cpu-users Mailing List for Change Password Utility (Page 3)
Brought to you by:
matheny
Menu
▾
▴
cpu-users — Anything cpu related
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
(1) |
Mar
(19) |
Apr
(6) |
May
(10) |
Jun
(7) |
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
|
Feb
(10) |
Mar
(6) |
Apr
(16) |
May
(6) |
Jun
(8) |
Jul
(1) |
Aug
(5) |
Sep
(35) |
Oct
(14) |
Nov
(1) |
Dec
(4) |
| 2004 |
Jan
(3) |
Feb
(5) |
Mar
(9) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Guido T. <ult...@qu...> - 2003-09-23 07:58:46
|
On Mon, Sep 15, 2003 at 06:57:29PM +0200, Lukas Kolbe wrote: Hi, > There used to be a maintainer of an unofficial debian-package; does he > still exist? I checked the archives and found a not-any-more existing > repository ... > This shouldn't be a problem from now on (hopefully). Paul Stevens and me have decided to cooperate on an official one. The first version of it (1.4.0) entered Debian incoming today, and will be part of debian unstable tomorrow. I'm sorry to announce this so late, but the last week has been a bit terrible for me, and having cpu accepted took quite long. :) Anyway, here we are. Now the roadmap is to package 1.4.1 and make some improvement for the debconf management. For any packaging suggestion/problem you can refer to the Debian BTS, and if any non-packaging problem arises there we'll be happy to coordinate solutions with the cpu community. To answer Blake's direct question, no, for now we have no debian specific patches (I had one for 1.3.99, but discarded it when I prepared 1.4.0, as the feature was already included), apart from some default config file tweaking, to make it match the debian policy. Thanks for this wonderful piece of software. Bye, Guido |
|
From: Tarjei H. <ta...@nu...> - 2003-09-21 18:22:35
|
On Sat, 2003-09-20 at 21:53, Blake Matheny wrote:
> If it will be useful to anyone else (i.e. >= 2 people), I'm all for adding it.
>
> Also, the LDAP plugin seems to be stabilizing in terms of the necessary
> features and the number of bugs being reported. I'm starting to think about
> what plugin should be implemented next. I had started working on flat file
> support, however I think this may be redundant. The list of possible plugins
> for a backend are:
>
> NIS/NIS+
> SQL (highly dependant on SQL schema and SQL server)
> Flatfile (OS dependant)
> Radius (slightly dependant on radius implementation)
> NTLM
Does CPU work with samba [2|3] ldapentries now?
For me at least that would be the best place to start. I.e. continue
where CPU is best :-)
As to NTLM I think that is very hard, but ask the samba folks, they
might give some nice hints.
Tarjei
>
> There are obviously others, but these are the few that came to mind. The goal
> with each module implementation would be that in addition to the
> user{add,mod,del}, group{add,mod,del}, cat features, one can import users from
> one backend and import them into another as can be done from flatfile to LDAP
> currently. What do people think?
>
> -Blake
>
> Whatchu talkin' 'bout, Willis?
> > Hello!
> >
> > May it be possible to implement that accounts, whose names do not
> > conform to posix, get their own uid-space? e.g. 1000-10000 for normal
> > users and 10001-20000 for users, like e.g. tigris$?
> > Would it be worth it?
> >
> > Just an Idea ... what do you think?
> >
> > --
> > bye
> > Lukas
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Cpu-users mailing list
> > Cpu...@li...
> > https://lists.sourceforge.net/lists/listinfo/cpu-users
|
|
From: Lukas K. <lu...@kn...> - 2003-09-21 11:05:22
|
Am Sa, 2003-09-20 um 21.53 schrieb Blake Matheny: > If it will be useful to anyone else (i.e. >= 2 people), I'm all for adding it. That was my intention, to open a 'discussion'. For me at least, it would be particularily useful to seperate Samba-Users from System-Users. But, otherwise, it would also be possible to just use two different configfiles for this job. > NIS/NIS+ > SQL (highly dependant on SQL schema and SQL server) > Flatfile (OS dependant) > Radius (slightly dependant on radius implementation) > NTLM I think it would really make cpu to a swiss army knife for user administration. it would be possible to, e.g., take the whole userbase when converting from Windows-based networking to Unix-based-networking. I would then suggest to start with NTLM, though I have no idea how this all works ... and my coding-skills are not very high. But I would like to help where possible :) > -Blake > -- bye Lukas |
|
From: Blake M. <bma...@pu...> - 2003-09-20 19:49:58
|
If it will be useful to anyone else (i.e. >= 2 people), I'm all for adding it.
Also, the LDAP plugin seems to be stabilizing in terms of the necessary
features and the number of bugs being reported. I'm starting to think about
what plugin should be implemented next. I had started working on flat file
support, however I think this may be redundant. The list of possible plugins
for a backend are:
NIS/NIS+
SQL (highly dependant on SQL schema and SQL server)
Flatfile (OS dependant)
Radius (slightly dependant on radius implementation)
NTLM
There are obviously others, but these are the few that came to mind. The goal
with each module implementation would be that in addition to the
user{add,mod,del}, group{add,mod,del}, cat features, one can import users from
one backend and import them into another as can be done from flatfile to LDAP
currently. What do people think?
-Blake
Whatchu talkin' 'bout, Willis?
> Hello!
>
> May it be possible to implement that accounts, whose names do not
> conform to posix, get their own uid-space? e.g. 1000-10000 for normal
> users and 10001-20000 for users, like e.g. tigris$?
> Would it be worth it?
>
> Just an Idea ... what do you think?
>
> --
> bye
> Lukas
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Cpu-users mailing list
> Cpu...@li...
> https://lists.sourceforge.net/lists/listinfo/cpu-users
--
Blake Matheny "... one of the main causes of the fall of the
bma...@pu... Roman Empire was that, lacking zero, they had
http://www.mkfifo.net no way to indicate successful termination of
http://ovmj.org/GNUnet/ their C programs." --Robert Firth
|
|
From: Lukas K. <lu...@kn...> - 2003-09-20 13:23:28
|
Hello! May it be possible to implement that accounts, whose names do not conform to posix, get their own uid-space? e.g. 1000-10000 for normal users and 10001-20000 for users, like e.g. tigris$? Would it be worth it? Just an Idea ... what do you think? -- bye Lukas |
|
From: Blake M. <bma...@pu...> - 2003-09-20 04:45:02
|
This is implemented in CVS. Thanks for the suggestion. I'm in the process of writing some regression tests with DejaGnu which will likely be the last bit to go into 1.4.1 unless there are bug reports. -Blake Whatchu talkin' 'bout, Willis? > > ...snip... > > In Debian, there is /etc/adduser.conf, which contains > > --- snip --- > # The USERGROUPS variable can be either "yes" or "no". If "yes" each > # created user will be given their own group to use as a default, and > # their home directories will be g+s. If "no", each created user will > # be placed in the group whose gid is USERS_GID (see below). > USERGROUPS=yes > > # If USERGROUPS is "no", then USERS_GID should be the GID of the group > # `users' (or the equivalent group) on your system. > USERS_GID=100 > --- snap --- > > I would suggest to do it in a similar manner, so that the user can make > the choice. For example, AFAIR the default on SuSE-Linux is to have a > group 'users' set to every user's primary group, while the default in > Debian is to give each user his own group with uid=gid. > > ...snip... > -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Lukas K. <lu...@kn...> - 2003-09-19 20:43:37
|
Am Fr, 2003-09-19 um 13.52 schrieb Blake Matheny:
Hi!
Congrats in making cpu behave more like it's GNU equivalents. I tried to
test it right away, but somehow my testing-slapd died away (I'll try
again later).
> - Allow violation of POSIX naming conventions (for use with Samba) by
> specifying the -o switch
Thank you for this, again :)
> I would appreciate feedback if people think any of the above behaviors are
> incorrect. The other thing I have been thinking about, is what the behavior
> should be when a user is added and -g is not explicitly set. Should a group be
> generated with the same name as the user, and make the users primary group
> that? Should there be a setting in the configuration file that specifies a
> default group?
In Debian, there is /etc/adduser.conf, which contains
--- snip ---
# The USERGROUPS variable can be either "yes" or "no". If "yes" each
# created user will be given their own group to use as a default, and
# their home directories will be g+s. If "no", each created user will
# be placed in the group whose gid is USERS_GID (see below).
USERGROUPS=yes
# If USERGROUPS is "no", then USERS_GID should be the GID of the group
# `users' (or the equivalent group) on your system.
USERS_GID=100
--- snap ---
I would suggest to do it in a similar manner, so that the user can make
the choice. For example, AFAIR the default on SuSE-Linux is to have a
group 'users' set to every user's primary group, while the default in
Debian is to give each user his own group with uid=gid.
> As always, feedback (and bug-reports) are appreciated.
>
> -Blake
--
bye
Lukas
|
|
From: Blake M. <bma...@pu...> - 2003-09-19 20:22:02
|
CPU 1.4.1-RC1 is available at: http://cpu.sourceforge.net/cpu-1.4.1-RC1.tar.gz and http://cpu.sourceforge.net/cpu-1.4.1-RC1.tar.bz2 There have been several major changes made in terms of the behavior of cpu. These include: - Refuse to add or modify users whose supplementary groups (or supplied primary groups) do not exist. This is the same behavior as the GNU shadowutils - When a user is deleted they are now automatically removed from any secondary groups they were in (same as shadow-utils). - When a users secondary groups are modified, they are removed from all old secondary groups and added to new secondary groups (same as shadow-utils). - When a users primary group is changed they are no longer added to that group via a memberUid (same as shadow-utils). - Refuse to perform a groupdel if the group is a users primary group. This is the default behavior of the shadow-utils. However, the shadow-utils allow the group id to be changed even if it is a users primary group. I think this is wrong, but cpu does the same thing. Should it? - Allow violation of POSIX naming conventions (for use with Samba) by specifying the -o switch I would appreciate feedback if people think any of the above behaviors are incorrect. The other thing I have been thinking about, is what the behavior should be when a user is added and -g is not explicitly set. Should a group be generated with the same name as the user, and make the users primary group that? Should there be a setting in the configuration file that specifies a default group? As always, feedback (and bug-reports) are appreciated. -Blake -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Blake M. <bma...@pu...> - 2003-09-19 19:39:08
|
CPU 1.4.1-RC1 is available at: http://cpu.sourceforge.net/cpu-1.4.1-RC1.tar.gz and http://cpu.sourceforge.net/cpu-1.4.1-RC1.tar.bz2 There have been several major changes made in terms of the behavior of cpu. These include: - Refuse to add or modify users whose supplementary groups (or supplied primary groups) do not exist. This is the same behavior as the GNU shadowutils - When a user is deleted they are now automatically removed from any secondary groups they were in (same as shadow-utils). - When a users secondary groups are modified, they are removed from all old secondary groups and added to new secondary groups (same as shadow-utils). - When a users primary group is changed they are no longer added to that group via a memberUid (same as shadow-utils). - Refuse to perform a groupdel if the group is a users primary group. This is the default behavior of the shadow-utils. However, the shadow-utils allow the group id to be changed even if it is a users primary group. I think this is wrong, but cpu does the same thing. Should it? - Allow violation of POSIX naming conventions (for use with Samba) by specifying the -o switch I would appreciate feedback if people think any of the above behaviors are incorrect. The other thing I have been thinking about, is what the behavior should be when a user is added and -g is not explicitly set. Should a group be generated with the same name as the user, and make the users primary group that? Should there be a setting in the configuration file that specifies a default group? As always, feedback (and bug-reports) are appreciated. -Blake -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Blake M. <bma...@pu...> - 2003-09-17 15:48:06
|
This is fixed in CVS, thanks for the report. -Blake Whatchu talkin' 'bout, Willis? > > Here another bug it seems. > > if I have an modentry.txt: > > mailAlternateAddress: fo...@fo... > mailQuota: 0 > > and I run cpu -x -a modentry.txt footest > > cpu exits succesfully, yet only adds the first entry. > > > > -- > ________________________________________________________________ > Paul Stevens mailto:pa...@nf... > NET FACILITIES GROUP PGP: finger pa...@nf... > The Netherlands________________________________http://www.nfg.nl > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Cpu-users mailing list > Cpu...@li... > https://lists.sourceforge.net/lists/listinfo/cpu-users -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Paul J S. <pa...@nf...> - 2003-09-17 12:52:37
|
Here another bug it seems. if I have an modentry.txt: mailAlternateAddress: fo...@fo... mailQuota: 0 and I run cpu -x -a modentry.txt footest cpu exits succesfully, yet only adds the first entry. -- ________________________________________________________________ Paul Stevens mailto:pa...@nf... NET FACILITIES GROUP PGP: finger pa...@nf... The Netherlands________________________________http://www.nfg.nl |
|
From: Hans E. K. <ha...@tr...> - 2003-09-17 02:02:56
|
Thank you. I shall test the temporary fix and I am looking forward to the patch on Monday. /Hans ----- Original Message ----- From: "Blake Matheny" <bma...@pu...> To: "Hans E. Kristiansen" <ha...@ri...> Cc: <cpu...@li...> Sent: Wednesday, September 17, 2003 07:36 Subject: Re: [Cpu-users] New entries uses 'cn'. > This is fixed in CVS (check out the CVS copy if you need it right now, a > temporary fix is to specify -A uid at the command line). Expect a 1.4.1 > release by Monday. Some patches have come in along with some bug reports. > > -Blake > > Whatchu talkin' 'bout, Willis? > > > > We are trying to use the 'cpu' utility to manage a ldap server (having > > gone through a few web based versions). Our dn for each user will have > > the form of dn: uid=<username>,ou=People,dc=xyz,..., but when I use > > the cpu utility the dn is created as dn: > > cn=<username>,ou=People,dc=xyz. > > > > > > > > This is the config file: > > > > [LDAP] > > LDAP_HOST = 127.0.0.1 > > LDAP_PORT = 389 > > # Can also use LDAP_URI = [1]ldaps://localhost:389 for TLS support > > BIND_DN = cn=Manager,dc=.... > > > > BIND_PASS = > > > > USER_BASE = ou=People,dc=... > > GROUP_BASE = ou=Group,dc=... > > USER_OBJECT_CLASS = posixAccount,shadowAccount,top > > GROUP_OBJECT_CLASS = posixGroup,top > > USER_FILTER = (objectClass=posixAccount) > > GROUP_FILTER = (objectClass=posixGroup) > > USER_CN_STRING = uid > > GROUP_CN_STRING = cn > > > > > > > > This looks OK to me, including the USER_CN_STRING, which I have se to > > uid instead of cn. > > > > > > > > Your help is appreciated. > > > > > > > > Thx, > > > > Hans E. > > > > References > > > > 1. ldaps://localhost:389/ > > -- > Blake Matheny "... one of the main causes of the fall of the > bma...@pu... Roman Empire was that, lacking zero, they had > http://www.mkfifo.net no way to indicate successful termination of > http://ovmj.org/GNUnet/ their C programs." --Robert Firth > |
|
From: Blake M. <bma...@pu...> - 2003-09-16 23:37:17
|
This is fixed in CVS (check out the CVS copy if you need it right now, a temporary fix is to specify -A uid at the command line). Expect a 1.4.1 release by Monday. Some patches have come in along with some bug reports. -Blake Whatchu talkin' 'bout, Willis? > > We are trying to use the 'cpu' utility to manage a ldap server (having > gone through a few web based versions). Our dn for each user will have > the form of dn: uid=<username>,ou=People,dc=xyz,..., but when I use > the cpu utility the dn is created as dn: > cn=<username>,ou=People,dc=xyz. > > > > This is the config file: > > [LDAP] > LDAP_HOST = 127.0.0.1 > LDAP_PORT = 389 > # Can also use LDAP_URI = [1]ldaps://localhost:389 for TLS support > BIND_DN = cn=Manager,dc=.... > > BIND_PASS = > > USER_BASE = ou=People,dc=... > GROUP_BASE = ou=Group,dc=... > USER_OBJECT_CLASS = posixAccount,shadowAccount,top > GROUP_OBJECT_CLASS = posixGroup,top > USER_FILTER = (objectClass=posixAccount) > GROUP_FILTER = (objectClass=posixGroup) > USER_CN_STRING = uid > GROUP_CN_STRING = cn > > > > This looks OK to me, including the USER_CN_STRING, which I have se to > uid instead of cn. > > > > Your help is appreciated. > > > > Thx, > > Hans E. > > References > > 1. ldaps://localhost:389/ -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Hans E. K. <ha...@ri...> - 2003-09-16 09:41:31
|
We are trying to use the 'cpu' utility to manage a ldap server (having = gone through a few web based versions). Our dn for each user will have = the form of dn: uid=3D<username>,ou=3DPeople,dc=3Dxyz,..., but when I = use the cpu utility the dn is created as dn: = cn=3D<username>,ou=3DPeople,dc=3Dxyz. This is the config file: [LDAP] LDAP_HOST =3D 127.0.0.1 LDAP_PORT =3D 389 # Can also use LDAP_URI =3D ldaps://localhost:389 for TLS support BIND_DN =3D cn=3DManager,dc=3D.... BIND_PASS =3D USER_BASE =3D ou=3DPeople,dc=3D... GROUP_BASE =3D ou=3DGroup,dc=3D... USER_OBJECT_CLASS =3D posixAccount,shadowAccount,top GROUP_OBJECT_CLASS =3D posixGroup,top USER_FILTER =3D (objectClass=3DposixAccount) GROUP_FILTER =3D (objectClass=3DposixGroup) USER_CN_STRING =3D uid GROUP_CN_STRING =3D cn This looks OK to me, including the USER_CN_STRING, which I have se to = uid instead of cn. Your help is appreciated. Thx, Hans E. |
|
From: Lukas K. <lu...@kn...> - 2003-09-15 20:59:50
|
Am Mi, 2003-09-10 um 18.38 schrieb Blake Matheny: > Ah yes, how we all love sourceforge :-) I made the changes to the default > cpu.conf and used account, since RFC2307 recommends using Account as the > structural class. We could have also used inetOrgPerson, but people can change > it if they don't like it. OpenLDAP defines userid to be a synonym for uid (see > schema/core.schema, oid 0.9.2342.19200300.100.1.1), so the fact that uid is > already required by posixAccount allows the 'account' class to be used. Oh yes, I see, thank you. Then it is a problem in 'jxplorer', which tries to validate the data one supplies befor sendig it to the server. It then complains about 'userid' not being set, effectively making itself unuseable for managing the user-database ;). I tried to subscribe to their mailinglist, but - yeah, sourceforge - the -request-address just didn't exist ;). > On another note, if anyone has tested version 1.4.0 and has found bugs, please > report them on the bugtracker. Ok, I'll do my best :) > -Blake > -- bye Lukas |
|
From: Lukas K. <lu...@kn...> - 2003-09-15 16:54:18
|
Am Mo, 2003-09-15 um 16.02 schrieb Blake Matheny: > If you currently maintain a package of CPU for any OS or distribution, and > have patches for CPU that you would like to see applied to the main branch, > please email them to me. There are currently several slightly different > versions of CPU floating around due to different versions being used, > different patches having been applied, etc. and it's growing difficult to > support. Any help appreciated. Thanks. There used to be a maintainer of an unofficial debian-package; does he still exist? I checked the archives and found a not-any-more existing repository ... > -Blake -- bye Lukas |
|
From: Blake M. <bma...@pu...> - 2003-09-15 14:02:21
|
If you currently maintain a package of CPU for any OS or distribution, and have patches for CPU that you would like to see applied to the main branch, please email them to me. There are currently several slightly different versions of CPU floating around due to different versions being used, different patches having been applied, etc. and it's growing difficult to support. Any help appreciated. Thanks. -Blake -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Blake M. <bma...@pu...> - 2003-09-10 16:39:44
|
Ah yes, how we all love sourceforge :-) I made the changes to the default cpu.conf and used account, since RFC2307 recommends using Account as the structural class. We could have also used inetOrgPerson, but people can change it if they don't like it. OpenLDAP defines userid to be a synonym for uid (see schema/core.schema, oid 0.9.2342.19200300.100.1.1), so the fact that uid is already required by posixAccount allows the 'account' class to be used. On another note, if anyone has tested version 1.4.0 and has found bugs, please report them on the bugtracker. -Blake Whatchu talkin' 'bout, Willis? > Hi all, this is my first post here, and I wasn't able to search the > archives at sf (got no answer from the server). > > OpenLDAP 2.1 enforces ldap-entries to use at least one 'structural' > ObjectClass, whilst the default ObjectClass 'posixAccount' is just > 'auxiliary', so a 'cpu useradd test' fails with: > > >ldap: ldapUserAdd: ldap_add_s: Object class violation (65) > > additional info: no structural object class provided > >ldap: CPU_init: Error in ldapOperation. > >Something went wrong. Exiting.. > > This can be avoided by just adding > 'account' to "USER_OBJECT_CLASS" in cpu.conf, which should be the > default in future versions, I think. But 'account' requires the > attribute 'userid' to be set, which is not. > I'm wondering why it actually works at all, because openldap should > check whether it's set or not ... nevertheless, it works. > > Great tool, thanks! > > -- > Lukas > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > _______________________________________________ > Cpu-users mailing list > Cpu...@li... > https://lists.sourceforge.net/lists/listinfo/cpu-users -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Lukas K. <lu...@kn...> - 2003-09-09 21:49:53
|
Hi all, this is my first post here, and I wasn't able to search the archives at sf (got no answer from the server). OpenLDAP 2.1 enforces ldap-entries to use at least one 'structural' ObjectClass, whilst the default ObjectClass 'posixAccount' is just 'auxiliary', so a 'cpu useradd test' fails with: > ldap: ldapUserAdd: ldap_add_s: Object class violation (65) > additional info: no structural object class provided > ldap: CPU_init: Error in ldapOperation. > Something went wrong. Exiting.. This can be avoided by just adding 'account' to "USER_OBJECT_CLASS" in cpu.conf, which should be the default in future versions, I think. But 'account' requires the attribute 'userid' to be set, which is not. I'm wondering why it actually works at all, because openldap should check whether it's set or not ... nevertheless, it works. Great tool, thanks! -- Lukas |
|
From: Blake M. <bma...@pu...> - 2003-09-06 20:13:37
|
Hello All, cpu-1.4.0 is available at: http://sourceforge.net/project/showfiles.php?group_id=45948 This release warrented a change in the version major number, because three digit minor numbers are annoying :-) New features for this release: Account locking and unlocking, configurable group and user cn, and configurable ldap version. Lots of bug fixes as well including that pesky '--with-ldap' (now auto-detected). Check the ChangeLog for other information. I'm not going to be putting this up on sourceforge for a few days, I would appreciate some testing and feedback. Also, CPU now defaults to LDAPv3, in order to use LDAPv2 run cpu with the -2 (or --2) option. -Blake -- Blake Matheny "... one of the main causes of the fall of the bma...@pu... Roman Empire was that, lacking zero, they had http://www.mkfifo.net no way to indicate successful termination of http://ovmj.org/GNUnet/ their C programs." --Robert Firth |
|
From: Terrence M. <tm...@ph...> - 2003-08-27 22:05:49
|
It may also be that the latest ldap is a lot more restrictive on SSL. I
know in order to get my ldapsearch to use SSL I had to build a CA and
then sign a non-self signed certificate for the ldap server to use. I
then had to point the ldap clients at the cacert.pem.
I actually had not tried cpu since I did that...hmmm....
I now get to this error....
root@llama ~# cpu useradd test
ldap: ldapOperation: ldap_bind_s: Protocol error (2)
additional info: requested protocol version not allowed
ldap: CPU_init: Error in ldapOperation.
So you fix may still be required.
Terrence
Blake Matheny wrote:
>This may or may not be it. CPU was originally written to use LDAPv2 and I have
>not yet added the switch such that you can specify the version. I'll get
>around to it this weekend unless someone beats me to it :-)
>
>-Blake
>
>Whatchu talkin' 'bout, Willis?
>
>
>>I get the following error when trying to add a user to my ldap database
>>with cpu.
>>
>># cpu useradd test
>>
>>ldap: ldapOperation: ldap_bind_s: Can't contact LDAP server (81)
>> additional info: error:14090086:SSL
>>routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>>ldap: CPU_init: Error in ldapOperation.
>>
>>Below is my config file.
>>
>>Any thoughts?
>>
>>Terrence
>>
>>
>>[GLOBAL]
>>DEFAULT_METHOD = ldap
>>CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict
>>
>>[LDAP]
>>#LDAP_HOST = 127.0.0.1
>>#LDAP_PORT = 389
>>LDAP_URI = ldaps://hostname.domain
>>BIND_DN = cn=Admin,dc=host,dc=domain,dc=tld
>>BIND_PASS = {SSHA}hashstuff
>>USER_BASE = ou=people,dc=host,dc=domain,dc=tld
>>GROUP_BASE = ou=group,dc=host,dc=domain,dc=tld
>>USER_OBJECT_CLASS = posixAccount,shadowAccount,top
>>GROUP_OBJECT_CLASS = posixGroup,top
>>USER_FILTER = (objectClass=posixAccount)
>>GROUP_FILTER = (objectClass=posixGroup)
>>CN_STRING = cn
>>SKEL_DIR = /etc/skel
>>DEFAULT_SHELL = /bin/bash
>>HOME_DIRECTORY = /home
>>MAX_UIDNUMBER = 25000
>>MIN_UIDNUMBER = 5000
>>MAX_GIDNUMBER = 25000
>>MIN_GIDNUMBER = 5000
>>ID_MAX_PASSES = 1000
>>RANDOM = "false"
>>PASSWORD_FILE = "/etc/passfile"
>>SHADOW_FILE = "/etc/shadowfile"
>>HASH = "md5"
>>SHADOWLASTCHANGE = 11192
>>SHADOWMAX = 99999
>>SHADOWWARING = 7
>>SHADOWEXPIRE = -1
>>SHADOWFLAG = 134538308
>>SHADOWMIN = -1
>>SHADOWINACTIVE = -1
>>
>>[PASSWD]
>># Broken
>>GROUP = 1000
>>HOME = /home
>>INACTIVE = -1
>>#EXPIRE =
>>SHELL = /bin/bash
>>SKEL = /etc/skel
>>COMMENT = "Default Gecos"
>>PASSWORD = /etc/passwd
>>SHADOW = /etc/shadow
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: VM Ware
>>With VMware you can run multiple operating systems on a single machine.
>>WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
>>at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
>>_______________________________________________
>>Cpu-users mailing list
>>Cpu...@li...
>>https://lists.sourceforge.net/lists/listinfo/cpu-users
>>
>>
>
>
>
|
|
From: Blake M. <bma...@pu...> - 2003-08-27 17:26:23
|
This may or may not be it. CPU was originally written to use LDAPv2 and I have
not yet added the switch such that you can specify the version. I'll get
around to it this weekend unless someone beats me to it :-)
-Blake
Whatchu talkin' 'bout, Willis?
> I get the following error when trying to add a user to my ldap database
> with cpu.
>
> # cpu useradd test
>
> ldap: ldapOperation: ldap_bind_s: Can't contact LDAP server (81)
> additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> ldap: CPU_init: Error in ldapOperation.
>
> Below is my config file.
>
> Any thoughts?
>
> Terrence
>
>
> [GLOBAL]
> DEFAULT_METHOD = ldap
> CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict
>
> [LDAP]
> #LDAP_HOST = 127.0.0.1
> #LDAP_PORT = 389
> LDAP_URI = ldaps://hostname.domain
> BIND_DN = cn=Admin,dc=host,dc=domain,dc=tld
> BIND_PASS = {SSHA}hashstuff
> USER_BASE = ou=people,dc=host,dc=domain,dc=tld
> GROUP_BASE = ou=group,dc=host,dc=domain,dc=tld
> USER_OBJECT_CLASS = posixAccount,shadowAccount,top
> GROUP_OBJECT_CLASS = posixGroup,top
> USER_FILTER = (objectClass=posixAccount)
> GROUP_FILTER = (objectClass=posixGroup)
> CN_STRING = cn
> SKEL_DIR = /etc/skel
> DEFAULT_SHELL = /bin/bash
> HOME_DIRECTORY = /home
> MAX_UIDNUMBER = 25000
> MIN_UIDNUMBER = 5000
> MAX_GIDNUMBER = 25000
> MIN_GIDNUMBER = 5000
> ID_MAX_PASSES = 1000
> RANDOM = "false"
> PASSWORD_FILE = "/etc/passfile"
> SHADOW_FILE = "/etc/shadowfile"
> HASH = "md5"
> SHADOWLASTCHANGE = 11192
> SHADOWMAX = 99999
> SHADOWWARING = 7
> SHADOWEXPIRE = -1
> SHADOWFLAG = 134538308
> SHADOWMIN = -1
> SHADOWINACTIVE = -1
>
> [PASSWD]
> # Broken
> GROUP = 1000
> HOME = /home
> INACTIVE = -1
> #EXPIRE =
> SHELL = /bin/bash
> SKEL = /etc/skel
> COMMENT = "Default Gecos"
> PASSWORD = /etc/passwd
> SHADOW = /etc/shadow
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
> at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
> _______________________________________________
> Cpu-users mailing list
> Cpu...@li...
> https://lists.sourceforge.net/lists/listinfo/cpu-users
--
Blake Matheny "... one of the main causes of the fall of the
bma...@pu... Roman Empire was that, lacking zero, they had
http://www.mkfifo.net no way to indicate successful termination of
http://ovmj.org/GNUnet/ their C programs." --Robert Firth
|
|
From: Terrence M. <tm...@ph...> - 2003-08-26 19:58:18
|
I get the following error when trying to add a user to my ldap database
with cpu.
# cpu useradd test
ldap: ldapOperation: ldap_bind_s: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap: CPU_init: Error in ldapOperation.
Below is my config file.
Any thoughts?
Terrence
[GLOBAL]
DEFAULT_METHOD = ldap
CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict
[LDAP]
#LDAP_HOST = 127.0.0.1
#LDAP_PORT = 389
LDAP_URI = ldaps://hostname.domain
BIND_DN = cn=Admin,dc=host,dc=domain,dc=tld
BIND_PASS = {SSHA}hashstuff
USER_BASE = ou=people,dc=host,dc=domain,dc=tld
GROUP_BASE = ou=group,dc=host,dc=domain,dc=tld
USER_OBJECT_CLASS = posixAccount,shadowAccount,top
GROUP_OBJECT_CLASS = posixGroup,top
USER_FILTER = (objectClass=posixAccount)
GROUP_FILTER = (objectClass=posixGroup)
CN_STRING = cn
SKEL_DIR = /etc/skel
DEFAULT_SHELL = /bin/bash
HOME_DIRECTORY = /home
MAX_UIDNUMBER = 25000
MIN_UIDNUMBER = 5000
MAX_GIDNUMBER = 25000
MIN_GIDNUMBER = 5000
ID_MAX_PASSES = 1000
RANDOM = "false"
PASSWORD_FILE = "/etc/passfile"
SHADOW_FILE = "/etc/shadowfile"
HASH = "md5"
SHADOWLASTCHANGE = 11192
SHADOWMAX = 99999
SHADOWWARING = 7
SHADOWEXPIRE = -1
SHADOWFLAG = 134538308
SHADOWMIN = -1
SHADOWINACTIVE = -1
[PASSWD]
# Broken
GROUP = 1000
HOME = /home
INACTIVE = -1
#EXPIRE =
SHELL = /bin/bash
SKEL = /etc/skel
COMMENT = "Default Gecos"
PASSWORD = /etc/passwd
SHADOW = /etc/shadow
|
|
From: Paul J S. <pa...@nf...> - 2003-08-14 09:35:21
|
Hi there, As the prospective debian maintainer for cpu I have packages available. You can point your sources.list to: deb http://debian.nfgd.net/debian unstable/ or if you insist on compiling yourself you could fetch the debian source: deb-src http://debian.nfgd.net/debian unstable/ and see how I did it. Benjamin Krein wrote: > Perhaps I'm missing something... I am trying to compile CPU on Debian > sid system. I've installed the libldap2-dev packages and the > cracklib2-dev packages (along with the typical packages that come with > Debian sid). Here is the tail output of my make command: > > gcc -DCONFIGFILE=\"/usr/local/etc/cpu.conf\" /usr/lib /usr/local/lib -o > .libs/cpu cpu.o -L/root/cpu-1.3.100/src/main -L/usr/include/lib > ../../src/util/.libs/libcputil.so -L/root/cpu-1.3.100/src/util -lcrypt > -ldl -Wl,--rpath -Wl,/usr/local/lib > /usr/bin/ld: cannot open /usr/lib: File format not recognized > collect2: ld returned 1 exit status > make[3]: *** [cpu] Error 1 > make[3]: Leaving directory `/root/cpu-1.3.100/src/main' > make[2]: *** [all-recursive] Error 1 > make[2]: Leaving directory `/root/cpu-1.3.100/src/main' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/root/cpu-1.3.100/src' > make: *** [all-recursive] Error 1 > -- ________________________________________________________________ Paul Stevens mailto:pa...@nf... NET FACILITIES GROUP PGP: finger pa...@nf... The Netherlands________________________________http://www.nfg.nl |
|
From: Benjamin K. <sup...@su...> - 2003-08-13 19:08:27
|
Perhaps I'm missing something... I am trying to compile CPU on Debian sid system. I've installed the libldap2-dev packages and the cracklib2-dev packages (along with the typical packages that come with Debian sid). Here is the tail output of my make command: gcc -DCONFIGFILE=\"/usr/local/etc/cpu.conf\" /usr/lib /usr/local/lib -o .libs/cpu cpu.o -L/root/cpu-1.3.100/src/main -L/usr/include/lib ../../src/util/.libs/libcputil.so -L/root/cpu-1.3.100/src/util -lcrypt -ldl -Wl,--rpath -Wl,/usr/local/lib /usr/bin/ld: cannot open /usr/lib: File format not recognized collect2: ld returned 1 exit status make[3]: *** [cpu] Error 1 make[3]: Leaving directory `/root/cpu-1.3.100/src/main' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/root/cpu-1.3.100/src/main' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/root/cpu-1.3.100/src' make: *** [all-recursive] Error 1 -- Benjamin Krein www.superk.org |
2 messages has been excluded from this view by a project administrator.
