Luca Filipozzi [Sat, 18 Jan 2014 01:19:56 +0000 (01:19 +0000)]
create two versions of rtc-passwords, one for radius and one for return
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Sat, 18 Jan 2014 01:16:59 +0000 (01:16 +0000)]
Merge branch 'master' of ssh://draghi.debian.org/~/userdir-ldap
Stephen Gran [Fri, 17 Jan 2014 20:23:38 +0000 (20:23 +0000)]
this is a bit cleaner
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Fri, 17 Jan 2014 01:19:49 +0000 (01:19 +0000)]
modifying ud-replicate to support rtcPassword deployment
Luca Filipozzi [Thu, 16 Jan 2014 22:57:39 +0000 (22:57 +0000)]
voipPassword -> rtcPassword
Stephen Gran [Wed, 15 Jan 2014 17:08:09 +0000 (17:08 +0000)]
whitespace
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 15 Jan 2014 08:33:02 +0000 (08:33 +0000)]
ud-generate can send notifications over MQ
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 15 Jan 2014 08:13:45 +0000 (08:13 +0000)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Stephen Gran [Wed, 15 Jan 2014 08:13:31 +0000 (08:13 +0000)]
add ud-replicated
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Tue, 14 Jan 2014 01:23:21 +0000 (01:23 +0000)]
assume that voipPassword contains an HA1
Martin Zobel-Helas [Sun, 12 Jan 2014 11:14:56 +0000 (12:14 +0100)]
we need realm there
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 11:11:33 +0000 (12:11 +0100)]
fix another typo
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 11:06:33 +0000 (12:06 +0100)]
fix typo
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 10:49:12 +0000 (11:49 +0100)]
fix code
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 10:40:44 +0000 (11:40 +0100)]
modify voipPassword code to match https://github.com/resiprocate/resiprocate/blob/master/reTurn/reTurnServer.config#L147
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Fri, 10 Jan 2014 17:42:42 +0000 (18:42 +0100)]
renamed script
Peter Palfrader [Thu, 9 Jan 2014 09:55:38 +0000 (10:55 +0100)]
new dns fu
Martin Zobel-Helas [Sun, 29 Dec 2013 19:25:06 +0000 (20:25 +0100)]
clean up files another way
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:56:16 +0000 (19:56 +0100)]
try this
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:43:13 +0000 (19:43 +0100)]
Fdb instead of F
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:41:11 +0000 (19:41 +0100)]
fix some errors
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 17:21:01 +0000 (18:21 +0100)]
also produce dbm files additionaly to cdb
We need to migrate from CDB to DBM, as there is no python-cdb in Debian
stable any more. Provide both file formats, so we can migrate from CDB
to DBM painlessly.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Stephen Gran [Wed, 20 Nov 2013 19:22:33 +0000 (19:22 +0000)]
We've been removing this symlink for a decade
I think we're safe now.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Tollef Fog Heen [Wed, 28 Aug 2013 16:02:00 +0000 (18:02 +0200)]
Changelog
Tollef Fog Heen [Wed, 28 Aug 2013 16:00:32 +0000 (18:00 +0200)]
Export host keys for gitolite too
Peter Palfrader [Fri, 2 Aug 2013 21:34:24 +0000 (23:34 +0200)]
and a changelog entry
Peter Palfrader [Fri, 2 Aug 2013 21:31:45 +0000 (23:31 +0200)]
Fix unix mtime triggers for ud-generate
Previously we only checked if a file had been modified since our last
run. That didn't catch changes that were only made visible for the next
run. I.e. a file was changed on some host, ud-generate runs finds no
need to re-generate and stores timestamp X to its statefile. We rsync
that file to us and on the next ud-geneate run it finds no files
modified since X.
Peter Palfrader [Thu, 18 Jul 2013 20:12:01 +0000 (22:12 +0200)]
And also for guests
Peter Palfrader [Thu, 18 Jul 2013 20:10:33 +0000 (22:10 +0200)]
We use schroot now
Peter Palfrader [Thu, 18 Jul 2013 20:10:28 +0000 (22:10 +0200)]
Fix a typo
Peter Palfrader [Thu, 20 Jun 2013 11:57:16 +0000 (13:57 +0200)]
Fix ipv6 check
Peter Palfrader [Fri, 7 Jun 2013 17:07:58 +0000 (19:07 +0200)]
use valid MX syntax
Peter Palfrader [Fri, 7 Jun 2013 17:02:14 +0000 (19:02 +0200)]
Allow incoming-mx remapping in ud-generate
Peter Palfrader [Sat, 1 Jun 2013 09:49:14 +0000 (11:49 +0200)]
ud-generate: Support writing gitolite config for just one user-group
Peter Palfrader [Sat, 1 Jun 2013 09:40:30 +0000 (11:40 +0200)]
Fix typo in help output
Peter Palfrader [Sat, 1 Jun 2013 09:40:24 +0000 (11:40 +0200)]
Minor variable rename
Peter Palfrader [Sat, 1 Jun 2013 09:40:11 +0000 (11:40 +0200)]
Minor refactoring of IsInGroup so it can take arrays and dicts
Peter Palfrader [Mon, 8 Apr 2013 12:02:10 +0000 (14:02 +0200)]
ud-generate: Allow more than one email address in userForward. Quite useful for role accounts
Martin Zobel-Helas [Fri, 8 Mar 2013 23:30:07 +0000 (00:30 +0100)]
disable dnsZoneEntry and privateSub for guest accounts
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Tue, 19 Feb 2013 19:58:59 +0000 (20:58 +0100)]
fix generation of voip-passwords file
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 18 Aug 2012 16:24:57 +0000 (18:24 +0200)]
fix permissions
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 18 Aug 2012 16:15:29 +0000 (18:15 +0200)]
allow listmasters to write to the privateSub attribute
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Tollef Fog Heen [Sat, 28 Jul 2012 08:03:49 +0000 (10:03 +0200)]
s/looses/loses/
Martin Zobel-Helas [Wed, 13 Jun 2012 22:10:50 +0000 (00:10 +0200)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap
* 'master' of git+ssh://db.debian.org/git/userdir-ldap:
fix
userdir-ldap-slapd.conf.in: explicitly list readable attributes. End with 'by * none'.
ud-generate: Also rebuild if one of our keyrings has changed, even if ldap has not.
ud-lock: support supplying a status to set instead of 'retiring'
Martin Zobel-Helas [Wed, 13 Jun 2012 22:10:32 +0000 (00:10 +0200)]
add voipPassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 14 May 2012 16:50:46 +0000 (18:50 +0200)]
fix
Peter Palfrader [Mon, 14 May 2012 16:45:39 +0000 (18:45 +0200)]
userdir-ldap-slapd.conf.in: explicitly list readable attributes. End with 'by * none'.
Peter Palfrader [Wed, 11 Apr 2012 08:55:50 +0000 (10:55 +0200)]
ud-generate: Also rebuild if one of our keyrings has changed, even if ldap has not.
Peter Palfrader [Thu, 29 Mar 2012 21:45:28 +0000 (23:45 +0200)]
ud-lock: support supplying a status to set instead of 'retiring'
Martin Zobel-Helas [Fri, 23 Mar 2012 18:19:56 +0000 (19:19 +0100)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap
* 'master' of git+ssh://db.debian.org/git/userdir-ldap:
change mailPreserveSuffixSeparator to a string Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 23 Mar 2012 18:16:06 +0000 (19:16 +0100)]
change mailPreserveSuffixSeparator to a string
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 23 Mar 2012 18:16:06 +0000 (19:16 +0100)]
change mailPreserveSuffixSeparator to a string
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 23 Mar 2012 12:59:51 +0000 (13:59 +0100)]
Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap
* 'master' of git+ssh://db.debian.org/git/userdir-ldap: (21 commits)
ud-generate: lock replicators
Set generate_dir in the non-override case
Get lock sooner, connect to ldap later
flocks do not need freeing
Profile if UD_PROFILE is in environment
No need to depend on python-lockfile anymore
Use flock()
Use eatmydata!
UDLdap.py: make a cache for __getitem__() decisions.
No need to mkdir userkeys directory anymore
get rid of global state variable CurrentHost. This will enable upcoming changes.
GenerateDir is no longer a global var
minor nit
speed up ssh tarball generation
ud-generate speed, I
ud-generate: Move main code into a ud_generate()
ud-generate: Add -f option to build even if cache is current
ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() functions.
ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t.
changelog entry for ud-mailgate fix
...
Martin Zobel-Helas [Fri, 23 Mar 2012 12:59:13 +0000 (13:59 +0100)]
add mailPreserveSuffixSeparator to LDAP schema
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 12 Mar 2012 15:57:54 +0000 (16:57 +0100)]
ud-generate: lock replicators
ud-generate: The ssh authorized_keys file for the sshdist user now wraps
the rsync call in an flock wrapper that acquires a shared lock on
ud-generate's lock. This prevents syncing while ud-generate runs.
Peter Palfrader [Mon, 12 Mar 2012 15:46:20 +0000 (16:46 +0100)]
Set generate_dir in the non-override case
Peter Palfrader [Mon, 12 Mar 2012 15:29:50 +0000 (16:29 +0100)]
Get lock sooner, connect to ldap later
Peter Palfrader [Mon, 12 Mar 2012 15:29:16 +0000 (16:29 +0100)]
flocks do not need freeing
Peter Palfrader [Mon, 12 Mar 2012 15:28:29 +0000 (16:28 +0100)]
Profile if UD_PROFILE is in environment
Peter Palfrader [Mon, 12 Mar 2012 15:17:53 +0000 (16:17 +0100)]
No need to depend on python-lockfile anymore
Peter Palfrader [Mon, 12 Mar 2012 15:16:28 +0000 (16:16 +0100)]
Use flock()
Peter Palfrader [Mon, 12 Mar 2012 14:52:04 +0000 (15:52 +0100)]
Use eatmydata!
Peter Palfrader [Mon, 12 Mar 2012 14:47:43 +0000 (15:47 +0100)]
UDLdap.py: make a cache for __getitem__() decisions.
Peter Palfrader [Mon, 12 Mar 2012 14:17:20 +0000 (15:17 +0100)]
No need to mkdir userkeys directory anymore
Peter Palfrader [Mon, 12 Mar 2012 14:16:16 +0000 (15:16 +0100)]
get rid of global state variable CurrentHost. This will enable upcoming changes.
Peter Palfrader [Mon, 12 Mar 2012 13:57:53 +0000 (14:57 +0100)]
GenerateDir is no longer a global var
Peter Palfrader [Mon, 12 Mar 2012 13:00:41 +0000 (14:00 +0100)]
minor nit
Peter Palfrader [Mon, 12 Mar 2012 12:56:10 +0000 (13:56 +0100)]
speed up ssh tarball generation
No longer write indidividual user's ssh authorized_keys to disk, only to
read them later. Directly create a TarInfo object without referring to
any on-disk files.
Peter Palfrader [Mon, 12 Mar 2012 11:53:56 +0000 (12:53 +0100)]
ud-generate speed, I
cut down on calls to IsInGroup by doing it once in generate_host() and
not having the individual generators run it.
side effect: Up until now we exported empty groups to a host, if that group had
a user with that group as their primary group - even if that particular user
was not exported to this this. No we no longer export empty groups.
Peter Palfrader [Mon, 12 Mar 2012 11:06:49 +0000 (12:06 +0100)]
ud-generate: Move main code into a ud_generate()
Peter Palfrader [Mon, 12 Mar 2012 10:56:18 +0000 (11:56 +0100)]
ud-generate: Add -f option to build even if cache is current
Peter Palfrader [Mon, 12 Mar 2012 10:46:12 +0000 (11:46 +0100)]
ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() functions.
Peter Palfrader [Mon, 12 Mar 2012 10:37:48 +0000 (11:37 +0100)]
ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t.
Peter Palfrader [Sat, 10 Mar 2012 18:05:08 +0000 (19:05 +0100)]
changelog entry for ud-mailgate fix
Peter Palfrader [Sat, 10 Mar 2012 18:04:15 +0000 (19:04 +0100)]
Do not try to do an ldap modify with no changes - now show command to changes@ should work again
Martin Zobel-Helas [Sat, 10 Mar 2012 16:44:43 +0000 (17:44 +0100)]
fix dependency, needed by ud-generate
Peter Palfrader [Sat, 10 Mar 2012 14:44:59 +0000 (15:44 +0100)]
Make cache_last_mod thing more robust
Peter Palfrader [Sat, 10 Mar 2012 14:33:13 +0000 (15:33 +0100)]
make ud-generate work when there is no previous run that created last_update.trace
Peter Palfrader [Sat, 10 Mar 2012 14:21:29 +0000 (15:21 +0100)]
debianGroups may have cn attribute
Peter Palfrader [Sat, 10 Mar 2012 13:50:22 +0000 (14:50 +0100)]
Merge from torproject.org:
- Allow sshRSAAuthKey for role accounts.
- Support ssh key attributes for gitolite export.
- Add ssh-gitolite support.
Peter Palfrader [Sat, 10 Mar 2012 13:44:43 +0000 (14:44 +0100)]
One less hardcode debian.org domain in slapd.conf snippet
Stephen Gran [Sat, 10 Mar 2012 08:06:35 +0000 (08:06 +0000)]
changelog entry
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 10 Mar 2012 08:05:18 +0000 (08:05 +0000)]
purge old logs
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 9 Mar 2012 20:19:55 +0000 (20:19 +0000)]
and ship new file to hosts
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 9 Mar 2012 20:17:26 +0000 (20:17 +0000)]
Write both time of last ldap update and time of last run to trace file
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 9 Mar 2012 20:13:46 +0000 (20:13 +0000)]
record both time of last action and last run
Signed-off-by: Stephen Gran <steve@lobefin.net>
Martin Zobel-Helas [Fri, 9 Mar 2012 09:33:57 +0000 (10:33 +0100)]
ud-replicate: set correct permissions for web-passwords
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 8 Mar 2012 22:31:36 +0000 (23:31 +0100)]
export webPassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 5 Mar 2012 10:56:00 +0000 (11:56 +0100)]
mess with uid number generation
* Allow a set of users to be ignored for picking UIDs.
* When picking uid/gid numbers try to pick the same number for both.
Peter Palfrader [Mon, 5 Mar 2012 10:28:03 +0000 (11:28 +0100)]
Introduce BaseBaseDN which is the real base dn
Peter Palfrader [Mon, 5 Mar 2012 10:17:58 +0000 (11:17 +0100)]
userdir_ldap.py: read auth password from environment if set
Peter Palfrader [Wed, 29 Feb 2012 16:24:35 +0000 (17:24 +0100)]
Sync welcome-message-800
Martin Zobel-Helas [Sun, 19 Feb 2012 13:48:03 +0000 (14:48 +0100)]
add webPassword
Martin Zobel-Helas [Sun, 19 Feb 2012 13:46:24 +0000 (14:46 +0100)]
add webPassword
Stephen Gran [Thu, 29 Dec 2011 21:23:11 +0000 (21:23 +0000)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Stephen Gran [Thu, 29 Dec 2011 21:22:45 +0000 (21:22 +0000)]
Fix some usages of hardcoded debian.org
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 29 Dec 2011 21:21:00 +0000 (21:21 +0000)]
Update to match live slapd.conf
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 29 Dec 2011 21:06:23 +0000 (22:06 +0100)]
ud-replicate: now preserve server side modifcation times when rsyncing data
Peter Palfrader [Thu, 29 Dec 2011 20:55:21 +0000 (21:55 +0100)]
fix breaking old ud-generate locks.
Peter Palfrader [Wed, 2 Nov 2011 22:42:06 +0000 (23:42 +0100)]
ud-replicate: do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, but instead re-use the domain from email-append.