-userdir-ldap (0.3.7X) Xnstable; urgency=low
+userdir-ldap (0.3.87) UNRELEASED; urgency=medium
+
+ [ Peter Palfrader ]
+ * remove dnsZoneEntry from restricted attributes to match config on db.d.o
+ * ssh keys: Also accept ed25519 keys. RSA keys must be at least 2k.
+ * ud-useradd: now does usergroups by default.
+ * ud-guest-upgrade: add.
+
+ [ Paul Wise ]
+ * Update ud-ldapshow and cleanup cruft around the usergroups changes
+
+ -- Peter Palfrader <weasel@debian.org> Wed, 28 Oct 2015 22:03:42 +0100
+
+userdir-ldap (0.3.86) unstable; urgency=medium
+
+ * ud-generate: support ssh-ed25519 keys for SSHFP records.
+ * ud-replicated: only restore TERM if it was set before. If it wasn't leave
+ it at dumb.
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 07 Dec 2014 16:25:22 +0100
+
+userdir-ldap (0.3.85) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * ud-generate:
+ + Correct thinkos
+ + notification is now the default
+
+ [ Peter Palfrader ]
+ * ud-mailgate:
+ - fix sudopassword confirm handling.
+ - sudopassword: allow dashes in hostnames.
+ * ud-generate: update gitolite authkeys generation
+ - skip ssh keys with non-local allowed_hosts
+ - skip all keys with other restrictions
+ - make including keys for hosts optional (on by default)
+ - support overriding the command we restrict to
+ - sudopassword: allow dashes in hostnames.
+ * ud-replicated:
+ - only use /var/run/log if it's a socket.
+ * High version number to supersede locally built, non-tracked versions.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 06 Dec 2014 09:59:12 +0100
+
+userdir-ldap (0.3.82) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * KFreeBSD uses a different syslog socket just because
+ * Change cron job to weekly
+
+ [ Peter Palfrader ]
+ * sigcheck: Import userdir_ldap so CheckLDAP() can find connectLDAP().
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 20 Jan 2014 23:18:17 +0100
+
+userdir-ldap (0.3.81) unstable; urgency=low
+
+ * Gratuitous version bump
+
+ -- Stephen Gran <sgran@debian.org> Sat, 18 Jan 2014 10:37:40 +0000
+
+userdir-ldap (0.3.80) unstable; urgency=low
+
+ [ Peter Palfrader ]
+ * some ud-echelon fixes,
+ * userdir_gpg.py: GetClearSig: add lax_multipart to deal
+ with random multipart mails.
+ * naming your variable like a module is unsmart.
+ * ud-generate:
+ - filter on shadowAccount.
+ - fix breaking old ud-generate locks.
+ * ud-mailgate: only run ldapmodfiy if we actually have attributes to modify.
+ * ud-replicate:
+ - do not hard-code 'debian.org' in the 'write-zonefile debian.org' call,
+ but instead re-use the domain from email-append.
+ - now preserve server side modifcation times when rsyncing data.
+ * userdir_ldap.py: read auth password from environment if set.
+ * Introduce BaseBaseDN which is the real base dn. BaseDN itself
+ has historically been used as the root of the user tree.
+ * Allow a set of users to be ignored for picking UIDs.
+ * When picking uid/gid numbers try to pick the same number for both.
+ * Merge from torproject.org:
+ - Allow sshRSAAuthKey for role accounts.
+ - Support ssh key attributes for gitolite export.
+ - Add ssh-gitolite support.
+ * debianGroups may have cn attribute (helpful when putting samba stuff into
+ ldap).
+ * ud-mailgate: Do not try to do an ldap modify with no changes - now show
+ command to changes@ should work again.
+ * ud-generate: No longer expand $ in dnsZoneEntry data to a \n\t.
+ * ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime()
+ functions.
+ * ud-generate: Add -f option to build even if cache is current.
+ * ud-generate: Move main code into a ud_generate()
+ * ud-generate: speed improvements:
+ - cut down on calls to IsInGroup by doing it once in generate_host()
+ and not having the individual generators run it.
+ o side effect: Up until now we exported empty groups to a host, if
+ that group had a user with that group as their primary group - even
+ if that particular user was not exported to this this. No we no
+ longer export empty groups.
+ - speed up ssh tarball generation: No longer write indidividual user's ssh
+ authorized_keys to disk, only to read them later. Directly create a
+ TarInfo object without referring to any on-disk files.
+ - get rid of global state variable CurrentHost. This will enable upcoming
+ changes.
+ - UDLdap.py: make a cache for __getitem__() decisions.
+ - wrap cdbmake calls in eatmydata. Nothing else does any fsync stuff,
+ so doing it here just costs a lot.
+ * ud-generate: Use a flock() lock instead of python's lockfile class.
+ * ud-generate: The ssh authorized_keys file for the sshdist user now wraps
+ the rsync call in an flock wrapper that acquires a shared lock on
+ ud-generate's lock. This prevents syncing while ud-generate runs.
+ * ud-lock: support supplying a status to set instead of 'retiring'.
+ * ud-generate: Also rebuild if one of our keyrings has changed, even if
+ ldap has not.
+ * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
+ End with 'by * none'.
+ * ud-generate: Allow more than one email address in userForward. Quite
+ useful for role accounts.
+ * ud-generate: Support writing gitolite config for just one user-group.
+ * ud-generate: Support MX remapping.
+ * ud-generate: Fix ipv6 check.
+ * ud-generate: Fix unix mtime triggers.
+
+ [ Stephen Gran ]
+ * Fix deprecation warnings for sha module by using hashlib module instead
+ * ud-fingerserv: update Net::LDAP import
+ * Implement audit logging for ldap
+ * stop running ud-generate if nothing has changed, based on audit logs
+ * Change to trigger based replication
+
+ [ Martin Zobel-Helas ]
+ * ud-generate: generate webPasswords
+ * ud-generate: generate voipPasswords
+ * ud-replicate: set correct permissions for web-passwords
+ * ud-replicate: set correct permissions for voip-passwords
+ * add freecdb to depends
+ * userdir-ldap.schema
+ - add webPasswords
+ - add mailPreserveSuffixSeperator
+ - add voipPasswords
+
+ [ Tollef Fog Heen ]
+ * Export SSH host keys for gitolite, subject to a regex filter.
+
+ [ Luca Filipozzi ]
+ * rename voipPassword to rtcPassword in schema
+ * update code to match
+
+ -- Luca Filipozzi <lfilipoz@emyr.net> Thu, 16 Jan 2014 22:52:47 +0000
+
+userdir-ldap (0.3.79) unstable; urgency=low
+
+ * Add ud-sync-accounts-to-afs, a script to sync accounts to an
+ AFS protection database.
+ * ud-generate:
+ - support host ACLs that expire.
+ - lock output directory when generating.
+ - support sync keyring dirs now too.
+ * ud-useradd: A new -g switch for adding guest accounts, with
+ proper setting hostacls and shadowexpire and picking the
+ right keyring.
+ * Remove .pgp (v3 pgp key) keyrings from config.
+ * Update guest welcome template.
+ * ud-gpgimport: handle guest keyrings.
+ * ud-mailgate:
+ - Make updating of gender actually work.
+ - Do not mess with sudo passwords if nothing changed.
+ * templates/change-reply: say a word about subjects in mail to admin@db.
+ * move gpgwrapper to unmaintained/ - it is now using obsolete interfaces.
+ * try to properly handle some more mime stuff.
+ - use email module instead of deprecated mimetools and multifile modules
+ - changes: sigcheck ud-echelon ud-mailgate userdir_gpg.py
+ * move ud-echelon and sigcheck to GPGCheckSig2 interface.
+
+ -- Peter Palfrader <weasel@debian.org> Sat, 21 May 2011 14:53:18 +0200
+
+userdir-ldap (0.3.78) unstable; urgency=low
+
+ * Start refactoring ud-generate:
+ - If environment variables UD_CREDENTIALS, UD_GENERATEDIR, UD_HMAC_KEY
+ are set, use their respective value instead of the default. This
+ makes it possible to run ud-generate as a non-privileged user for
+ testing purposes.
+ - Start wrapping ldap search results in classes. For now we have done
+ this with just an ldap account.
+ - Also got rid of the global PasswdAttrs variable. Now functions
+ get the account list (now a list of Account classes instead of
+ ldap result array of tuples of hashes) passed to them like well-behaved
+ functions.
+ * userdir-ldap-slapd.conf: Fix ACL rule for keyring maintainers
+ (we want group=..., not dn=...).
+ * Add ud-krb-reset, and make ud-mailgate call it when
+ receiving a mail at chpasswd@ saying
+ 'Please change my Kerberos password'.
+ * ud-generate: Add an extra output file called all-users.json that
+ can be used on one of the AFS hosts to create afs users.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 13 Sep 2010 19:08:34 +0200
+
+userdir-ldap (0.3.77) unstable; urgency=low
[ Peter Palfrader ]
* ud-mailgate: Remove a global declaration after a variable has
* ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.
* Add ud-lock.
* Fix a typo in welcome-message-800 noticed by Tommi Vainikainen.
+ * Refactor the LDAP acls to be easier to manage.
+ Effective changes:
+ - Keyring Maintainers ldap group gets to write to the keyFingerPrint
+ attribute.
+ - sshrsaauthkey is no longer compareable by *.
+ * ud-generate: refuse to run as root.
[ Stephen Gran ]
* Add txt record support to ud-mailgate
* Clean up addition of identifying txt records to debian.net slightly
- -- Peter Palfrader <weasel@debian.org> Sun, 09 May 2010 18:03:13 +0200
+ -- Peter Palfrader <weasel@debian.org> Fri, 30 Jul 2010 19:46:48 +0200
userdir-ldap (0.3.76) unstable; urgency=low
projects / mirror / userdir-ldap.git / blobdiff