Passing a number of "long" type to IPA Int parameter invokes
user-unfriendly error message about incompatible types. This patch
improves Int parameter with user understandable message along with
maximum value he can pass.
https://fedorahosted.org/freeipa/ticket/1346
Implement a test for new dnszone-find option --forward-only.
Fix example for reverse zone (zone was not fully qualified and
DNS plugin would forbid adding PTR records).
https://fedorahosted.org/freeipa/ticket/1473
When a replica for self-signed server is being installed, the
installer crashes with "Not a dogtag CA installation". Make sure
that installation is handled correctly for both dogtag and
self-signed replicas.
https://fedorahosted.org/freeipa/ticket/1479
When DNS plugin is installed via ipa-dns-install and user has a valid
Kerberos ticket at the time, the DNS installation is corrupt and named
won't start, reporting Preauthentication error.
When the non-DM identity is used for authentication, krbprincipalkey
attribute in DNS service LDAP record is not created, thus leading
to the error. This patch makes sure that authentication with Directory
Manager password is used every time.
https://fedorahosted.org/freeipa/ticket/1483
Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by
default instead of using the netmask from the --ip-address option.
Custom reverse DNS zone can be specified using new --reverse-zone
option, which replaces the old --ip-address netmask way of creating
reverse zones.
The reverse DNS zone name is printed to the user during the install.
ticket 1398
New rules will all be allow type. Existing rules cannot be changed to
deny.
The type attribute now defaults to allow with autofill so it won't be
prompted in interactive mode in the cli.
https://fedorahosted.org/freeipa/ticket/1432
It was my understanding that we would be able to pass in an existing UUID
when registering to connect to an existing registration (for the case where
IPA is re-installed). This is supported in the REST API but not python-rhsm.
https://fedorahosted.org/freeipa/ticket/1216
This fixes a regression.
We don't need to allow enrolledBy to be modified because it gets
written in the ipa_enrollment plugin which does internal operations
so bypasses acis.
https://fedorahosted.org/freeipa/ticket/302
The CSS text-transform sometimes produces incorrect capitalization,
so the code has been modified to use translated labels that already
contain the correct capitalization.
Ticket #1424
Brings the DNS record infrastructure in line with the other entities.
Uses widgets, nested search, and a littel bit of overloading for dns specific behavior
The records now have their own page.
simplified link widget and use for dns
links work for nested entities.
change the field in the link widget to other_entity to avoid name collision.
unit test for entity link.
fixed reference to entity for getting pkeys
work around lack of setattr for dns record mod.
update wasn't deducing locked_field type correctly.
don't overwrite param_info in init
data is required on adder dialog
delete works for multiple records
use show instead of find for entity_link_widget.
https://fedorahosted.org/freeipa/ticket/1038https://fedorahosted.org/freeipa/ticket/1448https://fedorahosted.org/freeipa/ticket/577https://fedorahosted.org/freeipa/ticket/1460
When -w/--password option is passed to ipa-replica-install it is
printed to ipareplica-install.log. Make sure that the value of this
option is hidden.
https://fedorahosted.org/freeipa/ticket/1378
Implements a new option to filter out reverse zones.
This patch also do some clean up in dns plugin - debug prints were
accidentally left here in the last dns patch.
https://fedorahosted.org/freeipa/ticket/1471
https://fedorahosted.org/freeipa/ticket/1259
Python code will see nsaccountlock as bool. JavaScript code will also see it as bool.
This allows native boolean operations with the lock field. Passes both CLI and WebUI tests.
The object_name, object_name_plural and messages that use these
attributes have been converted to support translation. The label
attribute in the Param class has been modified to accept unicode
string.
Ticket #1435
The DNS record plugin does not support modification of a record. One
can only add A type addresses to a DNS record or remove the current
ones. To actually change a DNS record value it has to be removed and
then added with a desired value.
This patch adds a new DNS plugin command "dnsrecord-mod" which enables
user to:
- modify a DNS record value (note than DNS record can hold multiple values
and those will be overwritten)
- remove a DNS record when an empty value is passed
New tests for this new command have been added to the CLI test suite.
https://fedorahosted.org/freeipa/ticket/1137
The ipaldap.py code was updated to consider the schema when making
changes and does a REPLACE on single-value attributes. So when you
do an add in an update it will effectively replace the value instead
of ignoring it.
It will only ever return one entry so if more than one are found
then we raise an exception. This is most easily seen in the host
plugin where we search on the server shortname which can be the
same across sub-domains (e.g. foo.example.com &
foo.lab.example.com).
https://fedorahosted.org/freeipa/ticket/1388
This started as a problem in allowing leading/trailing whitespaces
on primary keys. In nearly every command other than add query is True
so all rules were ignored on the primary key. This meant that to
enforce whitespace we would need to define a validator for each one.
I decided instead to set self.all_rules to just the class rules if
query == True. So the minimum set of validators will be executed
against each type but param-specific validators will only run on add.
https://fedorahosted.org/freeipa/ticket/1285https://fedorahosted.org/freeipa/ticket/1286https://fedorahosted.org/freeipa/ticket/1287
previsouly was checked on key down, but that does the check too soon.
Next attempt was on blur, but that had numerous problems. This now checkes when the add button is clicked.
works for entity_select widget, too
Checks upon form submission
https://fedorahosted.org/freeipa/ticket/1437
shows dialog if there are any HBAC deny rules. Dialog provides option to navigate to the HBAC page. Deny rules have their rule type value show up in red.
Only shows up fro administrators, not for self service users.
https://fedorahosted.org/freeipa/ticket/1421
The object_name attribute was used as both an identifier and a
label which sometimes require different values (e.g. hbacrule
vs. HBAC rule). The code that uses object_name as an identifier
has been changed to use the 'name' attribute instead. The values
of the object_name attribute have been fixed to become proper
labels.
Ticket #1217
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an existing socket.
https://fedorahosted.org/freeipa/ticket/1349
The following invalid associations have been removed:
- group's memberindirect netgroup and role
- hostgroup's memberofindirect host
Ticket #1366
Ticket #1367
The entitlement buttons are located serveral levels underneath
facet-controls, so the CSS selector has been fixed to extend beyond
facet-controls' immediate children.
Ticket #1419
The IPA.user_status_widget has been modified such that it checks
the facet dirty status and asks the admin to either Update or Reset
the changes. Then the widget shows a dialog to confirm whether
the admin wants to activate/deactivate the user.
Ticket #1395
