Martin Zobel-Helas [Thu, 8 Mar 2012 22:31:36 +0000 (23:31 +0100)]
export webPassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Mon, 5 Mar 2012 10:56:00 +0000 (11:56 +0100)]
mess with uid number generation
* Allow a set of users to be ignored for picking UIDs.
* When picking uid/gid numbers try to pick the same number for both.
Peter Palfrader [Mon, 5 Mar 2012 10:28:03 +0000 (11:28 +0100)]
Introduce BaseBaseDN which is the real base dn
Peter Palfrader [Mon, 5 Mar 2012 10:17:58 +0000 (11:17 +0100)]
userdir_ldap.py: read auth password from environment if set
Peter Palfrader [Wed, 29 Feb 2012 16:24:35 +0000 (17:24 +0100)]
Sync welcome-message-800
Martin Zobel-Helas [Sun, 19 Feb 2012 13:48:03 +0000 (14:48 +0100)]
add webPassword
Martin Zobel-Helas [Sun, 19 Feb 2012 13:46:24 +0000 (14:46 +0100)]
add webPassword
Stephen Gran [Thu, 29 Dec 2011 21:23:11 +0000 (21:23 +0000)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Stephen Gran [Thu, 29 Dec 2011 21:22:45 +0000 (21:22 +0000)]
Fix some usages of hardcoded debian.org
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 29 Dec 2011 21:21:00 +0000 (21:21 +0000)]
Update to match live slapd.conf
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 29 Dec 2011 21:06:23 +0000 (22:06 +0100)]
ud-replicate: now preserve server side modifcation times when rsyncing data
Peter Palfrader [Thu, 29 Dec 2011 20:55:21 +0000 (21:55 +0100)]
fix breaking old ud-generate locks.
Peter Palfrader [Wed, 2 Nov 2011 22:42:06 +0000 (23:42 +0100)]
ud-replicate: do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, but instead re-use the domain from email-append.
Stephen Gran [Fri, 26 Aug 2011 19:26:15 +0000 (19:26 +0000)]
why does python not believe in variable scoping, but then complain about it?
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Aug 2011 16:19:24 +0000 (17:19 +0100)]
mmmm, that's likely to be a namespace clash
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 20 Aug 2011 15:55:59 +0000 (15:55 +0000)]
We need to use an actually defined variable name
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 15 Aug 2011 19:52:42 +0000 (21:52 +0200)]
ud-mailgate: only run ldapmodfiy if we actually have attributes to modify.
Faidon Liambotis [Sun, 14 Aug 2011 13:23:01 +0000 (16:23 +0300)]
Add slapo-constaint for keyfingerprint
Stephen Gran [Fri, 29 Jul 2011 16:24:52 +0000 (16:24 +0000)]
Make ud-generate pull the last modification time out of ldap and only
run if ldap has been updated. We have some more architecture work to do
before this can go live without making the monitoring go insane.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 9 Jun 2011 19:28:29 +0000 (19:28 +0000)]
and changelog too
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 9 Jun 2011 19:28:07 +0000 (19:28 +0000)]
update Net::LDAP import
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 9 Jun 2011 17:52:36 +0000 (17:52 +0000)]
and some changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 9 Jun 2011 17:47:12 +0000 (17:47 +0000)]
more sha module
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 9 Jun 2011 17:17:46 +0000 (17:17 +0000)]
get rid of most uses of sha module
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sat, 21 May 2011 14:50:21 +0000 (16:50 +0200)]
Handle capital {CRYPT} in userpasswd
Peter Palfrader [Sat, 21 May 2011 14:42:41 +0000 (16:42 +0200)]
Filter on shadowAccount
Peter Palfrader [Sat, 21 May 2011 14:42:02 +0000 (16:42 +0200)]
no userpassword means locked.
Peter Palfrader [Sat, 21 May 2011 14:03:21 +0000 (16:03 +0200)]
naming your variable like a module is unsmart
Peter Palfrader [Sat, 21 May 2011 13:41:47 +0000 (15:41 +0200)]
More lax with mime
Peter Palfrader [Sat, 21 May 2011 13:13:31 +0000 (15:13 +0200)]
ud-echelon fixes
Peter Palfrader [Sat, 21 May 2011 12:57:18 +0000 (14:57 +0200)]
unreleased
Peter Palfrader [Sat, 21 May 2011 12:53:28 +0000 (14:53 +0200)]
release
Peter Palfrader [Sat, 21 May 2011 12:52:28 +0000 (14:52 +0200)]
try to properly handle some more mime stuff.
- use email module instead of deprecated mimetools and multifile modules
- changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py
- move ud-echelon and sigcheck to GPGCheckSig2 interface.
Peter Palfrader [Sat, 21 May 2011 12:50:28 +0000 (14:50 +0200)]
Update debian/changelog
Peter Palfrader [Sat, 21 May 2011 10:52:49 +0000 (12:52 +0200)]
Move gpgwrapper aside
Peter Palfrader [Sat, 21 May 2011 10:49:24 +0000 (12:49 +0200)]
Dead import
Peter Palfrader [Sat, 21 May 2011 10:40:20 +0000 (12:40 +0200)]
Get rid of tabs
Peter Palfrader [Fri, 25 Mar 2011 19:03:41 +0000 (20:03 +0100)]
Update changelog
Peter Palfrader [Fri, 25 Mar 2011 19:03:05 +0000 (20:03 +0100)]
Handle sync keyring *dirs*
Peter Palfrader [Fri, 25 Mar 2011 18:58:45 +0000 (19:58 +0100)]
Lock ud-generate process
Peter Palfrader [Fri, 25 Mar 2011 18:55:48 +0000 (19:55 +0100)]
Try to cut down a bit on global state
Peter Palfrader [Fri, 25 Mar 2011 17:59:47 +0000 (18:59 +0100)]
Use GlobalDir instead of GenerateDir in one place
Peter Palfrader [Mon, 28 Feb 2011 21:45:48 +0000 (22:45 +0100)]
Do not mess with sudo passwords if nothing changed
Peter Palfrader [Wed, 2 Feb 2011 20:56:25 +0000 (21:56 +0100)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
* 'master' of ssh://db.debian.org/git/userdir-ldap:
Minor changes from Holger (<
201102021122.16183.holger@layer-acht.org>) Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 2 Feb 2011 20:56:19 +0000 (21:56 +0100)]
say a word about subjects in mail to admin@db
Martin Zobel-Helas [Wed, 2 Feb 2011 11:02:39 +0000 (12:02 +0100)]
Minor changes from Holger (<
201102021122.16183.holger@layer-acht.org>)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 5 Jan 2011 08:53:29 +0000 (09:53 +0100)]
ud-mailgate: Make updating of gender actually work
Martin Zobel-Helas [Thu, 23 Dec 2010 16:59:42 +0000 (17:59 +0100)]
* Uploading/Non-Uploading DDs
* remove superfluous "and"
* SSH fingerprints of the machines
* Debian CA
* mention debian-infrastructure-announce
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 22 Dec 2010 22:14:11 +0000 (23:14 +0100)]
This is some fine documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 20 Oct 2010 11:41:23 +0000 (11:41 +0000)]
ud-gpgimport: handle guest keyrings
ud-gpgimport so far used a single list of keyrings, and it expected all
keys from that keyring to be in ldap, and to have all users in ldap a
key in those keyrings.
Now ud-gpgimport has a notion of the guest-keyring. It still expects
all keys from the "main" keyring to be in ldap, but not all keys from
the guest (DM and guest) keyrings need to have accounts. An account
with a key associated to it is OK as long as it has a key in any of
the keyrings.
Peter Palfrader [Sun, 19 Sep 2010 00:00:02 +0000 (02:00 +0200)]
Update guest welcome template
Peter Palfrader [Sat, 18 Sep 2010 23:44:42 +0000 (01:44 +0200)]
Remove .pgp (v3 pgp key) keyrings from config
Peter Palfrader [Sat, 18 Sep 2010 23:42:15 +0000 (01:42 +0200)]
ud-useradd: A new -g switch for adding guest accounts
ud-useradd: A new -g switch for adding guest accounts, with proper
setting hostacls and shadowexpire and picking the right keyring.
Peter Palfrader [Sat, 18 Sep 2010 23:41:10 +0000 (01:41 +0200)]
Update changelog
Peter Palfrader [Sat, 18 Sep 2010 23:09:56 +0000 (01:09 +0200)]
Add a -h for ud-useradd
Peter Palfrader [Sat, 18 Sep 2010 23:01:54 +0000 (01:01 +0200)]
Teach ud-generate about host ACLs that expire
Peter Palfrader [Wed, 15 Sep 2010 15:47:33 +0000 (17:47 +0200)]
Allow - in usernames
Peter Palfrader [Wed, 15 Sep 2010 10:52:06 +0000 (12:52 +0200)]
import fixing
Peter Palfrader [Wed, 15 Sep 2010 10:49:26 +0000 (12:49 +0200)]
Add ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database
Peter Palfrader [Tue, 14 Sep 2010 21:10:15 +0000 (23:10 +0200)]
Fix ud-generate to create all-accounts.json in the right place
Peter Palfrader [Mon, 13 Sep 2010 17:14:33 +0000 (19:14 +0200)]
dev tree changelog
Peter Palfrader [Mon, 13 Sep 2010 17:08:19 +0000 (19:08 +0200)]
ud-generate: Add an extra output file called all-users.json
That file can be used on one of the AFS hosts to create afs users.
Peter Palfrader [Fri, 10 Sep 2010 12:53:44 +0000 (14:53 +0200)]
Add ud-krb-reset, and make ud-mailgate call it when receiving a mail at chpasswd@ saying 'Please change my Kerberos password'.
Peter Palfrader [Fri, 10 Sep 2010 12:20:20 +0000 (14:20 +0200)]
ud-mailgate: minor refactoring
Peter Palfrader [Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)]
Fix ACL rule for keyring maintainers
Peter Palfrader [Mon, 2 Aug 2010 23:48:02 +0000 (23:48 +0000)]
A class shouldn't write to stderr on error, it should throw an exception
Peter Palfrader [Mon, 2 Aug 2010 23:36:03 +0000 (23:36 +0000)]
update debian/changelog
Peter Palfrader [Mon, 2 Aug 2010 23:33:12 +0000 (23:33 +0000)]
Merge branch 'refactor-udgen'
* refactor-udgen: (24 commits)
Get rid of global variable PasswdAttrs
GenBSMTP
GenDNS
GenPasswd
GenShadow
Do not forget that passwords start with {crypt}
GenShadowSudo
GenSSHShadow
fix not-array-value-but-multiple-values check
GenGroup partially
GenForward
GenCDB
And GenMailList
whitespace fixes
And GenMailBool
Let disable-main-msg generation use Account class
Let disabled-users generation use Account class
Let private generation use Account class
Catch the case where attributes that are not declared as an array value have more than one value. This indicates a bug in the data, code, or ldap schema
Some improvement over the last path
...
Peter Palfrader [Mon, 2 Aug 2010 23:30:03 +0000 (23:30 +0000)]
Get rid of global variable PasswdAttrs
Peter Palfrader [Mon, 2 Aug 2010 23:11:30 +0000 (23:11 +0000)]
GenBSMTP
Peter Palfrader [Mon, 2 Aug 2010 22:15:35 +0000 (22:15 +0000)]
GenDNS
Peter Palfrader [Mon, 2 Aug 2010 22:05:41 +0000 (22:05 +0000)]
GenPasswd
Peter Palfrader [Mon, 2 Aug 2010 21:55:14 +0000 (21:55 +0000)]
GenShadow
Peter Palfrader [Mon, 2 Aug 2010 21:37:50 +0000 (21:37 +0000)]
Do not forget that passwords start with {crypt}
Peter Palfrader [Mon, 2 Aug 2010 21:35:07 +0000 (21:35 +0000)]
GenShadowSudo
Peter Palfrader [Mon, 2 Aug 2010 21:31:04 +0000 (21:31 +0000)]
GenSSHShadow
Peter Palfrader [Mon, 2 Aug 2010 21:28:31 +0000 (21:28 +0000)]
fix not-array-value-but-multiple-values check
Peter Palfrader [Mon, 2 Aug 2010 21:19:41 +0000 (21:19 +0000)]
GenGroup partially
Peter Palfrader [Mon, 2 Aug 2010 21:14:08 +0000 (21:14 +0000)]
GenForward
Peter Palfrader [Mon, 2 Aug 2010 21:11:37 +0000 (21:11 +0000)]
GenCDB
Peter Palfrader [Mon, 2 Aug 2010 21:06:55 +0000 (21:06 +0000)]
And GenMailList
Peter Palfrader [Mon, 2 Aug 2010 20:52:29 +0000 (20:52 +0000)]
whitespace fixes
Peter Palfrader [Mon, 2 Aug 2010 20:51:50 +0000 (20:51 +0000)]
And GenMailBool
Peter Palfrader [Mon, 2 Aug 2010 20:37:31 +0000 (20:37 +0000)]
Let disable-main-msg generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:35:49 +0000 (20:35 +0000)]
Let disabled-users generation use Account class
Martin Zobel-Helas [Mon, 2 Aug 2010 20:35:38 +0000 (22:35 +0200)]
have a proper distribution
Martin Zobel-Helas [Mon, 2 Aug 2010 20:33:53 +0000 (22:33 +0200)]
release 0.3.77
Peter Palfrader [Mon, 2 Aug 2010 20:23:53 +0000 (20:23 +0000)]
Let private generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:14:40 +0000 (20:14 +0000)]
Catch the case where attributes that are not declared as an array value have more than one value. This indicates a bug in the data, code, or ldap schema
Peter Palfrader [Mon, 2 Aug 2010 20:12:10 +0000 (20:12 +0000)]
Some improvement over the last path
Peter Palfrader [Mon, 2 Aug 2010 20:06:12 +0000 (20:06 +0000)]
Let markers generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 19:58:10 +0000 (19:58 +0000)]
give Account class a __getitem__ method and use it
Peter Palfrader [Mon, 2 Aug 2010 19:34:41 +0000 (19:34 +0000)]
Let Account have a constructor that is more useful in generate
Peter Palfrader [Mon, 2 Aug 2010 19:17:07 +0000 (19:17 +0000)]
optionally read some configuration items from the environment so we can test ud-generate without running it as sshdist
Peter Palfrader [Fri, 30 Jul 2010 17:47:04 +0000 (19:47 +0200)]
ud-generate: refuse to run as root
Peter Palfrader [Tue, 1 Jun 2010 15:22:57 +0000 (17:22 +0200)]
debian/changelog update
Faidon Liambotis [Mon, 31 May 2010 14:38:21 +0000 (17:38 +0300)]
Give keyring-maint write access to keyFingerPrint
However, make an exception for supplementaryGid=adm users for security
reasons (wouldn't want keyring-maint to be able to takeover a root
account).
The ACL gives writes to a non-existing group; this should be created,
e.g.
cn=Keyring Maintainers,ou=users,dc=debian,dc=org
objectClass: top
objectClass: groupOfNames
cn: Keyring Maintainers
member: uid=noodles,ou=users,dc=debian,dc=org
member: uid=gwolf,ou=users,dc=debian,dc=org
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Peter Palfrader [Tue, 1 Jun 2010 15:14:32 +0000 (17:14 +0200)]
labeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway. No need to restrict them to d.o hosts
Peter Palfrader [Tue, 1 Jun 2010 15:11:50 +0000 (17:11 +0200)]
Remove redundant attributes: loginShell and onVacation were already matched by the read-from-d.o ACL
Peter Palfrader [Tue, 1 Jun 2010 15:10:05 +0000 (17:10 +0200)]
commenta update