mirror/userdir-ldap.git
6 years agoMerge remote-tracking branch 'aerostitch/update_welcome_email'
Peter Palfrader [Wed, 3 Oct 2018 07:10:59 +0000 (09:10 +0200)]
Merge remote-tracking branch 'aerostitch/update_welcome_email'

* aerostitch/update_welcome_email:
  Change references from alioth to salsa in the DD welcome email

6 years agoA changelog entry for the ud-guest-upgrade change
Peter Palfrader [Wed, 3 Oct 2018 07:10:58 +0000 (09:10 +0200)]
A changelog entry for the ud-guest-upgrade change

6 years agoChange references from alioth to salsa in the DD welcome email
Joseph Herlant [Wed, 3 Oct 2018 02:37:47 +0000 (19:37 -0700)]
Change references from alioth to salsa in the DD welcome email

Closes: #910057

6 years agoud-guest-upgrade: do not add but replace privateSub. somebody may have added it...
Peter Palfrader [Tue, 24 Jul 2018 11:45:38 +0000 (13:45 +0200)]
ud-guest-upgrade: do not add but replace privateSub.  somebody may have added it already.

6 years agoUDLdap.py: more useful exception if our array assumptions are violated
Peter Palfrader [Wed, 25 Apr 2018 19:33:51 +0000 (21:33 +0200)]
UDLdap.py: more useful exception if our array assumptions are violated

6 years agoAdd a changelog entry
Julien Cristau [Tue, 3 Apr 2018 20:09:26 +0000 (22:09 +0200)]
Add a changelog entry

6 years agoud-mailgate: include name of unknown host in error message
Ansgar Burchardt [Tue, 3 Apr 2018 16:31:08 +0000 (18:31 +0200)]
ud-mailgate: include name of unknown host in error message

6 years agochangelog entry
Peter Palfrader [Thu, 1 Mar 2018 19:47:26 +0000 (20:47 +0100)]
changelog entry

6 years agoclean up old/obsolete code that was broken and has been commented out since forever
Peter Palfrader [Thu, 1 Mar 2018 19:47:00 +0000 (20:47 +0100)]
clean up old/obsolete code that was broken and has been commented out since forever

6 years agoAlso export a host's SSHFP records to additional dns names (sshfpHostname)
Peter Palfrader [Thu, 1 Mar 2018 19:46:28 +0000 (20:46 +0100)]
Also export a host's SSHFP records to additional dns names (sshfpHostname)

6 years agoQualify each zone file entry in sshfp with a hostname, not just the first line for...
Peter Palfrader [Thu, 1 Mar 2018 19:28:48 +0000 (20:28 +0100)]
Qualify each zone file entry in sshfp with a hostname, not just the first line for each host

6 years agoAdd sshfpHostname to schema
Peter Palfrader [Thu, 1 Mar 2018 19:20:28 +0000 (20:20 +0100)]
Add sshfpHostname to schema

6 years agoDocument sshdistAuthKeysHost
Peter Palfrader [Thu, 1 Mar 2018 19:18:07 +0000 (20:18 +0100)]
Document sshdistAuthKeysHost

6 years agoPEP-8-ify a bit
Tollef Fog Heen [Mon, 5 Feb 2018 20:36:40 +0000 (21:36 +0100)]
PEP-8-ify a bit

Not done yet, but this is much better already.  Should be no functional changes

7 years agorelease 0.3.92
Julien Cristau [Thu, 26 Oct 2017 18:29:32 +0000 (20:29 +0200)]
release 0.3.92

7 years agoFix sigcheck pgp/mime processing with gnupg 2
Julien Cristau [Thu, 26 Oct 2017 18:24:38 +0000 (20:24 +0200)]
Fix sigcheck pgp/mime processing with gnupg 2

gnupg 2.1 in stretch doesn't like MD5.

7 years agod/changelog: update with later commit
Héctor Orón Martínez [Wed, 30 Aug 2017 09:50:22 +0000 (11:50 +0200)]
d/changelog: update with later commit

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
7 years agowelcome-message-Debian: update SSL certificate authority info
Héctor Orón Martínez [Wed, 30 Aug 2017 09:11:53 +0000 (11:11 +0200)]
welcome-message-Debian: update SSL certificate authority info

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
7 years agobump version
Luca Filipozzi [Thu, 24 Aug 2017 16:50:18 +0000 (16:50 +0000)]
bump version

7 years agoud-mailgate: allow : in TXT record contents
Michael Stapelberg [Fri, 18 Aug 2017 06:22:17 +0000 (08:22 +0200)]
ud-mailgate: allow : in TXT record contents

Some systems require : in TXT records, e.g. upspin:
https://upspin.io/doc/server_setup.md

7 years agoFix ud-mailgate to handle the SHA256:$fingerprint output format that stretch's ssh...
Tollef Fog Heen [Sat, 12 Aug 2017 20:07:55 +0000 (22:07 +0200)]
Fix ud-mailgate to handle the SHA256:$fingerprint output format that stretch's ssh-keygen has switched to.

7 years agoAdd support for setting a TOTP seed
Tollef Fog Heen [Tue, 8 Aug 2017 22:37:56 +0000 (00:37 +0200)]
Add support for setting a TOTP seed

This still needs a bit of docs, but is functionally working.

7 years agogpg2 output differs from gpg1 - fix GPGSearch
Luca Filipozzi [Sun, 6 Aug 2017 22:59:40 +0000 (22:59 +0000)]
gpg2 output differs from gpg1 - fix GPGSearch

7 years agoud-generate: Create all ssh-gitolite individually
Peter Palfrader [Thu, 22 Jun 2017 17:14:04 +0000 (19:14 +0200)]
ud-generate: Create all ssh-gitolite individually

ud-generate:  Do not create a global ssh-gitolite.  Instead create
them per-host where needed so we can accomodate per-host ssh
authorized-keys.

7 years agoReplace RSA authentication with public-key authentication in welcome messages.
Peter Palfrader [Sun, 18 Jun 2017 20:43:09 +0000 (22:43 +0200)]
Replace RSA authentication with public-key authentication in welcome messages.

7 years agoSwitch from /org to /srv in default configuration
Paul Wise [Sat, 17 Jun 2017 06:35:12 +0000 (14:35 +0800)]
Switch from /org to /srv in default configuration

/org has been obsoleted by /srv for many years on debian.org hosts.

7 years agoPrevent guest accounts from using RTC addresses
Paul Wise [Mon, 13 Jun 2016 00:27:22 +0000 (08:27 +0800)]
Prevent guest accounts from using RTC addresses

7 years agoDrop removed-keys.gpg, it no longer exists and should not be used
Paul Wise [Fri, 12 May 2017 03:49:57 +0000 (11:49 +0800)]
Drop removed-keys.gpg, it no longer exists and should not be used

Suggested-by: Jonathan McDowell <noodles@earth.li>
Suggested-in: <20170510080756.GB11865@earth.li>

7 years agorelease 0.3.89 userdir-ldap-0.3.89
Julien Cristau [Mon, 27 Mar 2017 12:03:03 +0000 (14:03 +0200)]
release 0.3.89

7 years agoAdd changelog entry for use_mq patch
Julien Cristau [Mon, 27 Mar 2017 12:02:35 +0000 (14:02 +0200)]
Add changelog entry for use_mq patch

7 years agoAdd option "use_mq" to allow disabling the use of mq_notify in ud-generate
Christoph Berg [Mon, 27 Mar 2017 01:59:12 +0000 (09:59 +0800)]
Add option "use_mq" to allow disabling the use of mq_notify in ud-generate

7 years agoFix half-assed switch away from python-support.
Julien Cristau [Sun, 26 Mar 2017 16:20:44 +0000 (18:20 +0200)]
Fix half-assed switch away from python-support.

7 years agoprepare next version
Peter Palfrader [Sun, 26 Mar 2017 12:09:12 +0000 (14:09 +0200)]
prepare next version

7 years agorelease userdir-ldap-0.3.88
Peter Palfrader [Sun, 26 Mar 2017 12:06:06 +0000 (14:06 +0200)]
release

7 years agoUse dh_prep instead of dh_clean -k
Julien Cristau [Mon, 20 Mar 2017 10:56:49 +0000 (11:56 +0100)]
Use dh_prep instead of dh_clean -k

7 years agoUse dh-python instead of python-support.
Julien Cristau [Mon, 20 Mar 2017 10:56:31 +0000 (11:56 +0100)]
Use dh-python instead of python-support.

7 years agoUpdate Uploaders list.
Julien Cristau [Mon, 20 Mar 2017 10:53:00 +0000 (11:53 +0100)]
Update Uploaders list.

7 years agoud-useradd: When looking for free UIDs/GIDs, also consider groups
Peter Palfrader [Wed, 8 Feb 2017 17:27:15 +0000 (18:27 +0100)]
ud-useradd: When looking for free UIDs/GIDs, also consider groups

7 years agorelease 0.3.87
Julien Cristau [Sun, 29 Jan 2017 11:15:36 +0000 (12:15 +0100)]
release 0.3.87

7 years agoReplace dependency on perl5 with perl.
Julien Cristau [Sun, 29 Jan 2017 11:11:08 +0000 (12:11 +0100)]
Replace dependency on perl5 with perl.

8 years agoTypo
Paul Wise [Tue, 14 Jun 2016 02:31:43 +0000 (10:31 +0800)]
Typo

8 years agoFix crash in ud-generate
Paul Wise [Tue, 14 Jun 2016 02:29:48 +0000 (10:29 +0800)]
Fix crash in ud-generate

Traceback (most recent call last):
  File "/usr/bin/ud-generate", line 1498, in <module>
    ud_generate()
  File "/usr/bin/ud-generate", line 1481, in ud_generate
    generate_all(generate_dir, l)
  File "/usr/bin/ud-generate", line 1229, in generate_all
    GenDNS(accounts, global_dir + "dns-zone")
  File "/usr/bin/ud-generate", line 820, in GenDNS
    if a.is_guest_account(): continue
  File "/usr/lib/pymodules/python2.7/UDLdap.py", line 91, in is_guest_account
    return 'guest' in self['supplementaryGid']
  File "/usr/lib/pymodules/python2.7/UDLdap.py", line 48, in __getitem__
    raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn)
IndexError: No such key: supplementaryGid (dn: uid=debtags,ou=users,dc=debian,dc=org)

8 years agoLook up the default group from the config instead of hardcoding it
Paul Wise [Mon, 13 Jun 2016 00:27:44 +0000 (08:27 +0800)]
Look up the default group from the config instead of hardcoding it

8 years agoFix is_guest_account for the usergroups transition
Paul Wise [Mon, 13 Jun 2016 00:26:19 +0000 (08:26 +0800)]
Fix is_guest_account for the usergroups transition

Prevents guest accounts from using debian-private and debian.net

8 years agoWe just call the operating system Debian these days
Paul Wise [Mon, 13 Jun 2016 00:41:11 +0000 (08:41 +0800)]
We just call the operating system Debian these days

8 years agoud-generate: get RTC domain/realm from config file
Peter Palfrader [Fri, 5 Feb 2016 18:17:09 +0000 (19:17 +0100)]
ud-generate: get RTC domain/realm from config file

8 years agories is long gone
Paul Wise [Sat, 19 Dec 2015 18:05:00 +0000 (02:05 +0800)]
ries is long gone

8 years agoud-replicate: use persistent ssh connections
Peter Palfrader [Thu, 19 Nov 2015 08:52:59 +0000 (09:52 +0100)]
ud-replicate: use persistent ssh connections

8 years agoud-replicate: only install/reload RTC files when they have changed.
Peter Palfrader [Thu, 19 Nov 2015 08:23:34 +0000 (09:23 +0100)]
ud-replicate: only install/reload RTC files when they have changed.

8 years agoPass BatchMode=yes option to ssh
Julien Cristau [Wed, 18 Nov 2015 15:02:33 +0000 (16:02 +0100)]
Pass BatchMode=yes option to ssh

Should help fail quickly in case of network issues.  Remove the
PreferredAuthentications setting which becomes redundant.

Signed-off-by: Julien Cristau <jcristau@debian.org>
8 years agoAdd ud-guest-extend
Peter Palfrader [Thu, 5 Nov 2015 09:22:21 +0000 (10:22 +0100)]
Add ud-guest-extend

9 years agoUpdate ud-ldapshow and cleanup cruft around the usergroups changes
Paul Wise [Sun, 1 Nov 2015 12:48:45 +0000 (20:48 +0800)]
Update ud-ldapshow and cleanup cruft around the usergroups changes

9 years agoDrop paragraph about getting additional software installed
Peter Palfrader [Fri, 30 Oct 2015 07:56:52 +0000 (08:56 +0100)]
Drop paragraph about getting additional software installed

9 years agoMake welcome-message and welcome-message-Debian CC (and where applicable reply-to...
Peter Palfrader [Fri, 30 Oct 2015 07:56:35 +0000 (08:56 +0100)]
Make welcome-message and welcome-message-Debian CC (and where applicable reply-to) d-a@lists instead of d-a@d.o

9 years agoud-useradd: try to send the proper template
Peter Palfrader [Thu, 29 Oct 2015 09:25:12 +0000 (10:25 +0100)]
ud-useradd: try to send the proper template

9 years agoMake generic welcome-message more generic
Peter Palfrader [Thu, 29 Oct 2015 09:24:38 +0000 (10:24 +0100)]
Make generic welcome-message more generic

9 years agofix quoting
Peter Palfrader [Wed, 28 Oct 2015 21:06:28 +0000 (22:06 +0100)]
fix quoting

9 years agoalso do rtc-passwords for prosody
Peter Palfrader [Wed, 28 Oct 2015 21:06:08 +0000 (22:06 +0100)]
also do rtc-passwords for prosody

9 years agoAdd ud-guest-upgrade
Peter Palfrader [Wed, 28 Oct 2015 21:03:48 +0000 (22:03 +0100)]
Add ud-guest-upgrade

9 years agoud-useradd: now does usergroups by default
Peter Palfrader [Wed, 28 Oct 2015 20:32:25 +0000 (21:32 +0100)]
ud-useradd: now does usergroups by default

9 years agoReport key fingerprint when adding ssh keys
Peter Palfrader [Sat, 23 May 2015 08:44:23 +0000 (10:44 +0200)]
Report key fingerprint when adding ssh keys

9 years agoDo not mail admin if users try to submit unsupported keys
Peter Palfrader [Sat, 23 May 2015 08:44:10 +0000 (10:44 +0200)]
Do not mail admin if users try to submit unsupported keys

9 years agosyntax/typo fix
Peter Palfrader [Sat, 23 May 2015 08:25:15 +0000 (10:25 +0200)]
syntax/typo fix

9 years agoChangelog entry
Peter Palfrader [Sat, 23 May 2015 08:20:46 +0000 (10:20 +0200)]
Changelog entry

9 years agoMerge branch 'raphael'
Peter Palfrader [Sat, 23 May 2015 08:19:46 +0000 (10:19 +0200)]
Merge branch 'raphael'

* raphael:
  Try to make key acceptance logic clearer
  Bump the minimum key size to 2048
  Authorize ed25519 keys, which have a fixed size of 256 bits
  Recognise ecdsa and ed25519 ssh keys

9 years agoTry to make key acceptance logic clearer
Peter Palfrader [Sat, 23 May 2015 08:19:38 +0000 (10:19 +0200)]
Try to make key acceptance logic clearer

9 years agoBump the minimum key size to 2048
Raphael Geissert [Sun, 3 May 2015 19:07:27 +0000 (21:07 +0200)]
Bump the minimum key size to 2048

Signed-off-by: Peter Palfrader <peter@palfrader.org>
9 years agoAuthorize ed25519 keys, which have a fixed size of 256 bits
Raphael Geissert [Sun, 3 May 2015 18:57:10 +0000 (20:57 +0200)]
Authorize ed25519 keys, which have a fixed size of 256 bits

Signed-off-by: Peter Palfrader <peter@palfrader.org>
9 years agoRecognise ecdsa and ed25519 ssh keys
Raphael Geissert [Sun, 3 May 2015 18:56:25 +0000 (20:56 +0200)]
Recognise ecdsa and ed25519 ssh keys

Signed-off-by: Peter Palfrader <peter@palfrader.org>
9 years agoremove dnsZoneEntry from restricted attributes to match config on db.d.o
Peter Palfrader [Fri, 17 Apr 2015 18:42:41 +0000 (20:42 +0200)]
remove dnsZoneEntry from restricted attributes to match config on db.d.o

9 years agouserdir-ldap-slapd.conf.in: Rhonda points out dnsZoneEntry should not be world readable
Peter Palfrader [Fri, 17 Apr 2015 18:34:32 +0000 (20:34 +0200)]
userdir-ldap-slapd.conf.in: Rhonda points out dnsZoneEntry should not be world readable

9 years agoFix a grammatical issue.
Paul Wise [Mon, 29 Dec 2014 05:07:45 +0000 (13:07 +0800)]
Fix a grammatical issue.

9 years agoUse the people.d.o alias instead of the machine name.
Paul Wise [Mon, 29 Dec 2014 05:07:11 +0000 (13:07 +0800)]
Use the people.d.o alias instead of the machine name.

Using the alias is more future-proof.

9 years agoDebian SSL certs are no longer signed by the Debian/SPI CAs.
Paul Wise [Sun, 28 Dec 2014 04:17:47 +0000 (12:17 +0800)]
Debian SSL certs are no longer signed by the Debian/SPI CAs.

9 years agoSwitch from http to https for all the links in welcome mails.
Paul Wise [Sun, 28 Dec 2014 04:17:08 +0000 (12:17 +0800)]
Switch from http to https for all the links in welcome mails.

9 years agopeople.d.o is now paradis
Julien Cristau [Thu, 25 Dec 2014 22:43:40 +0000 (23:43 +0100)]
people.d.o is now paradis

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoNew version number
Peter Palfrader [Sun, 7 Dec 2014 15:44:06 +0000 (16:44 +0100)]
New version number

9 years agorelease 0.3.86
Peter Palfrader [Sun, 7 Dec 2014 15:25:30 +0000 (16:25 +0100)]
release 0.3.86

9 years agoud-replicated: only restore TERM if it was set before. If it wasn't leave it at...
Peter Palfrader [Sun, 7 Dec 2014 15:21:58 +0000 (16:21 +0100)]
ud-replicated: only restore TERM if it was set before.  If it wasn't leave it at dumb.

9 years agoud-generate: support ssh-ed25519 keys for SSHFP records
Peter Palfrader [Sun, 7 Dec 2014 09:47:45 +0000 (10:47 +0100)]
ud-generate: support ssh-ed25519 keys for SSHFP records

9 years agoStart new version
Peter Palfrader [Sat, 6 Dec 2014 09:25:53 +0000 (10:25 +0100)]
Start new version

9 years agoNew version number userdir-ldap-0.3.85
Peter Palfrader [Sat, 6 Dec 2014 08:59:42 +0000 (09:59 +0100)]
New version number

9 years agoRelease
Peter Palfrader [Fri, 5 Dec 2014 22:37:56 +0000 (23:37 +0100)]
Release

9 years agoud-replicated: Syntax? fix
Peter Palfrader [Fri, 5 Dec 2014 22:37:43 +0000 (23:37 +0100)]
ud-replicated: Syntax? fix

9 years agoud-replicated: only use /var/run/log if it's a socket
Peter Palfrader [Fri, 5 Dec 2014 22:36:39 +0000 (23:36 +0100)]
ud-replicated: only use /var/run/log if it's a socket

10 years agoud-generate: sudopassword: allow dashes in hostnames
Peter Palfrader [Sun, 21 Sep 2014 13:20:40 +0000 (15:20 +0200)]
ud-generate: sudopassword: allow dashes in hostnames

10 years agoud-mailage: allow dashes in hostnames.
Peter Palfrader [Sun, 21 Sep 2014 12:51:19 +0000 (14:51 +0200)]
ud-mailage: allow dashes in hostnames.

10 years agochangelog entry
Peter Palfrader [Fri, 19 Sep 2014 19:23:55 +0000 (21:23 +0200)]
changelog entry

10 years agoud-generate: update gitolite authkeys generation
Peter Palfrader [Fri, 19 Sep 2014 19:22:48 +0000 (21:22 +0200)]
ud-generate: update gitolite authkeys generation

- skip ssh keys with non-local allowed_hosts
- skip all keys with other restrictions
- make including keys for hosts optional (on by default)
- support overriding the command we restrict to

10 years agoFix schema that still references voipPassword instead of rtcPassword
Peter Palfrader [Mon, 12 May 2014 20:21:19 +0000 (22:21 +0200)]
Fix schema that still references voipPassword instead of rtcPassword

10 years ago.43 was already taken
Peter Palfrader [Mon, 12 May 2014 20:17:20 +0000 (22:17 +0200)]
.43 was already taken

10 years agoAdd rebootPolicy attribute to host
Peter Palfrader [Mon, 12 May 2014 20:10:00 +0000 (22:10 +0200)]
Add rebootPolicy attribute to host

10 years agoand changelog
Stephen Gran [Thu, 27 Feb 2014 07:28:15 +0000 (07:28 +0000)]
and changelog

Signed-off-by: Stephen Gran <steve@lobefin.net>
10 years agomake notify the default
Stephen Gran [Thu, 27 Feb 2014 07:19:00 +0000 (07:19 +0000)]
make notify the default

Signed-off-by: Stephen Gran <steve@lobefin.net>
10 years agoA changelog entry
Peter Palfrader [Sun, 9 Feb 2014 20:14:38 +0000 (21:14 +0100)]
A changelog entry

10 years agoMake SudoPasswd not be a global variable
Peter Palfrader [Sun, 9 Feb 2014 20:14:17 +0000 (21:14 +0100)]
Make SudoPasswd not be a global variable

10 years agoAct on sudopassword confirms even if nothing else gets touched
Peter Palfrader [Sun, 9 Feb 2014 20:14:01 +0000 (21:14 +0100)]
Act on sudopassword confirms even if nothing else gets touched

10 years agouse json marshalling
Stephen Gran [Sun, 2 Feb 2014 09:27:12 +0000 (09:27 +0000)]
use json marshalling

Signed-off-by: Stephen Gran <steve@lobefin.net>
10 years agoCorrect thinkos
Stephen Gran [Sat, 1 Feb 2014 13:31:28 +0000 (13:31 +0000)]
Correct thinkos

10 years agomake this actually work
Stephen Gran [Sat, 1 Feb 2014 13:31:08 +0000 (13:31 +0000)]
make this actually work

Signed-off-by: Stephen Gran <steve@lobefin.net>