X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=6931ccbcd06fb65878718ea7bc4c6f310f5887ad;hb=6bfb2e39cd7bc15ff6a7a7d6f8afec5ad7c8dbc1;hp=dd64722f387d3c71a2ebdeb060e6d562d309e9af;hpb=92ba9e85b9d04a159ca5e15add1b5c8d5eb7ac16;p=mirror%2Fuserdir-ldap.git diff --git a/debian/changelog b/debian/changelog index dd64722..6931ccb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,122 @@ -userdir-ldap (0.3.7X) Xnstable; urgency=low +userdir-ldap (0.3.80) UNRELEASED; urgency=low + + [ Peter Palfrader ] + * some ud-echelon fixes, + * userdir_gpg.py: GetClearSig: add lax_multipart to deal + with random multipart mails. + * naming your variable like a module is unsmart. + * ud-generate: + - filter on shadowAccount. + - fix breaking old ud-generate locks. + * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify. + * ud-replicate: + - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, + but instead re-use the domain from email-append. + - now preserve server side modifcation times when rsyncing data. + * userdir_ldap.py: read auth password from environment if set. + * Introduce BaseBaseDN which is the real base dn. BaseDN itself + has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. + * Merge from torproject.org: + - Allow sshRSAAuthKey for role accounts. + - Support ssh key attributes for gitolite export. + - Add ssh-gitolite support. + * debianGroups may have cn attribute (helpful when putting samba stuff into + ldap). + * ud-mailgate: Do not try to do an ldap modify with no changes - now show + command to changes@ should work again. + * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t. + * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() + functions. + * ud-generate: Add -f option to build even if cache is current. + * ud-generate: Move main code into a ud_generate() + * ud-generate: speed improvements: + - cut down on calls to IsInGroup by doing it once in generate_host() + and not having the individual generators run it. + o side effect: Up until now we exported empty groups to a host, if + that group had a user with that group as their primary group - even + if that particular user was not exported to this this. No we no + longer export empty groups. + - speed up ssh tarball generation: No longer write indidividual user's ssh + authorized_keys to disk, only to read them later. Directly create a + TarInfo object without referring to any on-disk files. + - get rid of global state variable CurrentHost. This will enable upcoming + changes. + - UDLdap.py: make a cache for __getitem__() decisions. + - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff, + so doing it here just costs a lot. + * ud-generate: Use a flock() lock instead of python's lockfile class. + * ud-generate: The ssh authorized_keys file for the sshdist user now wraps + the rsync call in an flock wrapper that acquires a shared lock on + ud-generate's lock. This prevents syncing while ud-generate runs. + + [ Stephen Gran ] + * Fix deprecation warnings for sha module by using hashlib module instead + * ud-fingerserv: update Net::LDAP import + * Implement audit logging for ldap + * stop running ud-generate if nothing has changed, based on audit logs + + [ Martin Zobel-Helas ] + * ud-generate: generate webPasswords + * ud-replicate: set correct permissions for web-passwords + * add freecdb to depends + * userdir-ldap.schema + - add webPasswords + - add mailPreserveSuffixSeperator + + -- Martin Zobel-Helas Fri, 23 Mar 2012 19:19:16 +0100 + +userdir-ldap (0.3.79) unstable; urgency=low + + * Add ud-sync-accounts-to-afs, a script to sync accounts to an + AFS protection database. + * ud-generate: + - support host ACLs that expire. + - lock output directory when generating. + - support sync keyring dirs now too. + * ud-useradd: A new -g switch for adding guest accounts, with + proper setting hostacls and shadowexpire and picking the + right keyring. + * Remove .pgp (v3 pgp key) keyrings from config. + * Update guest welcome template. + * ud-gpgimport: handle guest keyrings. + * ud-mailgate: + - Make updating of gender actually work. + - Do not mess with sudo passwords if nothing changed. + * templates/change-reply: say a word about subjects in mail to admin@db. + * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces. + * try to properly handle some more mime stuff. + - use email module instead of deprecated mimetools and multifile modules + - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py + * move ud-echelon and sigcheck to GPGCheckSig2 interface. + + -- Peter Palfrader Sat, 21 May 2011 14:53:18 +0200 + +userdir-ldap (0.3.78) unstable; urgency=low + + * Start refactoring ud-generate: + - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY + are set, use their respective value instead of the default. This + makes it possible to run ud-generate as a non-privileged user for + testing purposes. + - Start wrapping ldap search results in classes. For now we have done + this with just an ldap account. + - Also got rid of the global PasswdAttrs variable. Now functions + get the account list (now a list of Account classes instead of + ldap result array of tuples of hashes) passed to them like well-behaved + functions. + * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers + (we want group=..., not dn=...). + * Add ud-krb-reset, and make ud-mailgate call it when + receiving a mail at chpasswd@ saying + 'Please change my Kerberos password'. + * ud-generate: Add an extra output file called all-users.json that + can be used on one of the AFS hosts to create afs users. + + -- Peter Palfrader Mon, 13 Sep 2010 19:08:34 +0200 + +userdir-ldap (0.3.77) unstable; urgency=low [ Peter Palfrader ] * ud-mailgate: Remove a global declaration after a variable has