mess with uid number generation

* Allow a set of users to be ignored for picking UIDs.
* When picking uid/gid numbers try to pick the same number for both.

diff --git a/debian/changelog b/debian/changelog
index 901ef21..c522b7a 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -16,12 +16,14 @@ userdir-ldap (0.3.XXX) UNRELEASED; urgency=low
   * userdir_ldap.py: read auth password from environment if set.
   * Introduce BaseBaseDN which is the real base dn.  BaseDN itself
     has historically been used as the root of the user tree.
+  * Allow a set of users to be ignored for picking UIDs.
+  * When picking uid/gid numbers try to pick the same number for both.
 
   [ Stephen Gran ]
   * Fix deprecation warnings for sha module by using hashlib module instead
   * ud-fingerserv: update Net::LDAP import
 
- -- Peter Palfrader <weasel@debian.org>  Mon, 05 Mar 2012 11:27:32 +0100
+ -- Peter Palfrader <weasel@debian.org>  Mon, 05 Mar 2012 11:55:33 +0100
 
 userdir-ldap (0.3.79) unstable; urgency=low
 

diff --git a/ud-useradd b/ud-useradd
index 003f28c..099ff89 100755 (executable)
--- a/ud-useradd
+++ b/ud-useradd
@@ -35,24 +35,38 @@ HavePrivateList = getattr(ConfModule, "haveprivatelist", True)
 # Regrettably ldap doesn't have an integer attribute comparision function
 # so we can only cut the search down slightly
 
+def ShouldIgnoreID(uid):
+   for i in IgnoreUsersForUIDNumberGen:
+      try:
+         if i.search(uid) is not None:
+            return True
+      except AttributeError:
+         if uid == i:
+            return True
+
+   return False
+
 # [JT] This is broken with Woody LDAP and the Schema; for now just
 #      search through all UIDs.
 def GetFreeID(l):
-   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
-                      "uidNumber=*",["uidNumber", "gidNumber"]);
+   Attrs = l.search_s(BaseBaseDn,ldap.SCOPE_SUBTREE,
+                      "uidNumber=*",["uidNumber", "gidNumber", "uid"]);
    HighestUID = 0;
    gids = [];
+   uids = [];
    for I in Attrs:
       ID = int(GetAttr(I,"uidNumber","0"));
+      uids.append(ID)
       gids.append(int(GetAttr(I, "gidNumber","0")))
-      if ID > HighestUID:
+      uid = GetAttr(I, "uid", None)
+      if ID > HighestUID and not uid is None and not ShouldIgnoreID(uid):
          HighestUID = ID;
 
-   resGID = HighestUID + 1;
-   while resGID in gids:
-      resGID += 1
+   resUID = HighestUID + 1;
+   while resUID in uids or resUID in gids:
+      resUID += 1
 
-   return (HighestUID + 1, resGID);
+   return (resUID, resUID)
 
 # Main starts here
 AdminUser = pwd.getpwuid(os.getuid())[0];

diff --git a/userdir-ldap.conf b/userdir-ldap.conf
index 5b66fd0..4efd923 100644 (file)
--- a/userdir-ldap.conf
+++ b/userdir-ldap.conf
@@ -14,6 +14,9 @@ basebasedn = "dc=debian,dc=org";
 hostbasedn = "ou=hosts,dc=debian,dc=org";
 adminuser = "admin";
 
+#import re
+#ignoreusersforuidnumbergen = ['nobody', re.compile('\$$') ]
+
 # Printable email addresses are shown as: 'cn mn sn <uid@emailappend>'
 emailappend = "debian.org";
 

diff --git a/userdir_ldap.py b/userdir_ldap.py
index b0d06b5..b559199 100644 (file)
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -57,6 +57,12 @@ try:
 except AttributeError:
    BaseBaseDn = BaseDn
 
+try:
+   IgnoreUsersForUIDNumberGen = ConfModule.ignoreusersforuidnumbergen
+except AttributeError:
+   IgnoreUsersForUIDNumberGen = ['nobody']
+
+
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))