mirror/userdir-ldap.git
9 months agoud-mailgate: remove exception for münchen.debian.net master
Julien Cristau [Tue, 8 Oct 2019 18:09:12 +0000 (20:09 +0200)]
ud-mailgate: remove exception for münchen.debian.net

19:58 < aba> weasel: I'm happy with removing the münchen.debian.net if this helps DSA (and further xn-- are blocked), this is just the same redirect as muenchen.d.n

9 months agoud-mailgate: block punycode DNS entries
Julien Cristau [Tue, 8 Oct 2019 17:35:51 +0000 (19:35 +0200)]
ud-mailgate: block punycode DNS entries

Keep an exception for a single existing domain.

12 months agoWrite uid to file too
Tollef Fog Heen [Sat, 27 Jul 2019 00:15:14 +0000 (02:15 +0200)]
Write uid to file too

12 months agoAdd missing .cgi to message
Tollef Fog Heen [Sat, 27 Jul 2019 00:14:54 +0000 (02:14 +0200)]
Add missing .cgi to message

12 months agoSend out web link to totp seed fetcher instead of the seed itself
Tollef Fog Heen [Tue, 23 Jul 2019 20:28:22 +0000 (22:28 +0200)]
Send out web link to totp seed fetcher instead of the seed itself

This requires configuration changes (done in the sample config)

12 months agoRemove alioth from sample config
Tollef Fog Heen [Tue, 23 Jul 2019 20:17:41 +0000 (22:17 +0200)]
Remove alioth from sample config

12 months agoRestrict access to totpSeed
Tollef Fog Heen [Tue, 23 Jul 2019 19:43:42 +0000 (21:43 +0200)]
Restrict access to totpSeed

14 months agofix ipv6 parsing. We would not properly handle empty blocks (i.e. ::).
Peter Palfrader [Thu, 16 May 2019 05:43:56 +0000 (07:43 +0200)]
fix ipv6 parsing.  We would not properly handle empty blocks (i.e. ::).

This worked before and got broken in 28c3209e235e0d637172a1c5acd1e4142a58f8da

15 months agoMerge remote-tracking branch 'jrtc27/master'
Peter Palfrader [Sat, 6 Apr 2019 21:24:44 +0000 (23:24 +0200)]
Merge remote-tracking branch 'jrtc27/master'

* jrtc27/master:
  ud-mailgate: Assign value before check and drop semicolon

15 months agoud-mailgate: Assign value before check and drop semicolon
James Clarke [Sat, 6 Apr 2019 21:19:58 +0000 (21:19 +0000)]
ud-mailgate: Assign value before check and drop semicolon

15 months agoDoArbChange: actually initialize value
Peter Palfrader [Sat, 6 Apr 2019 21:09:27 +0000 (23:09 +0200)]
DoArbChange: actually initialize value

15 months agoMake arbitrary attribute change work again
Peter Palfrader [Sat, 6 Apr 2019 20:05:21 +0000 (22:05 +0200)]
Make arbitrary attribute change work again

This was broken by mistake during the pep8 cleanup

17 months agoAnd yet another ud-mailgate typo. userdir-ldap-0.3.96
Julien Cristau [Sun, 10 Feb 2019 11:33:23 +0000 (12:33 +0100)]
And yet another ud-mailgate typo.

17 months agoAdd changelog entry userdir-ldap-0.3.95
Julien Cristau [Sun, 10 Feb 2019 11:12:41 +0000 (12:12 +0100)]
Add changelog entry

17 months agoFix typos
Julien Cristau [Sun, 10 Feb 2019 11:11:01 +0000 (12:11 +0100)]
Fix typos

l was renamed to lc in most places.

19 months agoRelease 0.3.94 userdir-ldap-0.3.94
Tollef Fog Heen [Wed, 2 Jan 2019 18:36:49 +0000 (19:36 +0100)]
Release 0.3.94

19 months agoFix typo in ud-mailgate.
Tollef Fog Heen [Wed, 2 Jan 2019 18:29:57 +0000 (19:29 +0100)]
Fix typo in ud-mailgate.

19 months agoRelease 0.3.93 userdir-ldap-0.3.93
Tollef Fog Heen [Wed, 2 Jan 2019 18:11:47 +0000 (19:11 +0100)]
Release 0.3.93

19 months agoUpdate changelog
Tollef Fog Heen [Wed, 2 Jan 2019 17:49:41 +0000 (18:49 +0100)]
Update changelog

19 months agoRemove .bzrignore, this is no longer in bzr
Tollef Fog Heen [Wed, 2 Jan 2019 17:47:36 +0000 (18:47 +0100)]
Remove .bzrignore, this is no longer in bzr

19 months agopep8 fix; indents are four, not three
Tollef Fog Heen [Wed, 2 Jan 2019 17:46:44 +0000 (18:46 +0100)]
pep8 fix; indents are four, not three

19 months agoFix a whole lot of pep8 errors
Tollef Fog Heen [Wed, 2 Jan 2019 17:28:31 +0000 (18:28 +0100)]
Fix a whole lot of pep8 errors

19 months agoGet rid of semicolons
Tollef Fog Heen [Sun, 29 Jul 2018 12:39:46 +0000 (14:39 +0200)]
Get rid of semicolons

20 months agoHow one identifies is not relevant to their work in Debian: remove gender attribute...
Peter Palfrader [Fri, 23 Nov 2018 09:09:06 +0000 (10:09 +0100)]
How one identifies is not relevant to their work in Debian: remove gender attribute from ud-ldap

20 months agoud-replicate: manually remove __db.<foo>.db.t files before makedb calls.
Peter Palfrader [Thu, 15 Nov 2018 11:35:10 +0000 (12:35 +0100)]
ud-replicate: manually remove __db.<foo>.db.t files before makedb calls.

20 months agoud-replicate: move from lockfile(1) to flock
Peter Palfrader [Thu, 15 Nov 2018 11:34:37 +0000 (12:34 +0100)]
ud-replicate: move from lockfile(1) to flock

20 months agoud-replicate: remove chroot support
Peter Palfrader [Thu, 15 Nov 2018 11:33:48 +0000 (12:33 +0100)]
ud-replicate: remove chroot support

We no longer use historical dchroot.

22 months agominor welcome message updates in the salsa paragraph
Peter Palfrader [Wed, 3 Oct 2018 07:14:43 +0000 (09:14 +0200)]
minor welcome message updates in the salsa paragraph

22 months agofix spacing in changelog
Peter Palfrader [Wed, 3 Oct 2018 07:13:22 +0000 (09:13 +0200)]
fix spacing in changelog

22 months agoMerge remote-tracking branch 'aerostitch/update_welcome_email'
Peter Palfrader [Wed, 3 Oct 2018 07:10:59 +0000 (09:10 +0200)]
Merge remote-tracking branch 'aerostitch/update_welcome_email'

* aerostitch/update_welcome_email:
  Change references from alioth to salsa in the DD welcome email

22 months agoA changelog entry for the ud-guest-upgrade change
Peter Palfrader [Wed, 3 Oct 2018 07:10:58 +0000 (09:10 +0200)]
A changelog entry for the ud-guest-upgrade change

22 months agoChange references from alioth to salsa in the DD welcome email
Joseph Herlant [Wed, 3 Oct 2018 02:37:47 +0000 (19:37 -0700)]
Change references from alioth to salsa in the DD welcome email

Closes: #910057

2 years agoud-guest-upgrade: do not add but replace privateSub. somebody may have added it...
Peter Palfrader [Tue, 24 Jul 2018 11:45:38 +0000 (13:45 +0200)]
ud-guest-upgrade: do not add but replace privateSub.  somebody may have added it already.

2 years agoUDLdap.py: more useful exception if our array assumptions are violated
Peter Palfrader [Wed, 25 Apr 2018 19:33:51 +0000 (21:33 +0200)]
UDLdap.py: more useful exception if our array assumptions are violated

2 years agoAdd a changelog entry
Julien Cristau [Tue, 3 Apr 2018 20:09:26 +0000 (22:09 +0200)]
Add a changelog entry

2 years agoud-mailgate: include name of unknown host in error message
Ansgar Burchardt [Tue, 3 Apr 2018 16:31:08 +0000 (18:31 +0200)]
ud-mailgate: include name of unknown host in error message

2 years agochangelog entry
Peter Palfrader [Thu, 1 Mar 2018 19:47:26 +0000 (20:47 +0100)]
changelog entry

2 years agoclean up old/obsolete code that was broken and has been commented out since forever
Peter Palfrader [Thu, 1 Mar 2018 19:47:00 +0000 (20:47 +0100)]
clean up old/obsolete code that was broken and has been commented out since forever

2 years agoAlso export a host's SSHFP records to additional dns names (sshfpHostname)
Peter Palfrader [Thu, 1 Mar 2018 19:46:28 +0000 (20:46 +0100)]
Also export a host's SSHFP records to additional dns names (sshfpHostname)

2 years agoQualify each zone file entry in sshfp with a hostname, not just the first line for...
Peter Palfrader [Thu, 1 Mar 2018 19:28:48 +0000 (20:28 +0100)]
Qualify each zone file entry in sshfp with a hostname, not just the first line for each host

2 years agoAdd sshfpHostname to schema
Peter Palfrader [Thu, 1 Mar 2018 19:20:28 +0000 (20:20 +0100)]
Add sshfpHostname to schema

2 years agoDocument sshdistAuthKeysHost
Peter Palfrader [Thu, 1 Mar 2018 19:18:07 +0000 (20:18 +0100)]
Document sshdistAuthKeysHost

2 years agoPEP-8-ify a bit
Tollef Fog Heen [Mon, 5 Feb 2018 20:36:40 +0000 (21:36 +0100)]
PEP-8-ify a bit

Not done yet, but this is much better already.  Should be no functional changes

2 years agorelease 0.3.92
Julien Cristau [Thu, 26 Oct 2017 18:29:32 +0000 (20:29 +0200)]
release 0.3.92

2 years agoFix sigcheck pgp/mime processing with gnupg 2
Julien Cristau [Thu, 26 Oct 2017 18:24:38 +0000 (20:24 +0200)]
Fix sigcheck pgp/mime processing with gnupg 2

gnupg 2.1 in stretch doesn't like MD5.

2 years agod/changelog: update with later commit
Héctor Orón Martínez [Wed, 30 Aug 2017 09:50:22 +0000 (11:50 +0200)]
d/changelog: update with later commit

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
2 years agowelcome-message-Debian: update SSL certificate authority info
Héctor Orón Martínez [Wed, 30 Aug 2017 09:11:53 +0000 (11:11 +0200)]
welcome-message-Debian: update SSL certificate authority info

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
2 years agobump version
Luca Filipozzi [Thu, 24 Aug 2017 16:50:18 +0000 (16:50 +0000)]
bump version

2 years agoud-mailgate: allow : in TXT record contents
Michael Stapelberg [Fri, 18 Aug 2017 06:22:17 +0000 (08:22 +0200)]
ud-mailgate: allow : in TXT record contents

Some systems require : in TXT records, e.g. upspin:
https://upspin.io/doc/server_setup.md

2 years agoFix ud-mailgate to handle the SHA256:$fingerprint output format that stretch's ssh...
Tollef Fog Heen [Sat, 12 Aug 2017 20:07:55 +0000 (22:07 +0200)]
Fix ud-mailgate to handle the SHA256:$fingerprint output format that stretch's ssh-keygen has switched to.

2 years agoAdd support for setting a TOTP seed
Tollef Fog Heen [Tue, 8 Aug 2017 22:37:56 +0000 (00:37 +0200)]
Add support for setting a TOTP seed

This still needs a bit of docs, but is functionally working.

2 years agogpg2 output differs from gpg1 - fix GPGSearch
Luca Filipozzi [Sun, 6 Aug 2017 22:59:40 +0000 (22:59 +0000)]
gpg2 output differs from gpg1 - fix GPGSearch

3 years agoud-generate: Create all ssh-gitolite individually
Peter Palfrader [Thu, 22 Jun 2017 17:14:04 +0000 (19:14 +0200)]
ud-generate: Create all ssh-gitolite individually

ud-generate:  Do not create a global ssh-gitolite.  Instead create
them per-host where needed so we can accomodate per-host ssh
authorized-keys.

3 years agoReplace RSA authentication with public-key authentication in welcome messages.
Peter Palfrader [Sun, 18 Jun 2017 20:43:09 +0000 (22:43 +0200)]
Replace RSA authentication with public-key authentication in welcome messages.

3 years agoSwitch from /org to /srv in default configuration
Paul Wise [Sat, 17 Jun 2017 06:35:12 +0000 (14:35 +0800)]
Switch from /org to /srv in default configuration

/org has been obsoleted by /srv for many years on debian.org hosts.

3 years agoPrevent guest accounts from using RTC addresses
Paul Wise [Mon, 13 Jun 2016 00:27:22 +0000 (08:27 +0800)]
Prevent guest accounts from using RTC addresses

3 years agoDrop removed-keys.gpg, it no longer exists and should not be used
Paul Wise [Fri, 12 May 2017 03:49:57 +0000 (11:49 +0800)]
Drop removed-keys.gpg, it no longer exists and should not be used

Suggested-by: Jonathan McDowell <noodles@earth.li>
Suggested-in: <20170510080756.GB11865@earth.li>

3 years agorelease 0.3.89 userdir-ldap-0.3.89
Julien Cristau [Mon, 27 Mar 2017 12:03:03 +0000 (14:03 +0200)]
release 0.3.89

3 years agoAdd changelog entry for use_mq patch
Julien Cristau [Mon, 27 Mar 2017 12:02:35 +0000 (14:02 +0200)]
Add changelog entry for use_mq patch

3 years agoAdd option "use_mq" to allow disabling the use of mq_notify in ud-generate
Christoph Berg [Mon, 27 Mar 2017 01:59:12 +0000 (09:59 +0800)]
Add option "use_mq" to allow disabling the use of mq_notify in ud-generate

3 years agoFix half-assed switch away from python-support.
Julien Cristau [Sun, 26 Mar 2017 16:20:44 +0000 (18:20 +0200)]
Fix half-assed switch away from python-support.

3 years agoprepare next version
Peter Palfrader [Sun, 26 Mar 2017 12:09:12 +0000 (14:09 +0200)]
prepare next version

3 years agorelease userdir-ldap-0.3.88
Peter Palfrader [Sun, 26 Mar 2017 12:06:06 +0000 (14:06 +0200)]
release

3 years agoUse dh_prep instead of dh_clean -k
Julien Cristau [Mon, 20 Mar 2017 10:56:49 +0000 (11:56 +0100)]
Use dh_prep instead of dh_clean -k

3 years agoUse dh-python instead of python-support.
Julien Cristau [Mon, 20 Mar 2017 10:56:31 +0000 (11:56 +0100)]
Use dh-python instead of python-support.

3 years agoUpdate Uploaders list.
Julien Cristau [Mon, 20 Mar 2017 10:53:00 +0000 (11:53 +0100)]
Update Uploaders list.

3 years agoud-useradd: When looking for free UIDs/GIDs, also consider groups
Peter Palfrader [Wed, 8 Feb 2017 17:27:15 +0000 (18:27 +0100)]
ud-useradd: When looking for free UIDs/GIDs, also consider groups

3 years agorelease 0.3.87
Julien Cristau [Sun, 29 Jan 2017 11:15:36 +0000 (12:15 +0100)]
release 0.3.87

3 years agoReplace dependency on perl5 with perl.
Julien Cristau [Sun, 29 Jan 2017 11:11:08 +0000 (12:11 +0100)]
Replace dependency on perl5 with perl.

4 years agoTypo
Paul Wise [Tue, 14 Jun 2016 02:31:43 +0000 (10:31 +0800)]
Typo

4 years agoFix crash in ud-generate
Paul Wise [Tue, 14 Jun 2016 02:29:48 +0000 (10:29 +0800)]
Fix crash in ud-generate

Traceback (most recent call last):
  File "/usr/bin/ud-generate", line 1498, in <module>
    ud_generate()
  File "/usr/bin/ud-generate", line 1481, in ud_generate
    generate_all(generate_dir, l)
  File "/usr/bin/ud-generate", line 1229, in generate_all
    GenDNS(accounts, global_dir + "dns-zone")
  File "/usr/bin/ud-generate", line 820, in GenDNS
    if a.is_guest_account(): continue
  File "/usr/lib/pymodules/python2.7/UDLdap.py", line 91, in is_guest_account
    return 'guest' in self['supplementaryGid']
  File "/usr/lib/pymodules/python2.7/UDLdap.py", line 48, in __getitem__
    raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn)
IndexError: No such key: supplementaryGid (dn: uid=debtags,ou=users,dc=debian,dc=org)

4 years agoLook up the default group from the config instead of hardcoding it
Paul Wise [Mon, 13 Jun 2016 00:27:44 +0000 (08:27 +0800)]
Look up the default group from the config instead of hardcoding it

4 years agoFix is_guest_account for the usergroups transition
Paul Wise [Mon, 13 Jun 2016 00:26:19 +0000 (08:26 +0800)]
Fix is_guest_account for the usergroups transition

Prevents guest accounts from using debian-private and debian.net

4 years agoWe just call the operating system Debian these days
Paul Wise [Mon, 13 Jun 2016 00:41:11 +0000 (08:41 +0800)]
We just call the operating system Debian these days

4 years agoud-generate: get RTC domain/realm from config file
Peter Palfrader [Fri, 5 Feb 2016 18:17:09 +0000 (19:17 +0100)]
ud-generate: get RTC domain/realm from config file

4 years agories is long gone
Paul Wise [Sat, 19 Dec 2015 18:05:00 +0000 (02:05 +0800)]
ries is long gone

4 years agoud-replicate: use persistent ssh connections
Peter Palfrader [Thu, 19 Nov 2015 08:52:59 +0000 (09:52 +0100)]
ud-replicate: use persistent ssh connections

4 years agoud-replicate: only install/reload RTC files when they have changed.
Peter Palfrader [Thu, 19 Nov 2015 08:23:34 +0000 (09:23 +0100)]
ud-replicate: only install/reload RTC files when they have changed.

4 years agoPass BatchMode=yes option to ssh
Julien Cristau [Wed, 18 Nov 2015 15:02:33 +0000 (16:02 +0100)]
Pass BatchMode=yes option to ssh

Should help fail quickly in case of network issues.  Remove the
PreferredAuthentications setting which becomes redundant.

Signed-off-by: Julien Cristau <jcristau@debian.org>
4 years agoAdd ud-guest-extend
Peter Palfrader [Thu, 5 Nov 2015 09:22:21 +0000 (10:22 +0100)]
Add ud-guest-extend

4 years agoUpdate ud-ldapshow and cleanup cruft around the usergroups changes
Paul Wise [Sun, 1 Nov 2015 12:48:45 +0000 (20:48 +0800)]
Update ud-ldapshow and cleanup cruft around the usergroups changes

4 years agoDrop paragraph about getting additional software installed
Peter Palfrader [Fri, 30 Oct 2015 07:56:52 +0000 (08:56 +0100)]
Drop paragraph about getting additional software installed

4 years agoMake welcome-message and welcome-message-Debian CC (and where applicable reply-to...
Peter Palfrader [Fri, 30 Oct 2015 07:56:35 +0000 (08:56 +0100)]
Make welcome-message and welcome-message-Debian CC (and where applicable reply-to) d-a@lists instead of d-a@d.o

4 years agoud-useradd: try to send the proper template
Peter Palfrader [Thu, 29 Oct 2015 09:25:12 +0000 (10:25 +0100)]
ud-useradd: try to send the proper template

4 years agoMake generic welcome-message more generic
Peter Palfrader [Thu, 29 Oct 2015 09:24:38 +0000 (10:24 +0100)]
Make generic welcome-message more generic

4 years agofix quoting
Peter Palfrader [Wed, 28 Oct 2015 21:06:28 +0000 (22:06 +0100)]
fix quoting

4 years agoalso do rtc-passwords for prosody
Peter Palfrader [Wed, 28 Oct 2015 21:06:08 +0000 (22:06 +0100)]
also do rtc-passwords for prosody

4 years agoAdd ud-guest-upgrade
Peter Palfrader [Wed, 28 Oct 2015 21:03:48 +0000 (22:03 +0100)]
Add ud-guest-upgrade

4 years agoud-useradd: now does usergroups by default
Peter Palfrader [Wed, 28 Oct 2015 20:32:25 +0000 (21:32 +0100)]
ud-useradd: now does usergroups by default

5 years agoReport key fingerprint when adding ssh keys
Peter Palfrader [Sat, 23 May 2015 08:44:23 +0000 (10:44 +0200)]
Report key fingerprint when adding ssh keys

5 years agoDo not mail admin if users try to submit unsupported keys
Peter Palfrader [Sat, 23 May 2015 08:44:10 +0000 (10:44 +0200)]
Do not mail admin if users try to submit unsupported keys

5 years agosyntax/typo fix
Peter Palfrader [Sat, 23 May 2015 08:25:15 +0000 (10:25 +0200)]
syntax/typo fix

5 years agoChangelog entry
Peter Palfrader [Sat, 23 May 2015 08:20:46 +0000 (10:20 +0200)]
Changelog entry

5 years agoMerge branch 'raphael'
Peter Palfrader [Sat, 23 May 2015 08:19:46 +0000 (10:19 +0200)]
Merge branch 'raphael'

* raphael:
  Try to make key acceptance logic clearer
  Bump the minimum key size to 2048
  Authorize ed25519 keys, which have a fixed size of 256 bits
  Recognise ecdsa and ed25519 ssh keys

5 years agoTry to make key acceptance logic clearer
Peter Palfrader [Sat, 23 May 2015 08:19:38 +0000 (10:19 +0200)]
Try to make key acceptance logic clearer

5 years agoBump the minimum key size to 2048
Raphael Geissert [Sun, 3 May 2015 19:07:27 +0000 (21:07 +0200)]
Bump the minimum key size to 2048

Signed-off-by: Peter Palfrader <peter@palfrader.org>
5 years agoAuthorize ed25519 keys, which have a fixed size of 256 bits
Raphael Geissert [Sun, 3 May 2015 18:57:10 +0000 (20:57 +0200)]
Authorize ed25519 keys, which have a fixed size of 256 bits

Signed-off-by: Peter Palfrader <peter@palfrader.org>
5 years agoRecognise ecdsa and ed25519 ssh keys
Raphael Geissert [Sun, 3 May 2015 18:56:25 +0000 (20:56 +0200)]
Recognise ecdsa and ed25519 ssh keys

Signed-off-by: Peter Palfrader <peter@palfrader.org>
5 years agoremove dnsZoneEntry from restricted attributes to match config on db.d.o
Peter Palfrader [Fri, 17 Apr 2015 18:42:41 +0000 (20:42 +0200)]
remove dnsZoneEntry from restricted attributes to match config on db.d.o

5 years agouserdir-ldap-slapd.conf.in: Rhonda points out dnsZoneEntry should not be world readable
Peter Palfrader [Fri, 17 Apr 2015 18:34:32 +0000 (20:34 +0200)]
userdir-ldap-slapd.conf.in: Rhonda points out dnsZoneEntry should not be world readable