Pavel Zuna
b29006dd0a
Add pwpolicy plugin port to new LDAP backend.
2009-05-27 10:02:50 -04:00
Pavel Zuna
924010cfc9
Add defaultoptions plugin port to new LDAP backend.
2009-05-26 14:50:31 -04:00
Pavel Zuna
13b55b5a52
Add taskgroup plugin port to new LDAP backend.
2009-05-26 14:50:28 -04:00
Pavel Zuna
5a8573129c
Add rolegroup plugin port to new LDAP backend.
2009-05-26 14:50:26 -04:00
Pavel Zuna
56e001fd88
Add new env variables: container_taskgroup, container_rolegroup and container_netgroup.
2009-05-26 14:50:24 -04:00
Rob Crittenden
0353be6810
Dogtag keeps telling me to use port 9444 and not 9443, use it.
2009-05-26 14:25:52 -04:00
Pavel Zuna
a92e440218
Clone options of crud.Update and crud.Search with autofill=False.
2009-05-26 13:36:58 -04:00
Pavel Zuna
37a391cd78
Make plugins2 use lowercase when reffering to LDAP attributes.
2009-05-22 15:58:09 -06:00
Pavel Zuna
9468c9fca8
Fix bug where finalized IPA object where trying to modify their member variables in Encoder methods.
2009-05-22 15:57:27 -06:00
Rob Crittenden
cac8ebb866
Fix typo, occured -> occurred
2009-05-21 22:43:07 -04:00
Rob Crittenden
067b5c122c
Add a format to the generic KerberosError class
2009-05-21 15:37:12 -06:00
Rob Crittenden
13696ae18b
Raise an exception if the certificate chain is not returned from the CA
2009-05-21 17:34:00 -04:00
Pavel Zuna
eec367b0c8
Fix bug in group2-mod command.
...
posixGroup object class was added to the group entry incorrectly when modifying gid number.
2009-05-21 15:22:58 -06:00
Rob Crittenden
fe012f4ff2
Fix a few issues introduced by the new Param.use_in_context() patch
2009-05-21 14:33:23 -04:00
Jason Gerard DeRose
7e58b29a92
Completed Param.use_in_context() functionality, which is now used by Command and Object
2009-05-21 14:32:45 -04:00
Pavel Zuna
7b93f7bbd7
Add netgroup plugin port to new LDAP backend.
2009-05-20 16:46:56 -06:00
Pavel Zuna
75a70af943
Add hostgroup plugin port to new LDAP backend.
2009-05-20 16:46:48 -06:00
Pavel Zuna
1e55b0a1ab
Fix counting of successfully added members. Add checks for use_ldap2 in group2. Some cosmetic changes.
2009-05-20 16:46:39 -06:00
Pavel Zuna
a3ae5047f3
Add group plugin port to new LDAP backend.
2009-05-20 16:46:28 -06:00
Jason Gerard DeRose
3a4828b372
Fixed doctest for errors.NotFound
2009-05-19 13:53:45 -06:00
Jason Gerard DeRose
4f9224774f
Added Param 'include' and 'exclude' kwargs; added frontend.UsesParams base class with methods implementing the filtering to restrict params to only certain contexts
2009-05-19 13:49:15 -06:00
Pavel Zuna
9437fc669e
Add Encoder base class and method decorators to encode arguments/decode return values. Also - unit tests.
2009-05-19 09:56:39 -04:00
Rob Crittenden
e5bec4ae39
Schema change so the nisnetgroup triples work properly.
...
If we use cn for hostname there is no easy way to distinguish between
a host and a hostgroup. So adding a fqdn attribute to be used to store
the hostname instead.
2009-05-19 09:54:17 -04:00
Jason Gerard DeRose
87480b7bde
Re-enable doctest, fix broken docstrings
2009-05-13 14:22:09 -04:00
Rob Crittenden
5e3cdb9643
Remove all services when a host is removed Revoke certificate (if any) when a service is removed
2009-05-13 14:17:21 -04:00
Rob Crittenden
014f3ff1c6
Improve revocation_reason argument
2009-05-13 14:17:03 -04:00
Rob Crittenden
1c31b5bc08
Add a reason to the NotFound exception so we can provide more robust errors
2009-05-13 14:16:44 -04:00
Jason Gerard DeRose
ae38a2461f
Force xmlrpc tests to run with in_tree=True so config files in /etc/ipa/ don't get read; cleaned up config.Env automagic with regard to running in-tree vs. installed
2009-05-11 16:17:08 -04:00
Rob Crittenden
0d6aaef2e1
We decided not to issue a certificate on join
2009-05-07 10:54:21 -04:00
Rob Crittenden
8f1df0fe8a
Store the new certificate in a service record. Clean up some argument names to match the current standard.
2009-05-07 10:54:14 -04:00
Rob Crittenden
0d538b20f2
Make MalformedServicePrincipal take a reason arg and add Base64DecodeError
2009-05-06 11:29:11 -04:00
Rob Crittenden
5405c01025
Add validator and normalizer for service principals Add --certificate argument Update default objectclasses Use the crud.Search method for service-find
2009-05-06 11:28:49 -04:00
Rob Crittenden
c0020955a5
Some minor cosmetic changes
2009-05-04 18:01:06 -04:00
Rob Crittenden
a7a16272b1
When reading a password, if there is no tty, read from stdin instead.
...
This will allow one to pipe a password in:
echo -e "secret123\secret123\n" | ipa password someuser
2009-05-04 17:43:14 -04:00
Rob Crittenden
d4076915cd
Add posixGroup to the objectclass list if gidnumber is set
...
498335
2009-05-04 17:43:00 -04:00
Rob Crittenden
c8ee910ff6
Issue an SSL server cert when joining the IPA domain
2009-05-04 17:41:06 -04:00
Rob Crittenden
8424ea8c03
A class for dealing with a temporary NSS certificate database
2009-05-04 16:56:12 -04:00
Pavel Zuna
36c239cda4
Add DNS management plugin port to the new ldap backend.
2009-04-30 16:17:49 -04:00
Pavel Zuna
9992b23a08
Change help interface to display builtin commands and a list of topics based on plugin modules.
2009-04-30 15:55:16 -04:00
Pavel Zuna
75b551fd5e
Use right attribute name for e-mail in user2 plugin.
2009-04-30 13:50:05 -04:00
Rob Crittenden
21ccdec860
Add missing required attribute, nisdomainname
2009-04-30 13:26:27 -04:00
Rob Crittenden
536b215078
Use correct attribute for e-mail address
...
Resolves 498269
2009-04-29 13:51:47 -04:00
Jason Gerard DeRose
3f4a0a2d77
Fixed cli.run() catching SystemExit exception under Python2.4
...
Resolves BZ #498088
2009-04-28 22:29:10 -04:00
David O'Brien
763c7ef914
trivial update to standardize terms in docstring
2009-04-28 13:32:01 -04:00
Rob Crittenden
298d5fbce4
Import the RequiresRoot error and make note to replace this at some point
2009-04-24 16:22:22 -04:00
Pavel Zuna
7d0bd4b895
Rename errors2.py to errors.py. Modify all affected files.
2009-04-23 10:29:14 -04:00
Pavel Zuna
596d410471
Make LDAP entry output slightly nicer, don't print u's in front of unicode strings etc.
2009-04-23 10:25:51 -04:00
Pavel Zuna
4e48e1fbf7
Introduce AlreadyGroupMember exception, raised when a member is attempted to be re-added to a group.
2009-04-22 15:18:47 -04:00
Pavel Zuna
af82879009
Add user plugin port with some bugs fixed to the new LDAP backend.
2009-04-22 15:16:51 -04:00
Pavel Zuna
9ecbd845d4
Add conditional (env.use_ldap2 is True) modifications required by new LDAP backend.
2009-04-22 15:14:24 -04:00
Pavel Zuna
ff0819b189
Add new env variables. 'container_dns' for DNS plugin, 'use_ldap2' for new LDAP backend debugging.
2009-04-22 15:12:39 -04:00
Rob Crittenden
64fa3dd4c3
Finish work replacing the errors module with errors2
...
Once this is committed we can start the process of renaming errors2 as errors.
I thought that combinig this into one commit would be more difficult to
review.
2009-04-20 13:58:26 -04:00
Rob Crittenden
a9387b48e6
Handle GSSAPI exceptions more gracefully
2009-04-20 13:44:08 -04:00
Rob Crittenden
e6171404bf
Make parentmap a autofill variable and add tests when parentmap is not passed
2009-04-13 15:22:49 -04:00
Rob Crittenden
8821d8cac3
Fill in default values for os and platform
2009-04-13 14:54:16 -04:00
root
6ca80e312a
Add 'container_hbac' env variable.
2009-04-03 14:07:30 -04:00
Rob Crittenden
484eff1016
Implement an installer for the Dogtag certificate system.
...
The CA is currently not automatically installed. You have to pass in the
--ca flag to install it.
What works:
- installation
- unistallation
- cert/ra plugins can issue and retrieve server certs
What doesn't work:
- self-signed CA is still created and issues Apache and DS certs
- dogtag and python-nss not in rpm requires
- requires that CS be in the "pre" install state from pkicreate
2009-04-03 14:06:09 -04:00
Jason Gerard DeRose
a6294ba041
Renamed remaining plugins still using f_* b_* convention
2009-04-01 10:34:57 -04:00
Rob Crittenden
d6814f3aae
Implement a few new targets for ACIs
...
Also switch to the StrEnum parameter type for some options so we let the
framework do the enforcement
2009-03-25 11:03:03 -04:00
Rob Crittenden
1b1f9af01c
Add a 'showall' command so one can pick from a list of tasks to add to a role
2009-03-25 11:02:49 -04:00
Rob Crittenden
5aed824a6c
Use tuples instead of lists for class variables
2009-03-25 11:02:47 -04:00
Rob Crittenden
233a4cb5fd
Raise a more specific error when a user lacks the proper permissions.
...
The info part of the message will contain details on what permission
failed on what attribute.
2009-03-25 11:02:44 -04:00
Rob Crittenden
65e6259075
Always print the dn first when printing an entry
2009-03-25 11:02:42 -04:00
Rob Crittenden
a8a2664190
Add new type List that converts delimited values into a tuple
2009-03-20 09:29:44 -04:00
Rob Crittenden
c39a29e0cf
Converted to use new baseclass, remove the one with the f_ prefix
2009-03-20 09:28:26 -04:00
Rob Crittenden
b627f50121
Convert to use the new basegroup framework
2009-03-20 09:28:18 -04:00
Rob Crittenden
9bc1419ac0
Convert to use the new basegroup framework
2009-03-20 09:28:16 -04:00
Rob Crittenden
33df0a3915
Convert to use the new basegroup framework
2009-03-20 09:28:14 -04:00
Rob Crittenden
1445a36026
Modify the taskgroup plugin to use the new group baseclass and add tests
2009-03-20 09:28:12 -04:00
Rob Crittenden
a55c5d6bcd
New plugin to handle role groups
...
Role groups will be part of the ACI system. It will let one create broad
categories of permissions. Things like: helpdesk, user admin, group admin,
whatever.
2009-03-20 09:28:09 -04:00
Rob Crittenden
5e2e3fd17d
Add generic base class that will most of the heavy lifting for groups
2009-03-20 09:28:06 -04:00
Rob Crittenden
8d796eedee
kw is supposed to contain just lower-case values
2009-03-19 16:02:12 -04:00
Rob Crittenden
51193923f1
kw is supposed to contain just lower-case values
2009-03-19 16:02:09 -04:00
Rob Crittenden
bc056cda2d
Update the ACI class to be more robust and the beginnings of an ACI plugin
...
The ACI plugin is really meant for developers to help manage the ACIs.
It may or may not be shipped. If it is it will be disabled by default.
It is very much a shoot-in-foot problem waiting to happen.
2009-03-18 15:47:06 -04:00
Rob Crittenden
4c5806b4b4
Fix some minor issues in group and service plugins
2009-03-17 14:52:38 -04:00
Rob Crittenden
6fa330662a
Add taskgroups plugin
...
Taskgroups are what we grant permission to with the new ACI system.
2009-03-17 14:52:17 -04:00
Jason Gerard DeRose
13ff27e9ec
Fixed Executioner.execute() so that its 'name' argument doesn't conflict with a param called 'name' (which is a valid param name)
2009-03-13 10:31:00 -04:00
Rob Crittenden
eb0601a19c
Plugin to handle IPA configuration
2009-03-04 09:56:16 -05:00
Rob Crittenden
7933a196a1
Set a minimum value for password policy integers
2009-03-04 09:56:13 -05:00
Rob Crittenden
dbbae00b17
Add maxvalue and minvalue kwargs and rules to Int and Float
2009-03-03 17:49:15 -05:00
Rob Crittenden
bd9f7cd720
Fix some netgroup issues related to not all groups being posixGroups
2009-02-27 23:18:35 -05:00
Rob Crittenden
be0cac932a
Update objectclasses for groups, by default not posix groups.
...
This change depends on DS bugs 487574 and 487725. Groups cannot be
promoted properly without these fixed. It will fail with an
Object Class violation because gidNumber isn't set.
2009-02-27 23:18:19 -05:00
Jason Gerard DeRose
1359618e7e
Fixed broken autfill logic in cli.prompt_interactively()
2009-02-27 12:58:32 -05:00
Rob Crittenden
3fdf9abfce
Enforce netgroup uniqueness, allow netgroups to be members of netgroups
...
When adding an entry, convert a constraint violation of "already exists"
into a DuplicateEntry exception so the user gets a useful response
2009-02-27 12:57:21 -05:00
Rob Crittenden
af0c0c309d
Added tofiles command and some documentation to the automount plugin
2009-02-24 16:54:28 -05:00
Pavel Zuna
e913d7483b
Fix multivalue params requiring default to be of type self.type instead of tuple.
2009-02-23 13:49:26 -05:00
Pavel Zuna
016b82250e
Add ipalib.frontend.Command method to build an entry from params with attribute=True.
...
Often plugins need to build LDAP entries from params. This should make things a bit easier.
Crud methods (Create, Retrieve, Update, Delete, Search) have attribute=True by default.
And it also works for multivalue params.
2009-02-23 13:49:21 -05:00
Rob Crittenden
f2abe05398
Use OpenSSL for SSL instead of the built-in python version.
2009-02-20 10:40:54 -05:00
Rob Crittenden
b53edad254
raise exceptions in the proper form
2009-02-20 10:40:50 -05:00
Rob Crittenden
1a8ec58602
Utility function to get the local hostname
2009-02-19 10:09:24 -05:00
Rob Crittenden
83d5987db9
A new exception for requiring root, RootRequired
2009-02-19 10:09:21 -05:00
Rob Crittenden
4476f6b939
The start of machine join
2009-02-19 10:09:07 -05:00
Rob Crittenden
5a6d2dd0d9
Print out multi-valued values one per-line instead of comman-delimited
2009-02-19 10:08:52 -05:00
Rob Crittenden
ccf703a2b6
Add new users as a member of the default group
2009-02-19 10:08:11 -05:00
Rob Crittenden
fb3f86f703
Add --all option to show/find, add default attrs to show, cleanup output
2009-02-19 10:07:39 -05:00
Jason Gerard DeRose
7e23ee7cc6
Removed 'Assert False' that was mistakingly left in cert.py; small cleanup in cert.py and ra.py imports
2009-02-17 16:03:10 -05:00
Jason Gerard DeRose
4ab133c3cb
Implemented more elegant way for entire plugin module to be conditionally skipped; updated cert.py and ra.py modules to use this
2009-02-17 16:03:10 -05:00
Jason Gerard DeRose
e0fe732318
Added env.enable_ra variable and change cert.py and ra.py plugin modules to register plugins conditionally
2009-02-17 16:03:09 -05:00
Jason Gerard DeRose
97c04c491b
Continued cleanup cert/ra plugins
2009-02-17 16:03:09 -05:00
Jason Gerard DeRose
b5b2e55be5
Add pattern matching to Str and Bytes
2009-02-17 16:03:08 -05:00