# $Source: /opt/cvs/samba/smbldap-tools/ChangeLog,v $ # $id: $ # ## ChangeLog for SMBLDAP-TOOLS 3005-02-13: new tag (v0-8-7 for rpm version 0.8.7) . update smbldap-populate: check previously if entries exist. If the sambaDomain entry already exist when using smbldap-populate, we just modify it to add the sambaUnixIdPool objectclass which store the first uidNumber and gidNumber available. . update connection procedure to the directory in smbldap-passwd . new script smbldap-userinfo from Pawel Wieleba to allow people update their own informations like telephoneNumber, name and some others (need proper ACL in ldap configuration) . new migration scripts from Pawel Wieleba smbldap-migrate-unix-accounts and smbldap-migrate-unix-groups to help migrating users and groups defined in /etc/passwd (and/or /etc/shadow) and /etc/group. 2005-01-29 . bug in smbldap-populate: the -b option (guest login name) was broken . new option '-k' and '-l' to smbldap-populate to defined the uidNumber of administrator and guest accounts . group "Account Operators" is now created with smbldap-populate . Administrator account does not need anymore uidNumber=0 (using 998) . update in smbldap-populate and smbldap.conf: . next uidNumber and gidNumber available for new users and new groups are now stored in the sambaDomainName object. This allow the sambaUnixIdPooldn to not been viewed as a real user under IMC (http://www.idealx.org/prj/imc/) sambaUnixIdPooldn in configuration file smbldap.conf must look like > sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}" . the sambaDomainName is determine by - the sambaUnixIdPooldn parameter of smbldap.conf, or - the workgroup parameter of smb.conf if sambaUnixIdPooldn is not a sambaDomainName object . patch to smbldap-useradd: $modify->code was executed even if no modification was required, this can cause error mesage with some ldap directory. . small typo corrections 2005-16-01: new tag (v0-8-6 for rpm version 0.8.6) 2005-06-01: . new location /opt/IDEALX and /etc/opt/IDEALX/ (instead of /usr/local and /etc) to conform to FHS/LSB . update typo correction in documentation . patch to smbldap-passwd from Pawel Wieleba : see www.iem.pw.edu.pl/~wielebap/ldap/smbldap-tools/smbldap-tools_doc.pdf . use of slappasswd was insecure as external program. Now slappasswd is run in a child process and shell is not used . it is now possible to not use slappasswd but perl module only . new parameter 'with_slappasswd' in smbldap.conf to allow not use 'slappasswd' but perl module only . new option '-r' to smbldap-usermod for renaming a user. Exemple: $ smbldap-usermod -d /home/new_user -r new_user old_user 2004-10-28: new tag (v0-8-5-3 for rpm version 0.8.5-3) 2004-10-07: . smbldap-useradd: set sambaPwdLastSet to the current date, and sambaPwdMustChange to 2147483647 for trust account to work . patch from Quentin Delance : added test to not being able to remove primary group of a user 2004-08-29: new tag (v0-8-5-2 for rpm version 0.8.5-2) . small corrections . computer's account have the 'gecos' attribute set to 'computer': computers may not join the domain if this attribute is not defined (thanks to "Dominik 'Rathann' Mierzejewski") 2004-06-25: . patch to smbldap_tools.pm: the 'search' to sambaUnixIdPool objectclass is done directly to the object defined in the configuration file (sambaUnixIdPooldn="..."). This allow to have more then one object having the sambaUnixIdPool objectclass. . patch smbldap-useradd. The -P and -T options had no effect if the -a was not used. . update configure.pl 2004-06-21: . new '-o' option in smbldap-useradd to set the organizatinal unit where the account will be created. It is relative of the user suffix dn ($usersdn) defined in the configuration file 2004-06-17: new tag (v0-8-5-1 for rpm version 0.8.5-1) . update documentation 2004-05-25: . patch to smbldap-populate: fix sambaSID and sambaGroupType error for builtin groups . new entry in /etc/smbldap-tools/smbldap.conf for idmap ou: > idmapdn="ou=Idmap,${suffix}" 2004-05-10: . patch from Ross Becker : new option in smbldap.conf to set the salt format if CRYPT hash is used. . add a check to see if STDIN is connected to tty by using if (-t STDIN) ... This allow the unsecure use of "echo -e 'password\npassword' | smbldap-passwd jto" 2004-04-30: . patch for smbldap-useradd and smbldap-groupadd: next uidNumber and gidNumber available are now stored in cn=NextFreeUnixId WARNING: . when upgrading, you need to create the new object manually (see INSTALL file) . this object's name is defined in /etc/smbldap-tools/smbldap.conf you can defined another name as desired, for example: > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}" 2004-04-07: . patch from Emmanuel Lacour : no more use of mkntpwd, use of Crypt::SmbHash perl module instead 2004-04-04: . patchs from Alexander Bergolth : . variable substitution to the config-file parser. This new feature allows configurations like that > suffix="dc=idealx,dc=com" > usersdn="ou=Users,${suffix}" Username substitution is done via %U: > userHome="/home/%U" ==> smbldap.conf file can now use the samba %U definition . change in smbldap-userdel refuses deleting a home directory that doesn't contain the username, more precisely that doesn't look like /^\/.+\/(.*)$user/ This avoids deleting-disasters when the homeDirectory attribute is erroneous set to a wrong value like "/" or "/home". . adds mail-forwarding and mail-alias capabilities (for use by MTAs like sendmail or postfix). Two new options "-M" and "-T" allow specifying mail-aliases and mail-forward addresses in smbldap-useradd and smbldap-usermod. If those options are used, the objectclass "inetLocalMailRecipient" is used . patch to allows adding new mail-aliases (-M), mail-forward addresses (-T) or supplementary groups (-G) without overwriting the existing ones using a syntax like smbldap-usermod -G +wheel testuser Removing only the specified attributes without deleting all of them works the same way using a syntax like smbldap-usermod -G -wheel testuser . patch that fixes a small problem when using userHomeDrive without the ":" symbol . test if a user is unique in get_homedir function. Replace the regular expression that check the homeDirectory attribute's value with the exact query response. 2004-03-05: . add the displayName attribut when using 'smbldap-groupadd -a' . update smbldap-populate (set the username for the guest account and the administrative account in sambaProfilePath instead of $adminName and $guestName) 2004-03-01: . update smbldap-populate to allow setting userHomeDrive="" in configuration file 2004-02-22: . it is now possible to delete the following entries with smbldap-usermod : sambaHomePath (option -C), sambaHomeDrive (option -D) sambaLogonScript (option -E) and sambaProfilePath (option -F) ex: smbldap-usermod -C "" user . update documentation 2004-02-07: new tag v0-8-4 . include documentation in smbldap-tools.spec file 2004-01-22: . config.pl: usersdn, groupsdn and computersdn was not updated . config.pl: empty value can be set with the "." caracter 2004-01-19: . certificates for TLS support can now be declared in the smbldap.conf configuration file. 4 new options: verify, cafile, clientcert and clientkey 2004-01-17: . remove OpenLDAP requirement in smbldap-tools spec file as the LDAP server can be on another computer 2004-01-14: . patch to smbldap-populate to not take into account attributes that has a null definition in smbldap.conf (sambaProfilePath and sambaHomePath) 2004-01-10: . shadowAccount objectclass added for users account (needed for users on Solaris system to authenticate) . configuration is now split in two files > smbldap.conf : globals parameters > smbldap_bind.conf: connection parameters to the directory . patch in smbldap-password that allow users to use this script to change their own passwords 2003-12-29: . new script configure.pl to help setting up the smbldap_conf.pl file . bug: smbldap_conf.pm now allow to set _userSmbHome and _userProfile to a null string to disable homedirectory and roaming profiles 2003-12-19: . new option '-i' to smbldap-useradd to create a trust account (domain membership) . rename all scripts: remove the '.pl' 2003-12-11: . new option '-i' to smbldap-populate to import an ldif file . new option '-e' to smbldap-populate to export an ldif file 2003-11-18: new tag v0-8-2 . new option '-a' to smbldap-usermod.pl that allow adding the sambaSAMAccount objectclass to an existing posixAccount 2003-11-07: . patch that allow adding user to a group when the group is in a higher level depth then ou=Groups (for example, ou=grp1,ou=Groups,...) . check the unicity of a group when adding/removing a user to this group 2003-10-28: . new option '-p' in smbldap-groupadd.pl to 'print' the gidNumber of the group to STDOUT. This is needed by samba (see the man page) 2003-10-19: . new function does_sid_exist that check if samaSID sttribute is already defined for another use or another group 2003-10-13: . smbldap-populate.pl now also add the group mapping 2003-10-01: new tag v0-8-1 . one can now comment the two directives '$_userSmbHome' and '$_userProfile' if you want to use the smb.conf directives instead ('logon home' and 'logon path' respectively), or if you want to desable roaming profiles . Patch from Alexander Bergolth : the sambaPrimaryGroupSID of a user is now set to the sambaSID of his primary group 2003-09-29: . added new option '$_defaultMaxPasswordAge' in smbldap_conf.pm to specifie how long a password is valid . The '-B' option was not always valid: to force a user to change his password: . the attribut sambaPwdLastSet must be != 0 . the attribut sambaAcctFlags must not match the 'X' flag . logon script is set (for every one) to the default '_userScript' value if it is defined . Patch from Alexander Bergolth : gid-sid group mapping to smbldap-groupadd.pl and smbldap-groupmod.pl 2003-09-19: Patch from Marc Schoechlin . load the perl-modules without setting environment-variables or making symlinks 2003-09-18: Patch from Alexander Bergolth . options "-u", "-g", "-s" and "-c" are now functionnal . the existence of samba account was made on sambaAccount and not sambaSAMAccount as it should be for samba3 . new function read_user_entry to smbldap_tools.pm that returns a Net::LDAP:Entry object of the user . Use this object to get the dn and user attributes instead of producing an ldif and searching for attributes within that ldif 2003-09-15: . change machine account creation to not add the sambaSAMAccount objectclass. It is now added directly by samba when joigning the domain . new option in smbldap-usermod.pl: '-e' to set an expire date . Start_tls support activated when ldapSSL is set to 1 . Net::LDAP support more scripts . bugs correction 2003-09-02: . sambaPwdLastSet is updated when smbldap-passwd.pl is used . add a function is_group_member to test the existence of a user in a particular group . add a function is_unix_user to test if a particular user exist . Net::LDAP support more scripts 2003-08-15: . Samba3.0 support 2003-08-01: . Final version for samba 2.2.8a (cvs tag SAMBA-2-2-8a-FINAL) . OpenLDAP 2.1 support (only one structural objectclass allowed) 2002-07-24: top and account objectclasses replaced with inetorgperson 2002-06-03: notes to webmin.idealx.org (idxldapaccounts) 2002-06-01: release 0.7. tested with 2.2.4 2002-05-31: fixed smbldap-populate compliance to smbldap_conf cleaned up smbldap_conf to be more readable some more documentation bugfixes on smbldap-passwd and smbldap-populate 2002-05-16: modified default mode on homes: now 700 2002-05-13: fixed spec (relocation and reqs) 2002-03-02: fixed 2.2.3 sambaAccount bug with smbldap-useradd.pl (rid is now mandatory in the sambaAccount objectClass) 2002-02-14: just modified default populate for Administrator 2002-02-05: release 0.6. enable/disable user in usermod 2002-02-04: release 0.5. added smbldap-migrate-groups to migrate NT groups from a net group dump. added samba parameters to smbldap-useradd and smbldap-usermod. 2002-01-12: added smbldap-migrate-accounts to migrate users/machines accounts from a PWDUMP dump 2001-12-13: added smbldap-populate to create the initial base 2001-12-13: initial release 0.1 2001-12-12: fixed the SPEC file for RedHat 2001-12-03: cleaned the code and use strict; 2001-11-20: initial needs (for testing purpose on Samba-2.2.2 an Samba-TNG) # - The End