Add new field in user add dialog. This combo box lists all posix groups
so user can choose one. It is also possible to fill a GID number
which is not in the list.
https://fedorahosted.org/freeipa/ticket/5505
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
There is an animation of nodes layout after first load of graph or adding new node.
Then all nodes of the graph are set to the fixed state. The node is set to fixed even after
manual turn off of fixed state.
https://fedorahosted.org/freeipa/ticket/5649
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Add zooming and panning functionality to the topology graph. Also the page rememberes
the old setting of the graph position and size. So, after refreshing the graph has
the same position and size as it had before.
https://fedorahosted.org/freeipa/ticket/5502
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Like for services setting the ipaKrbAuthzData attribute on a user object will
allow us to control exactly what authz data is allowed for that user.
Setting NONE would allow no authz data, while setting MS-PAC would allow only
Active Directory compatible data.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2579
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
The short hostname construction for the negative test case in
test_cert_plugin::test_cert_find suite could not work when domain name was
different as hostname of the test runner, leading to test failure. A more
naive approach works better in this case.
https://fedorahosted.org/freeipa/ticket/5688
Reviewed-By: Martin Basti <mbasti@redhat.com>
Some legacy softare is not able to properly cope with preauthentication,
allow the admins to disable the requirement to use preauthentication for
all Service Principal Names if they so desire. IPA Users are excluded,
for users, which use password of lessere entrpy, preauthentication is
always required by default.
This setting does NOT override explicit policies set on service principals
or in the global policy, it only affects the default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/3860
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
For historical reasons, the string module contained some functions
that mirror methods of the str type. These are eremoved in Python 3.
Use str methods instead.
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
ipacheckldap uses a schema-less connection with decode_attrs=False,
so bytes need to be decoded manually.
This was not a problem in Python2 where bytes and unicode could
be mixed freely.
Part of the work for https://fedorahosted.org/freeipa/ticket/5638
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
The deployment descriptor used during CA/KRA install was modified to use LDAPS
to communicate with DS backend. This will enable standalone CA/KRA
installation on top of hardened directory server configuration.
https://fedorahosted.org/freeipa/ticket/5570
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Currently in an environment with trust to AD the compat tree does not
show AD users as members of IPA groups. The reason is that IPA groups
are read directly from the IPA DS tree and external groups are not
handled.
slapi-nis project has added support for it in 0.55, make sure we update
configuration for the group map if it exists and depend on 0.55 version.
https://fedorahosted.org/freeipa/ticket/4403
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Dash should be one of the allowed characters in the netbios names,
so relax the too strict validation.
Note: the set of allowed characters might expand in the future
https://fedorahosted.org/freeipa/ticket/5286
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
The scripts in this directory are simple python scripts, nothing arch-specific
in them. Having them under libexec would simplify the code a bit too, since
there would be no need to worry about lib vs lib64 (which also cause trouble
on Debian).
https://fedorahosted.org/freeipa/ticket/5586
Reviewed-By: David Kupka <dkupka@redhat.com>
