mirror/userdir-ldap.git
12 years agoexport webPassword
Martin Zobel-Helas [Thu, 8 Mar 2012 22:31:36 +0000 (23:31 +0100)]
export webPassword
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
12 years agomess with uid number generation
Peter Palfrader [Mon, 5 Mar 2012 10:56:00 +0000 (11:56 +0100)]
mess with uid number generation

* Allow a set of users to be ignored for picking UIDs.
* When picking uid/gid numbers try to pick the same number for both.

12 years agoIntroduce BaseBaseDN which is the real base dn
Peter Palfrader [Mon, 5 Mar 2012 10:28:03 +0000 (11:28 +0100)]
Introduce BaseBaseDN which is the real base dn

12 years agouserdir_ldap.py: read auth password from environment if set
Peter Palfrader [Mon, 5 Mar 2012 10:17:58 +0000 (11:17 +0100)]
userdir_ldap.py: read auth password from environment if set

12 years agoSync welcome-message-800
Peter Palfrader [Wed, 29 Feb 2012 16:24:35 +0000 (17:24 +0100)]
Sync welcome-message-800

12 years agoadd webPassword
Martin Zobel-Helas [Sun, 19 Feb 2012 13:48:03 +0000 (14:48 +0100)]
add webPassword

12 years agoadd webPassword
Martin Zobel-Helas [Sun, 19 Feb 2012 13:46:24 +0000 (14:46 +0100)]
add webPassword

12 years agoMerge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Stephen Gran [Thu, 29 Dec 2011 21:23:11 +0000 (21:23 +0000)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap

12 years agoFix some usages of hardcoded debian.org
Stephen Gran [Thu, 29 Dec 2011 21:22:45 +0000 (21:22 +0000)]
Fix some usages of hardcoded debian.org
Signed-off-by: Stephen Gran <steve@lobefin.net>
12 years agoUpdate to match live slapd.conf
Stephen Gran [Thu, 29 Dec 2011 21:21:00 +0000 (21:21 +0000)]
Update to match live slapd.conf
Signed-off-by: Stephen Gran <steve@lobefin.net>
12 years agoud-replicate: now preserve server side modifcation times when rsyncing data
Peter Palfrader [Thu, 29 Dec 2011 21:06:23 +0000 (22:06 +0100)]
ud-replicate: now preserve server side modifcation times when rsyncing data

12 years agofix breaking old ud-generate locks.
Peter Palfrader [Thu, 29 Dec 2011 20:55:21 +0000 (21:55 +0100)]
fix breaking old ud-generate locks.

13 years agoud-replicate: do not hard-code 'debian.org' in the 'write-zonefile debian.org' call...
Peter Palfrader [Wed, 2 Nov 2011 22:42:06 +0000 (23:42 +0100)]
ud-replicate: do not hard-code 'debian.org' in the 'write-zonefile debian.org' call, but instead re-use the domain from email-append.

13 years agowhy does python not believe in variable scoping, but then complain about it?
Stephen Gran [Fri, 26 Aug 2011 19:26:15 +0000 (19:26 +0000)]
why does python not believe in variable scoping, but then complain about it?

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agommmm, that's likely to be a namespace clash
Stephen Gran [Sat, 20 Aug 2011 16:19:24 +0000 (17:19 +0100)]
mmmm, that's likely to be a namespace clash
Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoWe need to use an actually defined variable name
Stephen Gran [Sat, 20 Aug 2011 15:55:59 +0000 (15:55 +0000)]
We need to use an actually defined variable name
Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoud-mailgate: only run ldapmodfiy if we actually have attributes to modify.
Peter Palfrader [Mon, 15 Aug 2011 19:52:42 +0000 (21:52 +0200)]
ud-mailgate: only run ldapmodfiy if we actually have attributes to modify.

13 years agoAdd slapo-constaint for keyfingerprint
Faidon Liambotis [Sun, 14 Aug 2011 13:23:01 +0000 (16:23 +0300)]
Add slapo-constaint for keyfingerprint

13 years agoMake ud-generate pull the last modification time out of ldap and only
Stephen Gran [Fri, 29 Jul 2011 16:24:52 +0000 (16:24 +0000)]
Make ud-generate pull the last modification time out of ldap and only
run if ldap has been updated.  We have some more architecture work to do
before this can go live without making the monitoring go insane.
Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoand changelog too
Stephen Gran [Thu, 9 Jun 2011 19:28:29 +0000 (19:28 +0000)]
and changelog too

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoupdate Net::LDAP import
Stephen Gran [Thu, 9 Jun 2011 19:28:07 +0000 (19:28 +0000)]
update Net::LDAP import

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoand some changelog
Stephen Gran [Thu, 9 Jun 2011 17:52:36 +0000 (17:52 +0000)]
and some changelog

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agomore sha module
Stephen Gran [Thu, 9 Jun 2011 17:47:12 +0000 (17:47 +0000)]
more sha module

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoget rid of most uses of sha module
Stephen Gran [Thu, 9 Jun 2011 17:17:46 +0000 (17:17 +0000)]
get rid of most uses of sha module

Signed-off-by: Stephen Gran <steve@lobefin.net>
13 years agoHandle capital {CRYPT} in userpasswd
Peter Palfrader [Sat, 21 May 2011 14:50:21 +0000 (16:50 +0200)]
Handle capital {CRYPT} in userpasswd

13 years agoFilter on shadowAccount
Peter Palfrader [Sat, 21 May 2011 14:42:41 +0000 (16:42 +0200)]
Filter on shadowAccount

13 years agono userpassword means locked.
Peter Palfrader [Sat, 21 May 2011 14:42:02 +0000 (16:42 +0200)]
no userpassword means locked.

13 years agonaming your variable like a module is unsmart
Peter Palfrader [Sat, 21 May 2011 14:03:21 +0000 (16:03 +0200)]
naming your variable like a module is unsmart

13 years agoMore lax with mime
Peter Palfrader [Sat, 21 May 2011 13:41:47 +0000 (15:41 +0200)]
More lax with mime

13 years agoud-echelon fixes
Peter Palfrader [Sat, 21 May 2011 13:13:31 +0000 (15:13 +0200)]
ud-echelon fixes

13 years agounreleased
Peter Palfrader [Sat, 21 May 2011 12:57:18 +0000 (14:57 +0200)]
unreleased

13 years agorelease userdir-ldap-0.3.79
Peter Palfrader [Sat, 21 May 2011 12:53:28 +0000 (14:53 +0200)]
release

13 years agotry to properly handle some more mime stuff.
Peter Palfrader [Sat, 21 May 2011 12:52:28 +0000 (14:52 +0200)]
try to properly handle some more mime stuff.

- use email module instead of deprecated mimetools and multifile modules
- changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py
- move ud-echelon and sigcheck to GPGCheckSig2 interface.

13 years agoUpdate debian/changelog
Peter Palfrader [Sat, 21 May 2011 12:50:28 +0000 (14:50 +0200)]
Update debian/changelog

13 years agoMove gpgwrapper aside
Peter Palfrader [Sat, 21 May 2011 10:52:49 +0000 (12:52 +0200)]
Move gpgwrapper aside

13 years agoDead import
Peter Palfrader [Sat, 21 May 2011 10:49:24 +0000 (12:49 +0200)]
Dead import

13 years agoGet rid of tabs
Peter Palfrader [Sat, 21 May 2011 10:40:20 +0000 (12:40 +0200)]
Get rid of tabs

13 years agoUpdate changelog
Peter Palfrader [Fri, 25 Mar 2011 19:03:41 +0000 (20:03 +0100)]
Update changelog

13 years agoHandle sync keyring *dirs*
Peter Palfrader [Fri, 25 Mar 2011 19:03:05 +0000 (20:03 +0100)]
Handle sync keyring *dirs*

13 years agoLock ud-generate process
Peter Palfrader [Fri, 25 Mar 2011 18:58:45 +0000 (19:58 +0100)]
Lock ud-generate process

13 years agoTry to cut down a bit on global state
Peter Palfrader [Fri, 25 Mar 2011 18:55:48 +0000 (19:55 +0100)]
Try to cut down a bit on global state

13 years agoUse GlobalDir instead of GenerateDir in one place
Peter Palfrader [Fri, 25 Mar 2011 17:59:47 +0000 (18:59 +0100)]
Use GlobalDir instead of GenerateDir in one place

13 years agoDo not mess with sudo passwords if nothing changed
Peter Palfrader [Mon, 28 Feb 2011 21:45:48 +0000 (22:45 +0100)]
Do not mess with sudo passwords if nothing changed

13 years agoMerge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Peter Palfrader [Wed, 2 Feb 2011 20:56:25 +0000 (21:56 +0100)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap

* 'master' of ssh://db.debian.org/git/userdir-ldap:
  Minor changes from Holger (<201102021122.16183.holger@layer-acht.org>) Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

13 years agosay a word about subjects in mail to admin@db
Peter Palfrader [Wed, 2 Feb 2011 20:56:19 +0000 (21:56 +0100)]
say a word about subjects in mail to admin@db

13 years agoMinor changes from Holger (<201102021122.16183.holger@layer-acht.org>)
Martin Zobel-Helas [Wed, 2 Feb 2011 11:02:39 +0000 (12:02 +0100)]
Minor changes from Holger (<201102021122.16183.holger@layer-acht.org>)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
13 years agoud-mailgate: Make updating of gender actually work
Peter Palfrader [Wed, 5 Jan 2011 08:53:29 +0000 (09:53 +0100)]
ud-mailgate: Make updating of gender actually work

13 years ago* Uploading/Non-Uploading DDs
Martin Zobel-Helas [Thu, 23 Dec 2010 16:59:42 +0000 (17:59 +0100)]
* Uploading/Non-Uploading DDs
* remove superfluous "and"
* SSH fingerprints of the machines
* Debian CA
* mention debian-infrastructure-announce
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
13 years agoThis is some fine documentation
Martin Zobel-Helas [Wed, 22 Dec 2010 22:14:11 +0000 (23:14 +0100)]
This is some fine documentation
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
14 years agoud-gpgimport: handle guest keyrings
Peter Palfrader [Wed, 20 Oct 2010 11:41:23 +0000 (11:41 +0000)]
ud-gpgimport: handle guest keyrings

ud-gpgimport so far used a single list of keyrings, and it expected all
keys from that keyring to be in ldap, and to have all users in ldap a
key in those keyrings.

Now ud-gpgimport has a notion of the guest-keyring.  It still expects
all keys from the "main" keyring to be in ldap, but not all keys from
the guest (DM and guest) keyrings need to have accounts.  An account
with a key associated to it is OK as long as it has a key in any of
the keyrings.

14 years agoUpdate guest welcome template
Peter Palfrader [Sun, 19 Sep 2010 00:00:02 +0000 (02:00 +0200)]
Update guest welcome template

14 years agoRemove .pgp (v3 pgp key) keyrings from config
Peter Palfrader [Sat, 18 Sep 2010 23:44:42 +0000 (01:44 +0200)]
Remove .pgp (v3 pgp key) keyrings from config

14 years agoud-useradd: A new -g switch for adding guest accounts
Peter Palfrader [Sat, 18 Sep 2010 23:42:15 +0000 (01:42 +0200)]
ud-useradd: A new -g switch for adding guest accounts

ud-useradd: A new -g switch for adding guest accounts, with proper
setting hostacls and shadowexpire and picking the right keyring.

14 years agoUpdate changelog
Peter Palfrader [Sat, 18 Sep 2010 23:41:10 +0000 (01:41 +0200)]
Update changelog

14 years agoAdd a -h for ud-useradd
Peter Palfrader [Sat, 18 Sep 2010 23:09:56 +0000 (01:09 +0200)]
Add a -h for ud-useradd

14 years agoTeach ud-generate about host ACLs that expire
Peter Palfrader [Sat, 18 Sep 2010 23:01:54 +0000 (01:01 +0200)]
Teach ud-generate about host ACLs that expire

14 years agoAllow - in usernames
Peter Palfrader [Wed, 15 Sep 2010 15:47:33 +0000 (17:47 +0200)]
Allow - in usernames

14 years agoimport fixing
Peter Palfrader [Wed, 15 Sep 2010 10:52:06 +0000 (12:52 +0200)]
import fixing

14 years agoAdd ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database
Peter Palfrader [Wed, 15 Sep 2010 10:49:26 +0000 (12:49 +0200)]
Add ud-sync-accounts-to-afs, a script to sync accounts to an AFS protection database

14 years agoFix ud-generate to create all-accounts.json in the right place
Peter Palfrader [Tue, 14 Sep 2010 21:10:15 +0000 (23:10 +0200)]
Fix ud-generate to create all-accounts.json in the right place

14 years agodev tree changelog
Peter Palfrader [Mon, 13 Sep 2010 17:14:33 +0000 (19:14 +0200)]
dev tree changelog

14 years agoud-generate: Add an extra output file called all-users.json userdir-ldap-0.3.78
Peter Palfrader [Mon, 13 Sep 2010 17:08:19 +0000 (19:08 +0200)]
ud-generate: Add an extra output file called all-users.json

That file can be used on one of the AFS hosts to create afs users.

14 years agoAdd ud-krb-reset, and make ud-mailgate call it when receiving a mail at chpasswd...
Peter Palfrader [Fri, 10 Sep 2010 12:53:44 +0000 (14:53 +0200)]
Add ud-krb-reset, and make ud-mailgate call it when receiving a mail at chpasswd@ saying 'Please change my Kerberos password'.

14 years agoud-mailgate: minor refactoring
Peter Palfrader [Fri, 10 Sep 2010 12:20:20 +0000 (14:20 +0200)]
ud-mailgate:  minor refactoring

14 years agoFix ACL rule for keyring maintainers
Peter Palfrader [Wed, 11 Aug 2010 09:12:36 +0000 (11:12 +0200)]
Fix ACL rule for keyring maintainers

14 years agoA class shouldn't write to stderr on error, it should throw an exception
Peter Palfrader [Mon, 2 Aug 2010 23:48:02 +0000 (23:48 +0000)]
A class shouldn't write to stderr on error, it should throw an exception

14 years agoupdate debian/changelog
Peter Palfrader [Mon, 2 Aug 2010 23:36:03 +0000 (23:36 +0000)]
update debian/changelog

14 years agoMerge branch 'refactor-udgen'
Peter Palfrader [Mon, 2 Aug 2010 23:33:12 +0000 (23:33 +0000)]
Merge branch 'refactor-udgen'

* refactor-udgen: (24 commits)
  Get rid of global variable PasswdAttrs
  GenBSMTP
  GenDNS
  GenPasswd
  GenShadow
  Do not forget that passwords start with {crypt}
  GenShadowSudo
  GenSSHShadow
  fix not-array-value-but-multiple-values check
  GenGroup partially
  GenForward
  GenCDB
  And GenMailList
  whitespace fixes
  And GenMailBool
  Let disable-main-msg generation use Account class
  Let disabled-users generation use Account class
  Let private generation use Account class
  Catch the case where attributes that are not declared as an array value have more than one value.  This indicates a bug in the data, code, or ldap schema
  Some improvement over the last path
  ...

14 years agoGet rid of global variable PasswdAttrs
Peter Palfrader [Mon, 2 Aug 2010 23:30:03 +0000 (23:30 +0000)]
Get rid of global variable PasswdAttrs

14 years agoGenBSMTP
Peter Palfrader [Mon, 2 Aug 2010 23:11:30 +0000 (23:11 +0000)]
GenBSMTP

14 years agoGenDNS
Peter Palfrader [Mon, 2 Aug 2010 22:15:35 +0000 (22:15 +0000)]
GenDNS

14 years agoGenPasswd
Peter Palfrader [Mon, 2 Aug 2010 22:05:41 +0000 (22:05 +0000)]
GenPasswd

14 years agoGenShadow
Peter Palfrader [Mon, 2 Aug 2010 21:55:14 +0000 (21:55 +0000)]
GenShadow

14 years agoDo not forget that passwords start with {crypt}
Peter Palfrader [Mon, 2 Aug 2010 21:37:50 +0000 (21:37 +0000)]
Do not forget that passwords start with {crypt}

14 years agoGenShadowSudo
Peter Palfrader [Mon, 2 Aug 2010 21:35:07 +0000 (21:35 +0000)]
GenShadowSudo

14 years agoGenSSHShadow
Peter Palfrader [Mon, 2 Aug 2010 21:31:04 +0000 (21:31 +0000)]
GenSSHShadow

14 years agofix not-array-value-but-multiple-values check
Peter Palfrader [Mon, 2 Aug 2010 21:28:31 +0000 (21:28 +0000)]
fix not-array-value-but-multiple-values check

14 years agoGenGroup partially
Peter Palfrader [Mon, 2 Aug 2010 21:19:41 +0000 (21:19 +0000)]
GenGroup partially

14 years agoGenForward
Peter Palfrader [Mon, 2 Aug 2010 21:14:08 +0000 (21:14 +0000)]
GenForward

14 years agoGenCDB
Peter Palfrader [Mon, 2 Aug 2010 21:11:37 +0000 (21:11 +0000)]
GenCDB

14 years agoAnd GenMailList
Peter Palfrader [Mon, 2 Aug 2010 21:06:55 +0000 (21:06 +0000)]
And GenMailList

14 years agowhitespace fixes
Peter Palfrader [Mon, 2 Aug 2010 20:52:29 +0000 (20:52 +0000)]
whitespace fixes

14 years agoAnd GenMailBool
Peter Palfrader [Mon, 2 Aug 2010 20:51:50 +0000 (20:51 +0000)]
And GenMailBool

14 years agoLet disable-main-msg generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:37:31 +0000 (20:37 +0000)]
Let disable-main-msg generation use Account class

14 years agoLet disabled-users generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:35:49 +0000 (20:35 +0000)]
Let disabled-users generation use Account class

14 years agohave a proper distribution userdir-ldap-0.3.77
Martin Zobel-Helas [Mon, 2 Aug 2010 20:35:38 +0000 (22:35 +0200)]
have a proper distribution

14 years agorelease 0.3.77
Martin Zobel-Helas [Mon, 2 Aug 2010 20:33:53 +0000 (22:33 +0200)]
release 0.3.77

14 years agoLet private generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:23:53 +0000 (20:23 +0000)]
Let private generation use Account class

14 years agoCatch the case where attributes that are not declared as an array value have more...
Peter Palfrader [Mon, 2 Aug 2010 20:14:40 +0000 (20:14 +0000)]
Catch the case where attributes that are not declared as an array value have more than one value.  This indicates a bug in the data, code, or ldap schema

14 years agoSome improvement over the last path
Peter Palfrader [Mon, 2 Aug 2010 20:12:10 +0000 (20:12 +0000)]
Some improvement over the last path

14 years agoLet markers generation use Account class
Peter Palfrader [Mon, 2 Aug 2010 20:06:12 +0000 (20:06 +0000)]
Let markers generation use Account class

14 years agogive Account class a __getitem__ method and use it
Peter Palfrader [Mon, 2 Aug 2010 19:58:10 +0000 (19:58 +0000)]
give Account class a __getitem__ method and use it

14 years agoLet Account have a constructor that is more useful in generate
Peter Palfrader [Mon, 2 Aug 2010 19:34:41 +0000 (19:34 +0000)]
Let Account have a constructor that is more useful in generate

14 years agooptionally read some configuration items from the environment so we can test ud-gener...
Peter Palfrader [Mon, 2 Aug 2010 19:17:07 +0000 (19:17 +0000)]
optionally read some configuration items from the environment so we can test ud-generate without running it as sshdist

14 years agoud-generate: refuse to run as root
Peter Palfrader [Fri, 30 Jul 2010 17:47:04 +0000 (19:47 +0200)]
ud-generate: refuse to run as root

14 years agodebian/changelog update
Peter Palfrader [Tue, 1 Jun 2010 15:22:57 +0000 (17:22 +0200)]
debian/changelog update

14 years agoGive keyring-maint write access to keyFingerPrint
Faidon Liambotis [Mon, 31 May 2010 14:38:21 +0000 (17:38 +0300)]
Give keyring-maint write access to keyFingerPrint

However, make an exception for supplementaryGid=adm users for security
reasons (wouldn't want keyring-maint to be able to takeover a root
account).

The ACL gives writes to a non-existing group; this should be created,
e.g.
  cn=Keyring Maintainers,ou=users,dc=debian,dc=org
  objectClass: top
  objectClass: groupOfNames
  cn: Keyring Maintainers
  member: uid=noodles,ou=users,dc=debian,dc=org
  member: uid=gwolf,ou=users,dc=debian,dc=org

Signed-off-by: Peter Palfrader <peter@palfrader.org>
14 years agolabeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway. No need...
Peter Palfrader [Tue, 1 Jun 2010 15:14:32 +0000 (17:14 +0200)]
labeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway.  No need to restrict them to d.o hosts

14 years agoRemove redundant attributes: loginShell and onVacation were already matched by the...
Peter Palfrader [Tue, 1 Jun 2010 15:11:50 +0000 (17:11 +0200)]
Remove redundant attributes: loginShell and onVacation were already matched by the read-from-d.o ACL

14 years agocommenta update
Peter Palfrader [Tue, 1 Jun 2010 15:10:05 +0000 (17:10 +0200)]
commenta update