Replace all IPA.command, IPA.batch_command and IPA.concurrent_command usages
by equivalents from rpc module.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
- moves RPC code from ipa.js to it's own module
- part of ongoing effort where the ultimate goal is to get rid of ipa.js
and IPA namespace
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
When some module used 'freeipa/navigation' it pulled the entire Web UI
because navigation depended on app.
This patch splits the app into two modules: app and app_container.
App specifies the entities which are part of final application.
app_container module represents the application boot classes. Navigation
now depends on app_container.
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
python-pyasn1 and python-qrcode were imported by ipalib but not
required by python subpackage.
https://fedorahosted.org/freeipa/ticket/4275
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
In test_trust.py, several tests did case sensitive search on the output of
the ipa idrange-show command. This could cause false negatives.
Part of: https://fedorahosted.org/freeipa/ticket/4267
Reviewed-By: Martin Kosek <mkosek@redhat.com>
On CA masters, a certificate is requested and stored to LDAP. On CA clones,
the certificate is retrieved from LDAP.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Before, dogtag-ipa-renew-agent was used to track the certificates and the
certificates were stored to LDAP in renew_ca_cert and renew_ra_cert. Since
dogtag-ipa-ca-renew-agent can store the certificates itself, the storage code
was removed from renew_ca_cert and renew_ra_cert.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Before, the file provided in the --root-ca-file option was used directly for
the upload. However, it is the same file which is imported to the NSS
database, so the second code path is not necessary.
Also removed now unused upload_ca_dercert method of dsinstance.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The files are created later by ipa-client-install, there's no need to do it
twice.
This also fixes a bug in CA-less, where the CA certificate is not removed from
/etc/pki/nssdb after client uninstall, because it has a different nickname.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
The 'top' objectclass is added by DS if not present. On every
update the managed permission updater compared the object_class
list with the state from LDAP, saw that there's an extra 'top'
value, and tried deleting it.
Add 'top' to the list to match the entry in LDAP.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The ":" character will be reserved for default permissions, so that
users cannot create a permission with a name that will later be
added as a default.
Allow the ":" character modifying/deleting permissions*, but not
when creating them. Also do not allow the new name to contain ":"
when renaming.
(* modify/delete have unrelated restrictions on managed permissions)
Reviewed-By: Martin Kosek <mkosek@redhat.com>
The test that searches with a limit of 1 assumes a specific order
LDAP returns entries in. Future patches will change this order.
Do not check the specific entry returned.
The test that searched for --bindtype assumed that no anonymous
permissions exist in a clean install. Again, this will be changed
in future patches.
Add a name to the bindtype test, and add a negatitive test to
verify the filtering works.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Previously the search term was only applied to the name.
Fix it so that it filters results based on any attribute.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
This allows code like:
from ipalib.plugins.dns import dnszone_mod
api.Command[dnszone_mod]
This form should be preferred when getting specific objects
because it ensures that the appropriate plugin is imported.
https://fedorahosted.org/freeipa/ticket/4185
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Host adder dialog differs on installations with and without DNS.
Previous test used values for adding hosts which were suitable only for IPA servers installed with DNS.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Information from the AD about the home directories is not leveraged at
all, but is generated from the username and domain. Fix the assumptions
in the tests.
Also changes 'Subdomain Test User' to 'Subdomaintest User' to be more
consistent.
https://fedorahosted.org/freeipa/ticket/4184
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Remove 'u' from .po files as it is a typo and has been removed from other files.
https://fedorahosted.org/freeipa/ticket/2546
Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
Add a new Param kwarg, deprecated_cli_aliases, that lists
deprecated aliases.
The aliases will appear in a "Deprecated options" in the help,
and otherwise act as the normal variant.
Preparation for: https://fedorahosted.org/freeipa/ticket/4231
If the test backup directory was never created (for example if
there was an early failure, or install was never run),
we don't want the test to fail.
Do not restore if the backup dir is not there.
Reviewed-By: Martin Kosek <mkosek@redhat.com>
When running ipa-client-install, it asks for user name, synchronizes time, then asks for user password
which the order could be confusing to some users. This changes ipa-client-install to synchronize time
before prompting for user kerberos authentication.
https://fedorahosted.org/freeipa/ticket/3957
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
