Many WebUI identifiers were defined in a global namespace. This is
not a good programming practice and may result in name clashes,
for example with other libraries.
This patch moves these variables to IPA namespace or its
sub-namespaces, when meaningful.
https://fedorahosted.org/freeipa/ticket/212
A link has been added into the details page to expand/collapse all
sections.
Previously each section's <div> container is identified using a long
ID. It is now identified using the section name.
Support of navigator.preferences that is used to access browser
configuration was dropped in Firefox 4. This disables automatic
configuration of user preferences in this browser that is needed
to use Kerberos single sign-on.
This patch detectes a lack of this interface and tries to
configure the browser using new Services module introduced in
Gecko 2 (used in Firefox 4, SeaMonkey 2.1).
https://fedorahosted.org/freeipa/ticket/975
The association config has been removed because it incorrectly assumes there is only one association between two entities. Now each association is defined separately using association facets.
The service.py has been modified to specify the correct relationships. The API.txt has been updated.
https://fedorahosted.org/freeipa/ticket/960
Trying to run ipactl as non-root results in a slew of bogus
error messages, some of which come because dirsrv can't read certain
files as the wrong user, some based on our handling of that fact.
ticket 936
1. Fix a unicode() problem creating the DNS entries
2. Fix a strange NSS error when generating the certificates against
a dogtag server.
The NSS errors are quite strange. When generating the first certificate
nss_shutdown() fails because the database isn't initialized yet but
nss_is_initialized() returned True. The second pass fails because
something is in use.
Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.
On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.
Set rdns to false on both server and client.
https://fedorahosted.org/freeipa/ticket/931
The current version of the DNS Plugin does not support searching by record, so that is commented out.
The search field wasn't working either. The search criteria had to be appended to the params array, just after the zone.
https://fedorahosted.org/freeipa/ticket/907
The group.upg NIS map was an experiment in providing UPG groups
dynamically, and is not one of the maps that I'd ever expect a NIS
client to "know" to search. We should probably just drop it.
Previously the add service dialog box shows a 'Principal:' label with
no text field next to it. It now has been removed. The dialog box
has been widened to avoid line wrapping of the buttons.
The 389-ds replication plugin may not be installed on all platforms
and our replication version plugin will cause 389-ds to not start
if it is loaded and the replication plugin is not. So disable by
default.
When a replica is prepared we check for the replication plugin.
If it exists we will enable the replication version plugin.
Likewise on installation of a replica we check for existence of
the repliation plugin and if it is there then we enable the version
plugin before replication begins.
ticket 918
The state is read only at initialization time. This works ok when
individual services remove their state data but when worked upon again
at the top-level it still has the full state in memory, so when the
state file is re-written all of the data that was removed is re-added.
ticket 916
Previously all certificate & Kerberos key statuses (valid, missing
and revoked) will appear briefly at the same time during page load.
This has been fixed by setting the initial style to hidden.
Previously the IPA.details_list_section can only be used with widgets
that generates <dd> tag because it uses the following structure:
<dl>
<dt>Telephone Number:</dt>
<span name="teleponenumber">
<dd>111-1111</dd>
<dd>222-2222</dd>
</span>
</dl>
The <dd> tag was previously used to handle multi-valued attributes.
Since multi-valued attributes are now handled by the recently added
IPA.multivalued_text_widget, the structure can be changed as follows:
<dl>
<dt>Telephone Number:</dt>
<dd>
<span name="telephonenumber">
<div>111-1111</div>
<div>222-2222</div>
</span>
</dd>
</dl>
This allows IPA.details_list_section to be used with any widgets
without requiring the <dd> tag.
A multi-valued text widget has been created to replace the old
IPA.details_field. The old code was designed to handle all data
types, and it uses one <dd> tag for each value, so the code is
still incomplete and complex. The new code was designed to handle
only multi-valued text attributes, and it uses one <dd> tag for
all values, so it's easier to maintain. There are already other
widgets that can be used to handle other data types.
The new code supports line-level undo and line-out for removal
like the old code, but there are some changes:
- Undoing a newly added line will remove the entire line.
- Editing the value of a removed line will cancel the removal.
- It provides 'undo all' link to reset the entire attribute.
The old code will be cleaned up in a subsequent patch.
A cosmetic patch to IPA server installation output aimed to make
capitalization in installer output consistent. Several installation
tasks started with a lowercase letter and several installation
task steps started with an uppercase letter.
https://fedorahosted.org/freeipa/ticket/776
Adds a plugin, entitle, to register to the entitlement server, consume
entitlements and to count and track them. It is also possible to
import an entitlement certificate (if for example the remote entitlement
server is unaviailable).
This uses the candlepin server from https://fedorahosted.org/candlepin/wiki
for entitlements.
Add a cron job to validate the entitlement status and syslog the results.
tickets 28, 79, 278
There wasn't an exception in the "is the server already installed"
check for a two-stage CA installation.
Made the installer slightly more robust. We create a cache file of
answers so the next run won't ask all the questions again. This cache
is removed when the installation is complete. Previously nothing would work
if the installer was run more than once, this should be fixed now.
The cache is encrypted using the DM password.
The second problem is that the tomcat6 init script returns control
before the web apps are up. Add a small loop in our restart method
to wait for the 9180 port to be available.
This also adds an additional restart to ensure that nonces are disabled.
ticket 835
revise
There are some permissions we can't display because they are stored
outside of the basedn (such as the replication permissions). We
are adding a new attribute to store extra information to make this
clear, in this case SYSTEM.
ticket 853
