When getpass.getpass() function is interrupted via CTRL+D, EOFError
exception is thrown. Most of the install tools are not prepared for
this event and crash with this exception. Make sure that it is
handled properly and nice error message is printed.
https://fedorahosted.org/freeipa/ticket/1916
Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection
the global SSF is checked for password changes and enrollments.
https://fedorahosted.org/freeipa/ticket/1877
When setting up the client-side NTP configuration, make sure that /etc/ntp/step-tickers
point to IPA NTP server as well.
When restoring the client during ipa-client-install --uninstall, make sure NTP configuration
is fully restored and NTP service is disabled if it was disabled before the installation.
https://fedorahosted.org/freeipa/ticket/1770
Add a new required parameter, current_password. In order to ask this
first I added a new parameter option, sortorder. The lower the value the
earlier it will be prompted for.
I also changed the way autofill works. It will attempt to get the default
and if it doesn't get anything will continue prompting interactively.
Since current_password is required I'm passing a magic value that
means changing someone else's password. We need to pass something
since current_password is required.
The python-ldap passwd command doesn't seem to use the old password at
all so I do a simple bind to validate it.
https://fedorahosted.org/freeipa/ticket/1808
Installing IPA server --selfsign option is currently a one-way ticket
to server with limited certificate capabilities. Make sure that user
really want to install it by implementing the following steps:
- moving the option to the bottom of certificate options section
- adding a warning to ipa-server-install man page
- adding a warning to ipa-server-install help
- adding a warning to ipa-server-install configuration summary
when one runs ipa-server-install
https://fedorahosted.org/freeipa/ticket/1908
When group/user is migrated, the attribute used for RDN may be
multivalued. Make sure that we pick the value used in the RDN
which should be the unique one and not just the first one.
https://fedorahosted.org/freeipa/ticket/1892
When LDAP server contains more that one suffixes, the ipa client
installation does not detect it as IPA server and fails to install.
Fix ipa server discovery so that it correctly searches all naming
contexts for the IPA one.
https://fedorahosted.org/freeipa/ticket/1868
LDAPCreate reports "search criteria was not specific enough" when LDAP
object created in LDAPCreate shares its container with other LDAP objects
and there is one with the same name and RDN attribute.
Pass objectclass to find_entry_by_attr() function used to retrieve
newly created object for POST_CALLBACK to identify correct LDAP
object.
https://fedorahosted.org/freeipa/ticket/1864
https://fedorahosted.org/freeipa/ticket/1454
The following widgets should call create_error_link() to create a space to show validation error messages:
IPA.checkbox_widget
IPA.checkboxes_widget
IPA.radio_widget
IPA.select_widget
IPA.table_widget
IPA.attributes_widget
IPA.rights_widget
IPA.target_section (it's a widget)
Solution:
* added call to checkbox, checkboxes, radio, select, table, attributes widget
* rights_widget inherits it from checkboxes_widget.
* target_section IS NOT a widget as it doesn't inherit from widget. It's still a section, which shows different widgets based on its state.
* table_widget displays error_link between pagination and summary.
Additional:
* added padding and unified font-weight for error message
A new IPA.dialog_button class has been added to encapsulate the
buttons in the dialog box so they can be managed more easily.
The adder dialog has been modified to disable the enroll button if
there is no entries selected.
Ticket #1856
The width of the 1st level tab has been modified to expand according
to the size of the tab label.
The width of the adder dialogs have been increased to allow longer
button labels.
Ticket #1825
https://fedorahosted.org/freeipa/ticket/1883
It's a regression introduced by patch for #1797
Reproduce:
* show user group foo
* click on user groups tab
* click on enroll button
Result:
User group 'foo' is listed in available list.
Expected result:
User group 'foo' is not listed in available list.
https://fedorahosted.org/freeipa/ticket/1841
The column header for the attributes table (IPA.attributes_widget) does not cover the entire width of the table. This problem appears in the adder dialog and details page for permissions, self-service permissions, and delegations.
Some jQuery objects in various locations have been modified to use
text() to show values obtained from the server (except messages).
The text() will automatically encode special characters.
Ticket #1798
The IPA.combobox_widget has been modified such that if the drop-down
list doesn't contain the stored value (due to search limit) it will
not select anything from the list.
The widget has also been modified not to select the value that matches
the filter automatically because that might not be the user's intention.
Ticket #1819
The IPA.dialog has been modified to store sections instead of fields.
If there is no sections specified, it will create a default section.
The adder dialog for automount map has been modified such that the
fields related to indirect map are stored in a section which will
only be visible when the map type is set to indirect.
The adder dialog for host has been modified such that it uses a
custom section for hostname and DNS zone and standard section for
the other fields.
Ticket #1394
httplib purposely keeps the socket open as a file on failed requests. We
need to close this file otherwise nss_shutdown() will fail.
https://fedorahosted.org/freeipa/ticket/1807
The IPA.association_adder_dialog has been modified to use an exclusion
list to hide entries that are already enrolled.
The IPA.adder_dialog has been modified to store the columns directly
in the available & selected tables.
Ticket #1797
Fix get_url_list() so that the configured master server is there
just once. This fix lets /usr/bin/ipa try connecting to all IPA
masters just once and not print confusing server list with
dupled master.
https://fedorahosted.org/freeipa/ticket/1817
