File: ChangeLog

package info (click to toggle)
smbldap-tools 0.9.11-3
links: PTS, VCS
area: main
in suites: bookworm, forky, sid, trixie
size: 960 kB
sloc: perl: 5,053; sh: 191; makefile: 100
file content (805 lines) | stat: -rw-r--r-- 32,050 bytes
parent folder | download | duplicates (2)
2016-05-10 <fumiyas at OSS Technology Corp., Japan>
	* New tag 0.9.11
	* Disable lanmanPassword by default

2016-03-29 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-config:
	  - Add POD text
	    (Thanks to Paul Howarth <pghmcfc>, bug #3013)
	  - Do NOT assume "ou=..."-style value for "ldap users suffix",
	    "ldap groups suffix" and "ldap machine suffix" in smb.conf

2016-03-28 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-config: Add support renamed and new parameters
	  (Thanks to Gervasio Susterman <gerv>, bug #2914)

2016-03-27 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-useradd:
	  - Do not add dummy userPassword attribute
	  - Die on adding a user entry fails
	  - Set random password instead of insecure one on `smbpasswd -a`
	  - Check if specified UID is owned by local user (bug #2974)
	* Report error on exec() failure

2014-08-27 <fumiyas at OSS Technology Corp., Japan>
	* smbldap.conf: New parameter: lanmanPassword
	* smbldap_tools.pm: Export account_base_rid() for smbldap-usermod

2013-02-14 <fumiyas at OSS Technology Corp., Japan>
	* new tag 0.9.10

2012-10-24 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm: Add is_attr_single_value() to check if
	  a specified attribute is defined as single-value in the LDAP schema
	* smbldap-useradd, smbldap-usermod: Check if mailRoutingAddress
	  attribute is single-value or not
	* smbldap-usermod:
	  - Remove mailRoutingAddress attribute if empty
	  - Suppress "no such attribute" error on remove mail or
	    mailLocalAddress attribute when already absent

2012-10-19 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm: read_user_human_readable: Protect attribute
	  values from Encode::decode_utf8() with Encode::FB_CROAK

2012-08-07 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm: $config{masterLDAP} and $config{slaveLDAP}
	  can take an LDAP URI
	* smbldap_tools.pm: Non-root user cannot run smbldap-passwd,
	  smbldap-userinfo, smbldap-userlist and smbldap-grouplist with
	  SSL-enabled LDAP server
	  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647860
	* new tag 0.9.9

2012-07-17 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-useradd: Fix smbldap-passwd name
	  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679935

2012-07-16 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-userlist, smbldap-grouplist: Specify Net::LDAP
	  search attributes as an array ref, not a string
	  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681350

2012-03-05 <fumiyas at OSS Technology Corp., Japan>
	* Use Digest::SHA instead of Digest::SHA1 if Perl version > 5.10.0
	* smbldap-usermod: -M, -O, -T option: Remove associated attribute
	  when the null value is specified

2011-09-26 <fumiyas at OSS Technology Corp., Japan>
	* new tag 0.9.7

2011-09-06 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-populate: Create parent entry for $config{sambaUnixIdPooldn}
	  if it does not exist

2011-09-02 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-config: Rename from configure.pl

2011-07-23 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-populate: Create parent entry for $config{usersdn}
	  (and others) if it does not exist
	  (e.g. usersdn="ou=Users,ou=parent,${suffix}" in smbldap.conf)

2011-07-13 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-useradd: New option: --non-unique (Allow the creation of a
	  user account with a duplicate (non-unique) UID)

2011-07-12 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-usermod: New option: --ou NODE (move user entry to the
	  specified organazional unit)
	* Canonize user name to treat the memberUid as case-sensitive
	  attribute (but the uid attribute is case-insensitive)
	* smbldap-useradd: New option: -p (allow to set password from
	  STDIN without verification, e.g. using a pipe)

2011-07-08 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-populate: Use Net::LDAP::Entry for populating entries

2011-06-29 <fumiyas at OSS Technology Corp., Japan>
	* Use sambaNextRid attribute in sambaDomain entry for the next RID
	  as same as Samba 3.0+ (only when sambaAlgorithmicRidBase attribute
	  does NOT exists in sambaDomain entry for backward compatibility)

2011-06-24 <fumiyas at OSS Technology Corp., Japan>
	* Rename smbldap.conf parameters:
	  - hash_encrypt -> password_hash
	  - crypt_salt_format -> password_crypt_salt_format
	* LDAPv3 Password Modify (RFC 3062) extended operation
	  support when password_hash="exop" in smbldap.conf

2011-06-23 <fumiyas at OSS Technology Corp., Japan>
	* Add shadowAccount parameter in smbldap.conf to control whether
	  to treat shadowAccount objectclass and attributes or not

2011-06-22 <fumiyas at OSS Technology Corp., Japan>
	* Introduce autoconf (configure.in, Makefile.in and so on)

2011-06-14 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-passwd: Do not use permuted -s option for the smbpasswd(1)
	  command-line because the plain-old getopt(3) does not support it

2011-05-28 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm: Add read_password() to avoid `stty -echo` hacks
	* Use /usr/sbin/nscd -i instead of /etc/init.d/nscd

2011-05-24 <fumiyas at OSS Technology Corp., Japan>
	* smbldap-populate, smbldap_tools.pm: Use /nonexistent instead
	  of /dev/null for guest's and computer's homeDirectory

2011-03-09 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm: Use Encode instead of Unicode::MapUTF8

2011-02-23 <fumiyas at OSS Technology Corp., Japan>
	* smbldap_tools.pm:
	  - get_next_id: Use getgrgid() for GID number
	  - read_parameter: Use lexically-scoped variable $line
	    instead of global $_
	  - read_user_human_readable: Use UTF-8 flaged string and
	    \P{IsPrint} to check if an LDAP attribute has non-printable
	    characters or not
	* smbldap-populate: Fix wrong sambaGroupType values for local groups
	* Replace bare "smbpasswd" with "$config{smbpasswd}"
	* smbldap-useradd: Add -h (--no-dereference) option to the
	  chown(1) command-line
	* smbldap-useradd: Extend -Z (--attr) option to take multiple
	  -Z options
	* smbldap-usermod: Set sambaPwdLastSet to the current time
	  if "-B 0" is used (for Samba 3.0.25 and later)
	* smbldap-usermod: Extend -Z (--attr) option:
	  - Take multiple -Z options
	  - Append a value to a multi-value attribute by -Z +name=value
	  - Remove a value from a multi-value attribute by -Z -name=value
	  - Remove a attribte by -Z -name

2010-11-15 <mm@FreeBSD.org>
	* smbldap-useradd:
	  - fix Z option in getopt (custom LDAP attribute)
	  - drop unused L option from getopt
	  - alphabetically reorganize getopt options
	  - fix several mis-spellings and typos
	(thx to Paul Howarth <paul@city-fan.org>)
	* other utilities:
	  - alphabetically reorganize getopt and help
	* new tag 0.9.6

2010-10-21 <mm@FreeBSD.org>
	* new tool: smbldap-grouplist (list LDAP groups)
	* smbldap-useradd, smbldap-usershow, smbldap-usermod:
	  - change default encoding of givenName and sn to UTF-8 (bug #11717)
	  - new option: -X (input/output encoding, defaults to UTF-8)
	  - new option: -O (localMailAddress attribute)
	  - changed option: -M (now sets only mail attribute)
	  - home directory is now chowned as $userUidNumber:$userGidNumber
	    (bug #11721)
	  - use gecos as displayName if givenName and userSN not provided
	    (bug #14517)
	* smbldap-passwd:
	  - new option: -p (allow root to set password from 
	    STDIN without verification, e.g. using a pipe) (bug #11964)
	  - change userPassword, shadowLastChange and shadowMax individually
	    e.g. no shadow class or user may not have rights (bug #15052)
	* smbldap-groupmod: allow deletion of users from groups without 
	  a defined samba group SID)
	* remove references to smbldap_conf.pm

2008-04-22 <jtournier@gmail.com>
	* new tag 0.9.5

2008-04-13 <jtournier@gmail.com>
	* smbldap-useradd: new option '-W' to add a computer account with samba
	attributes (for account creation through samba, use '-w')
	* smbldap_tools.pm: added ldaps support
	* smbldap.conf: new option 'ldapSSL' for SSL support

2008-03-05 <jtournier@gmail.com>
	* smbldap-usershow: if nscd is up dans running, restart the service
	(http://gna.org/bugs/?11206)

2008-02-17 <jtournier@gmail.com>
	* smbldap-populate: remove sambaNextRid entry if ${sambaDomain} is not 
	used for ${sambaUnixIdPooldn} entry
	(sambaDomain objectclass is then not added to ${sambaUnixIdPooldn})

2008-02-15 <jtournier@gmail.com>
	* smbldap-usermod: if "-I" is used, set sambaPwdLastSet to the current 
	time
	* smbldap-useradd: if '-k /etc/skel" is used, /etc/skel content is now 
	correctly copied to home directory

2007-12-18 <jtournier@gmail.com>
	* smbldap-usermod, smbldap-passwd (smbldap-passwd is asked by 
	smbldap-useradd): if "-B 1" is used, set sambaPwdLastSet to 0
	(https://gna.org/support/?1828)

2007-12-17 <jtournier@gmail.com>
	* smbldap-usermod, smbldap-useradd: new -Z option to add custom LDAP
	attributes

2007-11-26 <jtournier@gmail.com>
	* smbldap-groupadd: added sncd status and restart service after
	applying modifications
	(https://gna.org/bugs/index.php?10313)

	* smbldap-passwd: unix password not updated if maxPasswordAge not
	defined in smbldap.Conf => added control test
	(https://gna.org/bugs/?10230)

	* smbldap-usershow: new -h option to print dates in human-readable form
	(https://gna.org/bugs/?10231)

2007-11-23 <jtournier@gmail.com>
	* smbldap-usermod: fixes and enhancements relative to expirations dates
	(https://gna.org/bugs/?10229)

2007-10-30 <jtournier@gmail.com>
	* smbldap_tools.pm (read_user): do not print binary data in
	smbldap-usershow
	(https://gna.org/bugs/?10228)

2007-09-17 <jtournier@gmail.com>
	* new tag 0.9.4

2007-09-17 <jtournier@gmail.com>
	* smbldap-usermod and smbldap-useradd: displayName attribute default to
	username or use the information given with the -S and -N options. 
	(RFC 2256 & RFC 2798).
	* update sambaPrimaryGroupSID if '-g' option is used
	Thanks to Christoph Szeppek <szeppek@ida.ing.tu-bs.de> for his patch.

2007-09-05 <jtournier@gmail.com>
	* smbldap-userlist (print_user): print also shadowMax attribute value

2007-08-07 <jtournier@gmail.com>
	* smbldap-usermod: allow renaming of computers account

2007-08-01 <jtournier@gmail.com>
	* smbldap-usermod: cn was updated to null string (if -N or -S are not 
	used.) which causes a failed ldap modification

2007-07-19 <jtournier@gmail.com>
	* new tag 0.9.3
	
2007-07-13 <jtournier@gmail.com>
	* smbldap-userinfo (exist_in_tab;): print also Samba Password Last Set,
	Samba Password Must Change and Samba Flags

	* smbldap-userlist (exist_in_tab;): only root can show all users
	informations. If used as standard user, only print personnal
	informations

2007-07-10 <jtournier@gmail.com>

	* smbldap-populate: new option '-r' to specify the first rid available
	for users and groups creation (default is 1000)

2007-07-06 <jtournier@gmail.com>

	* smbldap_tools.pm (add_posix_machine): add only 'top', 'account',
	'posixAccount' objectclass for computers account

	* smbldap_tools.pm (get_next_id($$)): look if the id or gid is not
	already used in /etc/passwd or /etc/group. Check the next one if so.

	* smbldap_tools.pm (delete_user): print error message if deleting
	user failed

2007-07-05 <jtournier@gmail.com>

	* smbldap-userlist: new script that list all account properties
	(expiration, status,...)

2007-07-04 <jtournier@gmail.com>

	* smbldap-passwd (make_salt): update shadowMax
	(to $config{defaultMaxPasswordAge}) entry if script used with root 
	priviledge

	* smbldap_tools.pm (add_posix_machine): when creating a computer
	account, just set the 'top', 'account' and 'posixAccount' objectclass

	* smbldap_tools.pm (parse_group): same as below: replace getgrgid() by
	an ldap querie

	* smbldap-groupmod: replace the call of getgrnam() with an ldap search
	because getgrnam() can't return the group gidNumber in case the script
	is executed from a server where ldap auth is not set
	(tnx to Konstantin Munning)

2007-07-03 <jtournier@gmail.com>

	* smbldap-useradd: using the userName instead of uidNumber in
	"chown ... $userHomeDirectory" because $userUidNumber is linked to user
	which has a different uidNumber in case of use numeric-only username
	(thx to Francesco Malvezzi)
	
	* smbldap-useradd: if -B option is used, called smbldap-passwd with -B
	option (without -B option in smbldap-passwd, this command was 
	overwritten sambaPwdMustChange sambaPwdLastSet and sambaAcctFlags just 
	after being updated with smbldap-usermod)

	* smbldap-passwd: new option -B to force user to change Samba password
	(and then also unix) at next connection

2007-07-02 <jtournier@gmail.com>

	* smbldap-migrate-pwdump-accounts: make the ldap connection before
	trying to modify any entry

	* smbldap-migrate-pwdump-accounts and smbldap-migrate-pwdump-groups: 
	added "PATH=/sbin:/usr/sbin:/usr/local/sbin:/opt/IDEALX/sbin/" before
	calling smbldap-useradd

	* smbldap-userinfo: new option -l to list user properties and specially
	password aging informations

	* smbldap-usermod: new options --shadowExpire --shadowMax --shadowMin
	and --shadowWarning related to password aging

	* smbldap-usermod: new options -L and -U to lock/unlock shadow account
	(thx to Pierluigi Miranda <Pierluigi.Miranda@agecontrol.it>)

	* smbldap-passwd: sambaPwdLastSet attribute is updated whend changing
	password

	* smbldap-usermod: if -o was used, script must not exit if uid already
	exist

	* smbldap_tool.pm: in function connect_ldap_slave, bind parameters to
	contact the master server (if slave is not available) must be 
	$config{masterDn} and $config{masterPw}

2007-06-27 <jtournier@gmail.com>

	* smbldap-tools.spec: added man pages
	
	* smbldap-useradd: update -o option to allow specify a node like
	'-o ou=admin,ou=all'
	
	* smbldap-tools.pm: be more verbose if ldap_bind failed
	(thx to tarjei <tarjei@nu.no>)
	
	* smbldap-useradd: be more berbose if problem searching next uid in 
	$config{sambaUnixIdPooldn} 
	(thx to Goneri Le Boude <goneri@rulezlan.org>)

2006-01-13 <jtournier@gmail.com>

	* UTF8 support in smbldap-usermod for option -N
	
2006-01-03
	. new tag (v0-9-2 for rpm version 0.9.2)

2005-10-31
	. Option 'P' to set password was not possible in smbldap-useradd when
	usernames contained space character
	. smbldap-populate and smbldap_tools.pm: classes hierarchical is 
	specified completly to avoid problem with others directories then 
	OpenLDAP.
	. smbldap-useradd: users are not added to group if the group is their 
	primary one
	. smbldap-useradd and smbldap_tools: new function is_nonldap_unix_user
	to allow adding non ldap users to group. This is typically used to add 
	users from a trusted domains (winbind)
	. when adding trusted account (smbldap-useraddd -i) '$' caracter is
	added to the name if not present
	. if with_smbpasswd="1", we let samba adding the sambaPrimaryGroupSID 
	entry
	. smbldap-passwd: new option -s and -u to only update samba password or
	unix password
	. smbldap-passwd: regular users can change their passwords when TLS is
	forced
	. parsing smb.conf is correct if parameters are defined in several
	lines (using \ caracter)
	. automatic creation of the OU of a new user if it does not exist
	(smbldap-useradd -o ou=xxx).  The new OU must me relative to the 
	$config{usersdn} parameter

2005-07-12
	. sambaPrimaryGroupSID for samba users is set to DOMAIN_SID-513,
	whatever is the defaultUserGid parameter value defined in smbldap.conf

2005-06-07
	. sambaBadPasswordCount is set to 0 when using smbldap-passwd
	. update for respect with RFC 2256:
	  sn <-> nom (option S)
	  givenName <-> prenom (option N)
	  cn <-> person's full name
	. UTF8 support for givenName (option N) and sn (option S)

2005-05-26: new tag (v0-9-1 for rpm version 0.9.1)
	. bugs correction and updates in configure.pl

2005-05-17: new tag (v0-9-0 for rpm version 0.9.0)

2005-05-16
	. update release version 0.9.0 for synchronisation with examples
	  of the "Samba3 by examples" book of John H Terpstra.
	. default configuration files for the smbldap-tools can be place in
	  /etc/opt/IDEALX/smbldap-tools or /etc/smbldap-tools/
	. default configuration file for samba can be /etc/samba/smb.conf or
	  /usr/local/samba/lib/smb.conf
	. new parameter userHomeDirectoryMode in smbldap.conf to set the
	  default directory mode used for user's homeDirectory
	. enhancements and fixes in configure.pl

2005-04-27
	. error in group type documentation in smbldap-groupadd

2005-04-17
	. warnings was displayed when samba configuraton file (smb.conf) had
	  single quotes in parameters definition
	  (thanks to Tom Burkart <samba@aussec.com>)
	. 'idmapdn' is now also optional in smbldap.conf (if needed and defined
	  in smb.conf)

2005-04-03: new tag (v0-8-8 for rpm version 0.8.8)

2005-03-09
	. Four more options are now optional in smbldap.conf.
	  Default values are:
	  > slaveLDAP="127.0.0.1"
	  > slavePort="389"
	  > masterLDAP="127.0.0.1"
	  > masterPort="389"
	  > ldapTLS="0"
	. the following suffix can be used with the smbldap-tools:
	  > suffix="dc=dpt,dc=idealx,dc=org", suffix="dc=idealx,dc=org" or
	  suffix="dc=idealx"
	. update to smbldap-populate:
	    . administrator account is now called 'root'
	    . default uidNumber for root is set to 0
	    . default rid for root is set to 500
	    . default gidNumber for administrator is set to 0
	  uidNumber and gidNumber can be changed with option -k and -m
2005-03-08
	. Four parameters in smbldap.conf are now optional:
	  'suffix', 'usersdn', 'computersdn' and 'groupsdn'
	  If those parameters are not set, they are respectivly taken from
	  the following parameters in smb.conf :
	  'ldap suffix', 'ldap user suffix', 'ldap machine suffix' and
	  'ldap group suffix'
	. renaming two files:
	  $ mv smbldap-migrate-accounts smbldap-migrate-pwdump-accounts 
	  $ mv smbldap-migrate-groups smbldap-migrate-pwdump-groups
2005-02-26
	. New option '-t time' to smbldap-useradd: wait <time> seconds before
	  exiting script when adding computer's account. This is useful when
	  Master/PDC and Slaves/BDCs are connected through the internet
	  (replication is not real time).
	  The Samba smb.conf configuration file should then look like this :
	  > add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 30 -w "%u"
	  This options can only be used with the -w to add computers's account.
	  bug report: https://bugzilla.samba.org/show_bug.cgi?id=2384
	. three parameters are now optional in smbldap.conf
	  . 'sambaUnixIdPooldn': If not defined, next uidNumber and gidNumber
	    available for new users and groups are stored in sambaDomainName
	    object
	  . 'SID': If not defined, parameter is taking from "net getlocalsid"
	    return
	  . 'sambaDomain': If not defined, parameter is taking from smb.conf
	    configuration file
	. add 'sambaDomain' parameter in smbldap.conf. If not defined
	  'workgroup' parameter in smb.conf is used

2005-02-13: new tag (v0-8-7 for rpm version 0.8.7)
	. update smbldap-populate: check previously if entries exist. If the
	  sambaDomain entry already exist when using smbldap-populate, we just
	  modify it to add the sambaUnixIdPool objectclass which store the
	  first uidNumber and gidNumber available.
	. update connection procedure to the directory in smbldap-passwd
	. new script smbldap-userinfo from Pawel Wieleba to allow people update
	  their own informations like telephoneNumber, name and some others
	  (need proper ACL in ldap configuration)
	. new migration scripts from Pawel Wieleba
	  smbldap-migrate-unix-accounts and smbldap-migrate-unix-groups to help
	  migrating users and groups defined in /etc/passwd
	  (and/or /etc/shadow) and /etc/group.

2005-01-29
	. bug in smbldap-populate: the -b option (guest login name) was broken
	. new option '-k' and '-l' to smbldap-populate to defined the uidNumber
	  of administrator and guest accounts
	. group "Account Operators" is now created with smbldap-populate
	. Administrator account does not need anymore uidNumber=0 (using 998)
	. update in smbldap-populate and smbldap.conf:
	  . next uidNumber and gidNumber available for new users and new groups
	    are now stored in the sambaDomainName object. This allow the
	    sambaUnixIdPooldn to not been viewed as a real user under IMC
	    (http://www.idealx.org/prj/imc/) sambaUnixIdPooldn in configuration
	    file smbldap.conf must look like:
	    > sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
	  . the sambaDomainName is determine by 
	    - the sambaUnixIdPooldn parameter of smbldap.conf, or
	    - the workgroup parameter of smb.conf if sambaUnixIdPooldn
	      is not a sambaDomainName object
	. patch to smbldap-useradd: $modify->code was executed even if no
	  modification was required, this can cause error mesage with some ldap
	  directory.
	. small typo corrections

2005-16-01: new tag (v0-8-6 for rpm version 0.8.6)

2005-06-01:
	. new location /opt/IDEALX and /etc/opt/IDEALX/ (instead of /usr/local
	  and /etc) to conform to FHS/LSB
	. update typo correction in documentation
	. patch to smbldap-passwd from
	  Pawel Wieleba <wielebap@volt.iem.pw.edu.pl>, see:
	  www.iem.pw.edu.pl/~wielebap/ldap/smbldap-tools/smbldap-tools_doc.pdf
	  . use of slappasswd was insecure as external program. Now slappasswd
	    is run in a child process and shell is not used
	  . it is now possible to not use slappasswd but perl module only
	  . new parameter 'with_slappasswd' in smbldap.conf to allow not use
	    'slappasswd' but perl module only
	. new option '-r' to smbldap-usermod for renaming a user. Exemple:
	  $ smbldap-usermod -d /home/new_user -r new_user old_user

2004-10-28: new tag (v0-8-5-3 for rpm version 0.8.5-3)

2004-10-07:
	. smbldap-useradd: set sambaPwdLastSet to the current date, and
	  sambaPwdMustChange to 2147483647 for trust account to work
	. patch from Quentin Delance <quentin.delance@insalien.org>:
	  added test to not being able to remove primary group of a user

2004-08-29: new tag (v0-8-5-2 for rpm version 0.8.5-2)
	. small corrections
	. computer's account have the 'gecos' attribute set to 'computer':
	  computers may not join the domain if this attribute is not defined
	  (thanks to "Dominik 'Rathann' Mierzejewski")

2004-06-25:
	. patch to smbldap_tools.pm: the 'search' to sambaUnixIdPool
	  objectclass is done directly to the object defined in the
	  configuration file (sambaUnixIdPooldn="..."). This allow to have more
	  then one object having the sambaUnixIdPool objectclass.
	. patch smbldap-useradd. The -P and -T options had no effect if the -a
	  was not used.
	. update configure.pl

2004-06-21:
	. new '-o' option in smbldap-useradd to set the organizatinal unit
	  where the account will be created. It is relative of the user suffix
	  dn ($usersdn) defined in the configuration file

2004-06-17: new tag (v0-8-5-1 for rpm version 0.8.5-1)
	. update documentation

2004-05-25:
	. patch to smbldap-populate:
	  fix sambaSID and sambaGroupType error for builtin groups
	. new entry in /etc/smbldap-tools/smbldap.conf for idmap ou:
	  > idmapdn="ou=Idmap,${suffix}"

2004-05-10:
	. patch from Ross Becker <ross@rbecker.org> :
	  new option in smbldap.conf to set the salt format if CRYPT hash is
	  used.
	. add a check to see if STDIN is connected to tty by using if
	  (-t STDIN) ...
	  This allow the unsecure use of
	  "echo -e 'password\npassword' | smbldap-passwd jto"

2004-04-30:
	. patch for smbldap-useradd and smbldap-groupadd: next uidNumber and
	  gidNumber available are now stored in cn=NextFreeUnixId
	  WARNING:
	  . when upgrading, you need to create the new object manually
	    (see INSTALL file)
	  . this object's name is defined in /etc/smbldap-tools/smbldap.conf
	    you can defined another name as desired, for example:
	    > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"

2004-04-07:
	. patch from Emmanuel Lacour <elacour@home-dn.net> :
	  no more use of mkntpwd, use of Crypt::SmbHash perl module instead

2004-04-04:
	. patchs from Alexander Bergolth <leo@strike.wu-wien.ac.at> :
	  . variable substitution to the config-file parser.
	    This new feature allows configurations like that
	      > suffix="dc=idealx,dc=com"
	      > usersdn="ou=Users,${suffix}"
	    Username substitution is done via %U:
	      > userHome="/home/%U"
            ==> smbldap.conf file can now use the samba %U definition
	  . change in smbldap-userdel refuses deleting a home directory that
	    doesn't contain the username, more precisely that doesn't look like
	    /^\/.+\/(.*)$user/
	    This avoids deleting-disasters when the homeDirectory attribute is
	    erroneous set to a wrong value like "/" or "/home".
	  . adds mail-forwarding and mail-alias capabilities (for use by MTAs
	    like sendmail or postfix). Two new options "-M" and "-T" allow 
	    specifying mail-aliases and mail-forward addresses in 
	    smbldap-useradd and smbldap-usermod. If those options are used, the
	    objectclass "inetLocalMailRecipient" is used
	  . patch to allows adding new mail-aliases (-M), mail-forward
	    addresses (-T) or supplementary groups (-G) without overwriting the
	    existing ones using a syntax like
	    smbldap-usermod -G +wheel testuser
	    Removing only the specified attributes without deleting all of them
	    works the same way using a syntax like
	    smbldap-usermod -G -wheel testuser
	  . patch that fixes a small problem when using userHomeDrive without
	    the ":" symbol
	. test if a user is unique in get_homedir function. Replace the regular
	  expression that check the homeDirectory attribute's value with the
	  exact query response.

2004-03-05:
	. add the displayName attribut when using 'smbldap-groupadd -a'
	. update smbldap-populate (set the username for the guest account and
	  the administrative account in sambaProfilePath instead of $adminName
	  and $guestName)

2004-03-01:
	. update smbldap-populate to allow setting userHomeDrive="" in
	  configuration file

2004-02-22:
	. it is now possible to delete the following entries with
	smbldap-usermod:
	  sambaHomePath (option -C), sambaHomeDrive (option -D)
	  sambaLogonScript (option -E) and sambaProfilePath (option -F)
	  ex: smbldap-usermod -C "" user
	. update documentation

2004-02-07: new tag v0-8-4
	. include documentation in smbldap-tools.spec file

2004-01-22:
	. config.pl: usersdn, groupsdn and computersdn was not updated
	. config.pl: empty value can be set with the "." caracter

2004-01-19:
	. certificates for TLS support can now be declared in the smbldap.conf
	  configuration file. 4 new options: verify, cafile, clientcert and
	  clientkey

2004-01-17:
	. remove OpenLDAP requirement in smbldap-tools spec file as the LDAP
	  server can be on another computer

2004-01-14:
	. patch to smbldap-populate to not take into account attributes that
	  has a null definition in smbldap.conf
	  (sambaProfilePath and sambaHomePath)

2004-01-10:
	. shadowAccount objectclass added for users account (needed for users
	  on Solaris system to authenticate)
	. configuration is now split in two files
	  > smbldap.conf : globals parameters
	  > smbldap_bind.conf: connection parameters to the directory
	. patch in smbldap-password that allow users to use this script
	  to change their own passwords

2003-12-29:
	. new script configure.pl to help setting up the smbldap_conf.pl file
	. bug: smbldap_conf.pm now allow to set _userSmbHome and _userProfile
	  to a null string to disable homedirectory and roaming profiles

2003-12-19:
	. new option '-i' to smbldap-useradd to create a trust account
	  (domain membership)
	. rename all scripts: remove the '.pl' 

2003-12-11:
	. new option '-i' to smbldap-populate to import an ldif file
	. new option '-e' to smbldap-populate to export an ldif file

2003-11-18: new tag v0-8-2
	. new option '-a' to smbldap-usermod.pl that allow adding the
	  sambaSAMAccount objectclass to an existing posixAccount

2003-11-07:
	. patch that allow adding user to a group when the group is
	  in a higher level depth then ou=Groups
	  (for example, ou=grp1,ou=Groups,...)
        . check the unicity of a group when adding/removing a user to this group
2003-10-28:
	. new option '-p' in smbldap-groupadd.pl to 'print' the gidNumber
	  of the group to STDOUT. This is needed by samba (see the man page)

2003-10-19:
	. new function does_sid_exist that check if samaSID sttribute is
	  already defined for another use or another group

2003-10-13:
	. smbldap-populate.pl now also add the group mapping

2003-10-01: new tag v0-8-1
        . one can now comment the two directives '$_userSmbHome' and
	  '$_userProfile' if you want to use the smb.conf directives instead
	  ('logon home' and 'logon path' respectively), or if you want to
	  desable roaming profiles
	. Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>: the
	  sambaPrimaryGroupSID of a user is now set to the sambaSID of his
	  primary group

2003-09-29:
	. added new option '$_defaultMaxPasswordAge' in smbldap_conf.pm to
	  specifie how long a password is valid
	. The '-B' option was not always valid: to force a user to change his
	  password:
	  . the attribut sambaPwdLastSet must be != 0
	  . the attribut sambaAcctFlags must not match the 'X' flag
	. logon script is set (for every one) to the default '_userScript'
	  value if it is defined 
	. Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>:
	  gid-sid group mapping to smbldap-groupadd.pl and smbldap-groupmod.pl

2003-09-19: Patch from Marc Schoechlin <ms@LF.net>
	. load the perl-modules without setting environment-variables or making
	  symlinks

2003-09-18: Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>
	. options "-u", "-g", "-s" and "-c" are now functionnal
	. the existence of samba account was made on sambaAccount and
	  not sambaSAMAccount as it should be for samba3
	. new function read_user_entry to smbldap_tools.pm that returns
	  a Net::LDAP:Entry object of the user
	. Use this object to get the dn and user attributes instead of
	  producing an ldif and searching for attributes within that ldif

2003-09-15:
	. change machine account creation to not add the sambaSAMAccount
	  objectclass. It is now added directly by samba when joigning
	  the domain
	. new option in smbldap-usermod.pl: '-e' to set an expire date
	. Start_tls support activated when ldapSSL is set to 1
	. Net::LDAP support more scripts
	. bugs correction

2003-09-02:
	. sambaPwdLastSet is updated when smbldap-passwd.pl is used
	. add a function is_group_member to test the existence of a
	  user in a particular group
	. add a function is_unix_user to test if a particular user exist
	. Net::LDAP support more scripts

2003-08-15:
	. Samba3.0 support

2003-08-01:
	. Final version for samba 2.2.8a (cvs tag SAMBA-2-2-8a-FINAL)
	. OpenLDAP 2.1 support (only one structural objectclass allowed)

2002-07-24: top and account objectclasses replaced with inetorgperson

2002-06-03: notes to webmin.idealx.org (idxldapaccounts)

2002-06-01: release 0.7. tested with 2.2.4

2002-05-31: fixed smbldap-populate compliance to smbldap_conf 
            cleaned up smbldap_conf to be more readable 
            some more documentation
            bugfixes on smbldap-passwd and smbldap-populate

2002-05-16: modified default mode on homes: now 700

2002-05-13: fixed spec (relocation and reqs)

2002-03-02: fixed 2.2.3 sambaAccount bug with smbldap-useradd.pl
              (rid is now mandatory in the sambaAccount objectClass)

2002-02-14: just modified default populate for Administrator

2002-02-05: release 0.6. enable/disable user in usermod

2002-02-04: release 0.5. added smbldap-migrate-groups to migrate NT groups
            from a net group dump. added samba parameters to smbldap-useradd
            and smbldap-usermod.

2002-01-12: added smbldap-migrate-accounts to migrate users/machines
            accounts from a PWDUMP dump

2001-12-13: added smbldap-populate to create the initial base

2001-12-13: initial release 0.1

2001-12-12: fixed the SPEC file for RedHat

2001-12-03: cleaned the code and use strict;

2001-11-20: initial needs (for testing purpose on Samba-2.2.2 an Samba-TNG)