-userdir-ldap (0.3.25+common1) unstable; urgency=low
-
- [ Martin Zobel-Helas ]
- * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP)
++userdir-ldap (0.3.XX) Xnstable; urgency=low
+
+ [ Joerg Jaspert ]
+ * Use sync_keyrings from config file in ud-generate instead of a
+ hardcoded list
+ * Use add_keyrings from config file in ud-useradd instead of a
+ hardcoded list
+
- -- Joerg Jaspert <joerg@debian.org> Sun, 18 May 2008 13:32:01 +0200
++ -- Peter Palfrader <weasel@debian.org> Fri, 23 May 2008 09:59:15 +0200
++
+userdir-ldap (0.3.30) unstable; urgency=low
+
+ * When we touch usePassword in ud-info or ud-mailgate we now also
+ update shadowLastChange.
+ * When we lock accounts, set shadowExpire to 1. shadowExpire
+ is "days since Jan 1, 1970 that account is disabled".
+ * Properly capitalize shadowInactive and shadowExpire attributes in
+ ud-info and ud-generate.
+ * Add copyright statements to ud-info from bzr log.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 22:39:10 +0200
+
+userdir-ldap (0.3.29) unstable; urgency=low
+
+ * ud-info: Add an option "L" to lock accounts in the interactive
+ interface. Locking an account sets a user's password to "{crypt}*LK*"
+ and sets a mailDisableMessage of "account locked".
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 21:49:19 +0200
+
+userdir-ldap (0.3.28) unstable; urgency=low
+
+ * ud-generate: Do not disable mail just because the account is locked.
+
+ -- Peter Palfrader <weasel@debian.org> Thu, 22 May 2008 21:38:56 +0200
+
+userdir-ldap (0.3.27) unstable; urgency=low
+
+ * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export
+ ssh-rsa-shadow this is probably the right thing.
+ * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 08:55:28 +0200
+
+userdir-ldap (0.3.26) unstable; urgency=low
+
+ * ud-replicate: sgran pointed out that if all we care about ignoring is
+ EEXIST then we should use mkdir -p instead of [ -d userkeys ] || mkdir
+ userkeys.
+ * ud-mailgate: a bug in DoSSH caused all changes to fail that came after
+ DoSSH in HandleChange. Now DoSSH properly returns without raising an
+ exception if the line to handle is not an ssh public key.
+ * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP). [zobel]
+
+ -- Peter Palfrader <weasel@debian.org> Sun, 18 May 2008 14:27:50 +0200
userdir-ldap (0.3.25) unstable; urgency=low
EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$");
BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL);
DNSZone = ".debian.net"
- Keyrings = [ "/org/keyring.debian.org/keyrings/debian-keyring.gpg",
- "/org/keyring.debian.org/keyrings/debian-keyring.pgp" ]
+ Keyrings = ConfModule.sync_keyrings.split(":")
def safe_makedirs(dir):
try:
or GetAttr(x,"userPassword").startswith("!"):
ShadowExpire = '1'
else:
- ShadowExpire = GetAttr(x,"shadowexpire")
+ ShadowExpire = GetAttr(x,"shadowExpire")
Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\
Pass,GetAttr(x,"shadowLastChange"),\
GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\
- GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\
+ GetAttr(x,"shadowWarning"),GetAttr(x,"shadowInactive"),\
ShadowExpire);
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (I,Line));
for x in PasswdAttrs:
Reason = None
-
- # If the account is locked, disable incoming mail
- if (GetAttr(x,"userPassword").find("*LK*") != -1):
- if GetAttr(x,"uid") == "luther":
- continue
- else:
- Reason = "user account locked"
+
+ if x[1].has_key("mailDisableMessage"):
+ Reason = GetAttr(x,"mailDisableMessage")
else:
- if x[1].has_key("mailDisableMessage"):
- Reason = GetAttr(x,"mailDisableMessage")
- else:
- continue
+ continue
# Must be in the Debian group (yuk, hard coded for now)
if GetAttr(x,"gidNumber") != "800":
PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\
["uid","uidNumber","gidNumber","supplementaryGid",\
"gecos","loginShell","userPassword","shadowLastChange",\
- "shadowMin","shadowMax","shadowWarning","shadowinactive",
- "shadowexpire","emailForward","latitude","longitude",\
+ "shadowMin","shadowMax","shadowWarning","shadowInactive",
+ "shadowExpire","emailForward","latitude","longitude",\
"allowedHost","sshRSAAuthKey","dnsZoneEntry","cn","sn",\
"keyFingerPrint","privateSub","mailDisableMessage",\
"mailGreylisting","mailCallout","mailRBL","mailRHSBL",\
userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
grouprevmap = GenGroup(l,OutDir+"group");
- if ExtraList.has_key("[UNTRUSTED]"):
- continue;
- if not ExtraList.has_key("[NOPASSWD]"):
- GenShadow(l,OutDir+"shadow");
# Now we know who we're allowing on the machine, export
# the relevant ssh keys
# to give a shit^W^W^Wcare about the UIDoffset stuff.
to.uname = f
to.gname = grname
- to.mode = 0600
+ to.mode = 0400
tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f)))
tf.close()
os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost),
os.path.join(OutDir, 'ssh-keys.tar.gz'))
+ if ExtraList.has_key("[UNTRUSTED]"):
+ continue;
+ if not ExtraList.has_key("[NOPASSWD]"):
+ GenShadow(l,OutDir+"shadow");
+
# Link in global things
DoLink(GlobalDir,OutDir,"markers");
DoLink(GlobalDir,OutDir,"mail-forward.cdb");
projects / mirror / userdir-ldap.git / commitdiff