Your message dated Thu, 06 Aug 2015 12:19:01 +0000
with message-id <[email protected]>
and subject line Bug#787128: fixed in freedombox-setup 0.5
has caused the Debian Bug report #787128,
regarding freedombox-setup: Reset LDAP admin password on first-run
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
787128: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787128
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freedombox-setup
Version: 0.3
Severity: wishlist
Tags: patch
Currently the LDAP admin password is generated during setup, and printed
in the log.
The attached patch will save the password to a file that only root can
read. Then during first-run, it will be changed to a new, random password.
diff --git a/first-run.d/50_ldap-server b/first-run.d/50_ldap-server
new file mode 100755
index 0000000..ac77069
--- /dev/null
+++ b/first-run.d/50_ldap-server
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# Reset LDAP admin password to a new, random password.
+
+old_pwd=$(cat /etc/ldap/ldap-admin)
+new_pwd="$(pwgen -1)"
+
+domain=thisbox
+
+cat <<EOF |ldapmodify -x -D "cn=admin,dc=$domain" -w $old_pwd
+dn: cn=admin,dc=$domain
+changetype: modify
+replace: userPassword
+userPassword: $new_pwd
+EOF
+
+if [ $? -eq 0 ]; then
+ echo $new_pwd >/etc/ldap/ldap-admin
+fi
diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server
index 231e83a..16ad78c 100755
--- a/setup.d/30_ldap-server
+++ b/setup.d/30_ldap-server
@@ -25,4 +25,5 @@ ou: users
EOF
-echo password: $pwd
+echo $pwd >/etc/ldap/ldap-admin
+chmod 600 /etc/ldap/ldap-admin
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: freedombox-setup
Source-Version: 0.5
We believe that the bug you reported is fixed in the latest version of
freedombox-setup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nick Daly <[email protected]> (supplier of updated freedombox-setup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 06 Aug 2015 06:40:43 -0500
Source: freedombox-setup
Binary: freedombox-setup
Architecture: source all
Version: 0.5
Distribution: unstable
Urgency: medium
Maintainer: Petter Reinholdtsen <[email protected]>
Changed-By: Nick Daly <[email protected]>
Description:
freedombox-setup - Package to set up freedombox environment
Closes: 786164 786689 787025 787128 789441 791704
Changes:
freedombox-setup (0.5) unstable; urgency=medium
.
[ Nick Daly ]
* Upload 0.5 release.
.
[ Sunil Mohan Adapa ]
* Migrate to dh_python3 from python-support (Closes: #786164).
* Use nmcli to setup network connections (Closes: #786689).
* Remove jwchat/ejabber setup as it is handle by Plinth (Closes: #787025).
* Remove LDAP root password and create ou=groups (Closes: #787128).
* Remove renaming of network interaces as it does not work. Start using
systemd's new predictable naming. Don't alter
/etc/network/interface anymore. (Closes: #789441).
* Use network manager for configuring DNS and DHCP servers.
.
[ James Valleroy ]
* Apply patch from Sunil to fix hang issue when building Raspberry Pi images.
* Remove privoxy setup as it happens in Plinth now (Closes: #791704).
* Configure PAM for LDAP user logins (Close: #792233).
Checksums-Sha1:
122eeaf942196768d907daadd54372a4d5317dd7 1815 freedombox-setup_0.5.dsc
b7dcd34c7c34e4064fed4fa9da4a12144660c015 48088 freedombox-setup_0.5.tar.gz
3f51348cf516f515fb2fec4e55af63aa4c3e8dd5 33802 freedombox-setup_0.5_all.deb
Checksums-Sha256:
068887ebc4929b3d33b335e13415fbebce440fd4afa6aadd70d0fc9139900b92 1815
freedombox-setup_0.5.dsc
619581ef6c1408360085e25e070de1fcb5ca164e0502be8cab56ff6273275776 48088
freedombox-setup_0.5.tar.gz
70219ad8bc2426a585d13ef92e67893a2873278866b515d4bdb764f17529fd55 33802
freedombox-setup_0.5_all.deb
Files:
9eab5bfc6cbd37ec46f9695fac930fd9 1815 misc optional freedombox-setup_0.5.dsc
816eb58eb369b67d2a8c68aea6e9f81a 48088 misc optional
freedombox-setup_0.5.tar.gz
cf229b1e284b17309f39dbf807c5f9aa 33802 misc optional
freedombox-setup_0.5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVwLjRAAoJEJ8nM/QJKNI6dmsP/2VWB8SWOz0ZVMMFfwhQEmV1
TteDgP5T/Tj/p/WvVSsKnIU53SuWLHTMouXDRm/+UaoPHySGgPjg88Wyk2AZt6Md
zcZTIZ4/pbUZHcPMCQWFNIRnptoK3yxXxeL9fgIiaoUH7UCrFlt0Mgxxo+uaBWF3
vis+Umg0GUA9mhBCRyuCj1Or8cUtCRTTQQgp4vuVSqbZQDS7xCbsBiscvNaEci8v
b2mYOzvRUuqebaznVAt7HYnvPl/RhUYzdQ6ucrQe3HHq4G6fJ+gtTDbM8VvKy7IU
BhrFgpn89c9vwIqEdSWo8Sg98LjBkiPbT1pgJWf4VOnH3OLTvn/HYOOQnNiQtkKG
MX/Xt66q1dC0C5tP2McxuiatzWS4L4Vx+EXt6TSdRKNlrlOjr4dMhn3nCmKBrIog
IBW4Q35hkvQUJjnXChRWdI1VOdJGjIM6o39Y2AqTcwDkB2CyQlECJWCVibbi0+LE
pn1fzHUii0X7Gcd/TdOEQX7qMibfMlSdyQ/C2auvkKYrYbcuSFaFkzoP4XgtO7R+
cRhlJks6PBiyBp+LQ2K96PrwXTh81Nyck9m301plfecYH0Wwl/Ygt3XzKSz24lBg
wDkjIvjO60SKDZ8thOP4CcrK+WC57UE87Owd5XP7fUfiYJ06Rj0JefVkXx6alzc4
Ns1sidB36eHpidAXCDjI
=/N7z
-----END PGP SIGNATURE-----
--- End Message ---
