From: rmurray <> Date: Wed, 12 Mar 2003 22:28:18 +0000 (+0000) Subject: remove autogenerated files X-Git-Tag: debian_userdir-ldap_0-3-7~74 X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=7c0a33425eb35461b6805e7b13c794de0749baac remove autogenerated files --- diff --git a/web/doc-direct.html b/web/doc-direct.html deleted file mode 100644 index 9dc1f48..0000000 --- a/web/doc-direct.html +++ /dev/null @@ -1,125 +0,0 @@ - - - - -Debian GNU/Linux -- Direct LDAP Access - - - - - - - - - - - - - -

- - - - - - - - - - - -

- -	- - - - - - - -	- -
- -	- - - - - - - -	- -

- -

Direct LDAP Access

-The LDAP utilities package provides a program called ldapsearch that can be -used to execute direct queries to the database. Generally this is done by -putting -

-HOST db.debian.org
-BASE dc=debian,dc=org
-

-in ~/.ldaprc. Then queries can be performed, for instance -

-samosa{jgg}~#ldapsearch uid=wakkerma keyfingerprint
-uid=wakkerma,ou=users,dc=debian,dc=org
-keyfingerprint=38444C2CA6AD756EB4A2E5FA612AFF59
-keyfingerprint=576E100B518D2F1636B028053CB892502FA3BC2D
-

-Shows the PGP key finger prints for the wakkerma user. The first word -in the command is the query to perform, the rest of command line are the -attributes to return, if omitted then all readable attributes are returned. -More complicated queries are possible, for instance: -

-samosa{jgg}~#ldapsearch '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
-uid=admin,ou=users,dc=debian,dc=org
-
-uid=mryan,ou=users,dc=debian,dc=org
-loginshell=/usr/bin/tcsh
-
-uid=jkominek,ou=users,dc=debian,dc=org
-loginshell=/usr/bin/zsh
-
-uid=caelum,ou=users,dc=debian,dc=org
-loginshell=/usr/bin/zsh
-[..]
-

-Shows users that do not use bash as their shell. Some other interesting -queries are: -

Count the number of developers (&(keyfingerprint=*)(gidnumber=800)) -
Show people in a certain group gidmembership=adm -
People named james cn=james -
Someone whos last name phonetically sounds like 'Ackerma' sn~=ackerm -
All the sparcs host=sparc -

-RFC 2254 -has more information about the filter expressions. -

Other LDAP Browsers

-The GQ package has a graphical LDAP browser that can browse the debian.org -tree. It is somewhat ungainly with the large number of entries in our -directory, but it does work nonetheless. Configuration is similar, use the -preferences dialog to add a new host with the information given above. -

-Netscape has a browser for their mailer, but I have never been able to get -it to work, please email if you have any luck. -

-To my knowledge there are no interfaces for popular mailers like mutt and -gnus. Such an interface would allow using the directory as an enhanced address -book. -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/doc-general.html b/web/doc-general.html deleted file mode 100644 index 99d7d04..0000000 --- a/web/doc-general.html +++ /dev/null @@ -1,107 +0,0 @@ - - - - -Debian GNU/Linux -- General LDAP Documentation - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

General LDAP Documentation

-debian.org uses a single LDAP driven directory for account management across -all the project run machines. This directory -also provides services for leaving vacation notices, updating -xplanet coordinates, -email forwarding, ssh authentication keys and other information. -

-Note: the 'passwd' program and 'chfn' do not work with LDAP information. -Please use the web page or email gateway for the time being. All machines -running OpenSSH are using replicated SSH RSA authentication keys. -

Security and Privacy

-Three levels of information security are provided by the database. The first -is completely public information that anyone can see either by issuing an -LDAP query or by visiting the web site. The next level is "developer-only" -information that requires authentication to the directory before it can be -accessed. The final level is admin-only or user-only information; this -information can only be viewed by the user or an administrator. -

-developer-only information includes precise location information -[postalcode, postal address, lat/long] telephone numbers, and the vacation -message. -

-Admin-only/user-only information includes email forwarding, ssh keys and -the encrypted password. Note that email forwarding is necessarily publicly -viewable from accounts on the actual machines. -

-Entries in the directory are keyed to the developers PGP key, whoever has that -key can make any change to the directory through the mail interface. -

Access

-The directory has several means to access it: -

SSL Web Forms -
Finger gateway, finger foo@debian.org -
Mail gateway -
Direct LDAP Access -
LDAP command line tools such as ud-info -

-Lost or forgotten password instructions -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/doc-mail.html b/web/doc-mail.html deleted file mode 100644 index 5a38975..0000000 --- a/web/doc-mail.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - -Debian GNU/Linux -- LDAP Gateway - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

LDAP Gateway

-The LDAP directory has a PGP secured mail gateway that -allows users to safely and conveniently effect changes to their entries. It -makes use of PGP signed input messages to positively identify the user and -to confirm the validity of the request. Furthermore it implements a replay -cache that prevents the gateway from accepting the same message more than -once. -

-There are three functions logically split into 3 seperate email addresses -that are implemented by the gateway: ping, new password and -changes. The function to act on is the first argument to the program. -

-Error handling is currently done by generating a bounce message and passing -descriptive error text to the mailer. This can generate a somewhat hard to -read error message, but it does have all the relevent information. -

Ping

-The ping command simply returns the users public record. It is useful for -testing the gateway and for the requester to get a basic dump of their -record. In future this address might 'freshen' the record to indicate the -user is alive. Any PGP signed message will produce a reply. -

New Password

-If a user looses their password they can request that a new one be generated -for them. This is done by sending the phrase "Please change my Debian -password" to chpasswd@db.debian.org. The phrase is required to prevent the -daemon from triggering on arbitary signed email. The best way to invoke this -feature is with -

echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org

-After validating the request the daemon will generate a new random password, -set it in the directory and respond with an encrpyted message containing the -new password. The password can be changed using one of the other interface -methods. -

Changes

-An address (changes@db.debian.org) is provided for making almost arbitary -changes to the contents of the record. The daemon parses its input line by -line and acts on each line in a command oriented manner. Anything, except for -passwords, can be changed using this mechanism. Note however that because -this is a mail gateway it does stringent checking on its input. The other -tools allow fields to be set to virtually anything, the gateway requires -specific field formats to be met. -

A line of the form 'field: value' will change the contents of -the field to value. Some simple checks are performed on value to make sure -that it is not set to nonsense. The values that can be changed are: -c, l, facsimiletelephonenumber, telephonenumber, -postaladdress, postalcode, -loginshell, emailforward, ircnick, onvacation, -and labledurl -
The daemon has a special parser to help changing latitude and longitude -values. It accepts several common formats for position information and -converts them to one of the standard forms. The permitted types are -
```
D = Degrees, M = Minutes, S = Seconds, x = n,s,e,w
-+-DDD.DDDDD, +- DDDMM.MMMM, +-DDDMMSS.SSSS [standard forms]
-DDxMM.MMMM, DD:MM.MMMM x, DD:MM:SS.SSS X)
```
-and the request format is 'Lat: xxx Long: xxx' where xxx -is one of the permitted types. The resulting response will include how the -input was parsed and the value in decimal degrees. -
-Part of the replicated dataset is a virtual .ssh/authorized_keys file for -each user. The change address is the simplest way to set the RSA key(s) you -intend to use. Simply place a key on a line by itself, the full SSH key -format specification is supported, see sshd(8). Probably the most common way -to use this function will be -
```
cat .ssh/identity.pub | gpg --clearsign | mail change@db.debian.org
```
-which will set the authentication key to the identity you are using. -Multiple keys per user are supported, but they must all be sent at once. -
Debian.net DNS Zone Entry. The only way to get a debian.net address is -to use the mail gateway. It -will verify the request and prevent name collisions automatically. Requests -can take two forms: 'foo in a 1.2.3.4' or 'foo in cname -foo.bar.' The precise form is critical and must not be deviated from. -Like the SSH function above, multiple hosts are supported, but they must all -be sent at once. The debian.net zone is only reloaded once per day at -midnight -0700. -
If the single word show appears on a line then a PGP encrypted version -of the entire record will be attached to the resulting email. -

-After processing the requests the daemon will generate a report which contains -each input command and the action taken. If there are any parsing errors -processing stops immediately, but valid changes up to that point are -processed. -

Notes

-In this document PGP refers to any message or key that GnuPG is -able to generate or parse, specificaly it includes both PGP2.x and OpenPGP -(aka GnuPG) keys. -

-Due to the replay cache the clock on the computer that generates the -signatures has to be accurate to at least one day. If it is off by several -months or more then the deamon will outright reject all messages. -

-Examples are given using GnuPG, but PGP 2.x can also be used. The correct -options to generate a clear signed ascii armored message in 'filter' mode -are pgp -fast which does the same as gpg --clearsign -

-Debian.org machines rely on secured replication to transfer login data out -of the database. Replication is performed at 15 min intervals so it can take -a short while before any changes made take effect. -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/forward.html b/web/forward.html deleted file mode 100644 index 41c670b..0000000 --- a/web/forward.html +++ /dev/null @@ -1,141 +0,0 @@ - - - - -Debian GNU/Linux -- Email Forwarding - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

Email Forwarding

-Emails to @debian.org addresses now go through a LDAP distributed email system. -This system uses the forwarding field in the LDAP directory to route mail -without passing it through a users .forward file on a single host. -Multiple machines participate in the forwarding to provide redudancy. -

-Each forwarders inspects the LDAP database -to see if foo@debian.org has forwarding set to an address, if so the envelope -to address is rewritten and the message redirected to the new address. -Otherwise the message is relayed to master.debian.org for processing by the -users .forward files. If email forwarding is setup then .forward files are -NOT considered. Extension addresses (foo-lists) are always routed -directly to master for processing. -

-All machines also use the forwarding attribute as a default destination for -email. If the user has a home directory and no .forward file the mail is -forwarded rather than delivered to /var/spool/mail. This makes sure cron -reports, bug responses and other unexpected emails are not misplaced. -

-If you set the forwarding address to be a specific Debian machine and do -not create a forward file then that machine will spool the mail to -/var/spool/mail instead of creating a mail loop. -

-The email forwarding can be easially reconfigured using GnuPG: -

-echo "emailforward: foo@bar.com" | gpg --clearsign | mail change@db.debian.org
-

-or by visiting db.debian.org -

-You can test the email routing by using the command /usr/sbin/exim -bt -foo@debian.org -

procmail

-If you use procmail for your main mailbox, PLEASE, erase your .forward -file and put a .procmailrc in its place instead. This feature has been -supported on debian.org machines for a good while now, and will continue to be -supported. -

-The correct way to invoke procmail for extension addresses is "|/usr/bin/procmail [options]" -Ignore the IFS=".." stuff in the procmail man page. -

MailBox formats

-Email can be saved to mailboxes or maildirs by using the correct lines in a -.forward file: -

-Mailbox format files "/debian/home/foo/Mbox" -
Maildir format files "/debian/home/foo/MDir/" -

-To deliver to /var/spool/mail/foo use a construct like '|/usr/bin/procmail --m /dev/null'. Putting the mailbox path will not work. You must use -absolute paths for mailboxes, qmail-like ./ paths are not supported by -Exim. -

-Also, 'Exim Filter' files are deliberately turned off. -

Delivery Environment

-Some environment variables are set per-message (not quoted! Careful!) -It is important to note that the environment variables dealing with -addressing apply to the ENVELOPE address are are totally completely -unrelated to the actual contents of the message: -

-'Standard' Env Variables: -

EXTENSION (the 'foo' in .forward-foo) -
LOGNAME,USER (your user name) -
SENDER (envelope originator of message) -

-'Qmail' Env Variables: -

EXT == EXTENSION -
LOCAL = (the entire bit before the @) -
RECIPIENT = (the entire envelope to) -

-Such that, $RECIPIENT = $LOCAL-$EXTENSION@<something>. -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/hostinfo.html b/web/hostinfo.html deleted file mode 100644 index 1b3d254..0000000 --- a/web/hostinfo.html +++ /dev/null @@ -1,86 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developer Machines - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developer Machines

- - - - -

-Lookup:
- -

-
-~hostdetails~ -
-

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/login.html b/web/login.html deleted file mode 100644 index b0bfdf7..0000000 --- a/web/login.html +++ /dev/null @@ -1,88 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developers LDAP Login - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developers LDAP Login

- - - - - -

Authentication Required
If you are not a developer, please return to the main search page, otherwise, enter your Debian user ID and password below -You can also access the pages securely
login:	@debian.org
Password:
- - -

- -

Debian development machines -
Lost or forgotten password instructions -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/password.html b/web/password.html deleted file mode 100644 index fc56c4a..0000000 --- a/web/password.html +++ /dev/null @@ -1,95 +0,0 @@ - - - - -Debian GNU/Linux -- Lost or Forgotten password - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

Lost or Forgotten password

-If you have lost or forgotten your LDAP password (and by extension, your -machine login password) you can have it reset by sending a PGP signed -message to the mail gateway: -

-echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org
-or
-echo "Please change my Debian password" | pgp -fast | mail chpasswd@db.debian.org
-

-The daemon will then respond with a new randomized password encrypted -with your key. You can then use the -SSL Web pages to change your -password to something you can remember. You cannot set a new password via the -mail gateway. -

-Alternatively, you can do without a password and use PGP to manipulate your -LDAP information through the mail gateway and use -SSH RSA Authentication to access the servers. To setup OpenSSH for RSA you -need to first generate a private RSA key using ssh-keygen and select -a good passphrase for it. Then send the public portion of the key to the LDAP -directory: -

-gpg --clearsign < ~/.ssh/identity.pub | mail change@db.debian.org
-

-You can then use this key to authenticate to the machines. Using ssh-agent -(automatically run by Debian's X configuration) you can use ssh-add to 'cache' -your passphrase once. -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/searchform.html b/web/searchform.html deleted file mode 100644 index f966664..0000000 --- a/web/searchform.html +++ /dev/null @@ -1,353 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developers LDAP Search - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developers LDAP Search

- - - - - - - - - - - -

Debian Developers Database Search - (any field can be left blank....) -Help on searching
First name:	-Fuzzy search
Last name:	-Fuzzy search
login:	-Fuzzy search
IRC nickname:	-Fuzzy search
PGP/GPG fingerprint:	-Fuzzy search
country:	- -
On vacation
- -

Debian developers can login -(securely) to update their -settings

- -

Debian development machines -
Documentation -
Lost or forgotten password instructions -
Debian.org Email Forwarding -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/searchhelp.html b/web/searchhelp.html deleted file mode 100644 index 7b9a40e..0000000 --- a/web/searchhelp.html +++ /dev/null @@ -1,81 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developers Online Database - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developers Online Database

- -

-To look up information about Debian developers, enter your search criteria -in the form. Results are returned which match all of the search criteria. -Wildcards may be used. For example, entering *de* in the last name -field will return all developers whose surname contains the substring -de. Matches are case-insensitive, and all searching criteria that -are left empty will be ignored. Selecting the "fuzzy search" option will turn -on approximate searching.

-The "On vacation" field will return all developers who have left a vacation -message.

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/searchresults.html b/web/searchresults.html deleted file mode 100644 index aad6527..0000000 --- a/web/searchresults.html +++ /dev/null @@ -1,101 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developers LDAP Search Results - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developers LDAP Search Results

- - -

-Logout | ?> -Login (SSL version) | ?> -Search again

Number of entries matched: ~count~

- - - - -

-

-

-Logout | ?> -Login (SSL version) | ?> -Search again

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -

- -Last Modified: Fri, Jul 12 17:23:30 UTC 2002 -
- Copyright © 1997-2002 - SPI; See license terms - - - diff --git a/web/update.html b/web/update.html deleted file mode 100644 index 023968e..0000000 --- a/web/update.html +++ /dev/null @@ -1,416 +0,0 @@ - - - - -Debian GNU/Linux -- debian.org Developers LDAP Maintainance - - - - - - - - - - - - - -
- - -
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - -
- -

debian.org Developers LDAP Maintainance

- - - - - - - - - - - - - - - - - - - - - - - -

Debian Developers Database Maintanence
- login:	~uid~@debian.org -
- Name:	~cn~ ~mn~ ~sn~ -
- Change password: (re-enter to verify) -	- - -
- Street address: -	- ~staddress~ -
- City/State: -	- -
- Country: -	- -
- Postal code: -	- -
- Latitude / Longitude: - (format: +-DDDMMSS; + is north/east) -	- / - -
- Phone: -	- -
- FAX: -	- -
- ICQ UIN: -	- -
- Preferred shell: -	- -
- email forwarded to: -	- -
- debian-private subscript addr: -	- -
- IRC nickname: -	- -
- Web page: -	- -
- Vacation message: - (Note: if this is set, you will be shown to - be on vacation) -	- -
- - -

- Return to search page
- Logout! -

-Back to the Debian Project homepage. -

- -You can contact us at -admin@db.debian.org. - -