowed by get_replication_agreement.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
2015-07-01 19:44:11 +02:00
Jan Cholasta
e43296ba9a
replica prepare: Do not use entry after disconnecting from LDAP
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
5b39bc1003
plugable: Remove unused call method of Plugin
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
2b12bca660
plugable: Specify plugin base classes and modules using API properties
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
4b277d0477
plugable: Change is_production_mode to method of API
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
1a21fd971c
plugable: Remove SetProxy, DictProxy and MagicDict
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
e9c9e3f009
ipaplatform: Do not use MagicDict for KnownServices
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
b1fc875c3a
plugable: Lock API on finalization rather than on initialization
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
860088208b
plugable: Do not use DictProxy for API
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
e39fe4ed31
plugable: Pass API to plugins on initialization rather than using set_api
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
2d1515323a
plugable: Load plugins only from modules imported by API
...
Previously all plugin modules imported from anywhere were added to the API.
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
481f8ddaa3
plugable: Specify plugins to import in API by module names
...
This change removes the automatic plugins sub-package magic and allows
specifying modules in addition to packages.
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
7715d5bb04
ipalib: Move find_modules_in_dir from util to plugable
...
https://fedorahosted.org/freeipa/ticket/3090
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
fe2accf776
ipalib: Load ipaserver plugins when api.env.in_server is True
...
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Jan Cholasta
f87ba5ee08
plugable: Move plugin base class and override logic to API
...
Each API object now maintains its own view of registered plugins. This change
removes the need to register plugin base classes.
This reverts commit 2db741e847
.
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2015-07-01 13:05:30 +00:00
Tomas Babej
e21dad4e1c
idviews: Remove ID overrides for permanently removed users and groups
...
For IPA users and groups we are able to trigger a removal of
any relevant ID overrides in user-del and group-del commands.
https://fedorahosted.org/freeipa/ticket/5026
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-07-01 13:06:40 +02:00
Tomas Babej
77b64e6023
idviews: Allow users specify the raw anchor directly as identifier
...
For various reasons, it can happen that the users or groups that
have overrides defined in a given ID view are no longer resolvable.
Since user and group names are used to specify the ID override objects
too by leveraging the respective user's or group's ipaUniqueID,
we need to provide a fallback in case these user or group entries
no longer exist.
https://fedorahosted.org/freeipa/ticket/5026
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2015-07-01 13:00:07 +02:00