User can set realm not matching one resolved from DNS. This is useful especially
when DNS is missconfigured.
https://fedorahosted.org/freeipa/ticket/4444
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The CA cert specified by --root-ca-file option must always be the CA cert of
the CA which issued the server certificates in the PKCS#12 files. As the cert
is not actually user selectable, use CA cert from the PKCS#12 files by default
if it is present.
Document --root-ca-file in ipa-server-install man page.
https://fedorahosted.org/freeipa/ticket/4457
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Make validation more strict
* DS, NS, DNAME owners should not be a wildcard domanin name
* zone name should not be a wildcard domain name
Ticket: https://fedorahosted.org/freeipa/ticket/4488
Reviewed-By: Petr Spacek <pspacek@redhat.com>
bind-dyndb-ldap's bug caused test failure
https://fedorahosted.org/bind-dyndb-ldap/ticket/123
Owners with NS record works with the bug
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
FreeIPA certmonger module changed to use D-Bus to communicate with certmonger.
Using the D-Bus API should be more stable and supported way of using cermonger than
tampering with its files.
>=certmonger-0.75.13 is needed for this to work.
https://fedorahosted.org/freeipa/ticket/4280
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This is to avoid chicken-egg problem when directory server fails to start
without resolvable hostname and named fails to provide hostname without
directory server.
https://fedorahosted.org/freeipa/ticket/4220
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Also, remove the attempt to load the objectClasses when absent. This
never makes sense during an add operation.
https://fedorahosted.org/freeipa/ticket/4455
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This patch adds an explicit build dependency to
python-backports-ssl_match_hostname.
Without it, the build-time lint would fail.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Without python-backports-ssl_match_hostname installed, an ipa-client
installation could have failed with:
from backports.ssl_match_hostname import match_hostname
ImportError: No module named ssl_match_hostname
This patch adds an explicit dependency to
python-backports-ssl_match_hostname.
https://fedorahosted.org/freeipa/ticket/4515
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Certain operations against AD domain controller can only be done if its
FSMO role is primary domain controller. We need to use writable DC and
PDC when creating trust and updating name suffix routing information.
https://fedorahosted.org/freeipa/ticket/4479
Reviewed-By: Sumit Bose <sbose@redhat.com>
- Make ipa trust-add command interactive for realm_admin and realm_passwd
- Fix 'Active directory' typo to 'Active Directory'
https://fedorahosted.org/freeipa/ticket/3034
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
action buttons associated with batch actions were enabled by default, but
they were disabled right after facet creation and a load of data. It caused
a visual flicker.
UX is enhanced by making them disabled by default.
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- save one click by opening edit dialog right after adding new row
- add margin between fingerprint and "show/edit" button
- fix honoring of writable/read-only flags upon row creation
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- category radio line has line-height large enough to contain
undo button -> content doesn't move several pixels on change
- remove vertical padding from btns in table headers to maintain
about the same height
- remove invisible border from link buttons to have the same height
for disabled and enabled button
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Tooltips were added to "User authentication types" and "Default user
authentication types" to describe their relationship and a meaning of
not-setting a value.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Allow to set 'tooltip' attribute in spec. It displays info icon
with Bootstrap's tooltip near field's label.
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- use title for input's elements 'title' attribute
- tooltip for Bootstrap's tooltip component
https://fedorahosted.org/freeipa/ticket/4471
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- added cancel button to reset password view of login screen
- re-implemented buttons hiding mechanism
- switching between 'Reset Password' and 'Reset Password and Login' according to presence of value in OTP field
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
- add info icons to distinguish and classify the messages.
- add info text for OTP fields
- fix login instruction inaccuracy related to position of login button
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
The notification is a primary information of the page. It should be more highlighted.
https://fedorahosted.org/freeipa/ticket/4470
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Requiring a specific version of Java leads to breakages, like the
one happening on nightly builds in Fedora Rawhide right now.
We should use the more generic 'java' BuildRequires instead of the
versioned one.
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
add_table_record call used old selector for add button which
caused 3 fails in CI:
- ERROR: Test automember rebuild membership feature for hosts
- ERROR: Test automember rebuild membership feature for users
- ERROR: Basic CRUD: dns
related to:
https://fedorahosted.org/freeipa/ticket/4258
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
On page:
- styled to use proper line breaks
- "centered" by .container class and not by huge padding
Console:
- proper line breaks
- links in stack trace are clickable(Chrome)
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
Adds an integration tests that checks that all trustdomains are
able to be found by trustdomain-find command right after the
trust has been established.
Also moves some code to allow easier adding common test cases for
both POSIX and non-POSIX test classes.
https://fedorahosted.org/freeipa/ticket/4208
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
When a CIFS service exists and adtrust agents group does not
have it as a member attribute (for whatever reason), re-running
ipa-adtrust-install does not fix the inconsistency.
Make the installer more robust by being able to fix the inconsistency.
https://fedorahosted.org/freeipa/ticket/4464
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
