freeipa

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Author	SHA1	Message	Date
Thierry Bordaz	b5cb95431b	Display the wrong attribute name when mandatory attribute is missing When activating a stageuser, if 'sn' or 'cn' or 'uid' is missing it displays an error with 'cn' Reviewed-By: Tomas Babej <tbabej@redhat.com>	2015-07-02 12:01:07 +02:00
Martin Basti	96c23659fc	DNS: Do not traceback if DNS is not installed Instead of internal error show 'DNS is not configured' message, when a dns* command is executed. https://fedorahosted.org/freeipa/ticket/5017 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2015-07-01 20:19:01 +02:00
Jan Cholasta	5b39bc1003	plugable: Remove unused call method of Plugin https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	2b12bca660	plugable: Specify plugin base classes and modules using API properties https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	4b277d0477	plugable: Change is_production_mode to method of API https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	1a21fd971c	plugable: Remove SetProxy, DictProxy and MagicDict https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	b1fc875c3a	plugable: Lock API on finalization rather than on initialization https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	860088208b	plugable: Do not use DictProxy for API https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	e39fe4ed31	plugable: Pass API to plugins on initialization rather than using set_api https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	2d1515323a	plugable: Load plugins only from modules imported by API Previously all plugin modules imported from anywhere were added to the API. https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	481f8ddaa3	plugable: Specify plugins to import in API by module names This change removes the automatic plugins sub-package magic and allows specifying modules in addition to packages. https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	7715d5bb04	ipalib: Move find_modules_in_dir from util to plugable https://fedorahosted.org/freeipa/ticket/3090 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	fe2accf776	ipalib: Load ipaserver plugins when api.env.in_server is True https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Jan Cholasta	f87ba5ee08	plugable: Move plugin base class and override logic to API Each API object now maintains its own view of registered plugins. This change removes the need to register plugin base classes. This reverts commit `2db741e847`. https://fedorahosted.org/freeipa/ticket/3090 https://fedorahosted.org/freeipa/ticket/5073 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-07-01 13:05:30 +00:00
Tomas Babej	e21dad4e1c	idviews: Remove ID overrides for permanently removed users and groups For IPA users and groups we are able to trigger a removal of any relevant ID overrides in user-del and group-del commands. https://fedorahosted.org/freeipa/ticket/5026 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2015-07-01 13:06:40 +02:00
Tomas Babej	77b64e6023	idviews: Allow users specify the raw anchor directly as identifier For various reasons, it can happen that the users or groups that have overrides defined in a given ID view are no longer resolvable. Since user and group names are used to specify the ID override objects too by leveraging the respective user's or group's ipaUniqueID, we need to provide a fallback in case these user or group entries no longer exist. https://fedorahosted.org/freeipa/ticket/5026 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2015-07-01 13:00:07 +02:00
Tomas Babej	a6d448b8bf	idviews: Set dcerpc detection flag properly The availability of dcerpc bindings is being checked on the client side as well, hence we need to define it properly. https://fedorahosted.org/freeipa/ticket/5025 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>	2015-07-01 12:57:22 +02:00
Rob Crittenden	57429c1cfa	Don't rely on positional arguments for python-kerberos calls Upstream PyKerberos uses a different argument ordering than from the patch that Fedora/RHEL was carrying for authGSSClientInit(). Using named arguments provides forwards and backwards compatibility. https://fedorahosted.org/freeipa/ticket/5085 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2015-07-01 12:20:07 +02:00
Fraser Tweedale	7f923f922a	certprofile: fix doc error Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-29 17:14:00 +02:00
Petr Vobornik	5397150979	Verify replication topology for a suffix Checks done: 1. check if the topology is not disconnected. In other words if there are replication paths between all servers. 2. check if servers don't have more than a recommended number of replication agreements(4) https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-06-29 17:11:53 +02:00
Petr Vobornik	659b88b820	topology: check topology in ipa-replica-manage del ipa-replica-manage del now: - checks the whole current topology(before deletion), reports issues - simulates deletion of server and checks the topology again, reports issues Asks admin if he wants to continue with the deletion if any errors are found. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-06-29 17:11:08 +02:00
root	ffd6b039a7	User life cycle: permission to delete a preserved user Add permission to delete an entry from Delete container https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-29 13:50:04 +02:00
Milan Kubík	b3c7805e88	Fix for a typo in certprofile mod command. Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>	2015-06-23 10:30:49 +02:00
Petr Vobornik	baca55c665	webui: adjust user deleter dialog to new api In user_del, flags 'permanently' and 'preserve' were replaced with single bool option 'preserve' part of: https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-06-18 15:50:44 +02:00
Jan Cholasta	1d60825138	User life cycle: change user-del flags to be CLI-specific Rename --permanently to --no-preserve. https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-06-18 15:48:53 +02:00
Martin Basti	3ababb763b	DNS: add UnknownRecord to schema defintion of UnknownRecord attributetype https://fedorahosted.org/freeipa/ticket/4939 Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-06-18 14:37:28 +02:00
Nathaniel McCallum	4dfa23256d	Fix OTP token URI generation Google Authenticator fails if the algorithm is not uppercase. https://fedorahosted.org/freeipa/ticket/5047 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-06-17 16:46:25 +02:00
Jan Cholasta	69607250b9	User life cycle: provide preserved user virtual attribute https://fedorahosted.org/freeipa/ticket/3813 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>	2015-06-15 16:13:22 +02:00
Petr Vobornik	d58bdf29a5	server: add "del" command this command is internal and is supposed to be used by ipa-replica-managed to delete replica. Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-15 16:06:48 +02:00
Thierry Bordaz	44cced658b	Stage User: Fix permissions naming and split them where apropriate. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>	2015-06-15 09:52:42 +02:00
Petr Vobornik	bb6c0b9c63	topology: fix swapped topologysegment-reinitialize behavior setting "nsds5BeginReplicaRefresh;left" to "start" reinintializes the right node and not the left node. This patch fixes API to match the behavior. part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-15 09:41:48 +02:00
Petr Vobornik	6b153ba876	topology: restrict direction changes topology plugin doesn't properly handle: - creation of segment with direction 'none' and then upgrade to other direction - downgrade of direction These situations are now forbidden in API. part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-15 09:38:46 +02:00
Petr Spacek	d84680473b	DNSSEC: Detect zone shadowing with incorrect DNSSEC signatures. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-11 16:08:42 +02:00
Petr Vobornik	5089dde2cd	disallow mod of topology segment nodes Mod of segment end will be disallowed in topology plugin. Reasoning (by Ludwig): if we want to properly allow mods to change connectivity and endpoints, then we would need to check if the mod disconnects the topology, delete existing agreements, check if the new would be a duplicate and create new agmts. There could be some difficult scenarios, like having A <--> B <--> C <--> D, if you modify the segment B-C to A-D topology breaks and is then reconnected. part of: https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-11 13:39:09 +02:00
Martin Basti	f8c8c360f1	DNSSEC: validate forward zone forwarders Show warning messages if DNSSEC validation is failing for particular FW zone or if the specified forwarders do not work https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-06-11 13:12:31 +02:00
Martin Basti	9aa6124b39	DNSSEC: Improve global forwarders validation Validation now provides more detailed information and less false positives failures. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>	2015-06-11 13:12:31 +02:00
Petr Vobornik	c9cbb1493a	rename topologysegment_refresh to topologysegment_reinitialize https://fedorahosted.org/freeipa/ticket/5056 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-11 13:08:34 +02:00
Fraser Tweedale	947af1a037	Enforce CA ACLs in cert-request command This commit adds CA ACL enforcement to the cert-request command and uses the pyhbac machinery. It is planned to implement ACL enforcement in Dogtag in a future release, and remove certificate issuance privileges and CA ACL enforcement responsibility from the framework. See https://fedorahosted.org/freeipa/ticket/5011 for more information. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-11 10:50:31 +00:00
Fraser Tweedale	bc0c606885	Add CA ACL plugin Implement the caacl commands, which are used to indicate which principals may be issued certificates from which (sub-)CAs, using which profiles. At this commit, and until sub-CAs are implemented, all rules refer to the top-level CA (represented as ".") and no ca-ref argument is exposed. Also, during install and upgrade add a default CA ACL that permits certificate issuance for all hosts and services using the profile 'caIPAserviceCert' on the top-level CA. Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4559 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-11 10:50:31 +00:00
Jan Cholasta	e7ac57e139	vault: Fix ipa-kra-install Use state in LDAP rather than local state to check if KRA is installed. Use correct log file names. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-06-10 16:17:34 +00:00
Jan Cholasta	81729e22d3	vault: Move vaults to cn=vaults,cn=kra https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: David Kupka <dkupka@redhat.com>	2015-06-10 16:17:34 +00:00
Petr Vobornik	2661a860e0	topology: hide topologysuffix-add del mod commands Suffices are created on installation/upgrade. Users should not modify them. https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2015-06-10 14:16:03 +02:00
Petr Vobornik	4232c39f67	topology: allow only one node to be specified in topologysegment-refresh https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Tomas Babej <tbabej@redhat.com>	2015-06-10 14:14:09 +02:00
Endi S. Dewata	df1bd39a43	Added vault-archive and vault-retrieve commands. New commands have been added to archive and retrieve data into and from a vault, also to retrieve the transport certificate. https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Jan Cholasta <jcholast@redhat.com>	2015-06-08 10:04:23 +00:00
Drew Erny	a57998f51e	Migration now accepts scope as argument Adds a new option to command ipa migrate-ds, --scope=[base,onelevel,subtree] which allows the user to specify LDAP search depth for users and groups. 'onelevel' was the hard-coded level before this patch and is still default. Specify 'subtree' to search nested OUs for users and groups. https://fedorahosted.org/freeipa/ticket/2547 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-05 19:31:18 +02:00
Petr Vobornik	538178b53d	webui: topology plugin https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-04 13:20:44 +02:00
Petr Vobornik	604331f0be	webui: IPA.command_dialog - a new dialog base class refactoring for: https://fedorahosted.org/freeipa/ticket/4997 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-04 13:20:44 +02:00
Petr Vobornik	b189e66298	topology: ipa management commands ipalib part of topology management Design: - http://www.freeipa.org/page/V4/Manage_replication_topology https://fedorahosted.org/freeipa/ticket/4302 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>	2015-06-04 12:06:31 +02:00
Fraser Tweedale	a931d3edc0	Update cert-request to support user certs and profiles Part of: https://fedorahosted.org/freeipa/ticket/57 Part of: https://fedorahosted.org/freeipa/ticket/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-04 08:27:33 +00:00
Fraser Tweedale	979947f7f2	Add usercertificate attribute to user plugin Part of: https://fedorahosted.org/freeipa/tickets/4938 Reviewed-By: Martin Basti <mbasti@redhat.com>	2015-06-04 08:27:33 +00:00

1 2 3 4 5 ...

2622 Commits