* ud-generate: Set shadow expiry to 1 for locked accounts.
* update doc/slapd-config.txt: labeledURL was removed from the schema but
not the slapd.conf example. Do that now.
+ * add simple ud-config script for use in shell scripts. This allows
+ querying config values.
[ Marc 'HE' Brockschmidt ]
* Make the host ud-replicate syncs from configurable in userdir-ldap.conf,
debianServer schema and teach ud-host about it
* ud-host: cleanup: Replace local copy HBaseDn of the centrally
configured HostBaseDn.
+ * ud-generate: Mark that no passwords are exported also in the
+ generated passwd file, not only in the shadow file (by using a "*"
+ as password (meaning "no password"), instead of "x" (meaning "do I
+ look like a passwd from the nineties? Look into /etc/shadow!")).
[ Joerg Jaspert ]
* Enhance copyright file a bit, also adding a pointer to our repository
os.rename(File + ".tdb.tmp",File+".tdb");
# Generate the password list
-def GenPasswd(l,File,HomePrefix,PwdMarker,UidShift):
+def GenPasswd(l,File,HomePrefix,PwdMarker):
F = None;
try:
F = open(File + ".tdb.tmp","w");
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (I,Line));
F.write(".%s %s" % (GetAttr(x,"uid"),Line));
- F.write("=%s %s" % ((int(GetAttr(x,"uidNumber"))+UidShift),Line));
+ F.write("=%s %s" % (GetAttr(x,"uidNumber"),Line));
I = I + 1;
# Oops, something unspeakable happened.
Done(File,F,None);
# Generate the group list
-def GenGroup(l,File,UidShift):
+def GenGroup(l,File):
F = None;
try:
F = open(File + ".tdb.tmp","w");
for x in GroupMap.keys():
if GroupIDMap.has_key(x) == 0:
continue;
- NewGid = int(GroupIDMap[x]);
- if NewGid >= 500:
- NewGid = NewGid + UidShift
- Line = "%s:x:%u:" % (x,NewGid)
+ Line = "%s:x:%u:" % (x,GroupIDMap[x]);
Comma = '';
for I in GroupMap[x]:
Line = Line + ("%s%s" % (Comma,I));
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (J,Line));
F.write(".%s %s" % (x,Line));
- F.write("=%u %s" % (NewGid,Line));
+ F.write("=%u %s" % (GroupIDMap[x],Line));
J = J + 1;
# Oops, something unspeakable happened.
DoLink(GlobalDir,OutDir,"disabled-accounts")
sys.stdout.flush();
- UidShift = 0
- if ExtraList.has_key("[UIDSHIFT]"): UidShift=1000
if ExtraList.has_key("[NOPASSWD]"):
- GenPasswd(l,OutDir+"passwd",Split[1], "*", UidShift);
+ GenPasswd(l,OutDir+"passwd",Split[1], "*");
else:
- GenPasswd(l,OutDir+"passwd",Split[1], "x", UidShift);
+ GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
- GenGroup(l,OutDir+"group", UidShift);
+ GenGroup(l,OutDir+"group");
if ExtraList.has_key("[UNTRUSTED]"):
continue;
if not ExtraList.has_key("[NOPASSWD]"):
Split = re.split("[:\n]",Line);
(Split[4],cn,mn,sn) = ParseGecos(Split[4]);
- Split[2] = int(Split[2])
- Split[3] = int(Split[3])
+ # This just tests whether these are integers and throws an
+ # exception if not
+ int(Split[2])
+ int(Split[3])
Rec = [("uid",Split[0]),
("uidNumber",Split[2]),
("gidNumber",Split[3]),
if (DoAdd == 1):
try:
- AddRec = Rec
- Rec.append(("objectClass", UserObjectClasses))
+ AddRec = Rec[:]
+ AddRec.append(("objectClass", UserObjectClasses))
l.add_s(Dn,AddRec)
DoModify = False
continue;
for x in range(2,8):
- Split[x] = int(Split[x])
+ int(Split[x])
Rec = [(ldap.MOD_REPLACE,"shadowLastChange",Split[2]),
(ldap.MOD_REPLACE,"shadowMin",Split[3]),
# Split up the group information
Split = re.split("[:\n]",Line);
Members = re.split("[, ]*",Split[3]);
- Split[2] = int(Split[2])
+ int(Split[2])
# Iterate over the membership list and add the membership information
# To the directory