[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/init.d-invocation] 47 commits: ldap-createuser-krb5: fix password prompt

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Sun Jun 1 21:11:28 BST 2025 


Mike Gabriel pushed to branch personal/gber/init.d-invocation at Debian Edu / debian-edu-config


Commits:
21457dc8 by Guido Berhoerster at 2023-09-19T11:46:53+02:00
ldap-createuser-krb5: fix password prompt

- - - - -
fddcfc17 by Guido Berhoerster at 2023-09-19T15:15:46+02:00
Disable cfengine3 systemd service

Disabling only cf-execd in 75b4e3f7 (see #1041323) did not work as it gets
pulled in as a dependency of cfengine3. Thus disable the cfengine3 service
instead.

- - - - -
47cc42ed by Guido Berhoerster at 2023-09-20T08:23:42+02:00
Rewrite testsuite/filesystems, add exception for /boot

Rewrite for clarity and robustness.
Add exception for /boot which may use ext2.

- - - - -
7584d0c4 by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-client: fix invocation of ldapsearch

The -h command line option has been removed, ldapsearch now only accepts a LDAP
URI via the -H option. Use dig and awk instead of host and interpret the SRV
record properly.

- - - - -
92cba3da by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-client: improve error message on PAM modules

Also do not use the deprecated egrep and get rid of unnecessary wc.

- - - - -
7b4304a4 by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-server: fix invocation of ldapsearch

The -h command line option has been removed, ldapsearch now only accepts a LDAP
URI via the -H option.

- - - - -
3504627e by Guido Berhoerster at 2023-09-20T08:23:42+02:00
Fix remaining invocations of ldapsearch

- - - - -
6d803b3a by Guido Berhoerster at 2023-09-20T08:26:17+02:00
Disable the LDAP PAM module

- - - - -
ed1d0ca1 by Guido Berhoerster at 2023-09-25T17:59:16+02:00
setup-freeradius-server: Set commonName and subjectAltNames on the server cert

Closes: #1010159.

- - - - -
e29c074f by Guido Berhoerster at 2023-09-25T17:59:35+02:00
setup-freeradius-server: Improve robustness

Use update-ini-file for OpenSSL config files.
Use more precise sed substitutions which do not rely on example values.
Increase password length from 8 to 16 characters.

- - - - -
02c4c4c1 by Guido Berhoerster at 2023-09-26T10:32:16+00:00
Change minimum UID/GID for LDAP user to 2000

With this change local user accounts now use the UID/GID range 1000-1999
instead of 500-999 whereas LDAP user accounts use 2000-59999 instead of
1000-59999.  This is to reserve UID/GID 0-999 for system users which is the
default in Debian and not conforming to it is increasingly problematic as
packages are beginning to use systemd-sysusers for creating system user
accounts which does not obey /etc/addusers.conf or /etc/login.defs by default.

The first user account created during installation now has UID/GID 2000 instead
of 1000.

Configure gosa and adjust ldap-createuser-krb5 accordingly.

Closes: #1003192.

- - - - -
41a4f5c6 by Mike Gabriel at 2023-09-27T22:31:46+02:00
release as 2.12.37

- - - - -
01e201ca by Mike Gabriel at 2023-09-27T22:32:59+02:00
Start 2.12.38 development.

d/changelog entries will be written on release using the git commit
messages.

Use 'gbp dch --since 2.12.37' to write d/changelog entries since that
last release.

Gbp-Dch: ignore

- - - - -
e009a76e by Wolfgang Schweer at 2023-11-09T17:36:48+01:00
fix main server network setup. Closes: #1055647.

- - - - -
c17d09f5 by Holger Levsen at 2023-11-10T16:43:01+01:00
release as 2.12.38

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
35da6ea0 by Mike Gabriel at 2023-11-19T09:56:08+01:00
ldap-bootstrap/root.ldif: Fix gosaAclEntry of BaseDN object.

- - - - -
159edd3e by Mike Gabriel at 2023-11-19T10:03:08+01:00
release as 2.12.39

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -
5e0dd63d by Mike Gabriel at 2023-11-19T10:07:00+01:00
Start 2.12.40 development.

d/changelog entries will be written on release using the git commit
messages.

Use 'gbp dch --since 2.12.39' to write d/changelog entries since that
last release.

Gbp-Dch: ignore

- - - - -
02181b04 by Mike Gabriel at 2023-11-30T08:32:13+01:00
share/debian-edu-config/gosa.conf.template: Deploy GOsæ² based on its classic theming, the Materialize CSS theme is too immature to be used in production.

- - - - -
82def362 by Mike Gabriel at 2023-11-30T08:34:17+01:00
release as 2.12.40

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -
6d95e627 by Mike Gabriel at 2023-11-30T08:59:57+01:00
d/changelog: typo fix in upload stanza of 2.12.40

- - - - -
17b6730c by Guido Berhoerster at 2023-12-01T14:20:47+01:00
gosa-sync: Decode the user password which GOsa substitutes base64 encoded

This fixes a bug where the user password could not be set or changed.

- - - - -
efdd9bfd by Mike Gabriel at 2023-12-01T21:49:08+01:00
release as 2.12.41

- - - - -
32d38f7a by Mike Gabriel at 2023-12-09T08:14:07+01:00
share/debian-edu-config/tools/update-proxy-from-wpad: Ignore missing dconf command. (Closes: #1057777).

This might happen on main-server installations without
a desktop environment installed.

- - - - -
a09e5939 by Mike Gabriel at 2023-12-09T08:17:12+01:00
release as 2.12.42

- - - - -
569574ca by Holger Levsen at 2023-12-25T11:33:09+01:00
Start 2.12.43 development.

d/changelog entries will be written on release
using the git commit messages.

Use 'gbp dch --since 2.12.42'
to write d/changelog entries since that last release.

Gbp-Dch: ignore
Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
f9545b61 by Holger Levsen at 2023-12-25T11:34:42+01:00
d/changelog: add missing Closes: for #1021688, #1024033 and #1039461 in previous entries.

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
e912fcec by Holger Levsen at 2023-12-25T11:43:42+01:00
d/changelog: fix too long line in previous entry.

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
af351fcd by Holger Levsen at 2023-12-25T11:56:59+01:00
release as 2.12.43

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
abfd8575 by Mike Gabriel at 2024-01-31T15:05:33+01:00
share/debian-edu-config/tools/wpad-extract: Update IP of www.debian.org.

- - - - -
014c4f95 by Mike Gabriel at 2024-01-31T15:05:33+01:00
share/debian-edu-config/tools/wpad-extract: Don't use the proxy for accessing wpad.

- - - - -
cfbbee50 by Mike Gabriel at 2024-01-31T15:05:33+01:00
share/debian-edu-config/tools/fetch-rootca-cert: Don't use the proxy for accessing wwww.intern.

- - - - -
cf1531c2 by Mike Gabriel at 2024-01-31T15:06:26+01:00
debian/debian-edu-config.maintscript: Remove stray /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert. Should have been removed with 2.12.34 already. (Closes: #1061560).

- - - - -
d190aa94 by Mike Gabriel at 2024-01-31T15:06:37+01:00
debian/debian-edu-config.maintscript: Use prio-version version numbers as recommended on the dpkg-maintscript-helper man page (the current upload version suffixed by '~').

- - - - -
a673e678 by Mike Gabriel at 2024-01-31T15:13:23+01:00
release 2.12.44

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -
a3832476 by Mike Gabriel at 2024-07-25T09:20:30+02:00
share/debian-edu-config/tools/gosa-sync: From password TMPFILE, strip newline character from end-of-file.

 The LDAP whoami call for verifying the correctness of the passed-in
 user password requires a password file without trailing newline
 to succeed.

- - - - -
71f6b389 by Mike Gabriel at 2024-07-25T09:41:20+02:00
share/debian-edu-config/gosa.conf.template: Various white-space fixes.

- - - - -
94e83f4a by Mike Gabriel at 2024-07-25T09:47:40+02:00
Don't (single-)quote placeholders in plugin hooks. GOsa² will add single- quotes around placeholder variables when generating hook commands. Esp. when using single quotes around placeholders, they will be duplicated and thus eliminate eacher other. This problem occurred for users with space characters in their DN while changing the user's password. (The hook would only operate on a partial DN string, split at first space char occurrence in the DN string).

- - - - -
ed9e2e94 by Mike Gabriel at 2024-07-25T09:54:15+02:00
release 2.12.45

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -
9978c9c8 by Frans Spiesschaert at 2024-12-21T12:38:09+01:00
remove unnecessary article

- - - - -
963af5c4 by Frans Spiesschaert at 2024-12-21T14:07:23+01:00
no longer give exim4 a reason to complain about "tainted search query is not properly quoted"

- - - - -
b4618325 by Frans Spiesschaert at 2024-12-21T14:17:32+01:00
remove extra space

- - - - -
fc0f918d by Holger Levsen at 2025-03-05T13:06:57+01:00
Remove myself from uploaders. It was a pleasure and an honor!

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
498829f1 by Holger Levsen at 2025-03-05T13:10:30+01:00
release as 2.12.46

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
e6225544 by Mike Gabriel at 2025-06-01T22:08:33+02:00
debian/control: Add to D: field: bind9-dnsutils. The 'dig' utility is required by fetch-rootca-cert script and various test scripts.

- - - - -
1373cfcc by Mike Gabriel at 2025-06-01T22:08:33+02:00
debian/control: Drop from D: field: libproxy1-plugin-*. All of them are transitional packages and libproxy has been replaced by libpacparser1 (using its pactester tool) ages ago. (Closes: #1064900).

- - - - -
d501dae6 by Guido Berhoerster at 2025-06-01T20:11:26+00:00
Replace direct invocation of init scripts with invoke-rc.d where possible

The invocation of /etc/init.d/networking during installation cannot be replaced
because invoke-rc.d might not start services which are disabled via
policy-rc.d.  Replace the start and stop of slapd by inlining a streamlined
version of the sysv-init script code.

- - - - -


33 changed files:

- Makefile
- README
- cf3/cf.adduser
- cf3/cf.cf-execd → cf3/cf.cfengine3
- cf3/cf.ldapclient
- cf3/promises.cf
- debian/changelog
- debian/control
- debian/debian-edu-config.maintscript
- etc/exim4/exim-ldap-server-v4.conf
- etc/ldap/rootDSE-debian-edu.ldif
- etc/resolvconf/update.d/bind-debian-edu
- ldap-bootstrap/firstuser.ldif
- ldap-bootstrap/root.ldif
- ldap-tools/ldap-createuser-krb5
- ldap-tools/ldap-debian-edu-install
- sbin/debian-edu-pxeinstall
- sbin/debian-edu-restart-services
- share/debian-edu-config/d-i/finish-install
- share/debian-edu-config/d-i/pre-pkgsel
- share/debian-edu-config/gosa.conf.template
- share/debian-edu-config/pam-nopwdchange.py
- share/debian-edu-config/tools/fetch-rootca-cert
- share/debian-edu-config/tools/goodbye-user-session
- share/debian-edu-config/tools/gosa-sync
- share/debian-edu-config/tools/kerberos-kdc-init
- share/debian-edu-config/tools/ldapdump.sh
- share/debian-edu-config/tools/setup-freeradius-server
- share/debian-edu-config/tools/update-proxy-from-wpad
- share/debian-edu-config/tools/wpad-extract
- testsuite/filesystems
- testsuite/ldap-client
- testsuite/ldap-server


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/c4b9f4935eba2fc822bba13456d328972cd3c387...d501dae647327f84705ebcf96a60c4825a0cf85f

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/c4b9f4935eba2fc822bba13456d328972cd3c387...d501dae647327f84705ebcf96a60c4825a0cf85f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20250601/2e48c6e1/attachment-0001.htm>

More information about the debian-edu-commits mailing list