IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
8,370 Commits 11 Branches 60 Tags 60 MiB
9c5df3cf76
Commit Graph

8370 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Petr Vobornik
114f11fe5a webui: ListViewWidget 
A widget for rendering a list of groups of items. Intended to be
used in sidebar. Plan is to serve also as a base for FacetGroupsWidget.

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Petr Vobornik
ba0a1c6b33 include more information in metadata 
added to commands: doc, proper args, NO_CLI

added to options: default_from, cli_name, cli_short_name and others

https://fedorahosted.org/freeipa/ticket/3129

Reviewed-By: Martin Kosek <mkosek@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-03 10:42:16 +02:00
Martin Basti
884afb5d38 Server Upgrade: use debug log level for upgrade instead of info 
Upgrade contains too many unnecessary info logs.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-03 07:47:59 +00:00
Petr Vobornik
66ea322e7e topology: make cn of new segment consistent with topology plugin 
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
2b8e1caa7b topologysegment: hide direction and enable options 
These options should not be touched by users yet.

https://fedorahosted.org/freeipa/ticket/5061

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
fa4954c35d ipa-replica-manage del: add timeout to segment removal check 
Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Petr Vobornik
6be7d41ba1 ipa-replica-manage del: relax segment deletement check if topology is disconnected 
https://fedorahosted.org/freeipa/ticket/5072

Reviewed-By: David Kupka <dkupka@redhat.com>
 2015-07-03 08:47:23 +02:00
Martin Babinsky
76eea85701 new commands to manage user/host/service certificates 
A new group of commands is introduced that simplifies adding and removing
binary certificates to entries. A general form of the command is

ipa [user/host/service]-[add/remove]-cert [pkey] --certificate=[BASE64 BLOB]

Part of http://www.freeipa.org/page/V4/User_Certificates and
https://fedorahosted.org/freeipa/ticket/4238

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Martin Babinsky
53b11b6117 reworked certificate normalization and revocation 
Validation of certificate is now handled by `x509.validate_certificate'.

Revocation of the host and service certificates was factored out to a separate
function.

Part of http://www.freeipa.org/page/V4/User_Certificates

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Martin Babinsky
93dab56ebf baseldap: add support for API commands managing only a single attribute 
This patch extends the API framework with a set of classes which add/remove
 values to a single LDAPObject attribute.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 14:43:44 +00:00
Tomas Babej
8d30feb539 winsync_migrate: Generalize membership migration 
https://fedorahosted.org/freeipa/ticket/4943

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e5fe79a0f4 winsync_migrate: Migrate memberships of the winsynced users 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
199358112e man: Add manpage for ipa-winsync-migrate 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
6462530440 idviews: Fallback to AD DC LDAP only if specifically allowed 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
f8d1458fda winsync-migrate: Include the tool parts in Makefile and friends 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
19d62e9aa4 winsync-migrate: Move the tool under ipaserver.install package 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e9a3b99717 winsync-migrate: Rename to tool to achive consistency with other tools 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
7017d9e8a6 winsync-migrate: Delete winsync agreement prior to migration 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
d584eb7001 winsync-migrate: Require explicit specification of the target server and validate existing agreement 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
bff7a748d6 idviews: Do not abort the find & show commands on conversion errors 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0e11a87090 winsync-migrate: Require root privileges 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e6a2a67d7a dcerpc: Add debugging message to failing kinit as http 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
69c6a33216 dcerpc: Change logging level for debug information 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
cf61e2ad94 winsync-migrate: Move the api initalization and LDAP connection to the main method 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
e7d7f01d5f migrate-winsync: Add option validation and handling 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
2104e07fa8 migrate-winsync: Create user ID overrides in place of winsynced user entries 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
4c6ff80140 winsync-migrate: Add a way to find all winsync users 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
0cb87fc31a winsync-migrate: Add initial plumbing 
https://fedorahosted.org/freeipa/ticket/4524

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-02 13:23:21 +02:00
Tomas Babej
ccbf267872 ipaplatform: Remove redundant definitions 
The variables path_namespace and task_namespace in the base platform
are not used anywhere in the rest of the codebase and are just
debris from previous implementation.

This patch removes them.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 13:04:23 +02:00
Martin Basti
2e329ecdc7 KRA Install: check replica file if contains req. certificates 
https://fedorahosted.org/freeipa/ticket/5059

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
 2015-07-02 10:59:53 +00:00
Thierry Bordaz
b5cb95431b Display the wrong attribute name when mandatory attribute is missing 
When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing
	it displays an error with 'cn'

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-02 12:01:07 +02:00
Ludwig Krispenz
6f916b0ac9 allow deletion of segment if endpoint is not managed 
in the preop check do not reject the deletion of a segment, if not both endpoints
are managed servers for the suffix

thisis part of work for ticlet #5072

Reviewed-By: Simo Sorce <ssorce@redhat.com>
 2015-07-02 11:54:01 +02:00
Martin Basti
96c23659fc DNS: Do not traceback if DNS is not installed 
Instead of internal error show 'DNS is not configured' message, when a
dns* command is executed.

https://fedorahosted.org/freeipa/ticket/5017

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 20:19:01 +02:00
Petr Vobornik
25a5e38b85 replication: fix regression in get_agreement_type 
dcb6916a3b introduced a regression where
get_agreement_type does not raise NotFound error if an agreement for host
does not exist. The exception was swallowed by get_replication_agreement.

Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2015-07-01 19:44:11 +02:00
Jan Cholasta
e43296ba9a replica prepare: Do not use entry after disconnecting from LDAP 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
5b39bc1003 plugable: Remove unused call method of Plugin 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
2b12bca660 plugable: Specify plugin base classes and modules using API properties 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
4b277d0477 plugable: Change is_production_mode to method of API 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
1a21fd971c plugable: Remove SetProxy, DictProxy and MagicDict 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
e9c9e3f009 ipaplatform: Do not use MagicDict for KnownServices 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
b1fc875c3a plugable: Lock API on finalization rather than on initialization 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
860088208b plugable: Do not use DictProxy for API 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
e39fe4ed31 plugable: Pass API to plugins on initialization rather than using set_api 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
2d1515323a plugable: Load plugins only from modules imported by API 
Previously all plugin modules imported from anywhere were added to the API.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
481f8ddaa3 plugable: Specify plugins to import in API by module names 
This change removes the automatic plugins sub-package magic and allows
specifying modules in addition to packages.

https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
7715d5bb04 ipalib: Move find_modules_in_dir from util to plugable 
https://fedorahosted.org/freeipa/ticket/3090

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
fe2accf776 ipalib: Load ipaserver plugins when api.env.in_server is True 
https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Jan Cholasta
f87ba5ee08 plugable: Move plugin base class and override logic to API 
Each API object now maintains its own view of registered plugins. This change
removes the need to register plugin base classes.

This reverts commit 2db741e847.

https://fedorahosted.org/freeipa/ticket/3090
https://fedorahosted.org/freeipa/ticket/5073

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
 2015-07-01 13:05:30 +00:00
Tomas Babej
e21dad4e1c idviews: Remove ID overrides for permanently removed users and groups 
For IPA users and groups we are able to trigger a removal of
any relevant ID overrides in user-del and group-del commands.

https://fedorahosted.org/freeipa/ticket/5026

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-07-01 13:06:40 +02:00
Tomas Babej
77b64e6023 idviews: Allow users specify the raw anchor directly as identifier 
For various reasons, it can happen that the users or groups that
have overrides defined in a given ID view are no longer resolvable.

Since user and group names are used to specify the ID override objects
too by leveraging the respective user's or group's ipaUniqueID,
we need to provide a fallback in case these user or group entries
no longer exist.

https://fedorahosted.org/freeipa/ticket/5026

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
 2015-07-01 13:00:07 +02:00