* Add a new ACP and group allowing self-service mail updates
This adds a new "idm_people_self_write_mail_priv" group which follows
the existing canned group+acp format closely.
This also adds a test for the functionality
See the discussion in #648 for a bit more background
* Limit the self-write ACP to targets with the "account" class
Per feedback on #672, it's better to limit these APIs specifically to
accounts.
* Fix up
Co-authored-by: Firstyear <william.brown@suse.com>
* Add 'account person set' command
This command allows a user to modify, say, their legal name in a
self-service fashion.
This wasn't possible before by default since the 'extend' operation
required additional ACPs in order to operate which not every user would
have.
The new "person set" api is compatible with the default self_write ACP,
and so allows self-service modification.
* Add a short section on people attributes to the book
Part one of #461 - this adds the syntax to support email addresses and validation of their content, and a method to serialise to the DB that can be extended with attribute tagging in the future. Part two will address administration of these values.
Fixes#250, replacing cookies with auth-bearer tokens. This is done using fernet with randomised keys each startup. The reason for this is that in the future the size of the auth token may exceed cookie limits, so we must be able to understand and process auth bearer. Additionaly, this lets us store the tokens for say the kanidm cli as reqwest today can't persist a cookie jar.
Fixes#195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more.
Add's improvements to ldap compatibility. This stabilises DN formats and how they are returned, and adds the name2uuid index to help speed up binds and entry resolves on large queries. Even on the largest queries, this is able to process them rapidly, and the ldap interface now has single operation times of sub 0.001 second even on 100k entry databases with references.
Fixes#101, concurrent caching of IDL and Entries. This yields a 10% improvement for test case execution, and 35% for tests run under --release mode. A lot of code around the code base was needed to be touched due to the extra need for mut in some operations and some lifetimes, but the majority of the work was in idl_arc_sqlite.rs, which has the cache layer. There are many performance gains yet to see, but most of those will come through improvement of the concread ARC and it's related BTree implementation.
Add default entries test to apply behaviours according to
`designs/default_idm_layout.rst`.
Add expected behaviours for:
- Users
- Account managers
- Group managers
- Admins
- People Managers
- Anonymous clients
- Radius servers
Also, refactor `kanidmd_client` tests to separate into different files
and fix some documentation typos
Resolves: #108
