Die(File, None, F)
raise
+# Generate the voipPassword list
+def GenVoipPassword(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File, "w", 0600)
+ os.umask(OldMask)
+
+ for a in accounts:
+ if not 'voipPassword' in a: continue
+ if not a.pw_active(): continue
+
+ Pass = str(a['voipPassword'])
+ Line = "<user id=\"%s\">\n <params>\n <param name=\"password\" value=\"%s\"/>\n <params />\n</user>" % (a['uid'], Pass)
+ Line = Sanitize(Line) + "\n"
+ F.write("%s" % (Line))
+
+ except:
+ Die(File, None, F)
+ raise
+
def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
OldMask = os.umask(0077)
tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
"keyFingerPrint", "privateSub", "mailDisableMessage",\
"mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
"mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
- "mailContentInspectionAction", "webPassword"])
+ "mailContentInspectionAction", "webPassword", "voipPassword"])
if passwd_attrs is None:
raise UDEmptyList, "No Users"
GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
GenWebPassword(accounts, global_dir + "web-passwords")
+ GenVoipPassword(accounts, global_dir + "voip-passwords")
GenKeyrings(global_dir)
# Compatibility.
by * break
# allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
by self write
by * break
##
# allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
by * compare
# readable only by self
# .41 - sshdistAuthKeysHost
# .42 - dnsTTL
# .43 - webPassword
+# .44 - voipPassword
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
+ NAME 'voipPassword'
+ DESC 'password for voip.debian.org'
+ EQUALITY octetStringMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
# Experimental attribute types
# There are existing schemas for doing DNS in LDAP; would one of
DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
SUP top AUXILIARY
MUST ( cn $ uid $ uidNumber $ gidNumber )
- MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword ) )
+ MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ voipPassword ) )
objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
NAME 'debianGroup'