Commit Graph

3228 Commits

Author SHA1 Message Date
Rob Crittenden
c7789199f9 Fix output of failed managedby hosts, allow a host to manage itself.
The output problem was a missing label for failed managedby.

This also fixes a call to print_entry that was missing the flags argument.

Add a flag to specify whether a group can be a member of itself, defaulting
to False.

ticket 708
2011-01-11 10:23:31 -05:00
Rob Crittenden
06179dc105 Exit if a DNS A or AAAA record doesn't exist for the replica we are preparing.
Without this it is possible to prepare a replica for a host that doesn't
exist in DNS. The result when this replica file is installed is that
replication will fail because the master won't be able to communicate
to the replica by name.

ticket 680
2011-01-11 10:22:33 -05:00
Rob Crittenden
371ce528fb Enable low-level LDAP debugging. 2011-01-11 10:22:09 -05:00
Rob Crittenden
f0401a9127 Make ipaDefaultLoginShell use IA5String syntax to match POSIX schema.
ticket 739
2011-01-11 10:21:04 -05:00
Pavel Zuna
1af89d0daa Retype (when cloning) Flag parameters to Bool for search commands.
Flag parameters are always autofill by definition, causing unexpected
search results. This patch retypes them to Bool for search commands,
so that users have to/can enter the desired value manually.

Ticket #689
Ticket #701
2011-01-10 12:07:19 -05:00
Adam Young
75078c0bd4 header style fix
minor tweak to the header and gradient for the header
2011-01-10 11:26:10 -05:00
Rob Crittenden
db29cd9849 Simple instructions to start developing IPA.
ticket 314
2011-01-10 10:40:57 -05:00
Rob Crittenden
2dac03d7d5 Ship the ipa-dns-install man page
ticket 734
2011-01-10 10:38:46 -05:00
Rob Crittenden
6f58f38748 Display the entries that failed when deleting with --continue.
We collected the failures but didn't report it back. This changes the
API of most delete commands so rather than returning a boolean it returns
a dict with the only current key as failed.

This also adds a new parameter flag, suppress_empty. This will try to
not print values that are empty if included. This makes the output of
the delete commands a bit prettier.

ticket 687
2011-01-10 10:32:10 -05:00
Rob Crittenden
0a79836082 Setting an empty set of target attributes should raise an exception.
It is possible to create an ACI with attributes and then try to set that
to None via a mod command later. We need to catch this and raise an exception.

If all attributes are set to None in an aci then the attr target is removed
from the ACI. This could result in an illegal ACI if there are no other
targets. Having no targets is a legal state, just not a legal final state.

ticket 647
2011-01-10 10:27:23 -05:00
Adam Young
c69f4d0fed center page
fixes issues from
 https://fedorahosted.org/freeipa/ticket/507
2011-01-10 09:26:32 -05:00
Adam Young
e903f43d48 action-panel adjustments
tweak the tabs padding
2011-01-10 13:01:37 -05:00
Endi S. Dewata
039039155f Fixed command category value. 2011-01-10 12:49:06 -05:00
Adam Young
340d0d685c remove permissions checkbox
self service defaults to write permission, the only acceptable one.
By removing the checkbox, we stop sending invalid permissions
2011-01-08 04:45:07 -05:00
Adam Young
f717d7d2e7 fix entity unit tests unit tests updated to accoount for the facet_group title 2011-01-08 04:45:00 -05:00
Adam Young
5c9c006af1 Validate add-dialog text fields 2011-01-08 04:44:51 -05:00
Rob Crittenden
aea1bc7959 Temporarily work around SSL connection issue causing installation to fail.
Not sure if this is an openldap-client, pem-nss or python-ldap problem yet
but the installation is failing.
2011-01-07 18:08:01 -05:00
Pavel Zuna
38c2656829 Fix 'ipa help permissions'; add 'dns' in allowed types. 2011-01-07 14:57:32 -05:00
Rob Crittenden
3f146d9622 Allow the kdc to write krbExtraData 2011-01-07 11:15:16 -05:00
Jan Zeleny
b6eada0802 Initial grouping of ipalib plugins for ipa help
This patch makes one group for all HBAC plugins and one group for all
sudo plugins.
2011-01-07 09:42:41 -05:00
Jan Zeleny
6214af8a8d Changed concept of ipa help
The concept is now following:
topic:    either a module or a group of modules containing registered
          commands. All these commands will usually handle common entity
          type (e.g. hbac rules)
subtopic: each topic can have a number of subtopics. In this case topic
          is a group of modules and each module represents a subtopic.

grouping modules to topics is possible by assigning a 2-tuple to module
variable:

topic = ('topic-name','topic description')

The topic description has to be the same in all modules in the topic.
These are examples of commands now available in IPA help:

ipa help              - display a list of all topics
ipa help hbac         - display help for hbac topic
ipa help hbacrule     - display help for a subtopic of hbac
ipa help hbacrule-add - display help for a particular command

https://fedorahosted.org/freeipa/ticket/410
2011-01-07 09:42:38 -05:00
Jan Zeleny
bfc338d81c Rename hbac module to hbacrule
The renaming follows previous discussion on mailing list and it leads to
name compatibility with other plugins (e.g. sudorule). It is also
necessary for following changes in ipa help.
2011-01-07 09:42:34 -05:00
Rob Crittenden
a1188d95e8 Better detection when not working with a real keytab in ipa-rmkeytab.
Resolving the keytab isn't enough, this just creates a name. Try to
create a cursor into the keytab to see if it is a valid keytab.

ticket 654
2011-01-07 05:15:37 -05:00
Jan Zeleny
1fb2ccf105 Rename --ipaddr option of host-add command
The option is renamed to --ip-address to be consistent with
ipa-replica-prepare.

https://fedorahosted.org/freeipa/ticket/655
2011-01-07 05:09:14 -05:00
Jakub Hrozek
9232a47877 Create the reverse zone by default
A new option to specify reverse zone creation for unattended installs

https://fedorahosted.org/freeipa/ticket/678
2011-01-07 05:05:54 -05:00
Jakub Hrozek
8a9fdbfb03 Do not use LDAP_DEPRECATED in plugins
Remove the LDAP_DEPRECATED constant and do not use functions that are
marked as deprecated in recent OpenLDAP releases. Also always define
WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that
depend on that constant.

https://fedorahosted.org/freeipa/ticket/576
2011-01-07 05:00:44 -05:00
Simo Sorce
21bf175e0c Allow ipa-dns-install to install with just admin credentials
Do this by creating a common way to attach to the ldap server for each
instance.

Fixes: https://fedorahosted.org/freeipa/ticket/686
2011-01-07 04:54:17 -05:00
Simo Sorce
56f000e9a9 Allow ipa-dns-install to configure DNS on a replica.
Fixes: https://fedorahosted.org/freeipa/ticket/645
2011-01-07 04:53:50 -05:00
Adam Young
575d014ac5 bad request workaround not a permanent fix, but makes the web server accept valied request. https://fedorahosted.org/freeipa/ticket/691 2011-01-07 06:14:54 -05:00
Adam Young
ecd2573e09 metatdata for facet_groups
THis patch updates the metadata with the changes for the facet groups names.  It is a large patch only in that the metadata is huge, but the change is trivial
2011-01-07 04:45:08 -05:00
Adam Young
b730eb356f facet nesting
correctly nest the facet groups
change 'parent' to 'member of' for facet group
2011-01-07 04:44:56 -05:00
Adam Young
728a1d8361 dns record style
THe client aread class is added after the create call.  THe logic assumes that there are two divs under the tabs.  THe records facet broke that assumption.  THis fixes it
2011-01-07 03:48:08 -05:00
Endi S. Dewata
02b209a74a Move undo button next to selected radio button. 2011-01-06 21:32:21 -05:00
Endi S. Dewata
4ffd6de823 Fixed tooltips in SUDO details page.
The title attribute in various HTML elements in SUDO details page
has been set to show the proper tooltips. Most of the values are
taken from the 'doc' attribute of sudorule parameters.
2011-01-06 13:25:36 -05:00
Adam Young
79c0b1e14b remove list header 2011-01-06 12:52:17 -05:00
Adam Young
3920b36b4a action panel style
make clickable links blue
change spacing to keep headers from wrapping
convert most px values to em, to support scaling
indent action controls and place them under the active facet
set default font size to 11px
2011-01-06 12:39:16 -05:00
Jr Aquino
cbe02578db fixed typo for description usage example https://fedorahosted.org/freeipa/ticket/704 2011-01-06 11:13:23 -05:00
Martin Kosek
39a9361210 Handle error messages during Host operations
Only a generic error message were displayed when a non-existing
host was passed to host-del or host-disable operations.

This patch adds catching these generic exceptions and raising
new exceptions with the correct error message.

https://fedorahosted.org/freeipa/ticket/303
2011-01-06 11:10:31 -05:00
Jan Zeleny
acb3ca0103 Include some directories in spec file
Two directories were left out from package file list:
..../site-packages/ipalib
..../site-packages/ipaserver

http://fedorahosted.org/freeipa/ticket/688
2011-01-06 10:53:46 -05:00
Endi S. Dewata
e0cf3a8313 Use AJAX status text as default error message.
The ipa_cmd() error handler has been updated to use AJAX status
text as the default error message.
2011-01-05 15:33:56 -05:00
Pavel Zuna
6e5b540db2 Translate IA5Str paramaters the editable text fields in the webUI.
Fix #684
2011-01-05 15:31:47 -05:00
Adam Young
7474a2cf3f add missing files in rpm
Fonts, header images, and json.js
2011-01-05 14:54:18 -05:00
Adam Young
69de8b317a remove UID field
we are only doing global policy on the krbtpolicy page
2011-01-05 13:31:21 -05:00
Pavel Zuna
bd44006911 Make it impossible to add an object as a member of itself in webUI.
Ticket #700
2011-01-05 13:21:00 -05:00
Adam Young
e66e29be7d fix krbtpolicy update
krbtpolicy requires null pkey, and without it, update breaks.
2011-01-05 13:18:29 -05:00
John Dennis
a7b926420f fixes CA install problem in trac ticket 682
Do not call status after pkisilent, it will return non-zero.
Instead restart server after pkisilent so configuration
changes take effect, the check the status.
2011-01-05 13:11:44 -05:00
Endi S. Dewata
b0bca88663 Support for external SUDO users and hosts.
The SUDO details page has been modified to support external users
and hosts. In the backend, the internal and external users are kept
in separate attributes, but in the UI they will be displayed as a
single list. The same thing is done for hosts.

The ipa_sudorule_association_adder_dialog() has been modified such
that it only displays the external field if there is an external
attribute for that field.
2011-01-05 12:53:59 -05:00
Endi S. Dewata
ef2f6b2b59 SUDO run-as adjustments.
The SUDO details page has been modified to match the attribute
names for run-as attributes.
2011-01-05 12:53:53 -05:00
Endi Sukma Dewata
3650df27d5 Fixed SUDO dialog boxes.
The dialog boxes for SUDO details page have been modified
to generate the HTML code by default.
2011-01-05 11:33:35 -05:00
Adam Young
553e08afa6 posix checked check box for posix groups selected by default 2011-01-05 10:39:45 -05:00