2012-03-05 * Use Digest::SHA instead of Digest::SHA1 if Perl version > 5.10.0 * smbldap-usermod: -M, -O, -T option: Remove associated attribute when the null value is specified 2011-09-26 * new tag 0.9.7 2011-09-06 * smbldap-populate: Create parent entry for $config{sambaUnixIdPooldn} if it does not exist 2011-09-02 * smbldap-config: Rename from configure.pl 2011-07-23 * smbldap-populate: Create parent entry for $config{usersdn} (and others) if it does not exist (e.g. usersdn="ou=Users,ou=parent,${suffix}" in smbldap.conf) 2011-07-13 * smbldap-useradd: New option: --non-unique (Allow the creation of a user account with a duplicate (non-unique) UID) 2011-07-12 * smbldap-usermod: New option: --ou NODE (move user entry to the specified organazional unit) * Canonize user name to treat the memberUid as case-sensitive attribute (but the uid attribute is case-insensitive) * smbldap-useradd: New option: -p (allow to set password from STDIN without verification, e.g. using a pipe) 2011-07-08 * smbldap-populate: Use Net::LDAP::Entry for populating entries 2011-06-29 * Use sambaNextRid attribute in sambaDomain entry for the next RID as same as Samba 3.0+ (only when sambaAlgorithmicRidBase attribute does NOT exists in sambaDomain entry for backward compatibility) 2011-06-24 * Rename smbldap.conf parameters: - hash_encrypt -> password_hash - crypt_salt_format -> password_crypt_salt_format * LDAPv3 Password Modify (RFC 3062) extended operation support when password_hash="exop" in smbldap.conf 2011-06-23 * Add shadowAccount parameter in smbldap.conf to control whether to treat shadowAccount objectclass and attributes or not 2011-06-22 * Introduce autoconf (configure.in, Makefile.in and so on) 2011-06-14 * smbldap-passwd: Do not use permuted -s option for the smbpasswd(1) command-line because the plain-old getopt(3) does not support it 2011-05-28 * smbldap_tools.pm: Add read_password() to avoid `stty -echo` hacks * Use /usr/sbin/nscd -i instead of /etc/init.d/nscd 2011-05-24 * smbldap-populate, smbldap_tools.pm: Use /nonexistent instead of /dev/null for guest's and computer's homeDirectory 2011-03-09 * smbldap_tools.pm: Use Encode instead of Unicode::MapUTF8 2011-02-23 * smbldap_tools.pm: - get_next_id: Use getgrgid() for GID number - read_parameter: Use lexically-scoped variable $line instead of global $_ - read_user_human_readable: Use UTF-8 flaged string and \P{IsPrint} to check if an LDAP attribute has non-printable characters or not * smbldap-populate: Fix wrong sambaGroupType values for local groups * Replace bare "smbpasswd" with "$config{smbpasswd}" * smbldap-useradd: Add -h (--no-dereference) option to the chown(1) command-line * smbldap-useradd: Extend -Z (--attr) option to take multiple -Z options * smbldap-usermod: Set sambaPwdLastSet to the current time if "-B 0" is used (for Samba 3.0.25 and later) * smbldap-usermod: Extend -Z (--attr) option: - Take multiple -Z options - Append a value to a multi-value attribute by -Z +name=value - Remove a value from a multi-value attribute by -Z -name=value - Remove a attribte by -Z -name 2010-11-15 * smbldap-useradd: - fix Z option in getopt (custom LDAP attribute) - drop unused L option from getopt - alphabetically reorganize getopt options - fix several mis-spellings and typos (thx to Paul Howarth ) * other utilities: - alphabetically reorganize getopt and help * new tag 0.9.6 2010-10-21 * new tool: smbldap-grouplist (list LDAP groups) * smbldap-useradd, smbldap-usershow, smbldap-usermod: - change default encoding of givenName and sn to UTF-8 (bug #11717) - new option: -X (input/output encoding, defaults to UTF-8) - new option: -O (localMailAddress attribute) - changed option: -M (now sets only mail attribute) - home directory is now chowned as $userUidNumber:$userGidNumber (bug #11721) - use gecos as displayName if givenName and userSN not provided (bug #14517) * smbldap-passwd: - new option: -p (allow root to set password from STDIN without verification, e.g. using a pipe) (bug #11964) - change userPassword, shadowLastChange and shadowMax individually e.g. no shadow class or user may not have rights (bug #15052) * smbldap-groupmod: allow deletion of users from groups without a defined samba group SID) * remove references to smbldap_conf.pm 2008-04-22 * new tag 0.9.5 2008-04-13 * smbldap-useradd: new option '-W' to add a computer account with samba attributes (for account creation through samba, use '-w') * smbldap_tools.pm: added ldaps support * smbldap.conf: new option 'ldapSSL' for SSL support 2008-03-05 * smbldap-usershow: if nscd is up dans running, restart the service (http://gna.org/bugs/?11206) 2008-02-17 * smbldap-populate: remove sambaNextRid entry if ${sambaDomain} is not used for ${sambaUnixIdPooldn} entry (sambaDomain objectclass is then not added to ${sambaUnixIdPooldn}) 2008-02-15 * smbldap-usermod: if "-I" is used, set sambaPwdLastSet to the current time * smbldap-useradd: if '-k /etc/skel" is used, /etc/skel content is now correctly copied to home directory 2007-12-18 * smbldap-usermod, smbldap-passwd (smbldap-passwd is asked by smbldap-useradd): if "-B 1" is used, set sambaPwdLastSet to 0 (https://gna.org/support/?1828) 2007-12-17 * smbldap-usermod, smbldap-useradd: new -Z option to add custom LDAP attributes 2007-11-26 * smbldap-groupadd: added sncd status and restart service after applying modifications (https://gna.org/bugs/index.php?10313) * smbldap-passwd: unix password not updated if maxPasswordAge not defined in smbldap.Conf => added control test (https://gna.org/bugs/?10230) * smbldap-usershow: new -h option to print dates in human-readable form (https://gna.org/bugs/?10231) 2007-11-23 * smbldap-usermod: fixes and enhancements relative to expirations dates (https://gna.org/bugs/?10229) 2007-10-30 * smbldap_tools.pm (read_user): do not print binary data in smbldap-usershow (https://gna.org/bugs/?10228) 2007-09-17 * new tag 0.9.4 2007-09-17 * smbldap-usermod and smbldap-useradd: displayName attribute default to username or use the information given with the -S and -N options. (RFC 2256 & RFC 2798). * update sambaPrimaryGroupSID if '-g' option is used Thanks to Christoph Szeppek for his patch. 2007-09-05 * smbldap-userlist (print_user): print also shadowMax attribute value 2007-08-07 * smbldap-usermod: allow renaming of computers account 2007-08-01 * smbldap-usermod: cn was updated to null string (if -N or -S are not used.) which causes a failed ldap modification 2007-07-19 * new tag 0.9.3 2007-07-13 * smbldap-userinfo (exist_in_tab;): print also Samba Password Last Set, Samba Password Must Change and Samba Flags * smbldap-userlist (exist_in_tab;): only root can show all users informations. If used as standard user, only print personnal informations 2007-07-10 * smbldap-populate: new option '-r' to specify the first rid available for users and groups creation (default is 1000) 2007-07-06 * smbldap_tools.pm (add_posix_machine): add only 'top', 'account', 'posixAccount' objectclass for computers account * smbldap_tools.pm (get_next_id($$)): look if the id or gid is not already used in /etc/passwd or /etc/group. Check the next one if so. * smbldap_tools.pm (delete_user): print error message if deleting user failed 2007-07-05 * smbldap-userlist: new script that list all account properties (expiration, status,...) 2007-07-04 * smbldap-passwd (make_salt): update shadowMax (to $config{defaultMaxPasswordAge}) entry if script used with root priviledge * smbldap_tools.pm (add_posix_machine): when creating a computer account, just set the 'top', 'account' and 'posixAccount' objectclass * smbldap_tools.pm (parse_group): same as below: replace getgrgid() by a ldap querie * smbldap-groupmod: replace the call of getgrnam() with a ldap search because getgrnam() can't return the group gidNumber in case the script is executed from a server where ldap auth is not set (tnx to Konstantin Munning) 2007-07-03 * smbldap-useradd: using the userName instead of uidNumber in "chown ... $userHomeDirectory" because $userUidNumber is linked to user which has a different uidNumber in case of use numeric-only username (thx to Francesco Malvezzi) * smbldap-useradd: if -B option is used, called smbldap-passwd with -B option (without -B option in smbldap-passwd, this command was overwritten sambaPwdMustChange sambaPwdLastSet and sambaAcctFlags just after being updated with smbldap-usermod) * smbldap-passwd: new option -B to force user to change Samba password (and then also unix) at next connection 2007-07-02 * smbldap-migrate-pwdump-accounts: make the ldap connection before trying to modify any entry * smbldap-migrate-pwdump-accounts and smbldap-migrate-pwdump-groups: added "PATH=/sbin:/usr/sbin:/usr/local/sbin:/opt/IDEALX/sbin/" before calling smbldap-useradd * smbldap-userinfo: new option -l to list user properties and specially password aging informations * smbldap-usermod: new options --shadowExpire --shadowMax --shadowMin and --shadowWarning related to password aging * smbldap-usermod: new options -L and -U to lock/unlock shadow account (thx to Pierluigi Miranda ) * smbldap-passwd: sambaPwdLastSet attribute is updated whend changing password * smbldap-usermod: if -o was used, script must not exit if uid already exist * smbldap_tool.pm: in function connect_ldap_slave, bind parameters to contact the master server (if slave is not available) must be $config{masterDn} and $config{masterPw} 2007-06-27 * smbldap-tools.spec: added man pages * smbldap-useradd: update -o option to allow specify a node like '-o ou=admin,ou=all' * smbldap-tools.pm: be more verbose if ldap_bind failed (thx to tarjei ) * smbldap-useradd: be more berbose if problem searching next uid in $config{sambaUnixIdPooldn} (thx to Goneri Le Boude ) 2006-01-13 * UTF8 support in smbldap-usermod for option -N 2006-01-03 . new tag (v0-9-2 for rpm version 0.9.2) 2005-10-31 . Option 'P' to set password was not possible in smbldap-useradd when usernames contained space character . smbldap-populate and smbldap_tools.pm: classes hierarchical is specified completly to avoid problem with others directories then OpenLDAP. . smbldap-useradd: users are not added to group if the group is their primary one . smbldap-useradd and smbldap_tools: new function is_nonldap_unix_user to allow adding non ldap users to group. This is typically used to add users from a trusted domains (winbind) . when adding trusted account (smbldap-useraddd -i) '$' caracter is added to the name if not present . if with_smbpasswd="1", we let samba adding the sambaPrimaryGroupSID entry . smbldap-passwd: new option -s and -u to only update samba password or unix password . smbldap-passwd: regular users can change their passwords when TLS is forced . parsing smb.conf is correct if parameters are defined in several lines (using \ caracter) . automatic creation of the OU of a new user if it does not exist (smbldap-useradd -o ou=xxx). The new OU must me relative to the $config{usersdn} parameter 2005-07-12 . sambaPrimaryGroupSID for samba users is set to DOMAIN_SID-513, whatever is the defaultUserGid parameter value defined in smbldap.conf 2005-06-07 . sambaBadPasswordCount is set to 0 when using smbldap-passwd . update for respect with RFC 2256: sn <-> nom (option S) givenName <-> prenom (option N) cn <-> person's full name . UTF8 support for givenName (option N) and sn (option S) 2005-05-26: new tag (v0-9-1 for rpm version 0.9.1) . bugs correction and updates in configure.pl 2005-05-17: new tag (v0-9-0 for rpm version 0.9.0) 2005-05-16 . update release version 0.9.0 for synchronisation with examples of the "Samba3 by examples" book of John H Terpstra. . default configuration files for the smbldap-tools can be place in /etc/opt/IDEALX/smbldap-tools or /etc/smbldap-tools/ . default configuration file for samba can be /etc/samba/smb.conf or /usr/local/samba/lib/smb.conf . new parameter userHomeDirectoryMode in smbldap.conf to set the default directory mode used for user's homeDirectory . enhancements and fixes in configure.pl 2005-04-27 . error in group type documentation in smbldap-groupadd 2005-04-17 . warnings was displayed when samba configuraton file (smb.conf) had single quotes in parameters definition (thanks to Tom Burkart ) . 'idmapdn' is now also optional in smbldap.conf (if needed and defined in smb.conf) 2005-04-03: new tag (v0-8-8 for rpm version 0.8.8) 2005-03-09 . Four more options are now optional in smbldap.conf. Default values are: > slaveLDAP="127.0.0.1" > slavePort="389" > masterLDAP="127.0.0.1" > masterPort="389" > ldapTLS="0" . the following suffix can be used with the smbldap-tools: > suffix="dc=dpt,dc=idealx,dc=org", suffix="dc=idealx,dc=org" or suffix="dc=idealx" . update to smbldap-populate: . administrator account is now called 'root' . default uidNumber for root is set to 0 . default rid for root is set to 500 . default gidNumber for administrator is set to 0 uidNumber and gidNumber can be changed with option -k and -m 2005-03-08 . Four parameters in smbldap.conf are now optional: 'suffix', 'usersdn', 'computersdn' and 'groupsdn' If those parameters are not set, they are respectivly taken from the following parameters in smb.conf : 'ldap suffix', 'ldap user suffix', 'ldap machine suffix' and 'ldap group suffix' . renaming two files: $ mv smbldap-migrate-accounts smbldap-migrate-pwdump-accounts $ mv smbldap-migrate-groups smbldap-migrate-pwdump-groups 2005-02-26 . New option '-t time' to smbldap-useradd: wait