Peter Palfrader [Sun, 18 Oct 2009 10:44:55 +0000 (12:44 +0200)]
Add dnsTTL host attribute to override the zone default TTL for A and AAAA records. Also for MX, HINFO and SSHFP
Stephen Gran [Sun, 4 Oct 2009 23:55:09 +0000 (00:55 +0100)]
Make zone reloads work when ud-generate updates zone files
Stephen Gran [Sun, 4 Oct 2009 23:53:47 +0000 (00:53 +0100)]
make ud-replicate work slightly more accurately for zones
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 22 Sep 2009 19:53:14 +0000 (21:53 +0200)]
Add sshdistAuthKeysHost
We autogenerate the authorized_keys files for sshdist on db-master. It
limits the hosts' ssh key to coming from their respective addresses.
Now we can add additional source addresses to accept for this since not
all hosts appear to come from their published address (or have a
published address for that matter).
Peter Palfrader [Tue, 22 Sep 2009 19:47:31 +0000 (21:47 +0200)]
If we use accountstatus in debianGroup we need to re-order stuff
Peter Palfrader [Tue, 22 Sep 2009 19:33:05 +0000 (21:33 +0200)]
ud-generate: don't blow up when a host does not have IP-addresses
Stephen Gran [Sun, 20 Sep 2009 16:07:14 +0000 (17:07 +0100)]
ahem. Use the right attribute
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 20 Sep 2009 15:42:55 +0000 (16:42 +0100)]
allow groups to be disabled but kept in ldap: addresses RT #977
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Wed, 9 Sep 2009 17:29:48 +0000 (19:29 +0200)]
Tweak templates/welcome-message-60000.
Peter Palfrader [Wed, 9 Sep 2009 17:21:30 +0000 (19:21 +0200)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
* 'master' of ssh://db.debian.org/git/userdir-ldap:
Add debian-maintainers.gpg to keyrings and sync_keyrings.
cast objects to strings (rt #1717)
Conflicts:
debian/changelog
Peter Palfrader [Wed, 9 Sep 2009 17:20:37 +0000 (19:20 +0200)]
ud-useradd: force gidNumber to be an int when we open the welcome
template (it can be different when we read it from input using -n).
Peter Palfrader [Sat, 29 Aug 2009 12:46:02 +0000 (14:46 +0200)]
Add debian-maintainers.gpg to keyrings and sync_keyrings.
Stephen Gran [Tue, 25 Aug 2009 14:50:32 +0000 (15:50 +0100)]
cast objects to strings (rt #1717)
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 25 Aug 2009 10:02:47 +0000 (12:02 +0200)]
ud-useradd: Allow unsetting of middle names by entering a space
Stephen Gran [Sun, 23 Aug 2009 12:50:23 +0000 (12:50 +0000)]
changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:39:45 +0000 (13:39 +0100)]
make cmp do what I meant
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:35:38 +0000 (13:35 +0100)]
increment the serial if the ud-ldap info changes
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:24:17 +0000 (13:24 +0100)]
we're not ready to write the debian.net entries in the ldap hosts tree
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:42:31 +0000 (00:42 +0100)]
Sort the right list
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:34:43 +0000 (00:34 +0100)]
first pass at making ud-replicate reload bind; admittedly the wrong solution
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:26:10 +0000 (00:26 +0100)]
sort PasswdAttrs as well as HostAttrs - now we can cmp debian.net as well as debian.org
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:57:39 +0000 (22:57 +0000)]
pretty print for zone files
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:36:34 +0000 (22:36 +0000)]
stop doing DNS lookups, part 1
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:23:54 +0000 (22:23 +0000)]
stop doing DNS lookups, part 1
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:22:06 +0000 (22:22 +0000)]
Sort HostAttrs - this isn't important now, but will let us do things
like check if the zone file has changed later
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:21:40 +0000 (22:21 +0000)]
Remove printf debugging
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 21:40:31 +0000 (21:40 +0000)]
give the function a better name
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 21:09:20 +0000 (21:09 +0000)]
output debian.net hosts in ldap into the debian.net zone, not the debian.org zone
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 20:21:32 +0000 (20:21 +0000)]
generate HINFO, MX, A and AAAA records from LDAP
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 19:09:41 +0000 (19:09 +0000)]
and the schema update
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 19:09:13 +0000 (19:09 +0000)]
allow managing MX records
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 18:40:11 +0000 (18:40 +0000)]
Allow management of IP address with ud-host
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 18:08:12 +0000 (18:08 +0000)]
add IP address as one of the allowed host attributes
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:23:16 +0000 (16:23 +0000)]
only export authorized_keys to some hosts
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:11:03 +0000 (16:11 +0000)]
changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:03:59 +0000 (17:03 +0100)]
enable aba's patch for autogeneration of sshdist's authorized keys
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 23 Jul 2009 20:52:51 +0000 (22:52 +0200)]
Make ud-host do allowedGroups, exportOptions
Peter Palfrader [Thu, 23 Jul 2009 20:39:50 +0000 (22:39 +0200)]
Update .gitignore
Peter Palfrader [Thu, 23 Jul 2009 20:36:07 +0000 (22:36 +0200)]
Move away from generate.conf and use the information provided in the ldap
Peter Palfrader [Thu, 23 Jul 2009 19:59:25 +0000 (21:59 +0200)]
schema: allowedGroups, exportOptions attribute for servers
Martin Zobel-Helas [Wed, 22 Jul 2009 17:00:19 +0000 (19:00 +0200)]
well, DDs are DDs not DMs.
Stephen Gran [Wed, 15 Jul 2009 23:57:17 +0000 (00:57 +0100)]
An example constraint overlay
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 15 Jul 2009 22:59:52 +0000 (23:59 +0100)]
Make contentinspection single value
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 14 Jul 2009 09:07:12 +0000 (11:07 +0200)]
merge local changes from draghi: localsyncon = "*draghi*" and database hdb
Peter Palfrader [Tue, 14 Jul 2009 09:02:47 +0000 (11:02 +0200)]
0.3.67
Peter Palfrader [Tue, 14 Jul 2009 09:01:35 +0000 (11:01 +0200)]
.debian.net DNS no longer creates BSMTP maps for MX 0 gluck
Peter Palfrader [Tue, 14 Jul 2009 08:18:25 +0000 (10:18 +0200)]
Add mailContentInspectionAction attribute. Possible values are reject, blackhole and markup.
Peter Palfrader [Tue, 14 Jul 2009 07:52:34 +0000 (09:52 +0200)]
Remove obsolete comment
Peter Palfrader [Tue, 14 Jul 2009 07:36:00 +0000 (09:36 +0200)]
Change the comment about tracking changes in the debian changelog
Peter Palfrader [Tue, 14 Jul 2009 07:32:47 +0000 (09:32 +0200)]
Remove mailSpamOptOut ldap attribute - it isn't used anywhere.
Stephen Gran [Thu, 2 Jul 2009 22:49:02 +0000 (23:49 +0100)]
.gitignore
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 29 Jun 2009 11:50:23 +0000 (13:50 +0200)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
* 'master' of ssh://db.debian.org/git/userdir-ldap:
More
More indexing
Some additional indexing
Peter Palfrader [Mon, 29 Jun 2009 11:50:17 +0000 (13:50 +0200)]
.debian.net DNS creates BSMTP maps for MX 0 master in addition to gluck
Stephen Gran [Thu, 18 Jun 2009 23:33:54 +0000 (00:33 +0100)]
More
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 18 Jun 2009 23:20:41 +0000 (00:20 +0100)]
More indexing
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 18 Jun 2009 23:09:59 +0000 (00:09 +0100)]
Some additional indexing
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 31 May 2009 21:13:19 +0000 (22:13 +0100)]
This is much simpler.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 31 May 2009 13:30:06 +0000 (13:30 +0000)]
3 changes:
DisabledUsers should only be set for accounts that are locked, not all accounts
IsGidDebian is not a helpful check right now
The filter needs to be a lambda operator
Stephen Gran [Sun, 24 May 2009 13:40:49 +0000 (14:40 +0100)]
Two problems with my first commit:
We need to specify the RFC 2047 character set as utf-8, not us-ascii,
for the encoding type field in the header
We need to only encode the FullName, and then tack on the emailaddr.
The examples in the RFC show this behavior, and at least mutt won't
decode the header if the email address is also RFC 2047 encoded (which
makes some sense - currently email addresses can only really be ascii).
Stephen Gran [Sun, 24 May 2009 13:15:51 +0000 (14:15 +0100)]
Use RFC 2047 header encoding when name contains non ascii characters.
AIUI, we are supposed to use the shorter of quoted printable or base64
for utf-8 headers, so we try to decode the header into ascii, and if that
fails, we select the shorter encapsulation and use that in the template.
This change requires importing the module email, which also means changing
all the uses of the variable 'email' into emailaddr so we don't break
usage of the email module.
Stephen Gran [Mon, 11 May 2009 23:31:50 +0000 (00:31 +0100)]
One more exception and clearer exception messages
Stephen Gran [Sat, 9 May 2009 21:47:44 +0000 (22:47 +0100)]
Merge changes back in
Stephen Gran [Sat, 9 May 2009 15:46:25 +0000 (16:46 +0100)]
debian/changelog for today's work
Stephen Gran [Sat, 9 May 2009 15:34:01 +0000 (16:34 +0100)]
Some general code cleanup
Stephen Gran [Sat, 9 May 2009 15:00:06 +0000 (16:00 +0100)]
Some cleanup in IsRetired()
Stephen Gran [Sat, 9 May 2009 13:38:48 +0000 (14:38 +0100)]
Does this matter? I'll predeclare DebianUsers just in case
Stephen Gran [Sat, 9 May 2009 13:33:53 +0000 (14:33 +0100)]
More loop logic cleanup - we only handle mail for gid Debian, so we
create a new list of users with that gid, and only look at that list
for Mail purposes.
Stephen Gran [Sat, 9 May 2009 13:10:37 +0000 (14:10 +0100)]
More of "We don't use the LDAP object in these functions, so I don't see why we're passing it in. I'm going to try removing it and see what breaks."
Stephen Gran [Sat, 9 May 2009 13:00:27 +0000 (14:00 +0100)]
We don't use the LDAP object in these functions, so I don't see why we're passing it in. I'm going to try removing it and see what breaks.
Stephen Gran [Sat, 9 May 2009 12:56:29 +0000 (13:56 +0100)]
Some reordering of file generation so that we can do fewer redundant checks
Stephen Gran [Sat, 9 May 2009 12:30:10 +0000 (13:30 +0100)]
return of the whitespace nazi
Stephen Gran [Sat, 9 May 2009 12:11:11 +0000 (13:11 +0100)]
Do the checks for mail forwarding once at the start
Stephen Gran [Sat, 9 May 2009 11:49:55 +0000 (12:49 +0100)]
Whitespace and semicolon cleanup only - no code changes
Stephen Gran [Sat, 9 May 2009 11:23:19 +0000 (12:23 +0100)]
Moving away from string exceptions
Stephen Gran [Sat, 9 May 2009 11:19:56 +0000 (12:19 +0100)]
Begin a cleanup of loop logic
Stephen Gran [Sat, 9 May 2009 00:24:19 +0000 (01:24 +0100)]
Stop exporting information about retired developers
Stephen Gran [Fri, 8 May 2009 23:40:59 +0000 (00:40 +0100)]
Stop exporting locked accounts
Peter Palfrader [Thu, 7 May 2009 21:41:58 +0000 (23:41 +0200)]
ud-replicate no longer uses localsyncon=*samosa*.
Peter Palfrader [Fri, 1 May 2009 15:10:56 +0000 (17:10 +0200)]
We would previously ignore purpose hosts for ssh known hosts purposes if the
service name would not start the purpose field. Fix this.
Peter Palfrader [Sun, 5 Apr 2009 23:41:05 +0000 (01:41 +0200)]
userdir-ldap.conf: remove from default keyrings:
- /home/jgg/keys/extrakeys.gpg
- /home/jgg/keys/guest-keys.gpg
Peter Palfrader [Sun, 5 Apr 2009 23:35:26 +0000 (01:35 +0200)]
ud-gpgimport: work on add_keyrings if no keyrings are given on the command line
Peter Palfrader [Sun, 5 Apr 2009 23:35:02 +0000 (01:35 +0200)]
userdir_gpg.py: add a ClearKeyrings()
Peter Palfrader [Sun, 5 Apr 2009 23:34:27 +0000 (01:34 +0200)]
userdir-ldap.conf: add keyring.pgp to default add_keyrings
Peter Palfrader [Mon, 23 Mar 2009 11:39:49 +0000 (12:39 +0100)]
Print gpg's exit status when it fails
Peter Palfrader [Fri, 20 Mar 2009 15:35:30 +0000 (16:35 +0100)]
ud-generate: do not die when building ssh_known_hosts just because a host is
not (yet) in DNS.
Stephen Gran [Sat, 28 Feb 2009 12:42:59 +0000 (12:42 +0000)]
Gratuitous version increment
Stephen Gran [Sat, 28 Feb 2009 12:10:51 +0000 (12:10 +0000)]
Actually install the new exceptions module
Stephen Gran [Sat, 28 Feb 2009 11:11:52 +0000 (11:11 +0000)]
* Stop using string exceptions in ud-mailgate. We should probably stop
using them everywhere, but this one is causing bounces, so we'll deal with
it first.
* Create an exception generator to make it easy to create new types of
exceptions.
Peter Palfrader [Wed, 7 Jan 2009 16:13:22 +0000 (17:13 +0100)]
0.3.59
Peter Palfrader [Wed, 7 Jan 2009 16:13:06 +0000 (17:13 +0100)]
More tweaks on welcome-message-800
Peter Palfrader [Wed, 7 Jan 2009 16:04:22 +0000 (17:04 +0100)]
Apply patch to welcome-message-800 provided by Sandro Tosi:
- some machines/services have been renamed
- point to http://wiki.debian.org/MigrateToDDAccount
Peter Palfrader [Wed, 7 Jan 2009 16:03:09 +0000 (17:03 +0100)]
Remove a lie from welcome-message-60000 - not that it's the only one.
Peter Palfrader [Sat, 3 Jan 2009 14:35:30 +0000 (15:35 +0100)]
export dns zones to the zonefile for roleaccounts
Peter Palfrader [Sat, 3 Jan 2009 14:21:25 +0000 (15:21 +0100)]
Role accounts may have dnsZoneEntry attributes
Peter Palfrader [Fri, 19 Dec 2008 08:25:50 +0000 (09:25 +0100)]
ud-info: Fix regression from r493: When we log in as admin user and modify
another user we got shown that other user but all changes would be made against
our own record.
Peter Palfrader [Thu, 18 Dec 2008 09:04:19 +0000 (10:04 +0100)]
In ud-mailgate use an empty envelope from when sending error messages
Peter Palfrader [Wed, 17 Dec 2008 11:58:32 +0000 (12:58 +0100)]
There is a deadlock situation when ud-mailgate gets a mail claiming to be from
itself:
- ud-mailgate opens and locks the replay cache
- verification of the mail fails for whatever reason
- a reply is sent (to itself)
- exim tries to deliver the mail by directly calling ud-mailgate
- ud-mailgate tries to acquire the lock -> deadlock
Fix this by changing when we open the replay cache, and unlock it as soon as we
are done.
Joey Schulze [Sun, 14 Dec 2008 01:56:40 +0000 (02:56 +0100)]
Adjust boolean value detection code to use upper case letters in the
end. Enable it for all three boolean attributes. Widen tabular
display by one character so the description fits again. Finalise new
changelog entry.
Martin Zobel-Helas [Sun, 14 Dec 2008 01:51:10 +0000 (02:51 +0100)]
well, debianDevelopers also want to opt-out.... ;-)
Martin Zobel-Helas [Sun, 14 Dec 2008 01:25:24 +0000 (02:25 +0100)]
Add Joey and me to Uploaders: