Performing I18N completely on the server, to leverage the
existing gettext architecture.
Also, the browser does not have access to the Language header.
Added the additional po files for a set of required languages
conflict with install/static/ipa.js was resolved.
Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS
file with the languages for which we want support. If we don't
add the .po files in, they get automatically generated by the rpmbuild
process. Our implementation of gettext has a bug in it (It might
be F13 thing) where the the Plurals line is not getting correctly
transformed, which causes a build failure. However, since the
RPM would have the .po files anyway, we should revision control
the ones we have, even if they are empty.
Fixed the Bug reporting url to the original value.
Corrected the Chartype encoding for UK
The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user.
Also fixed a bug where, when reloading, the search page would fail due to scl being undefined.
Fixed a typo
replaced {'user-facet':'details', 'pkey':whoami_pkey},2);
with {'user-facet':'details', 'user-pkey':whoami_pkey},2);
Test framework for Web UI has been created using qUnit. The test files
are located in install/static/test. The main page is index.html which
contains links to all test suites (xxx_tests.html). The test cases are
stored in xxx_tests.js. All test suites can be executed at once using
all_tests.html. The test data is stored in data folder. This patch
includes test suites for ipa.js and entity.js.
Some variables and functions in ipa.js have been modified to accomodate
testing (e.g. JSON URL, error handler, synchronous operation). The
sampledata has been moved to test/data. The develop.js and webui.js also
have been modified accordingly.
Fix a logic problem in ldap2:get_schema() for determining if it
can fetch the schema or not. Normally we only want to do this for servers
but if you pass in your own connection it will use that.
This was meant to catch the case where the client wasn't configured and
it missed the most obvious one: the client was installed and is now
uninstalled.
This has been annoying for developers who switch back and forth. It will
still break v1 but at least going from v1 to v2 will work seemlessly.
ticket 240
The enroll facet has been converted into a dialog box. This dialog
box will appear when the user clicks the enroll button above the
association list. When the user clicks the enroll button in the
dialog box, the new associations will be created, then the list will
be refreshed to show the changes.
The SerialAssociator and BulkAssociator have been modified to accept
an on_success function which will be called when the whole operation
is completed successfully. This is used to refresh the list and close
the dialog box appropriately.
Some other changes were also made to improve code clarity.
Selects the site map based on the presence or absense of rolegroups for
the current user. If the user has no rolegroups, UI defaults to the Details page for that user.
Corrected to leave two levels of tabs
If we pass in the domain and server to ipa-client-install it doesn't do
service discovery which is what we want. We want to be sure the server
is properly configured at install time.
python-configobj is a leftover from TurboGears requires as far as I can tell.
The ipa-ldap-updater message was supposed to detect when an upgrade was
installed but not applied. We are doing upgrades differently in v2.
tickets 141 and 219
Note that this doesn't rely on IPA having a configured DNS server.
It passes the host name to the resolver and doesn't try to do a lookup
within the IPA DNS directly (e.g. no internal LDAP search).
Tries to determine if a domain is included and if not then the IPA
domain is added. This won't do the right thing if there are multiple
configured subdomains.
ticket 106
The Makefile.am and index.xhtml has been modified to include
rolegroup.js. The webui.js has been modified to register the
rolegroup tab.
The rolegroup.js defines the rolegroup's search, add, and details
pages. Sample data for some rolegroup operations have been added.
Unenrollment means that the host keytab is disabled on the server making
it possible to re-install on the client. This host principal is how we
distinguish an enrolled vs an unenrolled client machine on the server.
I added a --unroll option to ipa-join that binds using the host credentials
and disables its own keytab.
I fixed a couple of other unrelated problems in ipa-join at the same time.
I also documented all the possible return values of ipa-getkeytab and
ipa-join. There is so much overlap because ipa-join calls ipa-getkeytab
and it returns whatever value ipa-getkeytab returned on failure.
ticket 242
Passing domain and server on the command-line used to be considered as
DNS autodiscovery worked. This was problematic if there was in fact no
SRV records because krb5.conf would be configured without a specific KDC
causing all Kerberos ops to fail.
Now if you pass in a domain/server it still tries to see if they are
discoverable and if so won't hardcode a server, but will fall back to doing
so if necessary.
Also be a lot more aggressive on looking for the SRV records. Use the
search and domain values from /etc/resolv.conf on the chance that the
SRV records aren't in the domain of the hostname of the machine.
An example of this would be if your laptop is in dhcp.example.com and
your company's SRV records are in corp.example.com. Searching
dhcp.example.com and example.com won't find the SRV records but the user
is likely to have corp.redhat.com in the search list, at least.
ticket 234
The add.js has been modified to support adding new entry with
dynamically generated pkey.
The index.xhtml has been modified to include service.js.
The service.js has been modified to use the new API to define
the search, add, and details fields. Callbacks are used to
add quick links and generate pkey dynamically.
The webui.js has been modified to add the Services tab.
The render_call() signature has been modified to pass the entry_attrs
so each callback function can construct the appropriate quick links
using any attributes from the search results.
The callback function has been implemented for user and group entities.
Quick summary:
- use jQuery UI and jQuery BBQ libraries
- code restructuring
The patch has so many changes they can't be listed here. Many parts
of the code have been rewritten from scrach.
See freeipa-devel mailing list:
webUI code restructuring [wall of text, diagrams, ... you've been warned!]
2010-09-07
This addresses some problems trying to build on non-Fedora/RHEL
distributions, notably Gentoo and Ubuntu/Debian.
Patch contributed by Ian Kumlien <pomac@vapor.com>
We used to check for these one at a time so you'd run it once and find
out you're missing the bind package. Install that and run the installer
again and you'd discover you're missing bind-dyndb-ldap.
ticket 140
* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema
No SUDO rules are created by default by this patch.
