Commit Graph

395 Commits

Author SHA1 Message Date
Adam Young
b18af8de3c removing dead files. 2010-10-15 18:19:49 -04:00
Endi S. Dewata
4c24581b5c Service certificate UI.
The service.py has been modified to include certificate info in
the service-show result if the service contains usercertificate.

A new file certificate.js has been added to store codes related
to certificates (e.g. revocation reasons, dialog boxes). The
service.js has been modified to provide the UI for certificate
management. The certificate.js can also be used for host
certificate management.

The Makefile.am and index.xhtml has been modified to include
certificate.js. New test data files have been added for certificate
operations.

To test revoke and restore operations the server needs to be
installed with dogtag CA instead of self-signed CA.

The certificate status and revocation reason in the details page
will be implemented in subsequent patches. Unit tests will also
be added in subsequent patches.
2010-10-15 14:26:07 -04:00
Adam Young
acf5f9cad7 multivalue fixes
metadata for phone numbers
test date for users
Undo works for multivalue
JQuery UI buttons have custom classes
inputs/fields are now managed inside of objects

removed the use of .call. as it was confusing the issue of
mismatched parameter lists.
Fixed the parameter lists, too.
2010-10-15 12:51:30 -04:00
John Dennis
538646c04c Update Polish translation 2010-10-15 10:07:01 -04:00
Simo Sorce
2e17649aae Update .po/.pot files and add Spanish and Polish transalations 2010-10-13 14:35:35 -04:00
Rob Crittenden
81c3898da4 Include REPLICA_FILE in usage for ipa-replica-install
ticket 247
2010-10-13 13:01:05 -04:00
Simo Sorce
cf21396345 Update .po[t] files after adding C files for translation 2010-10-12 15:46:27 -04:00
Simo Sorce
b735fc8d17 Initial gettext support for C utils
Add automatic creation of python an C file lists for potfiles
Deletes useless copy of Makefile in install/po
Remove duplicate maintainer-clean target
Add debug target that prints file lists
Unbreak update-po target, merges in patch from John
2010-10-12 15:46:27 -04:00
Simo Sorce
f9c0eb5222 Remove Makefile from git, this file is autogenerated 2010-10-12 15:46:27 -04:00
Endi S. Dewata
1dc0a3ab3e Certificate management for services.
This is an initial implementation of certificate management for
services. It addresses the mechanism required to view and update
certificates. The complete UI implementation will be addressed in
subsequent patches.

On the server side, the service.py has been modified to define
usercertificate in the service object's takes_params. This is
needed to generate the proper JSON metadata which is needed by
the UI. It also has been modified to accept null certificate for
deletion.

On the client side, the service details page has been modified to
display the base64-encoded certificate in a text area. When the
page is saved, the action handler will store the base64-encoded
certificate in the proper JSON structure. Also the service name
and service hostname are now displayed in separate fields.

The details configuration has been modified to support displaying
and updating certificates. The structure is changed to use maps
to define sections and fields. A section contains name, label,
and an array of fields. A field contains name, label, setup
function, load function, and save function. This is used to
implement custom interface and behavior for certificates.

All other entities, test cases, and test data have been updated
accordingly. Some functions and variables have been renamed to
improve clarity and consistency.
2010-10-12 14:17:24 -04:00
Adam Young
dccb386d57 record limit 2010-10-08 16:59:01 -04:00
Rob Crittenden
71a032db19 Detect if DNS is already configured in IPA, or if IPA is not yet installed.
ipa-dns-manage could fail in very odd ways depending on the current
configuration of the server. Handle things a bit better.

ticket 210
2010-10-08 10:11:49 -04:00
Adam Young
b09467e448 default search
Populate the entity search pages with the results of a search with a blank filter even if no filter has been specified
2010-10-07 15:11:14 -04:00
Adam Young
82455fdb12 policy and config sample data 2010-10-07 14:52:34 -04:00
Adam Young
9cb3a07aca policy and config
Population of the policy and entites tabs.
    DNS and ACI are broken due to PLugin issues
    Fix for entities without search
    Added new files to Makefile.am
    used rolegroup.js file as the start point, renamed to serverconfig.js
2010-10-07 14:51:02 -04:00
Simo Sorce
3e98d8ddad install-script: Do not ask to remove DNS data
When we uninstall we wipe out the entire LDAP database, so it doesn't really
make mush sense to try to also remove single entries from it.
This avoids the --uninstall procedure to fail because the DM password is not
available or the LDAP server is down, and we are just trying to cleanup
everything.
2010-10-07 07:54:06 -04:00
Rob Crittenden
68604a7982 Fix a couple of typos in some ACIs.
One typo was mis-spelling the admins group name
The second was an extraneous 'aci' in the name of two acis.

ticket 335
2010-10-06 21:52:11 -04:00
Rob Crittenden
8ded383b62 Use correct description in hostgroup acis.
This also corrects a duplication problem in acis.
2010-10-06 21:52:03 -04:00
Endi S. Dewata
de35a3e341 Displaying AJAX URL in error message.
The ipa_error_handler() has been modified to display the AJAX URL
that is having a problem. The ipa_cmd() error handler is now invoked
using call() to pass 'this' object which contains the URL.
2010-10-06 21:30:55 -04:00
Pavel Zuna
127ff317ce Fix attribute callbacks on details pages in the webUI.
Ticket #326
2010-10-06 17:01:45 -04:00
Endi S. Dewata
7058df65ac UI Unit Test Docs
A README file for the UI Unit Test has been added. It contains a link
to the online documentation: http://www.freeipa.org/page/UI_Unit_Tests
2010-10-05 21:18:05 -04:00
Simo Sorce
c594ab88ba Add options to control NTLM hashes
By default LM hash is disabled.
Of course generation still depends on whether the SamAccount objectclass is
present in the user object.
2010-10-05 08:54:08 -04:00
Simo Sorce
3b38e74da5 Add Generic config class.
Helps when you need to add random snippets of config that really do not deserve
a full atttribute, but are still something you want to put in LDAP and have
replicated.
2010-10-05 08:54:07 -04:00
Simo Sorce
b9c02a50c2 Fix descriptions 2010-10-05 08:54:06 -04:00
Dmitri Pal
9ca7ea71b1 Allow and deny commands in one rule
1) Added new attribute memberDenyCommand
2) Renamed memberCmd to memberAllowCmd
3) Changed the object class:
 * removed type
 * reflected the rename change
 * added the new attribute
4) Renumbered the attributes (while we still can) for consistency.
2010-10-04 17:00:59 -04:00
Endi S. Dewata
ea334939ba Tooltips for quick links.
The ipa_entity_quick_links() has been modified to show tooltips when
hovering on quick links.
2010-10-04 18:48:13 -04:00
Endi S. Dewata
b7097fc8c9 Entity association configuration.
The ipa_entity_set_association_definition() has been added to configure
the association between 2 entitites. By default the associator is
BulkAssociator and the method is add_member. The entities have been
updated to use the right configurations.

The ipa_cmd() has been modified to detect IPA errors and invoke the
error handler.

A bug in refresh_on_success() has been fixed as well.
2010-10-02 18:13:30 -04:00
Endi S. Dewata
aa7ecb6f5f Autogenerating Quick Links.
ipa_entity_quick_links() has been added to generate quick links
automatically from object's attribute_members, the same logic used
for generating facet list. The search definition for each entity
has been updated to use the new function. A unit test has been
added for this function.
2010-10-01 16:17:51 -04:00
Rob Crittenden
aac7badb77 Remove reliance on the name 'admin' as a special user.
And move it to the group 'admins' instead. This way the admin user can
be removed/renamed.

ticket 197
2010-10-01 13:38:52 -04:00
Adam Young
58f1026e34 Corrected Language Codes The Gnu document incorrectly listed Japanese as jp and Hebrew as iw. That was why the Plurals line passed through directly from the template. 2010-10-01 10:14:20 -04:00
Pavel Zuna
c106922c13 Add Delete capabilities to Search facet in the WebUI.
Ticket #206
2010-10-01 10:00:10 -04:00
Endi S. Dewata
c53831037c Refactoring navigation.js.
The navigation.js has been modified to make it more abstract, i.e.
unaware of entity facets. The nav_update_tabs() has been modified
such that it activates and updates the tabs based on the current
state stored in the URL.

The facets are now handled in entity.js. The ipa_entity_setup() has
been modified to update the facets based on the current state and
cached state.

The navigation.js also has been modified to be more class-like. The
nav_create() has been modified to store the tab configuration and
the tab container in internal variables nav_tabs_lists and
nav_container. The nav_update_tabs() now can be called without any
parameters.

Functions nav_push_state(), nav_get_state(), and nav_remove_state()
have been added to wrap BBQ API. This is to allow unit tests to
replace them with mockup functions to remove dependency on BBQ.
2010-10-01 09:06:47 -04:00
Adam Young
4f2d2fda93 telephone
Typo in attribute name.
2010-09-30 19:10:39 -04:00
Adam Young
df5fa8b71b Item Level Undo
Also adding some unit tests for details.
Using JQuery UI buttons for update and reset

Now triggers on keydown, not change
2010-09-30 09:49:46 -04:00
Endi S. Dewata
c82b4d91bf Checking empty AJAX response in ipa_cmd().
Some errors (e.g. server down) are reported as AJAX success with
empty data. The ipa_cmd() has been modified so that it will detect
such errors and invoke the error handler.
2010-09-29 21:44:39 -04:00
Adam Young
6477bc26df ukrainian language update
Merge in .po file from transifex
2010-09-29 20:27:57 -04:00
Endi S. Dewata
4b4ecef4a3 Added error handler for ipa_cmd().
The ipa_cmd() has been modified such that when an error occurs a
dialog box will appear showing the error message with 2 buttons:
Retry and Cancel. If Retry is clicked, it will attempt to execute
the same operation again. If Cancel is clicked, the operation will
be canceled and the control is returned to the caller.

New unit tests have been added to test ipa_cmd() on successfull
and unsuccessfull cases.

The associate.js, details.js, entity.js, search.js, and webui.js
have been modified to display the error message inside the page.
This behavior can be changed in the future (e.g. redirect to error
page).

The navigation.js and webui.js have been modified to render only
the visible tabs. This improves the performance and reduce hidden
errors. The navigation unit test has been modified to reflect this
behavior.

Some variables/functions also have been renamed for consistency.
2010-09-29 15:43:23 -04:00
Adam Young
09555fae17 tab objects
Convert the tab lists to arrays of objects with four potential fields:

tab[0] -> tab.name
tab[1] -> tab.label
tab[2] -> tab.setup or tab.children

Added unit tests for nav_setup and nav_select_tab
2010-09-29 09:30:09 -04:00
Endi S. Dewata
d201a4350d Fixed tab selection on page reload.
jQuery tabs by default will display the first tab, so reloading a page
or opening a page from bookmark may not show the active tab correctly.
The nav_select_tabs() has been added to get the list of active tabs from
the hash values in the URL and then activate the appropriate tabs. It
will be called during page initialization and whenever the hash values
change.

The navigation.js and webui.js has been cleaned up to better utilize
jQuery API. jQuery selectors are used to create DOM objects that can
be used by subsequent codes. Tab selection handler is now added to the
tabs object instead of anchors. The change event no longer needs to be
triggered manually.
2010-09-28 17:35:23 -04:00
Adam Young
b3a501b8da Fix the 'add' button
THe Add button was located using the DOm, and the scheme used to find it was fragile enough to be broken by the I18N approach.  This is a little more robust, using a JQuery selector based on the class of the controls, and the entity name.

Also remove  Makefile, which should be autogenerated
2010-09-28 10:20:30 -04:00
Endi Sukma Dewata
d966056bb0 Test suite for association.
New test cases have been added to test SerialAssociator and
BulkAssociator using mockup objects. Also fixed a bug in BulkAssociator.

Moved switch_view() out of ipa_entity_generate_views() in entity.js
to allow unit testing using mockup objects. Updated the test case
to validate click event on facets.
2010-09-28 10:20:14 -04:00
Jr Aquino
af48654cbc Add plugins for Sudo Commands, Command Groups and Rules 2010-09-27 22:38:06 -04:00
Adam Young
c187702bfe I18N for web
Performing I18N completely on the server, to leverage the
existing gettext architecture.
Also, the browser does not have access to the Language header.

Added the additional po files for a set of required languages

conflict with install/static/ipa.js was resolved.

Note that the addition of the .po files in this patch is necessary.
In order to get Transifex support, we need to update the LINGUAS
file with the languages for which we want support.  If we don't
add the .po files in, they get automatically generated by the rpmbuild
process.  Our implementation of gettext has a bug in it (It might
be F13 thing) where the the Plurals line is not getting correctly
transformed, which causes a build failure.  However, since the
RPM would have the .po files  anyway, we should revision control
the ones we have, even if they are empty.

Fixed the Bug reporting url to the original value.
Corrected the Chartype encoding for UK
2010-09-27 13:30:55 -04:00
Adam Young
65b455edf9 Whoami link
The 'logged in as' message in the header into an active hypoerlink that loads the details page for the current user.
Also fixed a bug where, when reloading, the search page would fail due to scl being undefined.

Fixed a typo
replaced                {'user-facet':'details', 'pkey':whoami_pkey},2);
with                    {'user-facet':'details', 'user-pkey':whoami_pkey},2);
2010-09-24 20:51:09 -04:00
Endi Sukma Dewata
346615d4a0 Test framework for Web UI.
Test framework for Web UI has been created using qUnit. The test files
are located in install/static/test. The main page is index.html which
contains links to all test suites (xxx_tests.html). The test cases are
stored in xxx_tests.js. All test suites can be executed at once using
all_tests.html. The test data is stored in data folder. This patch
includes test suites for ipa.js and entity.js.

Some variables and functions in ipa.js have been modified to accomodate
testing (e.g. JSON URL, error handler, synchronous operation). The
sampledata has been moved to test/data. The develop.js and webui.js also
have been modified accordingly.
2010-09-24 19:50:29 -04:00
Dmitri Pal
59d46abcd5 Addressing issues found in schema
* Matching rule was incorrect
* Added memberOf attribute to the command
* Switched from groupOfUniqueNames to groupOfNames
2010-09-24 16:11:34 -04:00
Rob Crittenden
da8f51373a Remove spurious error in server uninstaller about client uninstall failure.
This was meant to catch the case where the client wasn't configured and
it missed the most obvious one: the client was installed and is now
uninstalled.
2010-09-24 15:31:44 -04:00
Rob Crittenden
2951901d1e Properly handle CertificateOperationErrors in replication prepration.
The problem here was two-fold: the certs manager was raising an
error it didn't know about and ipa-replica-prepare wasn't catching it.

ticket 249
2010-09-24 15:30:41 -04:00
Endi Sukma Dewata
af36e5ea90 Modal dialog for enrollment
The enroll facet has been converted into a dialog box. This dialog
box will appear when the user clicks the enroll button above the
association list. When the user clicks the enroll button in the
dialog box, the new associations will be created, then the list will
be refreshed to show the changes.

The SerialAssociator and BulkAssociator have been modified to accept
an on_success function which will be called when the whole operation
is completed successfully. This is used to refresh the list and close
the dialog box appropriately.

Some other changes were also made to improve code clarity.
2010-09-23 16:57:11 -04:00
Adam Young
f1f9c37a55 self-service
Selects the site map based on the presence or absense of rolegroups for
the current user.  If the user has no rolegroups, UI defaults to the Details page for that user.

Corrected to leave two levels of tabs
2010-09-23 16:38:00 -04:00
Rob Crittenden
a7ba867438 Add new DNS install argument for setting the zone mgr e-mail addr.
ticket 125
2010-09-23 12:00:12 -04:00
Adam Young
8b4a0adcee rolegroups to config tab 2010-09-21 16:25:46 -04:00
Adam Young
2606f98f39 Rolegroups tab.
The Makefile.am and index.xhtml has been modified to include
rolegroup.js. The webui.js has been modified to register the
rolegroup tab.

The rolegroup.js defines the rolegroup's search, add, and details
pages. Sample data for some rolegroup operations have been added.
2010-09-20 17:05:22 -04:00
Rob Crittenden
6de0834fca Unenroll the client from the IPA server on uninstall.
Unenrollment means that the host keytab is disabled on the server making
it possible to re-install on the client. This host principal is how we
distinguish an enrolled vs an unenrolled client machine on the server.

I added a --unroll option to ipa-join that binds using the host credentials
and disables its own keytab.

I fixed a couple of other unrelated problems in ipa-join at the same time.

I also documented all the possible return values of ipa-getkeytab and
ipa-join. There is so much overlap because ipa-join calls ipa-getkeytab
and it returns whatever value ipa-getkeytab returned on failure.

ticket 242
2010-09-20 16:07:42 -04:00
Rob Crittenden
e648e03d0c Set ipaUniqueId to be unwritable and add to uniqueness configuration.
We don't want admins messing with this value.

ticket 231
2010-09-20 15:59:53 -04:00
Rob Crittenden
923f88c485 Add missing man pageas for ipa-dns-install and ipa-upgradeconfig.
tickets 130 and 131
2010-09-20 15:57:21 -04:00
Adam Young
b47d6c0944 links and facet icons
Enables the icons in the links and in the facets lists
2010-09-20 12:11:33 -04:00
Adam Young
de88718f87 placeholder icons
Place holder icons to show how things should be layed out.  THese will be replaced by the real icons once we get them from UXD
2010-09-20 12:11:15 -04:00
Endi Sukma Dewata
64f273a40d Restoring Services tab.
The add.js has been modified to support adding new entry with
dynamically generated pkey.

The index.xhtml has been modified to include service.js.

The service.js has been modified to use the new API to define
the search, add, and details fields. Callbacks are used to
add quick links and generate pkey dynamically.

The webui.js has been modified to add the Services tab.
2010-09-17 19:42:41 -04:00
Endi Sukma Dewata
2fd311ad48 Adding quick links in user and group search results.
The render_call() signature has been modified to pass the entry_attrs
so each callback function can construct the appropriate quick links
using any attributes from the search results.

The callback function has been implemented for user and group entities.
2010-09-17 19:42:41 -04:00
Adam Young
6a4a1dcf3c pointer cursor for facets 2010-09-17 19:42:41 -04:00
Adam Young
a0c1d52baa css cleanup
Site looks much better.  It is not currently meeting the specs of UXD, but it is a t least presentable.
2010-09-17 19:42:40 -04:00
Adam Young
7233127eca unbroke the facets link 2010-09-17 19:42:40 -04:00
Adam Young
95035f7d6c moved images up
Adding an images subdir was proliferating changes throught the build system
this seemed easier
2010-09-17 19:42:40 -04:00
Adam Young
d8403a91b4 css tabs and facets
includes Makfile changes to get images to deploy
2010-09-17 19:42:40 -04:00
Adam Young
83031ea1a4 theme
Use customized theme and images that is closer to the UX suggested look and feel
2010-09-17 19:42:40 -04:00
Adam Young
90f612cb44 fix sampledata
URL needs to be relative, not absolute in order for in tree development
2010-09-17 19:42:40 -04:00
Adam Young
9b64a132e0 fixed formatting of search table 2010-09-17 19:42:40 -04:00
Adam Young
99222d61fe remove pagaparams 2010-09-17 19:42:40 -04:00
Pavel Zuna
fb133734cc Add jQuery UI and jQuery BBQ libraries to the project. 2010-09-17 19:42:40 -04:00
Pavel Zuna
1bb412239d Big webUI patch.
Quick summary:
- use jQuery UI and jQuery BBQ libraries
- code restructuring

The patch has so many changes they can't be listed here. Many parts
of the code have been rewritten from scrach.

See freeipa-devel mailing list:
webUI code restructuring [wall of text, diagrams, ... you've been warned!]
2010-09-07
2010-09-17 19:42:40 -04:00
Rob Crittenden
d9c3cbb968 Have ipactl start named after the KDC, otherwise it will fail. 2010-09-16 13:40:36 -04:00
Rob Crittenden
d57dd9534d Add --no-host-dns argument to ipa-replica-install
The server installer has this option, the replica installer should have
it too.

ticket 146
2010-09-16 11:54:43 -04:00
Dmitri Pal
52af18ec03 Enabling SUDO support
* Adding a new SUDO schema file
* Adding this new file to the list of targets in make file
* Create SUDO container for sudo rules
* Add default sudo services to HBAC services
* Add default SUDO HBAC service group with two services sudo & sudo-i
* Installing schema

No SUDO rules are created by default by this patch.
2010-09-16 11:31:27 -04:00
Endi DeWata
fd056918e6 Splitting service principal into service name and hostname.
The EntityBuilder has been modified to obtain the pkey value by
invoking getPKey(). This function can be overriden for different
entities.

The addOptionsFunction() has been renamed to getOptions() and it
can be overriden for different entities. Each entity that uses this
function has been modified accordingly.

The addEdit(), addAnother(), add_fail() has been moved into the
EntityBuilder class. The global builders is no longer needed because
a reference to the builder object can be obtained via enclosure.

The ServiceForms has been modified to take service name and
hostname and combine them to generate the service principal by
overriding the getPKey().
2010-09-10 12:59:33 -04:00
Rob Crittenden
f87bd57c1d Fix certmonger errors when doing a client or server uninstall.
This started with the client uninstaller returning a 1 when not installed.
There was no way to tell whether the uninstall failed or the client
simply wasn't installed which caused no end of grief with the installer.

This led to a lot of certmonger failures too, either trying to stop
tracking a non-existent cert or not handling an existing tracked
certificate.

I moved the certmonger code out of the installer and put it into the
client/server shared ipapython lib. It now tries a lot harder and smarter
to untrack a certificate.

ticket 142
2010-09-09 16:38:52 -04:00
Adam Young
3a022fe510 Netgroup associations
netgroup->user,group,host,hostgroup

    -- Added facets to netgroup
    -- added links into lists for associations
2010-09-09 12:42:37 -04:00
Endi DeWata
0050e2fcd9 Services
adds the Service tab: search, details, add, associations
It also contains the sample data for some service operations
2010-09-08 19:25:14 -04:00
Rob Crittenden
54b3842aba Make ipactl a lot smarter and have it manage named as well.
ticket 138
2010-09-07 15:39:18 -04:00
Adam Young
221351809b local param for this in closure 2010-09-07 13:13:59 -04:00
Adam Young
dde1577270 associations
-Refactored the associations code into a set of objects that are configured by the entities
    -Added support for associations that can be done in a single rpc
    -hostgroup to host and group to user associations working

    -Restructed sampledata so that the file is matched automatically by the RPC method name
    -The new ipa_cmd/sampledata scheme insists on there being sample data for any commands or the ipa_command fails.
    -Added sampledata files for all the calls we make
    -renamed several of the sampledata files to match their rpc calls

    -Started a pattern of refactoring where all the  forms for the entity fall under a single object
2010-09-07 10:08:19 -04:00
Rob Crittenden
99399cc707 Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2010-08-31 16:50:01 -04:00
Adam Young
b7607817ab calculate useSampledata by protocol. 2010-08-30 17:42:48 -04:00
Rob Crittenden
75aafb8d0f Merge branch 'master' of ssh://rcritten@git.fedorahosted.org/git/freeipa 2010-08-30 16:04:02 -04:00
Adam Young
1e9015a0a0 quote obj param for group
Correction for previous comit.  'group' not group.
2010-08-30 10:14:08 -04:00
Adam Young
786f2a9141 Fix Enroll
Enroll was broken due to the missing obj.
2010-08-30 10:03:03 -04:00
Rob Crittenden
678b59b6ff Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00
Adam Young
49584d6efc hashchange
We now catch the hashchange event and use that to drive most of the site.
To trigger page transitions, modify location.hash.
Params start with # not ?.
Removed user-group.inc.
converted tabs to spaces
trivial imlementation of add and details for netgroup and hostgroup
lots of bug fixes based on routing problems and the refactorings.
2010-08-26 13:15:00 -04:00
Pavel Zuna
02479babb9 Fix script tags in index.xhtml.
End tag is required by lite server.
2010-08-25 13:21:42 -04:00
Pavel Zuna
ead85f2866 Make changes to details.js. See commit message.
- Add/Remove links are now only available for multivalue
  attributes (Param.multivalue = true) and attributes with param
  types, that are multivalue by definition (as of now only List).
  Single-value attributes with no value are displayed as empty
  input elements.
- When updating an attribute, leading and trailing spaces are
  stripped
- Context help available in the form of hints, that are extracted
  form Param.hint.
2010-08-25 12:51:44 -04:00
Adam Young
2742001ed0 Revert "Started pulling the details functionality into the details form object. DOing this in hosts for now to avoid conflicts on details.js"
This reverts commit 37d302d683.

THis commit was pushed accidentally, and not ready to be pushed.
2010-08-20 11:16:36 -04:00
Adam Young
37d302d683 Started pulling the details functionality into the details form object. DOing this in hosts for now to avoid conflicts on details.js 2010-08-19 22:39:40 -04:00
Adam Young
12ee9365a7 Changes the URL parsing from standard HTML params ( starting with ?)
to hash params ( starting with # ).  User Details are now part of
 index.xhtml, ao one more .inc file has been removed.

Updated commit to catch a few things that had been left out, including
sampledata handling and updateing Makefile.am
2010-08-19 20:49:14 -04:00
Adam Young
9a16027535 snapshot of the metadata for development purposes. 2010-08-19 17:47:59 -04:00
Rob Crittenden
e466bed545 Enable compat plugin by default and configure netgroups
Move the netgroup compat configuration from the nis configuration to
the existing compat configuration.

Add a 'status' option to the ipa-copmat-manage tool.

ticket 91
2010-08-19 10:50:07 -04:00
Rob Crittenden
897b296a69 Make the server log level more configurable, not defaulting to debug.
This disables debug output in the Apache log by default. If you want
increased output create /etc/ipa/server.conf and set it to:

[global]
debug=True

If this is too much output you can select verbose output instead:

[global]
debug=False
verbose=True

ticket 60
2010-08-19 10:49:12 -04:00
Pavel Zuna
7a007d958b Fix Update function on details page.
The problem was that parameters with no values are automatically
set to None by the framework and it wasn't handled properly in
baseldap.py:get_attributes function. Also, there were two logical
bugs in details.js:
1) atttribute callback to update values were called for input elements
   instead of dt elements
2) it was always trying to update the primary key
2010-08-17 14:53:03 -04:00
Pavel Zuna
19466d499b Make user details work again in the webUI.
Unfortunately we can't have any javascript in *.inc files, because
the browser will strip them for security reasons. I moved all the
attribute callbacks etc. to the only logical place: user.js.

It's fine for now, but user.js is going to need some serious cleaning
up in the future.
2010-08-17 14:28:29 -04:00
Pavel Zuna
b6776dacd4 Clean details.js.
What does it mean?
I removed duplicate code, that was pasted here from the user details page.

ipa_details_init doesn't call ipa_init anymore.

ipa_details_create takes a second optional parameter, that can be set to
a container element if we want to place the definition lists into a specific
element instead of <body>. In our case, we place stuff in <div id="content">
2010-08-17 14:28:00 -04:00
Pavel Zuna
6b63ab1c32 Clean ipa.js and make it load plugin meta-data over JSON-RPC.
What it means?
Well, first I removed some development control variables from ipa.js.
Namely useSampleData and sizelimit. I moved useSampleData to the top
of index.xhtml. This way we won't forget about it when we don't need
it anymore. sizelimit has nothing to do in ipa.js and be hardcoded
for ALL commands! Some don't have this parameter and could fail.

Since ipa_init now loads meta-data over JSON-RPC, we need to wait for
it to finish its job. That's why I put a second parameter to ipa_init:
on_win. ipa_init will call on_win when all data is loaded properly and
we can start building the page.
2010-08-17 14:26:36 -04:00
Rob Crittenden
2f4f9054aa Enable a host to retrieve a keytab for all its services.
Using the host service principal one should be able to retrieve a keytab
for other services for the host using ipa-getkeytab. This required a number
of changes:

- allow hosts in the service's managedby to write krbPrincipalKey
- automatically add the host to managedby when a service is created
- fix ipa-getkeytab to return the entire prinicpal and not just the
  first data element. It was returning "host" from the service tgt
  and not host/ipa.example.com
- fix the display of the managedby attribute in the service plugin

This led to a number of changes in the service unit tests. I took the
opportunity to switch to the Declarative scheme and tripled the number
of tests we were doing. This shed some light on a few bugs in the plugin:

- if a service had a bad usercertificate it was impossible to delete the
  service. I made it a bit more flexible.
- I added a summary for the mod and find commands
- has_keytab wasn't being set in the find output

ticket 68
2010-08-16 17:13:56 -04:00
Pavel Zuna
58fd1199f6 Stretch content div and make Reset/Update buttons stick to right. 2010-08-12 09:05:18 -04:00
Rob Crittenden
9d9d789912 Correct CA options in ipa-server-install manpage 2010-08-10 16:42:21 -04:00
Rob Crittenden
5b894d1fb7 Allow decoupling of user-private groups.
To do this we need to break the link manually on both sides, the user and
the group.

We also have to verify in advance that the user performing this is allowed
to do both. Otherwise the user could be decoupled but not the group
leaving it in a quasi broken state that only ldapmodify could fix.

ticket 75
2010-08-10 16:41:47 -04:00
Adam Young
d0a60f3a15 Group add functionality now implmented.
- Proper navigation. (Add and edit versus add another)
   - posix field is respected
    - gid set accordingly
2010-08-09 17:21:30 -04:00
Adam Young
4c1fc48ee5 IPA HTTPD config uses /usr/share/static as target for /ipa/ui 2010-08-09 15:07:06 -04:00
Adam Young
b192bb76d0 Remove search field on group button
Hide the search bar when showing the groups listed for a user, and resotre it when doing other searches.

The enroll button is added only on the groups page, and removed along with anything else in the searchButtons div when a new search is started.
2010-08-09 15:06:27 -04:00
Rob Crittenden
1e963646b3 Add hbac service for su-l, su with a login shell 2010-08-06 13:10:24 -04:00
Adam Young
b7162b3b8a Changes to the install and config files to support deploying the javascript code. 2010-08-06 11:55:52 -04:00
Adam Young
125bd09faf The Javascript code for the new web UI
Now with whitespace cleanup.
2010-08-06 11:55:38 -04:00
Adam Young
a63fd83e89 Images for the Javascript Based webui.
These are all binary files, in png format.
2010-08-06 11:55:22 -04:00
Rob Crittenden
d4adbc8052 Add container and initial ACIs for entitlement support
The entitlement entries themselves will be rather simple, consisting
of the objectClasses ipaObject and pkiUser. We will just store
userCertificate in it. The DN will contain the UUID of the entitlement.

ticket #27
2010-07-29 10:50:29 -04:00
Adam Young
26b0e8fc98 This patch removes the existing UI functionality, as a prep for adding the Javascript based ui. 2010-07-29 10:44:56 -04:00
Dmitri Pal
fd1ff372dc 1. Schema cleanup
The ipaAssociation is the core of different association object.
It seems that the service is an exception rather then rule.
So it is moved into the object where it belongs.

Fixed matching rules and some attribute types.

Addressing ticket: https://fedorahosted.org/freeipa/ticket/89

Removed unused password attribute and realigned OIDs.
2010-07-21 11:40:25 -04:00
Rob Crittenden
0d12b0344f Fix nis netgroup configuration
This was originally configured to pull from the compat area but Nalin
thinks that is a bad idea (and it stopped working anyway). This configures
the netgroup map to create the triples on its own.

Ticket #87
2010-07-15 11:18:15 -04:00
Rob Crittenden
ed488c6349 Fix ipa-compat-manage and ipa-nis-manage
Neither of these was working properly, I assume due to changes in the ldap
backend. The normalizer now appends the basedn if it isn't included and
this was causing havoc with these utilities.

After fixing the basics I found a few corner cases that I also addressed:
- you can't/shouldn't disable compat if the nis plugin is enabled
- we always want to load the nis LDAP update so we get the netgroup config
- LDAPupdate.update() returns True/False, not an integer

I took some time and fixed up some things pylint complained about too.

Ticket #83
2010-07-15 11:18:11 -04:00
Rob Crittenden
ccaf537aa6 Handle errors raised by plugins more gracefully in mod_wsgi.
This started as an effort to display a more useful error message in the
Apache error log if retrieving the schema failed. I broadened the scope
a little to include limiting the output in the Apache error log
so errors are easier to find.

This adds a new configuration option, startup_traceback. Outside of
lite-server.py it is False by default so does not display the traceback
that lead to the StandardError being raised. This makes the mod_wsgi
error much easier to follow.
2010-07-12 09:32:33 -04:00
Rob Crittenden
ba59d9d648 Add support for User-Private Groups
This uses a new 389-ds plugin, Managed Entries, to automatically create
a group entry when a user is created. The DNA plugin ensures that the
group has a gidNumber that matches the users uidNumber. When the user is
removed the group is automatically removed as well.

If the managed entries plugin is not available or if a specific, separate
range for gidNumber is passed in at install time then User-Private Groups
will not be configured.

The code checking for the Managed Entries plugin may be removed at some
point. This is there because this plugin is only available in a 389-ds
alpha release currently (1.2.6-a4).
2010-07-06 15:39:34 -04:00
Rob Crittenden
e036283fbb Add maintainer-clean target 2010-06-24 14:23:27 -04:00
Rob Crittenden
8c6c93125f Add separate role group for enrolling hosts, enrollhost 2010-06-22 13:56:17 -04:00
Rob Crittenden
c42684ad5b Remove unused attribute serviceName and re-number schema
serviceName was originally part of the HBAC rules. We dropped it
to use a separate service object instead so we could more easily
do groups of services in rules.
2010-06-21 09:53:02 -04:00
Rob Crittenden
ebab635250 Drop --with-openldap option in the client. This is no longer optional. 2010-06-21 09:52:11 -04:00
Rob Crittenden
af49945ae4 Fall back to DM password if GSSAPI fails and make deleting more user-friendly
Try to be a bit more descriptive about why a deletion fails and generate a
prettier error message.
2010-06-01 09:52:21 -04:00
Rob Crittenden
8911c92c8d Query the remote server to see if this replica host already exists.
If it does then the installation will fail trying to set up the
keytabs, and not in a way that you say "aha, it's because the host is
already enrolled."
2010-06-01 09:52:14 -04:00
Rob Crittenden
b29de6bf27 Add LDAP upgrade over ldapi support.
This disables all but the ldapi listener in DS so it will be quiet when
we perform our upgrades. It is expected that any other clients that
also use ldapi will be shut down by other already (krb5 and dns).

Add ldapi as an option in ipaldap and add the beginning of pure offline
support (e.g. direct editing of LDIF files).
2010-06-01 09:52:10 -04:00
Rob Crittenden
49b3d3ba0f Include missing update file 30-hbacsvc.update 2010-05-27 10:51:49 -04:00
Rob Crittenden
e123fa6671 Add ipaUniqueID to HBAC services and service groups
Also fix the memberOf attribute for the HBAC services
2010-05-27 10:51:02 -04:00
Rob Crittenden
fe7cb34f76 Re-number some attributes to compress our usage to be contiguous
No longer install the policy or key escrow schemas and remove their
OIDs for now.

594149
2010-05-27 10:50:49 -04:00
Rob Crittenden
de154919a6 Add 'all' serviceCategory to default HBAC group and add some default services 2010-05-27 10:50:44 -04:00
Rob Crittenden
58fed69768 Add groups of services to HBAC
Replace serviceName with memberService so we can assign individual
services or groups of services to an HBAC rule.

588574
2010-05-17 13:47:37 -04:00
John Dennis
792f58fae3 Update Kannada translations 2010-05-11 14:22:49 -04:00
Martin Nagy
e29be7ac3e named.conf: Add trailing dot to the fake_mname
Yet another trailing dot issue, but this one was kept hidden because
only the latest bind-dyndb-ldap package uses the fake_mname option.
2010-05-06 10:27:21 -04:00
Rob Crittenden
92e350ca0a Create default HBAC rule allowing any user to access any host from any host
This is to make initial installation and testing easier.

Use the --no_hbac_allow option on the command-line to disable this when
doing an install.

To remove it from a running server do: ipa hbac-del allow_all
2010-05-05 14:57:58 -04:00
Rob Crittenden
04e9056ec2 Make the installer/uninstaller more aware of its state
We have had a state file for quite some time that is used to return
the system to its pre-install state. We can use that to determine what
has been configured.

This patch:
- uses the state file to determine if dogtag was installed
- prevents someone from trying to re-install an installed server
- displays some output when uninstalling
- re-arranges the ipa_kpasswd installation so the state is properly saved
- removes pkiuser if it was added by the installer
- fetches and installs the CA on both masters and clients
2010-05-03 13:41:18 -06:00
Rob Crittenden
205724b755 Remove some duplicated schema
Newer versions of 389-ds provide this certificate schema so no need to
provide it ourselves.
2010-04-30 10:07:58 -04:00
Rob Crittenden
ac696a5220 Fix a couple of syntax errors in the installer.
I meant to push these along with the original patch but pushed the wrong one.
2010-04-27 17:51:13 -04:00
Pavel Zuna
44c1844493 Replace a new instance of IPAdmin use in ipa-server-install. 2010-04-27 16:29:36 -04:00
Martin Nagy
6e9cc2640b Connect to the ldap during the uninstallation
We need to ask the user for a password and connect to the ldap so the
bind uninstallation procedure can remove old records. This is of course
only helpful if one has more than one IPA server configured.
2010-04-23 17:19:36 -04:00
Rob Crittenden
7c61663def Fix installing IPA with an external CA
- cache all interactive answers
- set non-interactive to True for the second run so nothing is asked
- convert boolean values that are read in
- require absolute paths for the external CA and signed cert files
- fix the invocation message for the second ipa-server-install run
2010-04-23 04:57:34 -06:00
Rob Crittenden
088cc6dc13 Use correct name for CA PKCS#12 file.
I recently renamed this and missed this reference.
2010-04-23 04:56:20 -06:00
Pavel Zuna
3620135ec9 Use ldap2 instead of legacy LDAP code from v1 in installer scripts. 2010-04-19 11:27:10 -04:00
Rob Crittenden
cc336cf9c1 Use escapes in DNs instead of quoting.
Based on initial patch from Pavel Zuna.
2010-04-19 10:06:04 -04:00
Rob Crittenden
c6e6fa758e Enable anonymous VLV so Solaris clients will work out of the box.
Since one needs to enable the compat plugin we will enable anonymous
VLV when that is configured.

By default the DS installs an aci that grants read access to ldap:///all
and we need ldap:///anyone
2010-04-16 11:05:20 -04:00
Rob Crittenden
45acd086f5 Remove incorrect option -U for --uninstall. -U is short for --unattended. 2010-04-16 09:28:08 -04:00
John Dennis
f5afc9bed5 Update Spanish translations 2010-04-13 13:59:07 -04:00
John Dennis
04cb57eeb6 Update Polish and Chinese translations 2010-03-22 13:46:10 -04:00
John Dennis
1b31415343 update Polish translations 2010-03-22 13:46:05 -04:00
Rob Crittenden
c19911845d Use GSSAPI auth for the ipa-replica-manage list and del commands.
This creates a new role, replicaadmin, so a non-DM user can do
limited management of replication agreements.

Note that with cn=config if an unauthorized user performs a search
an error is not returned, no entries are returned. This makes it
difficult to determine if there are simply no replication agreements or
we aren't allowed to see them. Once the ipaldap.py module gets
replaced by ldap2 we can use Get Effective Rights to easily tell the
difference.
2010-03-19 17:17:14 -04:00
Rob Crittenden
ff4ddbbb72 Better customize the message regarding the CA based on the install options.
There are now 3 cases:

- Install a dogtag CA and issue server certs using that
- Install a selfsign CA and issue server certs using that
- Install using either dogtag or selfsign and use the provided PKCS#12 files
  for the server certs. The installed CA will still be used by the cert
  plugin to issue any server certs.
2010-03-19 04:55:33 -06:00
Rob Crittenden
f4cb248497 Make CA PKCS#12 location arg for ipa-replica-prepare, default /root/cacert.p12
pki-silent puts a copy of the root CA into /root/tmp-ca.p12. Rename this
to /root/cacert.p12.
2010-03-19 04:45:41 -06:00