* ud-lock: support supplying a status to set instead of 'retiring'.
* ud-generate: Also rebuild if one of our keyrings has changed, even if
ldap has not.
+ * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
+ End with 'by * none'.
+
[ Stephen Gran ]
* Fix deprecation warnings for sha module by using hashlib module instead
[ Martin Zobel-Helas ]
* ud-generate: generate webPasswords
+ * ud-generate: generate voipPasswords
* ud-replicate: set correct permissions for web-passwords
+ * ud-replicate: set correct permissions for voip-passwords
* add freecdb to depends
* userdir-ldap.schema
- add webPasswords
- add mailPreserveSuffixSeperator
+ - add voipPasswords
- [ Peter Palfrader ]
- * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
- End with 'by * none'.
-- Peter Palfrader <weasel@debian.org> Mon, 14 May 2012 18:45:07 +0200
from userdir_ldap import *
from userdir_exceptions import *
import UDLdap
+from xml.etree.ElementTree import Element, SubElement, Comment
+from xml.etree import ElementTree
+from xml.dom import minidom
try:
from cStringIO import StringIO
except ImportError:
Keyrings = ConfModule.sync_keyrings.split(":")
GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+def prettify(elem):
+ """Return a pretty-printed XML string for the Element.
+ """
+ rough_string = ElementTree.tostring(elem, 'utf-8')
+ reparsed = minidom.parseString(rough_string)
+ return reparsed.toprettyxml(indent=" ")
def safe_makedirs(dir):
try:
Die(File, None, F)
raise
+# Generate the voipPassword list
+def GenVoipPassword(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File, "w", 0600)
+ os.umask(OldMask)
+
+ root = Element('domain')
+ root.attrib['name'] = "$${sip_profile}"
+
+ for a in accounts:
+ if not 'voipPassword' in a: continue
+ if not a.pw_active(): continue
+
+ Pass = str(a['voipPassword'])
+ user = Element('user')
+ user.attrib['id'] = "%s" % (a['uid'])
+ root.append(user)
+ params = Element('params')
+ user.append(params)
+ param = Element('param')
+ params.append(param)
+ param.attrib['name'] = "a1-hash"
+ param.attrib['value'] = "%s" % (Pass)
+
+ F.write("%s" % (prettify(root)))
+
+
+ except:
+ Die(File, None, F)
+ raise
+
def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
OldMask = os.umask(0077)
tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
"keyFingerPrint", "privateSub", "mailDisableMessage",\
"mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
"mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
- "mailContentInspectionAction", "webPassword"])
+ "mailContentInspectionAction", "webPassword", "voipPassword"])
if passwd_attrs is None:
raise UDEmptyList, "No Users"
GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
GenWebPassword(accounts, global_dir + "web-passwords")
+ GenVoipPassword(accounts, global_dir + "voip-passwords")
GenKeyrings(global_dir)
# Compatibility.
if 'WEB-PASSWORDS' in ExtraList:
DoLink(global_dir, OutDir, "web-passwords")
+ if 'VOIP-PASSWORDS' in ExtraList:
+ DoLink(global_dir, OutDir, "voip-passwords")
+
if 'KEYRING' in ExtraList:
for k in Keyrings:
bn = os.path.basename(k)
by * break
# allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
by self write
by * break
##
# allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
by * compare
# readable only by self
# .41 - sshdistAuthKeysHost
# .42 - dnsTTL
# .43 - webPassword
+# .44 - voipPassword
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
+ NAME 'voipPassword'
+ DESC 'password for voip.debian.org'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
# Experimental attribute types
# There are existing schemas for doing DNS in LDAP; would one of
DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber )
- MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword ) )
+ MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ voipPassword ) )
objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
NAME 'debianGroup'