-userdir-ldap (0.3.66+XX) unstable; urgency=low
+userdir-ldap (0.3.7X) Xnstable; urgency=low
+
+ * Add ud-sync-accounts-to-afs, a script to sync accounts to an
+ AFS protection database.
+ * ud-generate: support host ACLs that expire.
+ * ud-useradd: A new -g switch for adding guest accounts, with
+ proper setting hostacls and shadowexpire and picking the
+ right keyring.
+ * Remove .pgp (v3 pgp key) keyrings from config.
+ * Update guest welcome template.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 19 Sep 2010 01:59:46 +0200
+
+userdir-ldap (0.3.78) unstable; urgency=low
+
+ * Start refactoring ud-generate:
+ - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY
+ are set, use their respective value instead of the default. This
+ makes it possible to run ud-generate as a non-privileged user for
+ testing purposes.
+ - Start wrapping ldap search results in classes. For now we have done
+ this with just an ldap account.
+ - Also got rid of the global PasswdAttrs variable. Now functions
+ get the account list (now a list of Account classes instead of
+ ldap result array of tuples of hashes) passed to them like well-behaved
+ functions.
+ * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+ (we want group=..., not dn=...).
+ * Add ud-krb-reset, and make ud-mailgate call it when
+ receiving a mail at chpasswd@ saying
+ 'Please change my Kerberos password'.
+ * ud-generate: Add an extra output file called all-users.json that
+ can be used on one of the AFS hosts to create afs users.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 13 Sep 2010 19:08:34 +0200
+
+userdir-ldap (0.3.77) unstable; urgency=low
+ [ Peter Palfrader ]
+ * ud-mailgate: Remove a global declaration after a variable has
+ already been assigned globally.
+ * ud-mailgate: We use the result of the pgp check for quite a long
+ time in the main program. Give it its own variable instead of
+ using Res which was overwritten a bit later. Also make a new
+ gpgcheck2 class that allows us to access the values of the gpg
+ signature check in a saner way.
+ * ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.
+ * Add ud-lock.
+ * Fix a typo in welcome-message-800 noticed by Tommi Vainikainen.
+ * Refactor the LDAP acls to be easier to manage.
+ Effective changes:
+ - Keyring Maintainers ldap group gets to write to the keyFingerPrint
+ attribute.
+ - sshrsaauthkey is no longer compareable by *.
+ * ud-generate: refuse to run as root.
+
+ [ Stephen Gran ]
+ * Add txt record support to ud-mailgate
+ * Clean up addition of identifying txt records to debian.net slightly
+
+ -- Peter Palfrader <weasel@debian.org> Fri, 30 Jul 2010 19:46:48 +0200
+
+userdir-ldap (0.3.76) unstable; urgency=low
+
+ [ Peter Palfrader ]
+ * ud-generate: Export groups even if nobody has that group as a
+ supplementary group, as long as there are users that have it as a primary
+ group.
+ * ud-useradd: If we do not have a template for a specific group, use the
+ general purpose template file (welcome-message).
+ * ud-useradd: Fix usergroup support:
+ - Move ldap call to actually add the user to the right place,
+ - Properly compare strings and numbers.
+ * ud-useradd: Only ask for private subscription if this installation
+ has a debian-private like mailinglist whose membership is configured
+ by ud-ldap. (defaults to true.)
+ * Fix welcome-message to be like welcome-message-800 and 60000 wrt
+ email headers
+ * ud-useradd: Properly encode realname in subjects and to header lines
+ regardless of which template is being used.
+ * ud-generate: move the regex that determines whether or not to include
+ a host in the dns-sshfp zone snippet (for SSHFP and A, AAAA and MX
+ records) to the config file.
+ * Include a host in DNS even if we do not have both ssh keys and an
+ arch for that host configured.
+
+ [ Stephen Gran ]
+ * Add patches from Helmut Grohne <helmut@subdivi.de>:
+ Allow ssh keys to be exported only to specific hosts by prefixing them
+ with allowed_hosts=[host1[,host2 ...]]] when adding them using
+ ud-mailgate.
+
+ -- Stephen Gran <sgran@debian.org> Sat, 30 Jan 2010 13:33:40 +0000
+
+userdir-ldap (0.3.75) unstable; urgency=low
+
+ * Enable support for mailDefaultOptions
+ * Make a stab at really not exporting empty groups.
+
+ -- Stephen Gran <sgran@debian.org> Mon, 16 Nov 2009 21:36:53 +0000
+
+userdir-ldap (0.3.74) unstable; urgency=low
+
+ [ Peter Palfrader ]
+ * ud-generate: Make sure we only add people in gid 800 to debian-private.
+ (DebianUsers was just a copy of PasswdAttrs. So use PasswdAttrs in
+ all the places that currently use DebianUsers. Make a filtered list
+ DebianDDUsers (accounts in gid 800), and use that for building the
+ debian-private subscription list.)
+ * welcome-message-60000: improve wording of a sentence. Sometimes less
+ is more.
+
+ [ Stephen Gran ]
+ * Initial support for BATV token storage.
+ * generate a new file for mail forwards for users present on this machine
+
+ -- Stephen Gran <sgran@debian.org> Sun, 15 Nov 2009 11:54:41 +0000
+
+userdir-ldap (0.3.73) unstable; urgency=low
+
+ * Add dnsTTL host attribute to override the zone default TTL
+ for A and AAAA records. Also for MX, HINFO and SSHFP.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 18 Oct 2009 12:38:51 +0200
+
+userdir-ldap (0.3.72) unstable; urgency=low
+
+ [ Peter Palfrader ]
+ * ud-useradd: Allow unsetting of middle names by entering a space.
+ * userdir-ldap.conf: Add debian-maintainers.gpg to keyrings and
+ sync_keyrings.
+ * ud-useradd: force gidNumber to be an int when we open the welcome
+ template (it can be different when we read it from input using -n).
+ * Tweak templates/welcome-message-60000.
+ * ud-generate: don't blow up when a host does not have IP-addresses.
+ * We autogenerate the authorized_keys files for sshdist on db-master.
+ It limits the hosts' ssh key to coming from their respective addresses.
+ Now we can add additional source addresses to accept for this since
+ not all hosts appear to come from their published address (or have
+ a published address for that matter).
+
+ [ Stephen Gran ]
+ * Make zone reloads work when ud-generate updates zone files
+
+ -- Stephen Gran <sgran@debian.org> Mon, 05 Oct 2009 00:54:43 +0100
+
+userdir-ldap (0.3.71) unstable; urgency=low
+
+ * Enable autogeneration of DNS records for .d.o hosts
+
+ -- Stephen Gran <sgran@debian.org> Sun, 23 Aug 2009 12:50:01 +0000
+
+userdir-ldap (0.3.70) unstable; urgency=low
+
+ * Enable autogeneration of sshdist's authorized_keys file
+
+ -- Stephen Gran <sgran@debian.org> Sun, 09 Aug 2009 16:10:35 +0000
+
+userdir-ldap (0.3.69) unstable; urgency=low
+
+ * Make ud-host do allowedGroups, exportOptions.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 23 Jul 2009 22:52:08 +0200
+
+userdir-ldap (0.3.68) unstable; urgency=low
+
+ * userdir-ldap.conf: localsyncon = "*draghi*"
+ * userdir-ldap-slapd.conf.in: database hdb
+ * schema: allowedGroups, exportOptions attribute for servers
+ * Move away from generate.conf and use the information provided in
+ the ldap.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 23 Jul 2009 22:32:44 +0200
+
+userdir-ldap (0.3.67) unstable; urgency=low
+
+ [ Stephen Gran ]
* ud-replicate no longer uses localsyncon=*samosa*.
* ud-generate cleanup:
- general code tidy (whitespace, semi-colons, python idioms)
- Stop exporting locked accounts
- begin cleanup of use of string exceptions
- -- Stephen Gran <sgran@debian.org> Sat, 09 May 2009 16:41:36 +0100
+ [ Peter Palfrader ]
+ * .debian.net DNS creates BSMTP maps for MX 0 master in addition to gluck.
+ * .debian.net DNS no longer creates BSMTP maps for MX 0 gluck.
+ * Remove mailSpamOptOut ldap attribute - it isn't used anywhere.
+ * schema, ud-info, ud-mailgate, ud-generate: Add mailContentInspectionAction
+ attribute. Possible values are reject, blackhole and markup.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 14 Jul 2009 11:02:27 +0200
userdir-ldap (0.3.66) unstable; urgency=low