From: Robert Lowe (Robert.H.Lowe@lawrence.edu)
Date: Fri Sep 05 2003 - 15:22:42 CDT
Hi all!
There have been a number of small issues that have been discussed in
recent weeks here that I've rolled into a new kit, along with a couple
of enhancements. An excerpt from the release notes showing changes
from the last kit is shown below. The folks from Southwestern will
likely post a note when the new kit is in the contrib branch of the
ftp site. The new LDAP auth method may require a bit more explaining,
so if you are interested in using that, and something is not quite
clear, let me know.
Thanks to a number of you for nudging me, and especially again to
Michael King whose contributions have gone above and beyond!
-Robert
Fixes:
** register.cgi
. Strip out domain names entered along with usernames
(Reported 9/3/2003 by John Crowley/jcrowley@wolf.smith.edu)
. Strip out all "bad" characters from username; these include
anything but alphanumeric characters, hyphen (-) or the
underscore (_). Those who allow apostrophes in usernames
will have to make a small change, plus add code elsewhere
to strip it out of the hostname written to the dhcpd.conf.new
file, e.g. Robert Morse at Brown (Robert_Morse@brown.edu).
** admin.cgi
. Fix sort order of subnets in subnet overview.
Problem reported by Steve Hess at Wheaton College on 8/8/03.
. Simplify a few regexp's (Jason Rust)
Enhancements:
. File locking added for writes
- Updates to dhcpd.conf.new request exclusive locks on the
file. This includes both the registration process, and
the delete entry feature in the admin interface. This
was one of the first things added to the beta NetReg2 code,
and really should have been here long ago. Michael King
added new encouragement!
. LDAP authentication method in register.cgi
- Allows specification of multiple LDAP servers
- Randomly selects servers to try to create some load-balancing
- Can specify a timeout period for connection attempts so failover
can take place, if one or more servers are unavailable
- May use non-anonymous bindings to search for user's dn. This
could be important if you have users in a restricting branch
of your LDAP DIT for FERPA compliance, for example.
- May use an LDAP user that uses pass-thru authentication, e.g.
Sun Directory Server.
- In conjunction with pass-thru authentication, portions of the
DIT may be re-mapped to match the DIT of the authenticating
server. Again, this may be important if you have a protected
branch of your DIT that is not represented identically in the
authenticating server, e.g. ADS.
- May use Microsoft's Active Directory Servers, or standard LDAP
servers. For ADS, no LDAP search for the user's dn is necessary
since users may be authenticated using the user@FQDN form.
********************************************************************
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:40 CDT