to edit other users (the Edit link won't appear otherwise). Additional
delegation is need to grant permission to individual attributes.
Update the failed login page to indicate that it is a permission issue.
Don't allow access to policy at all for non-admins.
By default users can only edit themselves.
This patch uses the kerberos schema policy, this is the same policy used by
kadmin.
While this patch allows for krbPwdPolicy objects anywhere the kldap module
will make the kdc fail to provide tickets if the "krbPwdPolicyReference"
points to any object that is not a child of cn=<REALM>,cn=kerberos,dc=....
To let us set policies anywhere in the tree I enabled the code to actually
look at parent entries and the user entry itself and specify policies directly
on these objects by adding the krbPwdPolicy objectclass to them (I know its
structural but DS seem to allow multiple Structural classes on the same
entry).
The only side effect is that kadmin will not understand this, but we don't
want to use kadmin anyway as it does not understand way too many things about the
directory.
I've tested a few scenarios and all seem working as expected, but further
testing is welcome of course.
Fix error reporting in the UI to include the detailed message
Sort delegations by name when displaying them
Update the name field from "Name" to "Delegation Name"
This patch fixes a couple of buglets with read_ip_address():
1) It writes host_name to /etc/hosts, but isn't currently
being passed host_name
2) It doesn't return the IP address even though the caller
expects it
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
Rather than lumping everything together into the dist/ dir,
this patch separates them out into sources/, rpms/ and srpms/.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
We don't need the elaborate python requires, since a requires
for e.g. "python-abi = 2.5" is automatically added.
We also don't need the elaborate build requires, since all
it does is query the currently installed version of python
and require that you have it's appropriate python-devel
installed. But if python-devel is installed at all, this
should hold true.
(Also, IMHO the .spec files should be removed from mercurial
since they are automatically generated)
Signed-off-by: Mark McLouglin <markmc@redhat.com>
This patch just makes "make dist" build the yum repodata.
Note, that since the repodata is at the toplevel, if this
dist/ dir is uploaded to freeipa.org/downloads, people's
yum configs will continue to work.
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
After looking into setting up ntpd on the IPA servers I decided it
was better just to warn admins. There are just too many valid setups
for time synchronization for us to try to get this right. Additionally,
just installing ntp and accepting the default config will result in
a configuration that is perfectly valid for IPA.
This patch checks if ntpd is running and suggests enabling it if it
is not - for client and server. It also adds some suggested next
steps to the server installation.
