IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
2,252 Commits 11 Branches 60 Tags 60 MiB
b35849b47d
Commit Graph

938 Commits

Author SHA1 Message Date
Rob Crittenden
8d164569d0 Allow replicas of an IPA server using an internal dogtag server as the CA 
This involves creating a new CA instance on the replica and using pkisilent
to create a clone of the master CA.

Also generally fixes IPA to work with the latest dogtag SVN tip. A lot of
changes to ports and configuration have been done recently.
 2009-07-15 09:00:01 -04:00
Rob Crittenden
904e555404 Catch and handle HTTP exceptions (like 401, 404, etc) 2009-07-15 08:59:58 -04:00
Rob Crittenden
c0b6a78040 Require a password only once when it is passed in via a pipe 2009-07-10 16:47:35 -04:00
Rob Crittenden
d6e1e15fcd Add a one-character option for parameters 2009-07-10 16:46:34 -04:00
Rob Crittenden
fe84ffd0f1 Add a return value to exceptions. 
Returning the exception value doesn't work because a shell return value
is in the range of 0-255.

The default return value is 1 which means "something went wrong." The only
specific return value implemented so far is 2 which is "not found".
 2009-07-10 16:44:54 -04:00
Rob Crittenden
0e29dd7226 Add textui function to display and prompt user for selection for *-find. 
Since we may end up executing a *-show when an entry is selected we need
to defer destroying the connection context.
 2009-07-10 16:44:22 -04:00
Rob Crittenden
e31d5fb1cf Implement support for non-LDAP-based actions that use the LDAP ACI subsystem. 
There are some operations, like those for the certificate system, that
don't need to write to the directory server. So instead we have an entry
that we test against to determine whether the operation is allowed or not.

This is done by attempting a write on the entry. If it would succeed then
permission is granted. If not then denied. The write we attempt is actually
invalid so the write itself will fail but the attempt will fail first if
access is not permitted, so we can distinguish between the two without
polluting the entry.
 2009-07-10 16:41:05 -04:00
Pavel Zuna
551648b8a9 Change command names from *group-del-member to *group-remove-member. 
Signed-off-by: Jason Gerard DeRose <jderose@redhat.com>
 2009-07-09 13:25:19 -06:00
Pavel Zuna
34b5b0d563 Fix bug: number of found entries was reported incorrectly in some plugins. 2009-07-02 13:33:05 -04:00
Pavel Zuna
537ba4034d Make basegroup-{add, del}-member print failed members with error descriptions. 2009-07-02 13:33:05 -04:00
Pavel Zuna
5e4c0014df Fix bug: when deleting hosts, their services where deleted incorrectly 2009-07-02 13:33:04 -04:00
Pavel Zuna
3c5988d078 Remove outstanding 2's from plugins. 2009-07-02 13:33:04 -04:00
Pavel Zuna
da461998c1 Add automount plugin. 2009-07-02 13:33:03 -04:00
Pavel Zuna
57123f2a99 Fix minor bugs, typos, etc. discovered by unit tests in plugins. 2009-07-02 13:33:03 -04:00
Pavel Zuna
341a47f5a3 Fix bug in basegroup and passwd plugins (incorrect use of find_entry_by_attr). 2009-07-02 13:33:02 -04:00
Pavel Zuna
4b6a6c405c Rename *-create/*-delete commands to *-add/*-del respectively. 2009-07-02 13:33:02 -04:00
Pavel Zuna
c2d2344268 Replace references to basegroup2 in taskgroup plugin. 2009-07-02 13:33:02 -04:00
Pavel Zuna
b6cfae46e4 Rename plugins2 to plugins. 2009-07-02 13:33:02 -04:00
Pavel Zuna
e1e1db9c9f Rename plugins2 files (remove '2' suffix'). 2009-07-02 13:33:01 -04:00
Pavel Zuna
8c7883364c Remove use_ldap2 constant. 2009-07-02 13:33:01 -04:00
Pavel Zuna
ebdebe802d Remove all references to use_ldap2. 2009-07-02 13:33:01 -04:00
Pavel Zuna
3ce00484f4 Always use new LDAP backend when creating context. 2009-07-02 13:33:00 -04:00
Pavel Zuna
4b993782e6 Delete plugins using old LDAP backend. 2009-07-02 13:33:00 -04:00
rcrit
9352d2fc10 Add a local implementation of httplib.SSLFile and httplib.FakeSocket 
Python 2.6 changed its internal implementation which makes it difficult
to override in a way that is backwards compatible.

508953
 2009-07-01 08:51:23 -04:00
Rob Crittenden
e46fd3401e Two new arguments for the help built-in command: topics and commands 
ipa help topics will show all topics (equivalent to ipa help)
ipa help commands will show list of all available commands
 2009-06-15 14:03:12 -04:00
Rob Crittenden
b83badd73b Fix typo in variable name, object_classs->object_class 2009-06-15 13:55:58 -04:00
Pavel Zuna
2ff4b3906f Change plugins2 using find_entries to support incomplete (truncated) search results. 2009-06-15 11:19:04 -04:00
Pavel Zuna
48e1f47ed1 Add new set of base classes for plugins using LDAP. 2009-06-15 11:18:59 -04:00
Pavel Zuna
ad54fc3399 Add support for incomplete (truncated) search results. 
ldap2.find_entries now returns a tuple containing 2 values. First,
a list of entries (dn, entry_attrs), Second, the truncated flag. If
the truncated flag is True, search results hit a server limitation
and are incomplete.

This patch also removes decoding of non-string scalar python types into
unicode (they are left unchanged).
 2009-06-15 11:18:55 -04:00
Pavel Zuna
473e03d2f7 Add host plugin port to new LDAP backend. 2009-06-12 15:53:25 -04:00
Pavel Zuna
b8fdcb3a0b Add passwd plugin port to new LDAP backend. 2009-06-10 11:55:09 -04:00
Pavel Zuna
a5292b2280 Add ACI plugin port to new LDAP backend. 2009-06-10 11:55:03 -04:00
Pavel Zuna
8edaff5266 Generate crud.Search arguments with get_args. 2009-06-10 11:53:20 -04:00
Pavel Zuna
dc23be6878 Make get_dn parameter list more generic. Fix Attribute name regex. 
The old name regex made it impossible to have Attribute instances with
names composed of more than two words separated by underscores.
 2009-06-10 11:53:14 -04:00
Pavel Zuna
4b08770b78 Add 'parent_key' kwarg in Param class. 2009-06-10 11:53:10 -04:00
Pavel Zuna
c47d716e95 Modify PluginProxy to use __public__ defined in derived classes instead of base classes. 2009-06-10 11:53:07 -04:00
Pavel Zuna
789fec4381 Add service plugin port to new LDAP backend. 2009-06-10 11:51:49 -04:00
Pavel Zuna
cda0f85ce5 Fix bug in Encoder where tuples were encoded into lists. Fix Encoder and Command.args_options_2_entry unit tests. 2009-06-10 11:51:10 -04:00
Rob Crittenden
16f19990ae Fix plugin API errors 2009-06-03 09:49:14 -04:00
Rob Crittenden
3e8aac875f Fix the help text 2009-06-03 09:46:42 -04:00
Pavel Zuna
83f45cc541 Fix DS ACI parsing. 2009-06-02 16:20:48 -04:00
Pavel Zuna
90cc00feab Make delegation plugin consistent with plugins2 and use new Crud methods. 2009-06-02 16:20:44 -04:00
Pavel Zuna
66d291001a Remove unused reference to old LDAP backend in join plugin. 2009-06-02 16:20:41 -04:00
Pavel Zuna
a1548bc670 Fix bug where List parameters where always cloned with keywords parsed from name. 2009-06-02 16:20:35 -04:00
Pavel Zuna
b29006dd0a Add pwpolicy plugin port to new LDAP backend. 2009-05-27 10:02:50 -04:00
Pavel Zuna
924010cfc9 Add defaultoptions plugin port to new LDAP backend. 2009-05-26 14:50:31 -04:00
Pavel Zuna
13b55b5a52 Add taskgroup plugin port to new LDAP backend. 2009-05-26 14:50:28 -04:00
Pavel Zuna
5a8573129c Add rolegroup plugin port to new LDAP backend. 2009-05-26 14:50:26 -04:00
Pavel Zuna
56e001fd88 Add new env variables: container_taskgroup, container_rolegroup and container_netgroup. 2009-05-26 14:50:24 -04:00
Rob Crittenden
0353be6810 Dogtag keeps telling me to use port 9444 and not 9443, use it. 2009-05-26 14:25:52 -04:00
Pavel Zuna
a92e440218 Clone options of crud.Update and crud.Search with autofill=False. 2009-05-26 13:36:58 -04:00
Pavel Zuna
37a391cd78 Make plugins2 use lowercase when reffering to LDAP attributes. 2009-05-22 15:58:09 -06:00
Pavel Zuna
9468c9fca8 Fix bug where finalized IPA object where trying to modify their member variables in Encoder methods. 2009-05-22 15:57:27 -06:00
Rob Crittenden
cac8ebb866 Fix typo, occured -> occurred 2009-05-21 22:43:07 -04:00
Rob Crittenden
067b5c122c Add a format to the generic KerberosError class 2009-05-21 15:37:12 -06:00
Rob Crittenden
13696ae18b Raise an exception if the certificate chain is not returned from the CA 2009-05-21 17:34:00 -04:00
Pavel Zuna
eec367b0c8 Fix bug in group2-mod command. 
posixGroup object class was added to the group entry incorrectly when modifying gid number.
 2009-05-21 15:22:58 -06:00
Rob Crittenden
fe012f4ff2 Fix a few issues introduced by the new Param.use_in_context() patch 2009-05-21 14:33:23 -04:00
Jason Gerard DeRose
7e58b29a92 Completed Param.use_in_context() functionality, which is now used by Command and Object 2009-05-21 14:32:45 -04:00
Pavel Zuna
7b93f7bbd7 Add netgroup plugin port to new LDAP backend. 2009-05-20 16:46:56 -06:00
Pavel Zuna
75a70af943 Add hostgroup plugin port to new LDAP backend. 2009-05-20 16:46:48 -06:00
Pavel Zuna
1e55b0a1ab Fix counting of successfully added members. Add checks for use_ldap2 in group2. Some cosmetic changes. 2009-05-20 16:46:39 -06:00
Pavel Zuna
a3ae5047f3 Add group plugin port to new LDAP backend. 2009-05-20 16:46:28 -06:00
Jason Gerard DeRose
3a4828b372 Fixed doctest for errors.NotFound 2009-05-19 13:53:45 -06:00
Jason Gerard DeRose
4f9224774f Added Param 'include' and 'exclude' kwargs; added frontend.UsesParams base class with methods implementing the filtering to restrict params to only certain contexts 2009-05-19 13:49:15 -06:00
Pavel Zuna
9437fc669e Add Encoder base class and method decorators to encode arguments/decode return values. Also - unit tests. 2009-05-19 09:56:39 -04:00
Rob Crittenden
e5bec4ae39 Schema change so the nisnetgroup triples work properly. 
If we use cn for hostname there is no easy way to distinguish between
a host and a hostgroup. So adding a fqdn attribute to be used to store
the hostname instead.
 2009-05-19 09:54:17 -04:00
Jason Gerard DeRose
87480b7bde Re-enable doctest, fix broken docstrings 2009-05-13 14:22:09 -04:00
Rob Crittenden
5e3cdb9643 Remove all services when a host is removed Revoke certificate (if any) when a service is removed 2009-05-13 14:17:21 -04:00
Rob Crittenden
014f3ff1c6 Improve revocation_reason argument 2009-05-13 14:17:03 -04:00
Rob Crittenden
1c31b5bc08 Add a reason to the NotFound exception so we can provide more robust errors 2009-05-13 14:16:44 -04:00
Jason Gerard DeRose
ae38a2461f Force xmlrpc tests to run with in_tree=True so config files in /etc/ipa/ don't get read; cleaned up config.Env automagic with regard to running in-tree vs. installed 2009-05-11 16:17:08 -04:00
Rob Crittenden
0d6aaef2e1 We decided not to issue a certificate on join 2009-05-07 10:54:21 -04:00
Rob Crittenden
8f1df0fe8a Store the new certificate in a service record. Clean up some argument names to match the current standard. 2009-05-07 10:54:14 -04:00
Rob Crittenden
0d538b20f2 Make MalformedServicePrincipal take a reason arg and add Base64DecodeError 2009-05-06 11:29:11 -04:00
Rob Crittenden
5405c01025 Add validator and normalizer for service principals Add --certificate argument Update default objectclasses Use the crud.Search method for service-find 2009-05-06 11:28:49 -04:00
Rob Crittenden
c0020955a5 Some minor cosmetic changes 2009-05-04 18:01:06 -04:00
Rob Crittenden
a7a16272b1 When reading a password, if there is no tty, read from stdin instead. 
This will allow one to pipe a password in:

echo -e "secret123\secret123\n" | ipa password someuser
 2009-05-04 17:43:14 -04:00
Rob Crittenden
d4076915cd Add posixGroup to the objectclass list if gidnumber is set 
498335
 2009-05-04 17:43:00 -04:00
Rob Crittenden
c8ee910ff6 Issue an SSL server cert when joining the IPA domain 2009-05-04 17:41:06 -04:00
Rob Crittenden
8424ea8c03 A class for dealing with a temporary NSS certificate database 2009-05-04 16:56:12 -04:00
Pavel Zuna
36c239cda4 Add DNS management plugin port to the new ldap backend. 2009-04-30 16:17:49 -04:00
Pavel Zuna
9992b23a08 Change help interface to display builtin commands and a list of topics based on plugin modules. 2009-04-30 15:55:16 -04:00
Pavel Zuna
75b551fd5e Use right attribute name for e-mail in user2 plugin. 2009-04-30 13:50:05 -04:00
Rob Crittenden
21ccdec860 Add missing required attribute, nisdomainname 2009-04-30 13:26:27 -04:00
Rob Crittenden
536b215078 Use correct attribute for e-mail address 
Resolves 498269
 2009-04-29 13:51:47 -04:00
Jason Gerard DeRose
3f4a0a2d77 Fixed cli.run() catching SystemExit exception under Python2.4 
Resolves BZ #498088
 2009-04-28 22:29:10 -04:00
David O'Brien
763c7ef914 trivial update to standardize terms in docstring 2009-04-28 13:32:01 -04:00
Rob Crittenden
298d5fbce4 Import the RequiresRoot error and make note to replace this at some point 2009-04-24 16:22:22 -04:00
Pavel Zuna
7d0bd4b895 Rename errors2.py to errors.py. Modify all affected files. 2009-04-23 10:29:14 -04:00
Pavel Zuna
596d410471 Make LDAP entry output slightly nicer, don't print u's in front of unicode strings etc. 2009-04-23 10:25:51 -04:00
Pavel Zuna
4e48e1fbf7 Introduce AlreadyGroupMember exception, raised when a member is attempted to be re-added to a group. 2009-04-22 15:18:47 -04:00
Pavel Zuna
af82879009 Add user plugin port with some bugs fixed to the new LDAP backend. 2009-04-22 15:16:51 -04:00
Pavel Zuna
9ecbd845d4 Add conditional (env.use_ldap2 is True) modifications required by new LDAP backend. 2009-04-22 15:14:24 -04:00
Pavel Zuna
ff0819b189 Add new env variables. 'container_dns' for DNS plugin, 'use_ldap2' for new LDAP backend debugging. 2009-04-22 15:12:39 -04:00
Rob Crittenden
64fa3dd4c3 Finish work replacing the errors module with errors2 
Once this is committed we can start the process of renaming errors2 as errors.
I thought that combinig this into one commit would be more difficult to
review.
 2009-04-20 13:58:26 -04:00
Rob Crittenden
a9387b48e6 Handle GSSAPI exceptions more gracefully 2009-04-20 13:44:08 -04:00
Rob Crittenden
e6171404bf Make parentmap a autofill variable and add tests when parentmap is not passed 2009-04-13 15:22:49 -04:00
Rob Crittenden
8821d8cac3 Fill in default values for os and platform 2009-04-13 14:54:16 -04:00
root
6ca80e312a Add 'container_hbac' env variable. 2009-04-03 14:07:30 -04:00