mirror/userdir-ldap.git
13 years agoTry to cut down a bit on global state
Peter Palfrader [Fri, 25 Mar 2011 18:55:48 +0000 (19:55 +0100)]
Try to cut down a bit on global state

13 years agoUse GlobalDir instead of GenerateDir in one place
Peter Palfrader [Fri, 25 Mar 2011 17:59:47 +0000 (18:59 +0100)]
Use GlobalDir instead of GenerateDir in one place

13 years agoDo not mess with sudo passwords if nothing changed
Peter Palfrader [Mon, 28 Feb 2011 21:45:48 +0000 (22:45 +0100)]
Do not mess with sudo passwords if nothing changed

13 years agoMerge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Peter Palfrader [Wed, 2 Feb 2011 20:56:25 +0000 (21:56 +0100)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap

* 'master' of ssh://db.debian.org/git/userdir-ldap:
  Minor changes from Holger (<201102021122.16183.holger@layer-acht.org>) Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

13 years agosay a word about subjects in mail to admin@db
Peter Palfrader [Wed, 2 Feb 2011 20:56:19 +0000 (21:56 +0100)]
say a word about subjects in mail to admin@db

13 years agoMinor changes from Holger (<201102021122.16183.holger@layer-acht.org>)
Martin Zobel-Helas [Wed, 2 Feb 2011 11:02:39 +0000 (12:02 +0100)]
Minor changes from Holger (<201102021122.16183.holger@layer-acht.org>)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
13 years agoud-mailgate: Make updating of gender actually work
Peter Palfrader [Wed, 5 Jan 2011 08:53:29 +0000 (09:53 +0100)]
ud-mailgate: Make updating of gender actually work

13 years ago* Uploading/Non-Uploading DDs
Martin Zobel-Helas [Thu, 23 Dec 2010 16:59:42 +0000 (17:59 +0100)]
* Uploading/Non-Uploading DDs
* remove superfluous "and"
* SSH fingerprints of the machines
* Debian CA
* mention debian-infrastructure-announce
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
13 years agoThis is some fine documentation
Martin Zobel-Helas [Wed, 22 Dec 2010 22:14:11 +0000 (23:14 +0100)]
This is some fine documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
14 years agoud-gpgimport: handle guest keyrings
Peter Palfrader [Wed, 20 Oct 2010 11:41:23 +0000 (11:41 +0000)]
ud-gpgimport: handle guest keyrings

ud-gpgimport so far used a single list of keyrings, and it expected all
keys from that keyring to be in ldap, and to have all users in ldap a
key in those keyrings.

Now ud-gpgimport has a notion of the guest-keyring.  It still expects
all keys from the "main" keyring to be in ldap, but not all keys from
the guest (DM and guest) keyrings need to have accounts.  An account
with a key associated to it is OK as long as it has a key in any of
the keyrings.

14 years agoUpdate guest welcome template
Peter Palfrader [Sun, 19 Sep 2010 00:00:02 +0000 (02:00 +0200)]
Update guest welcome template

14 years agoRemove .pgp (v3 pgp key) keyrings from config
Peter Palfrader [Sat, 18 Sep 2010 23:44:42 +0000 (01:44 +0200)]
Remove .pgp (v3 pgp key) keyrings from config

14 years agoud-useradd: A new -g switch for adding guest accounts
Peter Palfrader [Sat, 18 Sep 2010 23:42:15 +0000 (01:42 +0200)]
ud-useradd: A new -g switch for adding guest accounts

ud-useradd: A new -g switch for adding guest accounts, with proper
setting hostacls and shadowexpire and picking the right keyring.

14 years agoUpdate changelog
Peter Palfrader [Sat, 18 Sep 2010 23:41:10 +0000 (01:41 +0200)]
Update changelog

14 years agoAdd a -h for ud-useradd
Peter Palfrader [Sat, 18 Sep 2010 23:09:56 +0000 (01:09 +0200)]
Add a -h for ud-useradd

14 years agoTeach ud-generate about host ACLs that expire
Peter Palfrader [Sat, 18 Sep 2010 23:01:54 +0000 (01:01 +0200)]
Teach ud-generate about host ACLs that expire

14 years agoAllow - in usernames
Peter Palfrader [Wed, 15 Sep 2010 15:47:33 +0000 (17:47 +0200)]
Allow - in usernames

14 years agoimport fixing
Peter Palfrader [Wed, 15 Sep 2010 10:52:06 +0000 (12:52 +0200)]
import fixing

14 years agoAdd ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database
Peter Palfrader [Wed, 15 Sep 2010 10:49:26 +0000 (12:49 +0200)]
Add ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database

14 years agoFix ud-generate to create all-accounts.json in the right place
Peter Palfrader [Tue, 14 Sep 2010 21:10:15 +0000 (23:10 +0200)]
Fix ud-generate to create all-accounts.json in the right place

14 years agodev tree changelog
Peter Palfrader [Mon, 13 Sep 2010 17:14:33 +0000 (19:14 +0200)]
dev tree changelog

14 years agoud-generate: Add an extra output file called all-users.json userdir-ldap-0.3.78
Peter Palfrader [Mon, 13 Sep 2010 17:08:19 +0000 (19:08 +0200)]
ud-generate: Add an extra output file called all-users.json

That file can be used on one of the AFS hosts to create afs users.

14 years agoAdd ud-krb-reset, and make ud-mailgate call it when receiving a mail at chpasswd...
Peter Palfrader [Fri, 10 Sep 2010 12:53:44 +0000 (14:53 +0200)]
Add ud-krb-reset, and make ud-mailgate call it when receiving a mail at chpasswd@ saying 'Please change my Kerberos password'.

14 years agoud-mailgate: minor refactoring
Peter Palfrader [Fri, 10 Sep 2010 12:20:20 +0000 (14:20 +0200)]
ud-mailgate:  minor refactoring

14 years agoFix ACL rule for keyring maintainers
Peter Palfrader [Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)]
Fix ACL rule for keyring maintainers

14 years agoA class shouldn't write to stderr on error, it should throw an exception
Peter Palfrader [Mon, 2 Aug 2010 23:48:02 +0000 (23:48 +0000)]
A class shouldn't write to stderr on error, it should throw an exception

14 years agoupdate debian/changelog
Peter Palfrader [Mon, 2 Aug 2010 23:36:03 +0000 (23:36 +0000)]
update debian/changelog

14 years agoMerge branch 'refactor-udgen'
Peter Palfrader [Mon, 2 Aug 2010 23:33:12 +0000 (23:33 +0000)]
Merge branch 'refactor-udgen'

* refactor-udgen: (24 commits)
  Get rid of global variable PasswdAttrs
  GenBSMTP
  GenDNS
  GenPasswd
  GenShadow
  Do not forget that passwords start with {crypt}
  GenShadowSudo
  GenSSHShadow
  fix not-array-value-but-multiple-values check
  GenGroup partially
  GenForward
  GenCDB
  And GenMailList
  whitespace fixes
  And GenMailBool
  Let disable-main-msg generation use Account class
  Let disabled-users generation use Account class
  Let private generation use Account class
  Catch the case where attributes that are not declared as an array value have more than one value.  This indicates a bug in the data, code, or ldap schema
  Some improvement over the last path
  ...

14 years agoGet rid of global variable PasswdAttrs
Peter Palfrader [Mon, 2 Aug 2010 23:30:03 +0000 (23:30 +0000)]
Get rid of global variable PasswdAttrs

14 years agoGenBSMTP
Peter Palfrader [Mon, 2 Aug 2010 23:11:30 +0000 (23:11 +0000)]
GenBSMTP

14 years agoGenDNS
Peter Palfrader [Mon, 2 Aug 2010 22:15:35 +0000 (22:15 +0000)]
GenDNS

14 years agoGenPasswd
Peter Palfrader [Mon, 2 Aug 2010 22:05:41 +0000 (22:05 +0000)]
GenPasswd

14 years agoGenShadow
Peter Palfrader [Mon, 2 Aug 2010 21:55:14 +0000 (21:55 +0000)]
GenShadow

14 years agoDo not forget that passwords start with {crypt}
Peter Palfrader [Mon, 2 Aug 2010 21:37:50 +0000 (21:37 +0000)]
Do not forget that passwords start with {crypt}

14 years agoGenShadowSudo
Peter Palfrader [Mon, 2 Aug 2010 21:35:07 +0000 (21:35 +0000)]
GenShadowSudo

14 years agoGenSSHShadow
Peter Palfrader [Mon, 2 Aug 2010 21:31:04 +0000 (21:31 +0000)]
GenSSHShadow

14 years agofix not-array-value-but-multiple-values check
Peter Palfrader [Mon, 2 Aug 2010 21:28:31 +0000 (21:28 +0000)]
fix not-array-value-but-multiple-values check

14 years agoGenGroup partially
Peter Palfrader [Mon, 2 Aug 2010 21:19:41 +0000 (21:19 +0000)]
GenGroup partially

14 years agoGenForward
Peter Palfrader [Mon, 2 Aug 2010 21:14:08 +0000 (21:14 +0000)]
GenForward

14 years agoGenCDB
Peter Palfrader [Mon, 2 Aug 2010 21:11:37 +0000 (21:11 +0000)]
GenCDB

14 years agoAnd GenMailList
Peter Palfrader [Mon, 2 Aug 2010 21:06:55 +0000 (21:06 +0000)]
And GenMailList

14 years agowhitespace fixes
Peter Palfrader [Mon, 2 Aug 2010 20:52:29 +0000 (20:52 +0000)]
whitespace fixes

14 years agoAnd GenMailBool
Peter Palfrader [Mon, 2 Aug 2010 20:51:50 +0000 (20:51 +0000)]
And GenMailBool

14 years agoLet disable-main-msg generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:37:31 +0000 (20:37 +0000)]
Let disable-main-msg generation use Account class

14 years agoLet disabled-users generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:35:49 +0000 (20:35 +0000)]
Let disabled-users generation use Account class

14 years agohave a proper distribution userdir-ldap-0.3.77
Martin Zobel-Helas [Mon, 2 Aug 2010 20:35:38 +0000 (22:35 +0200)]
have a proper distribution

14 years agorelease 0.3.77
Martin Zobel-Helas [Mon, 2 Aug 2010 20:33:53 +0000 (22:33 +0200)]
release 0.3.77

14 years agoLet private generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:23:53 +0000 (20:23 +0000)]
Let private generation use Account class

14 years agoCatch the case where attributes that are not declared as an array value have more...
Peter Palfrader [Mon, 2 Aug 2010 20:14:40 +0000 (20:14 +0000)]
Catch the case where attributes that are not declared as an array value have more than one value.  This indicates a bug in the data, code, or ldap schema

14 years agoSome improvement over the last path
Peter Palfrader [Mon, 2 Aug 2010 20:12:10 +0000 (20:12 +0000)]
Some improvement over the last path

14 years agoLet markers generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:06:12 +0000 (20:06 +0000)]
Let markers generation use Account class

14 years agogive Account class a __getitem__ method and use it
Peter Palfrader [Mon, 2 Aug 2010 19:58:10 +0000 (19:58 +0000)]
give Account class a __getitem__ method and use it

14 years agoLet Account have a constructor that is more useful in generate
Peter Palfrader [Mon, 2 Aug 2010 19:34:41 +0000 (19:34 +0000)]
Let Account have a constructor that is more useful in generate

14 years agooptionally read some configuration items from the environment so we can test ud-gener...
Peter Palfrader [Mon, 2 Aug 2010 19:17:07 +0000 (19:17 +0000)]
optionally read some configuration items from the environment so we can test ud-generate without running it as sshdist

14 years agoud-generate: refuse to run as root
Peter Palfrader [Fri, 30 Jul 2010 17:47:04 +0000 (19:47 +0200)]
ud-generate: refuse to run as root

14 years agodebian/changelog update
Peter Palfrader [Tue, 1 Jun 2010 15:22:57 +0000 (17:22 +0200)]
debian/changelog update

14 years agoGive keyring-maint write access to keyFingerPrint
Faidon Liambotis [Mon, 31 May 2010 14:38:21 +0000 (17:38 +0300)]
Give keyring-maint write access to keyFingerPrint

However, make an exception for supplementaryGid=adm users for security
reasons (wouldn't want keyring-maint to be able to takeover a root
account).

The ACL gives writes to a non-existing group; this should be created,
e.g.
  cn=Keyring Maintainers,ou=users,dc=debian,dc=org
  objectClass: top
  objectClass: groupOfNames
  cn: Keyring Maintainers
  member: uid=noodles,ou=users,dc=debian,dc=org
  member: uid=gwolf,ou=users,dc=debian,dc=org

Signed-off-by: Peter Palfrader <peter@palfrader.org>
14 years agolabeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway. No need...
Peter Palfrader [Tue, 1 Jun 2010 15:14:32 +0000 (17:14 +0200)]
labeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway.  No need to restrict them to d.o hosts

14 years agoRemove redundant attributes: loginShell and onVacation were already matched by the...
Peter Palfrader [Tue, 1 Jun 2010 15:11:50 +0000 (17:11 +0200)]
Remove redundant attributes: loginShell and onVacation were already matched by the read-from-d.o ACL

14 years agocommenta update
Peter Palfrader [Tue, 1 Jun 2010 15:10:05 +0000 (17:10 +0200)]
commenta update

14 years agosshrsaauthkey is only readble by self. everyone else does not even get to compare it
Peter Palfrader [Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)]
sshrsaauthkey is only readble by self.  everyone else does not even get to compare it

14 years agocomment update
Peter Palfrader [Tue, 1 Jun 2010 15:03:15 +0000 (17:03 +0200)]
comment update

14 years agoMerge remaining d.o readable attributes into one ACL
Peter Palfrader [Tue, 1 Jun 2010 15:02:45 +0000 (17:02 +0200)]
Merge remaining d.o readable attributes into one ACL

14 years agoBreak out self-writable attributes to their own ACL
Peter Palfrader [Tue, 1 Jun 2010 15:00:24 +0000 (17:00 +0200)]
Break out self-writable attributes to their own ACL

14 years agocomment update
Peter Palfrader [Tue, 1 Jun 2010 14:59:08 +0000 (16:59 +0200)]
comment update

14 years agoMinor simplification of slapd.conf's ACLs
Faidon Liambotis [Thu, 27 May 2010 22:20:22 +0000 (01:20 +0300)]
Minor simplification of slapd.conf's ACLs

Avoid repetition of the rule that allows cn=LDAP Administrator and uid=sshdist
to write to every attribute by taking advantage of the "break" control
field.

Signed-off-by: Peter Palfrader <peter@palfrader.org>
14 years agoFix a typo in welcome-message-800 noticed by Tommi Vainikainen
Peter Palfrader [Sun, 9 May 2010 16:04:04 +0000 (18:04 +0200)]
Fix a typo in welcome-message-800 noticed by Tommi Vainikainen

14 years agoprototype code for sshfp generation for services
Stephen Gran [Sun, 28 Mar 2010 09:38:27 +0000 (09:38 +0000)]
prototype code for sshfp generation for services

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agoMaybe fix ud-mailgate
Peter Palfrader [Mon, 15 Mar 2010 20:13:26 +0000 (21:13 +0100)]
Maybe fix ud-mailgate

14 years agosome changelog entries for today's work
Stephen Gran [Sun, 14 Mar 2010 14:01:12 +0000 (14:01 +0000)]
some changelog entries for today's work

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agogratuitous code style change
Stephen Gran [Sun, 14 Mar 2010 13:56:04 +0000 (13:56 +0000)]
gratuitous code style change

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agoadd txt record support
Stephen Gran [Sun, 14 Mar 2010 13:54:46 +0000 (13:54 +0000)]
add txt record support

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agowrite one identifying txt entry per host, if it has an a or aaaa record
Stephen Gran [Sun, 14 Mar 2010 13:33:15 +0000 (13:33 +0000)]
write one identifying txt entry per host, if it has an a or aaaa record

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agodrop some dead code
Stephen Gran [Sun, 14 Mar 2010 13:17:19 +0000 (13:17 +0000)]
drop some dead code

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agoProbably should only delete keyFingerPrint if it exists
Peter Palfrader [Thu, 11 Mar 2010 21:23:35 +0000 (22:23 +0100)]
Probably should only delete keyFingerPrint if it exists

14 years agoAdd ud-lock
Peter Palfrader [Thu, 11 Mar 2010 21:19:23 +0000 (22:19 +0100)]
Add ud-lock

ud-lock, non-interactively, sets a great many accounts to
'retiring', locking their password, removing keys, setting shadow
information to expired and setting accountstatus appropriatly.

14 years agoud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.
Peter Palfrader [Sun, 31 Jan 2010 12:57:10 +0000 (13:57 +0100)]
ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.

14 years agoA set of copyright headers
Peter Palfrader [Sun, 31 Jan 2010 12:56:17 +0000 (13:56 +0100)]
A set of copyright headers

14 years agoud-mailgate: fix gpg result usage
Peter Palfrader [Sun, 31 Jan 2010 09:13:57 +0000 (10:13 +0100)]
ud-mailgate: fix gpg result usage

We use the result of the pgp check for quite a long time in the main
program.  Give it its own variable instead of using Res which was
overwritten a bit later.  Also make a new gpgcheck2 class that allows us
to access the values of the gpg signature check in a saner way.

14 years agoud-mailgate: Remove a global declaration after a variable has already been assigned...
Peter Palfrader [Sun, 31 Jan 2010 09:12:20 +0000 (10:12 +0100)]
ud-mailgate: Remove a global declaration after a variable has already been assigned globally.

14 years agoFix changelog
Peter Palfrader [Sun, 31 Jan 2010 09:11:43 +0000 (10:11 +0100)]
Fix changelog

14 years agofinalize changelog for release userdir-ldap-0.3.76
Stephen Gran [Sat, 30 Jan 2010 13:35:49 +0000 (13:35 +0000)]
finalize changelog for release

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agoadd trailing newline to ssh files
Stephen Gran [Sat, 30 Jan 2010 13:32:02 +0000 (13:32 +0000)]
add trailing newline to ssh files

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agodo not accept invalid allowed_hosts for ssh keys
Helmut Grohne [Sat, 23 Jan 2010 16:20:12 +0000 (17:20 +0100)]
do not accept invalid allowed_hosts for ssh keys

Check them against a list ValidHostNames that is generated during
startup.

14 years agoadded a bug report comment
Helmut Grohne [Fri, 22 Jan 2010 23:26:07 +0000 (00:26 +0100)]
added a bug report comment

14 years agomade ud-generate support new ssh key syntax
Helmut Grohne [Sat, 23 Jan 2010 13:15:52 +0000 (14:15 +0100)]
made ud-generate support new ssh key syntax

14 years agowrite machine specifications for ssh keys to ldap
Helmut Grohne [Fri, 22 Jan 2010 22:51:24 +0000 (23:51 +0100)]
write machine specifications for ssh keys to ldap

14 years agoparse machine specifications for ssh keys
Helmut Grohne [Fri, 22 Jan 2010 22:35:48 +0000 (23:35 +0100)]
parse machine specifications for ssh keys

Ssh keys can now be prepended with a string
"allowed_hosts=machine1,machine2 ". Machine names are restricted to
sane characters. This patch only adds the parsing and throws away the
result.

14 years agoInclude a host in DNS even if we do not have both ssh keys and an arch for that host...
Peter Palfrader [Fri, 22 Jan 2010 19:16:10 +0000 (20:16 +0100)]
Include a host in DNS even if we do not have both ssh keys and an arch for that host configured

14 years agoud-generate: move the regex that determines whether or not to include a host in the...
Peter Palfrader [Sat, 9 Jan 2010 15:51:11 +0000 (16:51 +0100)]
ud-generate: move the regex that determines whether or not to include a host in the dns-sshfp zone snippet (for SSHFP and A, AAAA and MX records) to the config file.

14 years agoud-useradd: Properly encode realname in subjects and to header lines regardless of...
Peter Palfrader [Sat, 9 Jan 2010 11:01:38 +0000 (12:01 +0100)]
ud-useradd: Properly encode realname in subjects and to header lines regardless of which template is being used

14 years agoFix welcome-message to be like welcome-message-800 and 60000 wrt email headers
Peter Palfrader [Sat, 9 Jan 2010 01:10:34 +0000 (02:10 +0100)]
Fix welcome-message to be like welcome-message-800 and 60000 wrt email headers

14 years agoud-useradd: Only ask for private subscription if this installation has a debian-priva...
Peter Palfrader [Fri, 8 Jan 2010 23:27:37 +0000 (00:27 +0100)]
ud-useradd: Only ask for private subscription if this installation has a debian-private like mailinglist whose membership is configured by ud-ldap.  (defaults to true.)

14 years agoud-useradd: Fix usergroup support: Move ldap call to actually add the user to the...
Peter Palfrader [Fri, 8 Jan 2010 23:20:16 +0000 (00:20 +0100)]
ud-useradd: Fix usergroup support: Move ldap call to actually add the user to the right place, properly compare strings and numbers.

14 years agoud-useradd: If we do not have a template for a specific group, use the general purpos...
Peter Palfrader [Fri, 8 Jan 2010 23:16:37 +0000 (00:16 +0100)]
ud-useradd: If we do not have a template for a specific group, use the general purpose template file (welcome-message).

14 years agoFix changelog: mention which tool we modified
Peter Palfrader [Fri, 8 Jan 2010 23:15:51 +0000 (00:15 +0100)]
Fix changelog: mention which tool we modified

14 years agoExport groups even if nobody has that group as a supplementary group, as long as...
Peter Palfrader [Fri, 8 Jan 2010 22:25:49 +0000 (23:25 +0100)]
Export groups even if nobody has that group as a supplementary group, as long as there are users that have it as a primary group

14 years agomake a stab at really not exporting empty groups userdir-ldap-0.3.75
Stephen Gran [Tue, 8 Dec 2009 11:31:27 +0000 (11:31 +0000)]
make a stab at really not exporting empty groups

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agonew release changelog started
Stephen Gran [Mon, 16 Nov 2009 00:20:14 +0000 (00:20 +0000)]
new release changelog started

Signed-off-by: Stephen Gran <steve@lobefin.net>
14 years agodefault anti-spam options
Stephen Gran [Sun, 15 Nov 2009 23:27:38 +0000 (23:27 +0000)]
default anti-spam options

Signed-off-by: Stephen Gran <steve@lobefin.net>