IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
7,875 Commits 11 Branches 60 Tags
b0611bc6c36ea258addb6a07a464f5867bc489a7
Commit Graph

7875 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gabe
7eca640ffa Remove trivial path constants from modules 
https://fedorahosted.org/freeipa/ticket/4399

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
 2014-11-04 12:57:01 +01:00
Martin Basti
42724a4b22 Add bind-dyndb-ldap working dir to IPA specfile 
https://fedorahosted.org/freeipa/ticket/4657#comment:6

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-10-31 15:04:53 +01:00
Jan Cholasta
35947c6e10 Do not wait for new CA certificate to appear in LDAP in ipa-certupdate 
If new certificate is not available, reuse the old one, instead of waiting
indefinitely for the new certificate to appear.

https://fedorahosted.org/freeipa/ticket/4628

Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-30 10:51:36 +01:00
Jan Cholasta
a649a84a1b Handle profile changes in dogtag-ipa-ca-renew-agent 
To update the CA certificate in the Dogtag NSS database, the
"ipa-cacert-manage renew" and "ipa-certupdate" commands temporarily change
the profile of the CA certificate certmonger request, resubmit it and
change the profile back to the original one.

When something goes wrong while resubmitting the request, it needs to be
modified and resubmitted again manually. This might fail with invalid
cookie error, because changing the profile does not change the internal
state of the request.

Detect this in dogtag-ipa-ca-renew-agent and reset the internal state when
profile is changed.

https://fedorahosted.org/freeipa/ticket/4627

Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-29 15:06:05 +01:00
Petr Spacek
ac500003fd Fix zone name to directory name conversion in BINDMgr. 
https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Martin Basti <mbasti@redhat.com>
 2014-10-29 15:02:08 +01:00
Martin Basti
e971fad5c1 Fix dns zonemgr validation regression 
https://fedorahosted.org/freeipa/ticket/4663

Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-27 15:55:34 +01:00
Alexander Bokovoy
d6b28f29ec Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides 
https://fedorahosted.org/freeipa/ticket/4664

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-24 15:54:43 +02:00
Jan Cholasta
50e6633734 Do not check if port 8443 is available in step 2 of external CA install 
The port is never available in step 2 of external CA install, as Dogtag is
already running.

https://fedorahosted.org/freeipa/ticket/4660

Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-22 14:20:27 +02:00
Petr Vobornik
09808c92c0 build: increase java stack size for all arches 
Gradually new arches which need a bigger stack size for web ui build appear. It's safer to increase the stack size for every architecture and avoid possible future issues.

Reason: build fail on armv7hl
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-22 13:55:28 +02:00
Martin Basti
5e1172f560 fix forwarder validation errors 
Fix tests, validation in dnsconfig mod, wuser warning

Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-10-21 15:55:09 +02:00
Alexander Bokovoy
20761f7fcd Default to use TLSv1.0 and TLSv1.1 on the IPA server side 
We only will be changing the setting on the install.
For modifying existing configurations please follow instructions
at https://access.redhat.com/solutions/1232413

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-21 15:54:02 +02:00
Martin Basti
3eec7e1f53 fix DNSSEC restore named state 
Reviewed-By: Petr Spacek <pspacek@redhat.com>
 2014-10-21 15:52:47 +02:00
Alexander Bokovoy
eb4d559f3b updater: enable uid uniqueness plugin for posixAccounts 
https://fedorahosted.org/freeipa/ticket/4636

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-21 13:46:55 +02:00
Jan Cholasta
2a4ba3d3cc DNSSEC: remove container_dnssec_keys 
Reviewed-By: Martin Basti <mbasti@redhat.com>
 2014-10-21 12:23:39 +02:00
Martin Basti
10725033c6 DNSSEC: change link to ipa page 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
49547a54dd DNSSEC: add files to backup 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Petr Spacek
276e69de87 DNSSEC: add ipa dnssec daemons 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
5556b7f50e DNSSEC: ACI 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
d673ebe4a1 DNSSEC: upgrading 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
21aef21fb5 DNSSEC: uninstallation 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
e798bad646 DNSSEC: installation 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
8f2f5dfbdf DNSSEC: modify named service to support dnssec 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
ca030a089f DNSSEC: validate forwarders 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
30bc3a55cf DNSSEC: platform paths and services 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
9101cfa60f DNSSEC: opendnssec services 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
eb54814741 DNSSEC: DNS key synchronization daemon 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
bcce86554f DNSSEC: add ipapk11helper module 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
9184d9a1bb DNSSEC: schema 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
c909690c8a DNSSEC: dependencies 
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417

Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Martin Basti
78018dd67d Add mask, unmask methods for service 
This patch allows mask and unmask services in IPA

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
 2014-10-21 12:23:03 +02:00
Tomas Babej
b6b19e0cb8 spec: Bump SSSD requires to 1.12.2 
https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-21 10:34:03 +02:00
Petr Vobornik
34d3f99aae webui: update combobox input on list click 
Change event of combobox is not triggered when there is only one value. Calling it's handler even for option's 'click' event makes sure that value of input gets always updated.

https://fedorahosted.org/freeipa/ticket/4655

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-21 10:32:46 +02:00
Petr Vobornik
41a7d0bf47 webui: do not show closed dialog 
Fixes issues when dialog is not removed from `IPA.opened_dialogs` registry when dialog.close() is called while the dialog is not shown, i.e., while other dialog is shown. Without it, the dialog is could be incorrectly displayed.

New dialog's property `opened` handles whether dialog is intended to be opened.

How to test:

Add new host with IP address outside of managed reverse zones to get error 4304.

https://fedorahosted.org/freeipa/ticket/4656

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-21 10:29:53 +02:00
Sumit Bose
43f8de0c76 extdom: remove unused dependency to libsss_idmap 
https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2014-10-21 10:17:54 +02:00
Sumit Bose
0ee8fe11ae extdom: add support for sss_nss_getorigbyname() 
https://fedorahosted.org/freeipa/ticket/3979

Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
 2014-10-21 10:17:54 +02:00
Alexander Bokovoy
85ce380759 Change ipaOverrideTarget OID to avoid conflict with DNSSEC feature 2014-10-21 10:47:02 +03:00
Martin Basti
c655b7bf76 Remove ipaContainer, ipaOrderedContainer objectclass 
https://fedorahosted.org/freeipa/ticket/4646

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-20 16:58:16 +02:00
Alexander Bokovoy
bd98ab0356 Support idviews in compat tree 
Reviewed-By: Tomas Babej <tbabej@redhat.com>
 2014-10-20 16:47:49 +02:00
Tomas Babej
1cc11ebf53 Bump 4.2 development version to 4.1.99 
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-20 13:39:51 +02:00
Petr Vobornik
df1ed11b48 webui: do not offer ipa users to Default Trust View 
https://fedorahosted.org/freeipa/ticket/4616

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:29:10 +02:00
Petr Vobornik
01a9e7ef9e webui: hide (un)apply buttons for Default Trust View 
Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:25:22 +02:00
Petr Vobornik
d3f46d4e78 webui: hide applied to hosts tab for Default Trust View 
because applying Default Trust view on hosts is not allowed

https://fedorahosted.org/freeipa/ticket/4615

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:25:22 +02:00
Petr Vobornik
2e27f1ee69 webui: change order of idview's facet groups 
Applied to hosts facet should not be default because, e.g., for Default Trust View it shouldn't be even visible(o use).

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:25:22 +02:00
Petr Vobornik
896d47c92f webui: make Evented a part of base IPA.object 
1. All framework objects to use event interface
2. Framework objects can be part of specification objects but they are not deep-cloned as the rest of specification objects - usually it would cause infinite loop. This make easier to add context as a $pre-op object without a need for $pre-op function.

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:25:22 +02:00
Petr Vobornik
741c31c2b4 webui: allow --force in dnszone-mod and dnsrecord-add 
Allow to use --force when changing authoritative nameserver address in DNS zone.

Same for dnsrecord-add for NS record.

https://fedorahosted.org/freeipa/ticket/4573

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 12:06:02 +02:00
Nathaniel McCallum
68825e7ac6 Configure IPA OTP Last Token plugin on upgrade 
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-20 10:18:47 +02:00
Petr Vobornik
d8f05d8841 webui: management of keytab permissions 
https://fedorahosted.org/freeipa/ticket/4419

Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
 2014-10-20 10:13:47 +02:00
Nathaniel McCallum
41bf0ba940 Create ipa-otp-counter 389DS plugin 
This plugin ensures that all counter/watermark operations are atomic
and never decrement. Also, deletion is not permitted.

Because this plugin also ensures internal operations behave properly,
this also gives ipa-pwd-extop the appropriate behavior for OTP
authentication.

https://fedorahosted.org/freeipa/ticket/4493
https://fedorahosted.org/freeipa/ticket/4494

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-20 10:12:36 +02:00
Nathaniel McCallum
560606a991 Display token type when viewing token 
When viewing a token from the CLI or UI, the type of the token
should be displayed.

https://fedorahosted.org/freeipa/ticket/4563

Reviewed-By: Martin Kosek <mkosek@redhat.com>
 2014-10-20 09:59:19 +02:00
Martin Kosek
e296137853 Update contributors 
Add missing developers contributing to project git. Cancel "Past and
Occcasional" section and merge the people in the right categories.

Update .mailmap so that the Developer list can be easily re-generated.

Reviewed-By: Gabe Alford <redhatrises@gmail.com>
 2014-10-20 08:18:09 +02:00