Martin Zobel-Helas [Mon, 2 Aug 2010 20:35:38 +0000 (22:35 +0200)]
have a proper distribution
Martin Zobel-Helas [Mon, 2 Aug 2010 20:33:53 +0000 (22:33 +0200)]
release 0.3.77
Peter Palfrader [Fri, 30 Jul 2010 17:47:04 +0000 (19:47 +0200)]
ud-generate: refuse to run as root
Peter Palfrader [Tue, 1 Jun 2010 15:22:57 +0000 (17:22 +0200)]
debian/changelog update
Faidon Liambotis [Mon, 31 May 2010 14:38:21 +0000 (17:38 +0300)]
Give keyring-maint write access to keyFingerPrint
However, make an exception for supplementaryGid=adm users for security
reasons (wouldn't want keyring-maint to be able to takeover a root
account).
The ACL gives writes to a non-existing group; this should be created,
e.g.
cn=Keyring Maintainers,ou=users,dc=debian,dc=org
objectClass: top
objectClass: groupOfNames
cn: Keyring Maintainers
member: uid=noodles,ou=users,dc=debian,dc=org
member: uid=gwolf,ou=users,dc=debian,dc=org
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Peter Palfrader [Tue, 1 Jun 2010 15:14:32 +0000 (17:14 +0200)]
labeledURI, ircNick, icqUIN, jabberJID are all exposed via finger anyway. No need to restrict them to d.o hosts
Peter Palfrader [Tue, 1 Jun 2010 15:11:50 +0000 (17:11 +0200)]
Remove redundant attributes: loginShell and onVacation were already matched by the read-from-d.o ACL
Peter Palfrader [Tue, 1 Jun 2010 15:10:05 +0000 (17:10 +0200)]
commenta update
Peter Palfrader [Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)]
sshrsaauthkey is only readble by self. everyone else does not even get to compare it
Peter Palfrader [Tue, 1 Jun 2010 15:03:15 +0000 (17:03 +0200)]
comment update
Peter Palfrader [Tue, 1 Jun 2010 15:02:45 +0000 (17:02 +0200)]
Merge remaining d.o readable attributes into one ACL
Peter Palfrader [Tue, 1 Jun 2010 15:00:24 +0000 (17:00 +0200)]
Break out self-writable attributes to their own ACL
Peter Palfrader [Tue, 1 Jun 2010 14:59:08 +0000 (16:59 +0200)]
comment update
Faidon Liambotis [Thu, 27 May 2010 22:20:22 +0000 (01:20 +0300)]
Minor simplification of slapd.conf's ACLs
Avoid repetition of the rule that allows cn=LDAP Administrator and uid=sshdist
to write to every attribute by taking advantage of the "break" control
field.
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Peter Palfrader [Sun, 9 May 2010 16:04:04 +0000 (18:04 +0200)]
Fix a typo in welcome-message-800 noticed by Tommi Vainikainen
Stephen Gran [Sun, 28 Mar 2010 09:38:27 +0000 (09:38 +0000)]
prototype code for sshfp generation for services
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 15 Mar 2010 20:13:26 +0000 (21:13 +0100)]
Maybe fix ud-mailgate
Stephen Gran [Sun, 14 Mar 2010 14:01:12 +0000 (14:01 +0000)]
some changelog entries for today's work
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 14 Mar 2010 13:56:04 +0000 (13:56 +0000)]
gratuitous code style change
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 14 Mar 2010 13:54:46 +0000 (13:54 +0000)]
add txt record support
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 14 Mar 2010 13:33:15 +0000 (13:33 +0000)]
write one identifying txt entry per host, if it has an a or aaaa record
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 14 Mar 2010 13:17:19 +0000 (13:17 +0000)]
drop some dead code
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 11 Mar 2010 21:23:35 +0000 (22:23 +0100)]
Probably should only delete keyFingerPrint if it exists
Peter Palfrader [Thu, 11 Mar 2010 21:19:23 +0000 (22:19 +0100)]
Add ud-lock
ud-lock, non-interactively, sets a great many accounts to
'retiring', locking their password, removing keys, setting shadow
information to expired and setting accountstatus appropriatly.
Peter Palfrader [Sun, 31 Jan 2010 12:57:10 +0000 (13:57 +0100)]
ud-gpgimport: Get rid of "0x" when printing keyids/fingerprints.
Peter Palfrader [Sun, 31 Jan 2010 12:56:17 +0000 (13:56 +0100)]
A set of copyright headers
Peter Palfrader [Sun, 31 Jan 2010 09:13:57 +0000 (10:13 +0100)]
ud-mailgate: fix gpg result usage
We use the result of the pgp check for quite a long time in the main
program. Give it its own variable instead of using Res which was
overwritten a bit later. Also make a new gpgcheck2 class that allows us
to access the values of the gpg signature check in a saner way.
Peter Palfrader [Sun, 31 Jan 2010 09:12:20 +0000 (10:12 +0100)]
ud-mailgate: Remove a global declaration after a variable has already been assigned globally.
Peter Palfrader [Sun, 31 Jan 2010 09:11:43 +0000 (10:11 +0100)]
Fix changelog
Stephen Gran [Sat, 30 Jan 2010 13:35:49 +0000 (13:35 +0000)]
finalize changelog for release
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 30 Jan 2010 13:32:02 +0000 (13:32 +0000)]
add trailing newline to ssh files
Signed-off-by: Stephen Gran <steve@lobefin.net>
Helmut Grohne [Sat, 23 Jan 2010 16:20:12 +0000 (17:20 +0100)]
do not accept invalid allowed_hosts for ssh keys
Check them against a list ValidHostNames that is generated during
startup.
Helmut Grohne [Fri, 22 Jan 2010 23:26:07 +0000 (00:26 +0100)]
added a bug report comment
Helmut Grohne [Sat, 23 Jan 2010 13:15:52 +0000 (14:15 +0100)]
made ud-generate support new ssh key syntax
Helmut Grohne [Fri, 22 Jan 2010 22:51:24 +0000 (23:51 +0100)]
write machine specifications for ssh keys to ldap
Helmut Grohne [Fri, 22 Jan 2010 22:35:48 +0000 (23:35 +0100)]
parse machine specifications for ssh keys
Ssh keys can now be prepended with a string
"allowed_hosts=machine1,machine2 ". Machine names are restricted to
sane characters. This patch only adds the parsing and throws away the
result.
Peter Palfrader [Fri, 22 Jan 2010 19:16:10 +0000 (20:16 +0100)]
Include a host in DNS even if we do not have both ssh keys and an arch for that host configured
Peter Palfrader [Sat, 9 Jan 2010 15:51:11 +0000 (16:51 +0100)]
ud-generate: move the regex that determines whether or not to include a host in the dns-sshfp zone snippet (for SSHFP and A, AAAA and MX records) to the config file.
Peter Palfrader [Sat, 9 Jan 2010 11:01:38 +0000 (12:01 +0100)]
ud-useradd: Properly encode realname in subjects and to header lines regardless of which template is being used
Peter Palfrader [Sat, 9 Jan 2010 01:10:34 +0000 (02:10 +0100)]
Fix welcome-message to be like welcome-message-800 and 60000 wrt email headers
Peter Palfrader [Fri, 8 Jan 2010 23:27:37 +0000 (00:27 +0100)]
ud-useradd: Only ask for private subscription if this installation has a debian-private like mailinglist whose membership is configured by ud-ldap. (defaults to true.)
Peter Palfrader [Fri, 8 Jan 2010 23:20:16 +0000 (00:20 +0100)]
ud-useradd: Fix usergroup support: Move ldap call to actually add the user to the right place, properly compare strings and numbers.
Peter Palfrader [Fri, 8 Jan 2010 23:16:37 +0000 (00:16 +0100)]
ud-useradd: If we do not have a template for a specific group, use the general purpose template file (welcome-message).
Peter Palfrader [Fri, 8 Jan 2010 23:15:51 +0000 (00:15 +0100)]
Fix changelog: mention which tool we modified
Peter Palfrader [Fri, 8 Jan 2010 22:25:49 +0000 (23:25 +0100)]
Export groups even if nobody has that group as a supplementary group, as long as there are users that have it as a primary group
Stephen Gran [Tue, 8 Dec 2009 11:31:27 +0000 (11:31 +0000)]
make a stab at really not exporting empty groups
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Mon, 16 Nov 2009 00:20:14 +0000 (00:20 +0000)]
new release changelog started
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 23:27:38 +0000 (23:27 +0000)]
default anti-spam options
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 20:32:27 +0000 (20:32 +0000)]
spot the obvious typo
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 15:18:40 +0000 (15:18 +0000)]
and update ldap schema and acls appropriately. *cough*
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 15:03:30 +0000 (15:03 +0000)]
release
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 11:55:06 +0000 (11:55 +0000)]
changelog for new mail forward file
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 15 Nov 2009 11:54:21 +0000 (11:54 +0000)]
Initial support for BATV token storage.
Stephen Gran [Sun, 8 Nov 2009 18:47:48 +0000 (18:47 +0000)]
generate a new file for mail forwards for users present on this machine
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 8 Nov 2009 18:38:00 +0000 (18:38 +0000)]
prepare to reuse GenCDB with a shorter list of users
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 25 Oct 2009 17:43:28 +0000 (17:43 +0000)]
spot the obvious typo - I wonder why the serial has been incrementing like mad
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sun, 25 Oct 2009 15:59:08 +0000 (16:59 +0100)]
welcome-message-60000: improve wording of a sentence. Sometimes less is more.
Peter Palfrader [Sun, 25 Oct 2009 15:41:17 +0000 (16:41 +0100)]
ud-generate: Make sure we only add people in gid 800 to debian-private.
DebianUsers was just a copy of PasswdAttrs. So use PasswdAttrs in all
the places that currently use DebianUsers. Make a filtered list
DebianDDUsers (accounts in gid 800), and use that for building the
debian-private subscription list.
Peter Palfrader [Sun, 18 Oct 2009 10:44:55 +0000 (12:44 +0200)]
Add dnsTTL host attribute to override the zone default TTL for A and AAAA records. Also for MX, HINFO and SSHFP
Stephen Gran [Sun, 4 Oct 2009 23:55:09 +0000 (00:55 +0100)]
Make zone reloads work when ud-generate updates zone files
Stephen Gran [Sun, 4 Oct 2009 23:53:47 +0000 (00:53 +0100)]
make ud-replicate work slightly more accurately for zones
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 22 Sep 2009 19:53:14 +0000 (21:53 +0200)]
Add sshdistAuthKeysHost
We autogenerate the authorized_keys files for sshdist on db-master. It
limits the hosts' ssh key to coming from their respective addresses.
Now we can add additional source addresses to accept for this since not
all hosts appear to come from their published address (or have a
published address for that matter).
Peter Palfrader [Tue, 22 Sep 2009 19:47:31 +0000 (21:47 +0200)]
If we use accountstatus in debianGroup we need to re-order stuff
Peter Palfrader [Tue, 22 Sep 2009 19:33:05 +0000 (21:33 +0200)]
ud-generate: don't blow up when a host does not have IP-addresses
Stephen Gran [Sun, 20 Sep 2009 16:07:14 +0000 (17:07 +0100)]
ahem. Use the right attribute
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 20 Sep 2009 15:42:55 +0000 (16:42 +0100)]
allow groups to be disabled but kept in ldap: addresses RT #977
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Wed, 9 Sep 2009 17:29:48 +0000 (19:29 +0200)]
Tweak templates/welcome-message-60000.
Peter Palfrader [Wed, 9 Sep 2009 17:21:30 +0000 (19:21 +0200)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
* 'master' of ssh://db.debian.org/git/userdir-ldap:
Add debian-maintainers.gpg to keyrings and sync_keyrings.
cast objects to strings (rt #1717)
Conflicts:
debian/changelog
Peter Palfrader [Wed, 9 Sep 2009 17:20:37 +0000 (19:20 +0200)]
ud-useradd: force gidNumber to be an int when we open the welcome
template (it can be different when we read it from input using -n).
Peter Palfrader [Sat, 29 Aug 2009 12:46:02 +0000 (14:46 +0200)]
Add debian-maintainers.gpg to keyrings and sync_keyrings.
Stephen Gran [Tue, 25 Aug 2009 14:50:32 +0000 (15:50 +0100)]
cast objects to strings (rt #1717)
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Tue, 25 Aug 2009 10:02:47 +0000 (12:02 +0200)]
ud-useradd: Allow unsetting of middle names by entering a space
Stephen Gran [Sun, 23 Aug 2009 12:50:23 +0000 (12:50 +0000)]
changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:39:45 +0000 (13:39 +0100)]
make cmp do what I meant
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:35:38 +0000 (13:35 +0100)]
increment the serial if the ud-ldap info changes
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 23 Aug 2009 12:24:17 +0000 (13:24 +0100)]
we're not ready to write the debian.net entries in the ldap hosts tree
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:42:31 +0000 (00:42 +0100)]
Sort the right list
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:34:43 +0000 (00:34 +0100)]
first pass at making ud-replicate reload bind; admittedly the wrong solution
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 23:26:10 +0000 (00:26 +0100)]
sort PasswdAttrs as well as HostAttrs - now we can cmp debian.net as well as debian.org
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:57:39 +0000 (22:57 +0000)]
pretty print for zone files
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:36:34 +0000 (22:36 +0000)]
stop doing DNS lookups, part 1
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:23:54 +0000 (22:23 +0000)]
stop doing DNS lookups, part 1
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:22:06 +0000 (22:22 +0000)]
Sort HostAttrs - this isn't important now, but will let us do things
like check if the zone file has changed later
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 22:21:40 +0000 (22:21 +0000)]
Remove printf debugging
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 21:40:31 +0000 (21:40 +0000)]
give the function a better name
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 21:09:20 +0000 (21:09 +0000)]
output debian.net hosts in ldap into the debian.net zone, not the debian.org zone
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 20:21:32 +0000 (20:21 +0000)]
generate HINFO, MX, A and AAAA records from LDAP
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 19:09:41 +0000 (19:09 +0000)]
and the schema update
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 19:09:13 +0000 (19:09 +0000)]
allow managing MX records
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 18:40:11 +0000 (18:40 +0000)]
Allow management of IP address with ud-host
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 18:08:12 +0000 (18:08 +0000)]
add IP address as one of the allowed host attributes
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:23:16 +0000 (16:23 +0000)]
only export authorized_keys to some hosts
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:11:03 +0000 (16:11 +0000)]
changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 9 Aug 2009 16:03:59 +0000 (17:03 +0100)]
enable aba's patch for autogeneration of sshdist's authorized keys
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Thu, 23 Jul 2009 20:52:51 +0000 (22:52 +0200)]
Make ud-host do allowedGroups, exportOptions
Peter Palfrader [Thu, 23 Jul 2009 20:39:50 +0000 (22:39 +0200)]
Update .gitignore
Peter Palfrader [Thu, 23 Jul 2009 20:36:07 +0000 (22:36 +0200)]
Move away from generate.conf and use the information provided in the ldap
Peter Palfrader [Thu, 23 Jul 2009 19:59:25 +0000 (21:59 +0200)]
schema: allowedGroups, exportOptions attribute for servers
Martin Zobel-Helas [Wed, 22 Jul 2009 17:00:19 +0000 (19:00 +0200)]
well, DDs are DDs not DMs.
Stephen Gran [Wed, 15 Jul 2009 23:57:17 +0000 (00:57 +0100)]
An example constraint overlay
Signed-off-by: Stephen Gran <steve@lobefin.net>
projects / mirror / userdir-ldap.git / log