[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 14 commits: Remove year old (and unused) cruft.
WolfgangSchweer
gitlab at salsa.debian.org
Wed Dec 12 16:22:26 GMT 2018
WolfgangSchweer pushed to branch master at Debian Edu / debian-edu-config
Commits:
498775b1 by Wolfgang Schweer at 2018-12-12T15:36:52Z
Remove year old (and unused) cruft.
- - - - -
8f01e2d4 by Wolfgang Schweer at 2018-12-12T15:40:11Z
cf3/edu.cf: Don't fail in case squid failed to initialize within d-i; update
related comment.
- - - - -
e6d0b793 by Wolfgang Schweer at 2018-12-12T15:43:51Z
Remove start related parts from init scripts configuration as these are no
longer supported (actually: since quite some time).
- - - - -
27f110da by Wolfgang Schweer at 2018-12-12T15:46:31Z
Use FQDN (www.intern) as server name.
- - - - -
f97306c7 by Wolfgang Schweer at 2018-12-12T15:49:05Z
Extend server certificate configuration to include ldap as well.
- - - - -
668ab6ff by Wolfgang Schweer at 2018-12-12T15:53:44Z
Drop now obsolete slapd-cert.cnf configuration file.
- - - - -
86a41c17 by Wolfgang Schweer at 2018-12-12T15:55:28Z
Drop tool mkslapdcert now that all server certificates are generated
in one place.
- - - - -
e165a57d by Wolfgang Schweer at 2018-12-12T15:58:07Z
Rename etc/ldap/slapd-squeeze_debian-edu.conf -> etc/ldap/slapd-debian-edu.conf
- - - - -
874db5ac by Wolfgang Schweer at 2018-12-12T16:00:10Z
Adjust init script debian/debian-edu-config.fetch-ldap-cert
- - - - -
3f2e75ae by Wolfgang Schweer at 2018-12-12T16:01:10Z
Adjust cfengine configuration files cf3/cf.{ldapserver,ldapclient}
- - - - -
dd154df9 by Wolfgang Schweer at 2018-12-12T16:02:40Z
Adjust share/debian-edu-config/tools/{create-debian-edu-certs,update-cert-dbs}
- - - - -
e1553cb4 by Wolfgang Schweer at 2018-12-12T16:04:20Z
Adjust debian/debian-edu-config.postinst
- - - - -
b9bf71ff by Wolfgang Schweer at 2018-12-12T16:05:13Z
Adjust Makefile.
- - - - -
8c930717 by Wolfgang Schweer at 2018-12-12T16:20:57Z
Add changelog entries for last commits.
- - - - -
23 changed files:
- Makefile
- cf3/cf.ldapclient
- cf3/cf.ldapserver
- cf3/edu.cf
- debian/changelog
- debian/debian-edu-config.fetch-ldap-cert
- debian/debian-edu-config.postinst
- debian/rules
- etc/apache2/sites-available/debian-edu-default.conf
- etc/apache2/sites-available/debian-edu-ssl-default.conf
- etc/ldap/slapd-squeeze_debian-edu.conf → etc/ldap/slapd-debian-edu.conf
- − etc/ldap/ssl/slapd-cert.cnf
- − ldap-tools/barbarossa/README
- − ldap-tools/barbarossa/group2ldif
- − ldap-tools/barbarossa/makeldif
- − ldap-tools/barbarossa/makesmbAcc
- − ldap-tools/barbarossa/passwd2ldif
- − ldap-tools/csvparser
- − ldap-tools/mkslapdcert
- − ldap-tools/novell-openldap
- share/debian-edu-config/tools/create-debian-edu-certs
- share/debian-edu-config/tools/update-cert-dbs
- share/debian-edu-config/v3.cnf
Changes:
=====================================
Makefile
=====================================
@@ -99,8 +99,7 @@ SYSCONFFILES = \
php/apache2/php-debian-edu.ini \
insserv/overrides/ntp \
ldap/rootDSE-debian-edu.ldif \
- ldap/slapd-squeeze_debian-edu.conf \
- ldap/ssl/slapd-cert.cnf \
+ ldap/slapd-debian-edu.conf \
ltsp/ltsp-build-client.conf \
network/if-up.d/hostname \
network/if-up.d/wpad-proxy-update \
@@ -214,7 +213,6 @@ LDAPPROGRAMS = \
ldap-createuser-krb5 \
ldap2netgroup \
ldap-debian-edu-install \
- mkslapdcert \
sitesummary2ldapdhcp
WWWFILES = \
@@ -341,6 +339,8 @@ install: install-testsuite
share/debian-edu-config/tools/ldap-server-getcert \
share/debian-edu-config/tools/exim4-create-environment \
share/debian-edu-config/tools/edu-ldap-from-scratch \
+ share/debian-edu-config/tools/create-user-nssdb \
+ share/debian-edu-config/tools/copy-host-keytab \
share/debian-edu-config/ltspfs-mounter-kde \
share/debian-edu-config/squid.resolvconf \
share/ltsp/get-ldap-ltsp-config \
=====================================
cf3/cf.ldapclient
=====================================
@@ -25,70 +25,55 @@ vars:
"sudoers_base ou=sudoers,$(edu.ldapbase)",
"BASE $(edu.ldapbase)",
"TLS_REQCERT demand",
- "TLS_CACERT /etc/ldap/ssl/ldap-server-pubkey.pem" };
- "nslcd_conf" string => "tls_cacertfile /etc/ldap/ssl/ldap-server-pubkey.pem";
+ "TLS_CACERT /etc/ssl/certs/debian-edu-server.crt" };
+ "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";
files:
debian.!standalone.!roaming.installation::
-
+
"/etc/nsswitch.conf"
- edit_line => nsswitch_conf;
+ edit_line => append_if_no_line( @(nss_conf) );
"/etc/nsswitch.conf"
- edit_line => append_if_no_line("$(nss_conf)");
+ edit_line => nsswitch_conf;
# Adjust for package sudo-ldap; also use the downloaded LDAP SSL certificate
# to verify the connection to the server.
debian.!standalone.installation::
- "/etc/ldap/ldap.conf"
- edit_line => ca1_conf;
-
"/etc/ldap/ldap.conf"
edit_line => append_if_no_line("$(ldap_conf)");
- "/etc/nslcd.conf"
- edit_line => ca2_conf;
+ "/etc/nslcd.conf"
+ edit_line => nslcd_conf;
"/etc/nslcd.conf"
edit_line => append_if_no_line("$(nslcd_conf)");
}
-bundle edit_line ca1_conf
-{
-
-vars:
-
- "regexpr" string => "TLS_CACERT.*";
-
-replace_patterns:
-
- "^($(regexpr))$" replace_with => comment("#");
-}
-
-bundle edit_line ca2_conf
+bundle edit_line nsswitch_conf
{
vars:
- "regexpr" string => "tls_cacertfile.*";
+ "regexpr" slist => { "passwd: files", "group: files",
+ "shadow: files", "netgroup: nis" };
replace_patterns:
"^($(regexpr))$" replace_with => comment("#");
}
-bundle edit_line nsswitch_conf
+bundle edit_line nslcd_conf
{
vars:
- "regexpr" slist => { "passwd.*", "shadow.*", "group.*", "netgroup.*" };
+ "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";
replace_patterns:
- "^($(regexpr))$" replace_with => comment("#");
+ "/etc/ldap/ssl/ldap-server-pubkey.pem" replace_with => value("/etc/ssl/certs/debian-edu-server.crt");
}
-
=====================================
cf3/cf.ldapserver
=====================================
@@ -1,32 +1,21 @@
bundle agent ldapserver
{
-# Configure LDAP server and communication with the LDAP server
-
-vars:
-
- "slapd_ssl" string => "/etc/ldap/ssl";
+# Configure LDAP server and communication with the LDAP server.
+# For certificate and security related details see:
+# /usr/share/debian-edu-config/tools/create-debian-edu-certs.
files:
debian.server.installation::
"/etc/ldap/slapd.conf"
- link_from => ln_s("/etc/ldap/slapd-squeeze_debian-edu.conf"),
+ link_from => ln_s("/etc/ldap/slapd-debian-edu.conf"),
move_obstructions => "true";
- # Adjust rights, just to be sure.
-
- "$(slapd_ssl)"
- perms => og("openldap","openldap");
-
commands:
debian.server.di.installation::
- # Generate TLS certificates
- "/usr/bin/mkslapdcert"
- contain => in_shell;
-
# Create the initial LDAP database, using the new slapd.conf.
# The Kerberos KDC is set up within this script too. Needs to
# run after the ssl certs are made available (cf.apache2).
=====================================
cf3/edu.cf
=====================================
@@ -29,8 +29,8 @@ bundle common edu
"internet" expression => returnszero("/usr/bin/wget -qO /dev/null http://deb.debian.org/debian/README","noshell");
# Set if atomic partioning has been used (everything on one partion, w/ or w/o lvm).
"atomic" expression => returnszero("/usr/bin/namei -mol /skole | /bin/grep T", "useshell");
- # Set if the Squid cache exists; used to avoid superfluously running 'dpkg-reconfigure squid'.
- "squidcache" expression => isdir("/var/spool/squid/00/00");
+ # Set if the Squid cache exists; used to conditionally link Debian Edu configuration.
+ "squidcache" expression => isdir("/var/spool/squid");
# Set if running inside Debian Installer; used to avoid useless LDAP setup upon main server upgrade.
"di" expression => fileexists("/etc/apt/apt.conf.d/00IgnoreTimeConflict");
# Set for networked workstation if the 'education-desktop-other' package is installed.
=====================================
debian/changelog
=====================================
@@ -1,9 +1,29 @@
debian-edu-config (2.10.50) UNRELEASED; urgency=medium
+ [ Mike Gabriel ]
* etc/shutdown-at-night/clients-generator: Support recent output
of ifconfig (where the MAC address comes in the second row of
one's interface output and is prefixed by "^ether ...".
+ [ Wolfgang Schweer ]
+ * Generate slapd certificate the same way as all other server certificates.
+ - Extend server certificate configuration to include ldap as well.
+ - Drop now obsolete slapd-cert.cnf configuration file.
+ - Drop tool mkslapdcert now that all server certificates are generated
+ in one place.
+ - Rename ldap/slapd-squeeze_debian-edu.conf -> ldap/slapd-debian-edu.conf
+ - Adjust related files and tools:
+ + init script debian/debian-edu-config.fetch-ldap-cert
+ + cfengine configuration files cf3/cf.{ldapserver,ldapclient}
+ + share/debian-edu-config/tools/{create-debian-edu-certs,update-cert-dbs}
+ + debian/debian-edu-config.postinst
+ + Makefile
+ * cf3/edu.cf: Don't fail in case squid failed to initialize within d-i;
+ update related comment.
+ * Use FQDN (www.intern) as server name in Apache configuration files.
+ * Remove start related parts from init scripts configuration as these are no
+ longer supported (actually: since quite some time).
+
-- Mike Gabriel <sunweaver at debian.org> Tue, 11 Dec 2018 22:13:23 +0100
debian-edu-config (2.10.49) unstable; urgency=medium
=====================================
debian/debian-edu-config.fetch-ldap-cert
=====================================
@@ -21,15 +21,15 @@ set -e
. /lib/lsb/init-functions
-CERTFILE=/etc/ldap/ssl/ldap-server-pubkey.pem
+CERTFILE=/etc/ssl/certs/debian-edu-server.crt
do_start() {
# Locate LDAP server
LDAPSERVER=$(debian-edu-ldapserver)
ERROR=false
- if [ ! -f $CERTFILE ] && [ -f /etc/ldap/ldap.conf ] &&
- grep -q /etc/ldap/ssl/ldap-server-pubkey.pem /etc/ldap/ldap.conf ; then
+ if [ -f /etc/ldap/ldap.conf ] &&
+ grep -q /etc/ssl/certs/debian-edu-server.crt /etc/ldap/ldap.conf ; then
if [ -z "$LDAPSERVER" ] ; then
msg="Failed to locate LDAP server"
log_action_begin_msg "$msg"
@@ -39,7 +39,6 @@ do_start() {
fi
[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching LDAP SSL certificate."
/usr/share/debian-edu-config/tools/ldap-server-getcert $LDAPSERVER > $CERTFILE.new
- chmod 644 $CERTFILE.new
if test -s $CERTFILE.new ; then
mv $CERTFILE.new $CERTFILE
[ "$VERBOSE" != no ] && log_action_end_msg 0
@@ -54,12 +53,11 @@ do_start() {
if [ -d /opt/ltsp ] ; then
for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
if [ ! -f $ltsp_chroot$CERTFILE ] && [ -f $ltsp_chroot/etc/ldap/ldap.conf ] &&
- grep -q /etc/ldap/ssl/ldap-server-pubkey.pem $ltsp_chroot/etc/ldap/ldap.conf ; then
+ grep -q /etc/ssl/certs/debian-edu-server.crt $ltsp_chroot/etc/ldap/ldap.conf ; then
[ "$VERBOSE" != no ] &&
log_action_begin_msg "Copying LDAP SSL certificate to ltsp-chroot $ltsp_chroot "
if test -s $CERTFILE; then
cp $CERTFILE $ltsp_chroot$CERTFILE
- chmod 644 $ltsp_chroot$CERTFILE
[ "$VERBOSE" != no ] && log_action_end_msg 0
else
log_action_end_msg 1
=====================================
debian/debian-edu-config.postinst
=====================================
@@ -108,6 +108,33 @@ fi
case "$1" in
configure)
+ if dpkg --compare-versions "$2" le "2.10.50" ; then
+ if [ -f /etc/ldap/ldap.conf ] ; then
+ sed -i 's#/etc/ldap/ssl/ldap-server-pubkey.pem#/etc/ssl/certs/debian-edu-server.crt#' /etc/ldap/ldap.conf
+ fi
+ if [ -f /etc/nslcd.conf ] ; then
+ sed -i 's#/etc/ldap/ssl/ldap-server-pubkey.pem#/etc/ssl/certs/debian-edu-server.crt#' /etc/nslcd.conf
+ fi
+ if egrep -q "(Main-Server)" /etc/debian-edu/config ; then
+ rm -f /etc/ldap/ssl/slapd.pem
+ rm -f /etc/ldap/slapd.conf
+ if [ -f /etc/ldap/slapd-debian-edu.conf ] ; then
+ ln -s /etc/ldap/slapd-debian-edu.conf /etc/ldap/slapd.conf
+ fi
+ if [ -f /usr/share/debian-edu-config/tools/create-debian-edu-certs ] ; then
+ /usr/share/debian-edu-config/tools/create-debian-edu-certs --force-overwrite
+ fi
+ else
+ if ! egrep -q "(Standalone)" /etc/debian-edu/config ; then
+ invoke-rc.d fetch-ldap-cert restart
+ invoke-rc.d nslcd restart
+ fi
+ fi
+ rm -f /etc/ldap/ssl/ldap-server-pubkey.pem
+ rm -f /etc/ldap/ssl/slapd-cert.cnf
+ rm -f /etc/ldap/slapd-squeeze_debian-edu.conf
+ fi
+
if dpkg --compare-versions "$2" le "1.929" && dpkg --compare-versions "$2" ge "1.926" && \
egrep -q "(Main-Server)" /etc/debian-edu/config ; then
rm /etc/apache2/mods-available/userdir.load
=====================================
debian/rules
=====================================
@@ -10,10 +10,10 @@ override_dh_auto_install:
override_dh_installinit:
# Start it after 15bind9 and 19slapd
- dh_installinit --init-script fetch-ldap-cert -r --no-start -u"start 95 2 3 4 5 ."
+ dh_installinit --init-script fetch-ldap-cert -r --no-start
# Start it after 15bind9, 19slapd and 95fetch-ldap-cert, and add some to be sure
- dh_installinit --init-script firefox-ldapconf -r --no-start -u"start 96 2 3 4 5 ."
- dh_installinit --init-script chromium-ldapconf -r --no-start -u"start 97 2 3 4 5 ."
+ dh_installinit --init-script firefox-ldapconf -r --no-start
+ dh_installinit --init-script chromium-ldapconf -r --no-start
dh_installinit --init-script enable-nat --no-start
override_dh_installman:
=====================================
etc/apache2/sites-available/debian-edu-default.conf
=====================================
@@ -1,5 +1,5 @@
<VirtualHost *:80>
- ServerName www
+ ServerName www.intern
ServerAdmin webmaster at postoffice.intern
DocumentRoot /etc/debian-edu/www/
=====================================
etc/apache2/sites-available/debian-edu-ssl-default.conf
=====================================
@@ -4,7 +4,7 @@
SSLCertificateFile /etc/ssl/certs/debian-edu-server.crt
SSLCertificateKeyFile /etc/ssl/private/debian-edu-server.key
- ServerName www
+ ServerName www.intern
ServerAdmin webmaster at postoffice.intern
DocumentRoot /etc/debian-edu/www/
=====================================
etc/ldap/slapd-squeeze_debian-edu.conf → etc/ldap/slapd-debian-edu.conf
=====================================
@@ -9,9 +9,7 @@ include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/autofs.schema
include /etc/ldap/schema/inetorgperson.schema
-#include /etc/ldap/schema/dhcp.schema
include /etc/ldap/schema/gosa/dhcp.schema
-#include /etc/ldap/schema/dnsdomain2.schema
include /etc/ldap/schema/gosa/dnszone.schema
include /etc/ldap/schema/kerberos.schema
include /etc/ldap/schema/ltspclientaux.schema
@@ -39,12 +37,9 @@ loglevel none
rootDSE /etc/ldap/rootDSE-debian-edu.ldif
# TLS/SSL
-TLSCACertificateFile /etc/ldap/ssl/slapd.pem
-TLSCertificateKeyFile /etc/ldap/ssl/slapd.pem
-TLSCertificateFile /etc/ldap/ssl/slapd.pem
-#TLSCACertificateFile /var/lib/pyca/Root/cacert.pem
-#TLSCertificateKeyFile /var/lib/pyca/ServerCerts/private/cakey.pem
-#TLSCertificateFile /var/lib/pyca/ServerCerts/cacert.pem
+TLSCACertificateFile /etc/ssl/certs/Debian-Edu_rootCA.crt
+TLSCertificateKeyFile /etc/ssl/private/debian-edu-server.key
+TLSCertificateFile /etc/ssl/certs/debian-edu-server.crt
modulepath /usr/lib/ldap
moduleload back_bdb
=====================================
etc/ldap/ssl/slapd-cert.cnf deleted
=====================================
@@ -1,37 +0,0 @@
-RANDOM=/dev/random
-
-[ req ]
-default_bits = 2048
-encrypt_key = yes
-distinguished_name = req_dn
-x509_extensions = v3_req
-prompt = no
-
-[ req_dn ]
-C=NO
-ST=NA
-L=Skolen
-O=LDAP server
-OU=Automatically-generated LDAP SSL key
-
-###
-### run LDAP service on main server (tjener) -> default
-### make sure CN is also one of subjectAltName
-###
-CN=tjener.intern
-emailAddress=postmaster at postoffice.intern
-
-[ v3_req ]
-nsCertType = server
-subjectAltName=DNS:tjener.intern,DNS:tjener,DNS:ldap.intern,DNS:ldap,DNS:localhost
-
-###
-### run LDAP service on a separate machine
-### (server's IP must revresolv to ldap.intern)
-###
-#CN=ldap.intern
-#emailAddress=postmaster at postoffice.intern
-
-#[ v3_req ]
-#nsCertType = server
-#subjectAltName=DNS:ldap.intern,DNS:ldap,DNS:localhost
=====================================
ldap-tools/barbarossa/README deleted
=====================================
@@ -1,36 +0,0 @@
-###############################################################################
-# Readme for passwd2ldap, makeldif and makesmbAcc #
-###############################################################################
-# #
-# Maximilian Wilhelm <max at skolelinux.de> #
-# #
-# Last Changed: Sun, 24 Aug 2003 19:26:11 +0200 #
-# #
-###############################################################################
-
-* About
-
- These scrips allow to migrate users from existing passwd, shadow and
- smbpasswd files to skolelinux ldap database.
-
- The sciptset is still considered as beta!
-
-
-* How does this scriptset work?
-
- * Edit each script and set the path to the following files:
- - passwd
- - shadow
- - smbpasswd
- * It might be a good idea to "censor" your passwd file, so that only user
- which should get an account in the LDAP DB are listed in that file.
- * If you do not want to enter the LDAP-Admin password for every user created,
- change the calls to "ldapadd" and "ldapmodify" in makeldif and makesmbAcc
- and exchange the option "-W" by "-w <password>", *but* still remind, that
- the clear text password is shown in the output of "ps".
- * Execute passwd2ldap
- * Be happy
-
-
-* Known Bugs
- none :-)
=====================================
ldap-tools/barbarossa/group2ldif deleted
=====================================
@@ -1,130 +0,0 @@
-#!/bin/bash
-#
-# Convert unix group file to LDIF
-#
-# Maximilian Wilhelm <debian-edu at rfc3514>
-# -- Mon, 16 Aug 2004 17:55:40 +0200
-#
-
-
-#
-# Variables
-#
-
-# User maintaned Variables
-GROUPBASE="ou=group,dc=skole,dc=skolelinux,dc=no"
-
-
-# Script maintaned
-GROUPFILE=""
-LDIFOUT=""
-EMPTYGROUPS=""
-TMPFILE="/tmp/group2ldif.$$.tmp"
-
-
-#
-# Some fency functions
-#
-
-#
-# How I want to be used.
-usage()
-{
- echo "Usage: $0 -g <groupfile> [ -lo <ldif output> ] [ --include-empty-groups ] [ -h | -help ]"
- exit 1
-}
-
-#
-# Simple group file validation
-checkgroup()
-{
- if [ ! -s $GROUPFILE -a ! -r $GROUPFILE ]; then
- echo "File \"${GROUPFILE}\" does not exist or is not readable" >&2
- exit 1
- elif [ `grep -c '[a-z]\+:[[:space:]x*]:[0-9]\+:.*' ${GROUPFILE}` -lt 1 ]; then
- echo "File \"${GROUPFILE}\ seems not to be a valid group file." >&2
- exit 1
- fi
-}
-
-ldifgen()
-{
-while read line;
-do
- group=`echo ${line} | cut -d: -f1`
- gid=`echo ${line} | cut -d: -f3`
- users=`echo ${line} | cut -d: -f4`
-
- if [ "${EMPTYGROUPS}" == "yes" -o "${users}" ]; then
- # Group not empty, convert it.
-
- # Group header
- cat << EOF >> ${TMPFILE}
-
-dn: cn=${group},${GROUPBASE}
-objectClass: posixGroup
-objectClass: top
-cn: ${group}
-gidNumber: ${gid}
-EOF
-
- # users
- echo ${users} | tr ',' '\n' | while read user;
- do
- echo "memberUid: ${user}" >> ${TMPFILE}
- done
- else
- # Group is empty, don't convert
- echo "Group ${group} is empty, not converted" >&2
-
- fi
-
-done < ${GROUPFILE}
-
-
-}
-
-#
-# What to do with the output?
-output()
-{
- if [ "${LDIFOUT}" ]; then
- cp ${TMPFILE} ${LDIFOUT};
- else
- cat ${TMPFILE}
- fi
-}
-
-
-
-#
-# Let the show begin
-#
-
-
-# What to do?
-[ $# == 0 ] && usage >&2
-
-while [ $# -gt 0 ]; do
- case "$1" in
- -g) GROUPFILE="$2" ;;
- -lo) LDIFOUT="$2" ;;
- --include-empty-groups) EMPTYGROUPS="yes" ;;
- -help|-h) usage ;;
- esac
- shift
-done
-
-[ -z ${GROUPFILE} ] && usage>&2
-
-# Valid file?
-checkgroup
-
-# OK, let's convert it
-ldifgen
-
-# Tell the world
-output
-
-# remove tmpfile
-rm ${TMPFILE}
=====================================
ldap-tools/barbarossa/makeldif deleted
=====================================
@@ -1,71 +0,0 @@
-#!/bin/sh
-################################################################################
-# makeldif #
-################################################################################
-#
-# Maximilian Wilhelm <max at skolelinux.de>
-# Frank Matthiess <frankm at skolelinux.de>
-#
-# Last changed Sun, 24 Aug 2003 19:23:42 +0200
-#
-
-# specify path to shadow file
-SHADOWPATH=""
-
-################################################################################
-
-# make sure, we have enough data
-if [ $# -ne 3 ]; then
- echo "Usage: $0 [UID] [account name] [real name]";
- exit 1;
-fi
-
-# make sure we have a shadow file and it exists
-if [ -z ${SHADOWPATH} ]; then
- echo "Specify path to your shadow file in $0."
- exit 1;
-fi
-
-# make sure the user is listed in the shadow file
-if [ -z $( cat ${SHADOWPATH} | cut -d: -f1 | grep $2 ) ]; then
- echo "Error: user $2 not listed in ${SHADOWPATH}";
- exit 1;
-fi
-
-
-
-# temporary variables
-USERID=$1;
-USERNAME=$2;
-REALNAME=$(echo $3 | sed -e 's/"//g');
-USNAME=$(echo ${REALNAME}| cut -f$(echo $USERNAME | wc -w) -d " ");
-
-#
-# Generate LDIF entry for user and personal group
-#
-
-cat << EOF | ldapadd -x -h localhost -W -D cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
-
-dn: uid=${USERNAME},ou=people,dc=skole,dc=skolelinux,dc=no
-objectClass: posixAccount
-objectClass: imapUser
-cn: ${REALNAME}
-uid: ${USERNAME}
-uidNumber: ${USERID}
-gidNumber: ${USERID}
-homeDirectory: /skole/tjener/home0/${USERNAME}
-mailMessageStore: /var/lib/maildirs/${USERNAME}
-loginShell: /bin/bash
-userPassword: {crypt}$(grep ${USERNAME} ${SHADOWPATH} | cut -d: -f2 )
-
-dn: cn=${USERNAME},ou=group,dc=skole,dc=skolelinux,dc=no
-objectClass: top
-objectClass: posixGroup
-objectClass: lisGroup
-groupType: private
-description: dontcare
-cn: ${USERNAME}
-gidNumber: ${USERID}
-
-EOF
-
=====================================
ldap-tools/barbarossa/makesmbAcc deleted
=====================================
@@ -1,41 +0,0 @@
-#!/bin/sh
-################################################################################
-# makesmbAcc #
-################################################################################
-#
-# Maximilian Wilhelm <max at skolelinux.de>
-#
-# Last changed Sun, 24 Aug 2003 19:25:23 +0200
-#
-
-# specify path to smbpasswd file
-SMBPWD=""
-
-################################################################################
-
-if [ -z ${SMBPWD} ]; then
- echo "Specify the path to your smbpasswd file in $0."
- exit 1;
-fi
-
-if [ -z "$( grep $1 ${SMBPWD} )" ]; then
- echo "Error: User not listed in ${SMBPWD}."
- exit 1;
-fi
-
-# temporary variables
-USERID=$1
-LMPW=$(grep $USERID $SMBPWD | cut -d: -f3 )
-NTPW=$(grep $USERID $SMBPWD | cut -d: -f4 )
-
-
-# creata a samba account and set dummy password
-smbpasswd -a $USERID foo
-
-
-# Reset samba passwords to given hashes
-cat << EOF | ldapmodify -x -h localhost -W -D cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
-dn: uid=${USERID},ou=people,dc=skole,dc=skolelinux,dc=no
-sambaNTPassword: $NTPW
-sambaLMPassword: $LMPW
-EOF
=====================================
ldap-tools/barbarossa/passwd2ldif deleted
=====================================
@@ -1,29 +0,0 @@
-#!/bin/sh
-################################################################################
-# passwd2ldap #
-################################################################################
-#
-# Maximilian Wilhelm <max at skolelinux.de>
-# Frank Matthiess <frankm at skolelinux.de>
-#
-# Last changed: Sun, 24 Aug 2003 19:55:05 +0200
-#
-
-# Path to passwd file
-PASSWDPATH=""
-
-################################################################################
-
-if [ -z $PASSWDPATH ]; then
- echo "Specify the path to your passwd file.";
- exit 1;
-fi
-
-cat ${PASSWDPATH} | while read LINE;
-do
- UID=$(echo ${LINE} | cut -d: -f3 );
- UNAME=$(echo ${LINE} | cut -f1 -d:);
- REALNAME="$(echo ${LINE} | cut -f5 -d: | cut -d, -f1 )";
- ./makeldif ${UID} ${UNAME} "${REALNAME}";
- ./makesmbAcc ${UNAME};
-done;
=====================================
ldap-tools/csvparser deleted
=====================================
@@ -1,177 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Author: Rune Nordbe Skillingstad <runesk at linpro.no>
-#
-# $Id$
-
-use strict;
-
-use Text::Unaccent;
-use Net::LDAP;
-use Data::Dumper;
-use Unicode::String qw (utf8 latin1);
-
-# This is not working right :)
-my $ldapserver = "localhost";
-my $basedn = "o=stfk,c=no";
-my $ldapadmindn = "cn=admin,o=stfk,c=no";
-my $ldappassword = "foofoo";
-my $maildomain = "elev.stfk.no";
-my $maildir = "/var/mail/Maildir/";
-my $homedir = "/var/mail/Maildir/";
-
-my %usernames;
-
-srand (time ^ $$ ^ unpack "%L*", `/bin/ps axww | /bin/gzip`);
-
-my $ldap = Net::LDAP->new($ldapserver, version => 3) or die "$@";
-$ldap->bind($ldapadmindn, password => $ldappassword);
-
-sub genusername {
- my($fname, $lname, $mname) = @_;
- my $i = 2;
- my $j = 1;
-
- # This wont work for and unless you use the UnicodeData-patch
- $fname = lc(unac_string("LATIN1", $fname));
- $lname = lc(unac_string("LATIN1", $lname));
- if($mname) {
- $mname =~ s/ /\./;
- $mname = lc(unac_string("LATIN1", $mname));
- }
- my $username = $fname.".".$lname;
- while($usernames{$username}) {
- if(!$mname) {
- $username = $fname.$i++.".".$lname;
- } else {
- if(length($mname) < $j) {
- $username = $fname.$i++.".".$mname.".".$lname;
- } else {
- $username = $fname.".".substr($mname, 0, $j++).".".$lname;
- }
- }
- }
- $usernames{$username} = 1;
- return $username;
-
-}
-
-sub loadusernames {
- my $mesg = $ldap->search(base => "ou=people,domain=$maildomain,ou=Domains,".$basedn,
- filter => "objectclass=mailaccount",
- scope => "one",
- attrs => ['uid']
- );
- $mesg->code && die $mesg->error;
- my @allentries = $mesg->all_entries;
- foreach my $entry (@allentries){
- my $uid = $entry->get_value('uid');
- $uid =~ s,/+$,,;
- $usernames{"$uid"} = "1";
- }
-}
-
-sub next_char {
- my $password = lc(shift(@_));
- my $vowels = "aeiouy";
- my $consonants = "bdfghjklmnoprstuv";
- my $doubles = "bdfgjklmnopst";
- my $range;
- my $n = 0;
- if(!$password) {
- $range = $vowels . $consonants;
- } elsif($password =~ /[$vowels]$/) {
- $range = $consonants;
- } elsif($password =~ /[$consonants]{2}$/) {
- $range = $vowels;
- } elsif($password =~ /[$consonants]$/) {
- if($password =~ /(\s)(\s)$/) {
- if ($1 = $2) {
- $range = $vowels;
- } else {
- $range = $vowels.$doubles;
- }
- } else {
- $range = $vowels.$doubles;
- }
- } else {
- $range = $vowels.$consonants;
- }
-# $range = "123456789" if(!int(rand(20)));
- my $char = substr($range, rand(length($range)), 1);
- $char = uc($char) unless rand(10) % 9;
- return $char;
-}
-
-
-sub genpasswd {
- my $password;
- my $min = 6;
- my $max = 8;
- my $length = $min + int(rand($max - $min + 1));
- for(my $i = 0; $i < $length; $i++) {
- $password .= &next_char($password);
- }
- return $password;
-}
-
-sub output {
- my ($username, $fullname, $password, @rest) = @_;
- &adduser($ldap, $username, $fullname, $password,
- $maildomain, $maildir, $homedir);
- print STDOUT "$maildomain;$username;$fullname;$password;" .
- join(";", at rest) . "\n";
-}
-
-sub adduser {
- my ($ldap, $username, $fullname, $passwd, $domain, $maildir, $homedir) = @_;
- if ($maildir !~ /\/$/) {
- $maildir .= "/";
- }
-
- if ($homedir !~ /\/$/) {
- $homedir .= "/";
- }
-
- my %data = (
- attrs => [
- 'uid' => $username,
- 'cn' => latin1($fullname)->utf8,
- 'domain' => $domain,
- 'homeDirectory' => $homedir . $domain ."/".$username."/",
- 'mailDir' => $maildir . $domain ."/".$username."/",
- 'mail' => $username . '@' . $domain,
- 'mailAddr' => $username . '@' . $domain,
- 'userPassword' => $passwd,
- 'objectclass' => ['mailaccount','limacuteConfig'],]);
-
- my $dn = "uid=$username,ou=people,domain=$domain,ou=Domains,$basedn";
-
- $ldap->add($dn, %data);
-}
-
-if($#ARGV < 0) {
- print STDERR "Usage: $0 <infile>\n";
- exit;
-}
-
-&loadusernames;
-
-open(IN, "<$ARGV[0]") || die "Can't open infile $ARGV[0]";
-
-while(<IN>) {
- chomp;
- my ($tname, $lname, @rest) = split(";");
- # This might be cleaner
- my ($fname, @mname) = split(" ", $tname);
- $lname =~ s/ /\./g;
- my $mname = join(" ", @mname);
- my $username = &genusername($fname, $lname, $mname);
- my $password = &genpasswd;
- if($mname) {
- &output($username, "$fname $mname $lname", $password, @rest);
- } else {
- &output($username, "$fname $lname", $password, @rest);
- }
-}
-close(IN);
=====================================
ldap-tools/mkslapdcert deleted
=====================================
@@ -1,57 +0,0 @@
-#!/bin/sh
-#
-# Author: Rune Nordbe Skillingstad <rune at skillingtad.no>
-# Date: 2003-02-12
-#
-# Create a TLS certificate for slapd. To change default settings,
-# edit /etc/ldap/ssl/slapd-cert.cnf
-#
-
-#set -x
-
-opensslbin=/usr/bin/openssl
-
-umask 077
-
-certconf=/etc/ldap/ssl/slapd-cert.cnf
-privkey=/etc/ldap/ssl/slapd.pem
-pubkey=/etc/ldap/ssl/ldap-server-pubkey.pem
-
-if test -x $opensslbin ; then
- :
-else
- echo "error: can't find openssl." 1>&2
- exit 1
-fi
-
-if [ ! -f $certconf ] ; then
- echo "warning: missing certificate configuration file $certconf." 1>&2
-fi
-
-mkdir -p /etc/ldap/ssl
-chmod 751 /etc/ldap/ssl
-
-if [ -f $privkey ] ; then
- echo "warning: private key $privkey already exist. Exiting." 1>&2
- exit 1;
-fi
-
-TMPFILE=`mktemp`
-
-# lifetime 10 years
-$opensslbin req -new -x509 -nodes -sha256 \
- -config $certconf -days 3650 \
- -out $privkey -keyout $privkey >> $TMPFILE 2>&1 \
- || echo "error: problems running openssl." 1>&2
-
-sedextract='/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'
-sed -n "$sedextract" < $privkey > $pubkey
-
-rm $TMPFILE
-
-# Make sure the private key is only readable by user openldap
-chown openldap:openldap $privkey
-chmod 600 $privkey
-
-# And the public key is readable by everyone
-chmod 644 $pubkey
=====================================
ldap-tools/novell-openldap deleted
=====================================
@@ -1,198 +0,0 @@
-#!/usr/bin/perl -W
-use strict;
-#
-# Author: Harald Inge Boerseth <haraldib at broadpark.no>
-#
-# This script is written to enter users into the
-# LDAP DB from users defined in a LDIF file.
-# In this case the LDIF file is generated from a Novel 6.0
-# authentication server. An example of what an LDIF entry looks
-# like in this case can be seen at the end of the script.
-# It should be a simple task to adapt the script to other LDIF files.
-#
-# Note that the script corrects some sequences of UTF8 encoding
-# that were found to be wrong as exported from the Novell 6.0 server.
-# These lines of code should be removed when reading LDIF entries
-# that are believed to be correct regarding UTF-8 encoding.
-# The corrections are done in the subroutine utf8_corr().
-#
-# Note that some data definitions have to be entered before
-# running the script. Look for comments starting with 'Replace ...'.
-# Good luck!!!
-
-use Net::LDAP;
-use Net::LDAP::LDIF;
-use File::Find;
-use File::Copy;
-use File::Glob;
-
-# Replace homebase as appropriate...
-my $homebase = '/skole/tjener/home0/';
-# Replace mailbase as appropriate...
-my $mailbase = '/var/lib/maildirs/';
-# Replace nn below...
-my $rootdn = 'cn=<nn>,ou=people,dc=skole,dc=skolelinux,dc=no';
-# Replace root password blow...
-my $rootpasswd = '<password>';
-my $basedn = 'dc=skole,dc=skolelinux,dc=no';
-my $cntr = 1;
-
-# Replace first uid value and gid value below...
-# ...the script assumes that uid's and gid's following
-# this value is not already taken, i.e. the lowest free number
-# for uid and gid should be used.
-my $uid_val = 10199;
-my $gid_val = 10199;
-
-my $ldap = Net::LDAP->new('localhost', onerror => 'warn');
-# Replace name of LDIF-file below...
-my $ldif = Net::LDAP::LDIF->new("<ldif file>", "r", onerror => 'warn');
-
-$ldap->bind($rootdn, password => $rootpasswd);
-
-while ( not $ldif->eof() ) {
- my $ldif_entry = $ldif->read_entry();
- if ( $ldif->error() ) {
- print "Error msg: ",$ldif->error(),"\n";
- print "Error lines:\n",$ldif->error_lines(),"\n";
-
- } else {
- my $dn = $ldif_entry->dn;
-
- my $uid = undef;
- $dn =~ /cn=(\w+)/ && ($uid = $1);
-
- # Skip entires where the uid is not provided...
- next unless defined $uid;
-
- $ldif_entry->replace('sn' => 'NN')
- unless $ldif_entry->exists('sn');
- $ldif_entry->replace('givenName' => 'NN')
- unless $ldif_entry->exists('givenName');
- my $given_name = $ldif_entry->get_value('givenName');
- my $sn = $ldif_entry->get_value('sn');
-
- # The attributes givenName and sn contain wrong
- # UTF8 encodings for the characters ,,a,,,...
- # ...this is a special operation needed for
- # this specific input file only.
- utf8_corr($given_name);
- utf8_corr($sn);
-
- my $homedir = $homebase . $uid;
- my $maildir = "/var/lib/maildirs/" . $uid;
- my $new_entry = Net::LDAP::Entry->new;
-
- $uid_val++;
- $gid_val++;
-
- $new_entry->dn("uid=$uid,ou=people,dc=skole,dc=skolelinux,dc=no");
- $new_entry->
- add('objectClass' => ['posixAccount','imapUser'],
- 'cn' => $given_name . " " . $sn,
- 'uid' => $uid,
- 'uidNumber' => $uid_val,
- 'gidNumber' => $gid_val,
- 'homeDirectory' => $homedir,
- 'mailMessageStore' => $maildir,
- 'loginShell' => '/bin/bash',
- 'userPassword' => $uid);
-
- print "Processing: ", $new_entry->dn, "\n";
- $ldap->add($new_entry);
- print "addSuccess\n";
- create_dir($new_entry);
- create_grp($new_entry);
- print "\n";
- }
-}
-$ldap->unbind();
-$ldif->done();
-exit;
-
-
-sub utf8_corr {
- # The LDIF file geneated from Novel contained errors
- # regarding UTF8 encoding of ,,,,,...
- $_[0] =~ s/\303\217/\303\230/g;
- $_[0] =~ s/\302\265/\303\246/g;
- $_[0] =~ s/\302\260/\303\270/g;
- $_[0] =~ s/\303\225/\303\245/g;
-}
-
-
-sub create_dir {
- my $entry = shift;
- my $uidnumber = $entry->get_value('uidnumber');
- my $gidnumber = $entry->get_value('gidnumber');
- my $homedir = $entry->get_value('homedirectory');
- my $cn = $entry->get_value('cn');
-
- if (-d $homedir) {
- print "homedirOK (already created) $homedir\n";
- return;
- }
- umask 0022;
- mkdir $homedir, 0755 || die "Unable to create $homedir: $!\n";
- my @files = </etc/skel/.* /etc/skel/*>;
- foreach (@files) {
- next if m(^/etc/skel/\.\.$);
- next if m(^/etc/skel/\.$);
- `cp -r $_ $homedir`;
- }
- find(sub {chown($uidnumber, $gidnumber, $_)}, $homedir);
- print "homedirOK, $cn ( $homedir )\n";
-}
-
-
-sub create_grp {
- my $entry = shift;
- my $gidnumber = $entry->get_value('gidnumber');
- my $cn = $entry->get_value('cn');
- my $uid = $entry->get_value('uid');
- my $mesg = $ldap->search (base => "ou=group,$basedn",
- filter => "gidNumber=$gidnumber");
- if (! $mesg->count()){
- # Group id unknown...
- my $new_entry = Net::LDAP::Entry->new();
- $new_entry->dn("cn=$uid,ou=group,$basedn");
- $new_entry->add(objectclass => 'posixGroup',
- cn => $uid,
- gidNumber => $gidnumber);
- $ldap->add($new_entry);
- print "groupOK, $cn ( $gidnumber )\n";
- } else {
- print "groupOK (already created), $cn ( $gidnumber )\n";
- }
-}
-
-# Example of LDIF entry processed by the script
-# Some values (<...>) changed for security reasons...
-#dn: cn=<cn>,ou=elev,ou=Users,o=UVNETT
-#changetype: add
-#givenName: <givenname>
-#fullName:: <QXlFYSBLZWxow5VziFJ5x2g=>
-#Language: ENGLISH
-#sn: <sn>
-#securityEquals: cn=Elever,ou=Users,o=UVNETT
-#passwordUniqueRequired: TRUE
-#passwordRequired: TRUE
-#passwordMinimumLength: 5
-#passwordExpirationTime: 20030429113427Z
-#passwordExpirationInterval: 7776000
-#objectClass: inetOrgPerson
-#objectClass: organizationalPerson
-#objectClass: person
-#objectClass: ndsLoginProperties
-#objectClass: top
-#loginTime: 20030218122529Z
-#loginGraceLimit: 6
-#ndsHomeDirectory: cn=EMBLA_DATA,ou=Drift,o=UVNETT#0#<...>
-#groupMembership: cn=Elever,ou=Users,o=UVNETT
-#cn: <cn>
-#ACL: 2#subtree#cn=<cn>,ou=elev,ou=Users,o=UVNETT#[All Attributes Rights]
-#ACL: 6#entry#cn=<cn>,ou=elev,ou=Users,o=UVNETT#loginScript
-#ACL: 2#entry#[Public]#messageServer
-#ACL: 2#entry#[Root]#groupMembership
-#ACL: 6#entry#cn=<cn>,ou=elev,ou=Users,o=UVNETT#printJobConfiguration
-#ACL: 2#entry#[Root]#networkAddress
=====================================
share/debian-edu-config/tools/create-debian-edu-certs
=====================================
@@ -1,8 +1,7 @@
#!/bin/bash
#
-# Create Debian Edu CA key and certificate as well as
-# multi-purpose server (web, mail, cups) key and certificate.
-#
+# Create Debian Edu root CA key and certificate as well as multi-purpose
+# server (web, mail, cups, wpad, sitesummary, ldap, backup) key and certificate.
set -e
@@ -12,7 +11,7 @@ cat <<EOF
Usage information:
Call $0 with param '--force-overwrite' to generate new keys
-and certificates.
+and certificates. (User home directories will also be updated.)
Used configuration files: /usr/share-debian-edu-config/*.cnf
EOF
@@ -48,26 +47,55 @@ generate() {
chmod 640 /etc/ssl/private/debian-edu-server.key
chmod 640 /etc/ssl/private/Debian-Edu_rootCA.key
logger -t create-debian-edu-certs "rootCA and server certs generated"
+ # Create bundle certificate
+ cp /etc/ssl/certs/Debian-Edu_rootCA.crt /etc/ssl/certs/debian-edu-bundle.crt
+ cat /etc/ssl/certs/debian-edu-server.crt >> /etc/ssl/certs/debian-edu-bundle.crt
+ logger -t create-debian-edu-certs "rootCA/server bundle cert generated"
+
# Enable Debian-exim to read key file.
usermod -a -G ssl-cert Debian-exim
# On a plain main server xrdp isn't installed by default.
if id xrdp 1>/dev/null 2>&1 ; then
usermod -a -G ssl-cert xrdp
fi
+ # Enable slapd to read key file.
+ usermod -a -G ssl-cert openldap
+
# Add local trust for the created certificates.
+ cp /etc/ssl/certs/Debian-Edu_rootCA.crt /usr/local/share/ca-certificates/
+ cp /etc/ssl/certs/debian-edu-server.crt /usr/local/share/ca-certificates/
+ cp /etc/ssl/certs/debian-edu-bundle.crt /usr/local/share/ca-certificates/
/usr/sbin/update-ca-certificates
+ logger -t create-debian-edu-certs "Added local trust for our certificates."
+
+ # Make Debian-Edu_rootCA.{crt,pem} and debian-edu-server.{crt,pem} (bundled)
+ # available via web-server.
+ cp /etc/ssl/certs/debian-edu-bundle.crt /etc/debian-edu/www
+ cp /etc/ssl/certs/debian-edu-bundle.pem /etc/debian-edu/www
+ logger -t create-debian-edu-certs "Certs with both .crt and .pem extension made available in /etc/debian-edu/www."
+}
+
+update_nssdb() {
# Update dbm and sql certificate and key databases in homedirs.
+ echo "Now updating the nssdb files for all user accounts..."
/usr/share/debian-edu-config/tools/update-cert-dbs
+ echo "The nssdb files for all user accounts have been updated"
}
if [ "$1" = "--force-overwrite" ] ; then
generate
- service apache2 reload
- service exim4 reload
- service dovecot reload
+ echo "Reloading / restarting related services; this will take some time..."
+ service slapd restart
+ service apache2 restart
+ service exim4 restart
+ service dovecot restart
+ service nslcd stop
+ service nslcd start
+ update_nssdb
else
if [ ! -f $CA_CERT ] || [ ! -f $CA_KEY ]; then
generate
+ update_nssdb
else
echo "Certificates and keys already exist, nothing to do!"
echo "Call $0 with param '--force-overwrite' if new ones should be generated."
=====================================
share/debian-edu-config/tools/update-cert-dbs
=====================================
@@ -1,6 +1,6 @@
#!/bin/bash
#
-# Update both dbm and sql type nssdb files in users' homedirs.
+# Update both dbm (old style) and sql type nssdb files in users' homedirs.
#
set -e
@@ -8,9 +8,11 @@ set -e
BASE_HOME=/skole/tjener/home0
for i in $(ls /skole/tjener/home0/ | grep -v lost+found) ; do
if [ -d $BASE_HOME/$i/.mozilla/firefox/debian-edu.default ] ; then
+ su - $i sh -c 'certutil -A -d sql:$HOME/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
su - $i sh -c 'certutil -A -d dbm:$HOME/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
fi
if [ -d $BASE_HOME/$i/.thunderbird/debian-edu.default ] ; then
+ su - $i sh -c 'certutil -A -d sql:$HOME/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
su - $i sh -c 'certutil -A -d dbm:$HOME/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
fi
if [ -d $BASE_HOME/$i/.pki/nssdb ] ; then
=====================================
share/debian-edu-config/v3.cnf
=====================================
@@ -17,5 +17,7 @@ DNS.11 = ipp
DNS.12 = ipp.intern
DNS.13 = sitesummary
DNS.14 = sitesummary.intern
-DNS.11 = wpad
-DNS.12 = wpad.intern
+DNS.15 = wpad
+DNS.16 = wpad.intern
+DNS.17 = ldap
+DNS.18 = ldap.intern
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/f399ad7477f8d9462a299eae053c607576b51cf9...8c9307179b9d9ad9b68e1b3547373f9910a3fe2e
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/compare/f399ad7477f8d9462a299eae053c607576b51cf9...8c9307179b9d9ad9b68e1b3547373f9910a3fe2e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20181212/6d0a2cca/attachment-0001.html>
More information about the debian-edu-commits
mailing list