* Sat Dec 21 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme

- fix use of passwd command when ldap auth enabled [SME: 6453]
- delete spool file only if exists to avoid error [SME: 12763]

.gitignore

@@ -2,3 +2,4 @@
 *.log
 *spec-20*
 *.tar.xz
+*.bak

README.md

@@ -6,7 +6,14 @@ SMEServer Koozali developed git repo for smeserver-base smeserver
 <br />https://wiki.koozali.org/
 
 ## Bugzilla
-Show list of outstanding bugs: [here](https://bugs.koozali.org/buglist.cgi?component=smeserver-base&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)\
+Show list of outstanding bugs:
+[All](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=NEEDINFO&bug_status=IN_PROGRESS&bug_status=RESOLVED&bug_status=VERIFIED&cf_package=smeserver-base&classification=SME+Server&list_id=105756&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Confirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=CONFIRMED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Unconfirmed](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=UNCONFIRMED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Need info](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=NEEDINFO&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[In progress](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=IN_PROGRESS&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Resolved](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=RESOLVED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)  
+[Verified](https://bugs.koozali.org/buglist.cgi?action=wrap&bug_status=VERIFIED&cf_package=smeserver-base&classification=SME+Server&order=changeddate+DESC%2Ccomponent%2Cpriority%2Cbug_severity&query_format=advanced)
 And a list of outstanding Legacy bugs: (e-smith-base) [here](https://bugs.koozali.org/buglist.cgi?component=e-smith-base&product=SME%20Server%2010.X&query_format=advanced&limit=0&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=CONFIRMED)
 
 ## Description

additional/CVS/Entries

@@ -1 +0,0 @@
-D

additional/CVS/Repository

@@ -1 +0,0 @@
-rpms/e-smith-base/sme10/e-smith-base-5.8.0

additional/CVS/Root

@@ -1 +0,0 @@
-:ext:jpp@shell.koozali.org:/cvs/smeserver

additional/createlinks.orig

@@ -1,672 +0,0 @@
-#!/usr/bin/perl -w
-
-use esmith::Build::CreateLinks  qw(:all);
-
-templates2events("/etc/sysconfig/i18n", qw(post-install post-upgrade e-smith-base-update));
-
-templates2events("/etc/selinux/config", qw(post-install post-upgrade e-smith-base-update));
-
-# give the correct configuration file of dhcpd.conf 
-templates2events("/etc/dhcp/dhcpd.conf", qw(bootstrap-console-save e-smith-base-update));
-
-# ppp-conf-users
-
-foreach (qw(pap-secrets chap-secrets))
-{
-    templates2events("/etc/ppp/$_", qw(
-	    bootstrap-console-save
-	    console-save
-	    remoteaccess-update
-	    e-smith-base-update));
-}
-
-foreach (qw(
-	/var/service/wan/pppoe.pppd.conf
-	/var/service/wan/run.pppoe.conf
-	/etc/ppp/ip-down.local
-	/etc/ppp/ip-up.local
-    ))
-{
-    templates2events("$_", qw(
-	console-save
-	bootstrap-console-save
-	e-smith-base-update
-	));
-}
-
-safe_symlink("daemontools", "root/etc/rc.d/init.d/wan");
-service_link_enhanced("wan", "S37", "7");
-service_link_enhanced("wan", "K90", "6");
-service_link_enhanced("wan", "K90", "0");
-service_link_enhanced("wan", "K90", "1");
-
-# conf-dialup
-foreach (qw(
-    /etc/sysconfig/network-scripts/ifcfg-ppp0
-    /etc/sysconfig/network-scripts/chat-ppp0
-    /etc/ppp/ip-up.local
-    /etc/ppp/ip-down.local
-    /etc/diald.conf
-    /etc/diald.filter
-    /etc/diald/link
-    /var/service/ippp/config
-    /etc/ppp/ioptions
-    ))
-{
-    templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
-}
-
-# conf-networking
-
-foreach (qw(
-    /etc/sysconfig/network-scripts/ifcfg-bond0
-    /etc/modprobe.d/bonding.conf
-    /etc/sysconfig/network
-    /etc/nsswitch.conf
-    /etc/HOSTNAME
-    /etc/hosts
-    /etc/resolv.conf
-    /etc/sysctl.conf
-    /var/service/wan/dhclient.config
-    ))
-{
-    templates2events($_, qw(console-save bootstrap-console-save e-smith-base-update));
-}
-event_link("update-ifcfg", "console-save", "05");
-event_link("update-ifcfg", "bootstrap-console-save", "05");
-
-# conf-other
-
-templates2events("/etc/crontab",  qw(
-	console-save
-	bootstrap-console-save
-	post-install
-	post-upgrade
-	email-update
-	logrotate
-	e-smith-base-update
-	));
-templates2events("/etc/mime.types",  qw(
-	console-save
-	bootstrap-console-save
-	post-install
-	post-upgrade
-	email-update
-	logrotate
-	e-smith-base-update
-	));
-templates2events("/etc/sysconfig/rsyslog",  qw(
-	console-save
-	bootstrap-console-save
-	post-install
-	post-upgrade
-	email-update
-	logrotate
-	e-smith-base-update
-	));
-templates2events("/etc/rsyslog.conf",  qw(
-	console-save
-	bootstrap-console-save
-	post-install
-	post-upgrade
-	email-update
-	logrotate
-	e-smith-base-update
-	));
-templates2events("/etc/updatedb.conf", qw(
-	bootstrap-console-save
-	e-smith-base-update
-));
-templates2events("/etc/openssl.conf",  qw(
-        console-save
-        bootstrap-console-save
-        post-install
-        post-upgrade
-	domain-create
-	domain-delete
-	network-create
-	network-delete
-        ip-change
-	e-smith-base-update
-        ));
-
-# conf-routes
-event_link("update-ifcfg", "network-create", "05");
-event_link("update-ifcfg", "network-delete", "05");
-
-# conf-security
-
-templates2events("/etc/securetty", qw(
-	console-save
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	ibay-modify
-	ibay-modify-servers
-	network-create
-	network-delete
-	ip-change
-	email-update
-	remoteaccess-update
-	e-smith-base-update
-	));
-templates2events("/etc/services", qw(
-	console-save
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	ibay-modify
-	ibay-modify-servers
-	network-create
-	network-delete
-	ip-change
-	email-update
-	remoteaccess-update
-	e-smith-base-update
-	));
-templates2events("/etc/shells", qw(
-	console-save
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	ibay-modify
-	ibay-modify-servers
-	network-create
-	network-delete
-	ip-change
-	email-update
-	remoteaccess-update
-	e-smith-base-update
-	));
-templates2events("/etc/hosts.deny", qw(
-	console-save
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	ibay-modify
-	ibay-modify-servers
-	network-create
-	network-delete
-	ip-change
-	email-update
-	remoteaccess-update
-	e-smith-base-update
-	));
-templates2events("/etc/hosts.allow", qw(
-	console-save
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	ibay-modify
-	ibay-modify-servers
-	network-create
-	network-delete
-	ip-change
-	email-update
-	remoteaccess-update
-	e-smith-base-update
-	));
-foreach my $file (qw(
-        /etc/pam.d/login
-	/etc/pam.d/system-auth
-	/etc/pam.d/passwd
-	/etc/pam.d/pwauth
-	/etc/pam_ldap.conf
-	/etc/pam_ldap.secret
-	/etc/security/pam_abl.conf
-    ))
-{
-    templates2events($file, qw(console-save bootstrap-console-save e-smith-base-update));
-}
-
-foreach (qw(
-       /etc/cpu.conf
-       /etc/cpu-system.conf
-    ))
-{
-    templates2events("$_", qw(
-	post-upgrade
-	console-save
-	bootstrap-console-save
-	ldap-update
-	e-smith-base-update
-	));
-}
-
-# conf-userlists
-
-foreach (qw(users.allow accounts.allow accounts.deny))
-{
-    templates2events("/etc/e-smith/pam/$_", qw(
-	bootstrap-console-save
-	ibay-create
-	ibay-delete
-	user-create
-	user-delete
-	password-modify
-	e-smith-base-update
-	));
-}
-
-# fstab-conf
-
-templates2events("/etc/fstab", qw(post-install post-upgrade e-smith-base-update));
-
-# init-conf
-
-templates2events("/etc/inittab", qw(
-	console-save
-	bootstrap-console-save
-	post-install
-	post-upgrade
-	remoteaccess-update
-	e-smith-base-update
-	));
-
-# lynx-conf
-
-templates2events("/etc/lynx.cfg", qw(console-save bootstrap-console-save e-smith-base-update));
-templates2events("/etc/elinks.conf", qw(bootstrap-console-save e-smith-base-update));
-
-#
-# Set up generic logfile timestamp renaming/symlinking
-
-foreach (qw(
-    /var/log/messages
-    /var/log/boot.log
-    /var/log/secure
-    /var/log/cron
-    /var/log/spooler
-    /var/log/maillog
-    ))
-{
-    safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
-    safe_touch "root/etc/e-smith/events/post-install/logfiles2timestamp/$_";
-    safe_touch "root/etc/e-smith/events/post-upgrade/logfiles2timestamp/$_";
-    safe_touch "root/etc/e-smith/events/e-smith-base-update/logfiles2timestamp/$_";
-}
-
-#--------------------------------------------------
-# functions for manager panel
-#--------------------------------------------------
-my $panel = "manager";
-
-panel_link("groups", $panel);
-panel_link("localnetworks", $panel);
-panel_link("online-manual", $panel);
-panel_link("reboot", $panel);
-panel_link("remoteaccess", $panel);
-panel_link("review", $panel);
-panel_link("useraccounts", $panel);
-
-#--------------------------------------------------
-# actions for e-smith-base-update event
-#--------------------------------------------------
-my $event = "e-smith-base-update";
-
-
-templates2events("/etc/smartd.conf", $event);
-templates2events("/home/e-smith/ssl.pem/pem", $event);
-event_link("fix-startup", $event, "05");
-event_link("rotate_timestamped_logfiles", $event, "05");
-event_link("init-accounts", $event, "05");
-event_link("set-hostname", $event, "10");
-event_link("rmmod-bonding", $event, "10");
-event_link("conf-startup", $event, "10");
-event_link("user-lock-passwd", $event, "15");
-event_link("group-modify-unix", $event, "15");
-event_link("update-passwd", $event, "20");
-event_link("count-active-user-accounts", $event, "25");
-event_link("conf-modules", $event, "30");
-event_link("create-mnt-floppy", $event, "50");
-event_link("conf-routes", $event, "89");
-event_link("reset-unsavedflag", $event, "95")
-
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/wan");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond");
-
-#--------------------------------------------------
-# actions for console-save event
-#--------------------------------------------------
-my $event = "console-save";
-
-
-templates2events("/etc/smartd.conf", $event);
-templates2events("/home/e-smith/ssl.pem/pem", $event);
-event_link("set-hostname", $event, "10");
-event_link("conf-modules", $event, "30");
-event_link("conf-startup", $event, "60");
-event_link("reset-unsavedflag", $event, "95");
-
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/wan");
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
-
-#--------------------------------------------------
-# actions for bootstrap-console-save event
-#--------------------------------------------------
-$event = "bootstrap-console-save";
-
-
-templates2events("/etc/smartd.conf", $event);
-templates2events("/home/e-smith/ssl.pem/pem", $event);
-event_link("rmmod-bonding", $event, "10");
-event_link("set-hostname", $event, "10");
-event_link("conf-modules", $event, "30");
-event_link("conf-startup", $event, "60");
-event_link("conf-routes", $event, "89");
-event_link("reset-unsavedflag", $event, "95");
-
-#--------------------------------------------------
-# actions for bootstrap-ldap-save
-#--------------------------------------------------
-$event = "bootstrap-ldap-save";
-
-templates2events("/etc/nsswitch.conf", $event);
-templates2events("/etc/pam.d/system-auth", $event);
-event_link("user-lock-passwd", $event, "15");
-event_link("user-modify-unix", $event, "15");
-
-#--------------------------------------------------
-# actions for group-create event
-#--------------------------------------------------
-
-$event = "group-create";
-
-event_link("group-create-unix", $event, "04");
-
-#--------------------------------------------------
-# actions for group-delete event
-#--------------------------------------------------
-
-$event = "group-delete";
-
-event_link("group-delete-unix", $event, "15");
-
-#--------------------------------------------------
-# actions for group-modify event
-#--------------------------------------------------
-
-$event = "group-modify";
-
-event_link("group-modify-unix", $event, "15");
-
-#--------------------------------------------------
-# actions for halt event
-#--------------------------------------------------
-
-$event = "halt";
-
-event_link("halt", $event, "70");
-
-#--------------------------------------------------
-# actions for ip-change event
-#--------------------------------------------------
-
-$event = "ip-change";
-
-event_link("set-external-ip", $event, "03");
-event_link("update-dns", $event, "85");
-
-#--------------------------------------------------
-# actions for network-create event
-#--------------------------------------------------
-
-$event = "network-create";
-
-event_link("conf-routes", $event, "89");
-
-#--------------------------------------------------
-# actions for network-delete event
-#--------------------------------------------------
-
-$event = "network-delete";
-
-event_link("conf-routes", $event, "89");
-
-#--------------------------------------------------
-# actions for post-install event
-#--------------------------------------------------
-
-$event = "post-install";
-
-event_link("fix-startup", $event, "05");
-event_link("rotate_timestamped_logfiles", $event, "05");
-event_link("init-accounts", $event, "05");
-event_link("init-passwords", $event, "10");
-event_link("conf-startup", $event, "10");
-event_link("conf-modules", $event, "30");
-event_link("create-mnt-floppy", $event, "50");
-
-#--------------------------------------------------
-# actions for post-upgrade event
-#--------------------------------------------------
-
-$event = "post-upgrade";
-
-event_link("fix-startup", $event, "05");
-event_link("rotate_timestamped_logfiles", $event, "05");
-event_link("init-accounts", $event, "05");
-event_link("conf-startup", $event, "10");
-event_link("user-lock-passwd", $event, "15");
-event_link("group-modify-unix", $event, "15");
-event_link("update-passwd", $event, "20");
-event_link("count-active-user-accounts", $event, "25");
-event_link("conf-modules", $event, "30");
-event_link("create-mnt-floppy", $event, "50");
-event_link("copy-anaconda-logs", $event, "90");
-
-#--------------------------------------------------
-# actions for reboot event
-#--------------------------------------------------
-
-$event = "reboot";
-
-safe_symlink("stop", "root/etc/e-smith/events/$event/services2adjust/wan");
-event_link("reboot", $event, "99");
-
-#--------------------------------------------------
-# actions for remoteaccess-update event
-#--------------------------------------------------
-
-$event = "remoteaccess-update";
-
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/dhcpd");
-
-#--------------------------------------------------
-# actions for user-create event
-#--------------------------------------------------
-
-$event = "user-create";
-
-event_link("user-create-unix", $event, "04");
-event_link("count-active-user-accounts", $event, "25");
-event_link("user-group-modify", $event, "85");
-
-#--------------------------------------------------
-# actions for user-delete event
-#--------------------------------------------------
-
-$event = "user-delete";
-
-event_link("user-delete-groups-and-pseudonyms", $event, "02");
-event_link("user-delete-unix", $event, "15");
-event_link("initialize-default-databases", $event, "23");
-event_link("count-active-user-accounts", $event, "25");
-
-#--------------------------------------------------
-# actions for user-modify event
-#--------------------------------------------------
-
-$event = "user-modify";
-
-event_link("user-modify-unix", $event, "15");
-event_link("user-group-modify", $event, "85");
-
-$event = "user-modify-admin";
-
-event_link("user-modify-unix", $event, "15");
-
-#--------------------------------------------------
-# actions for user-lock event
-#--------------------------------------------------
-
-$event = "user-lock";
-
-event_link("user-lock-passwd", $event, "15");
-event_link("count-active-user-accounts", $event, "25");
-
-#--------------------------------------------------
-# actions for password-modify event
-#--------------------------------------------------
-
-$event = "password-modify";
-
-event_link("count-active-user-accounts", $event, "25");
-
-#--------------------------------------------------
-# actions for timeserver-update event
-#--------------------------------------------------
-
-$event = "timeserver-update";
-
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/crond");
-
-#--------------------------------------------------
-# actions for ip-up event
-#--------------------------------------------------
-
-$event = "ip-up";
-
-event_link("set-gateway-ip", $event, "55");
-
-#--------------------------------------------------
-# actions for ip-down event
-#--------------------------------------------------
-
-$event = "ip-down";
-
-event_link("isdn-down-notify", $event, "50");
-
-#--------------------------------------------------
-# actions for logrotate event
-#--------------------------------------------------
-
-$event = "logrotate";
-
-event_link("rotate_timestamped_logfiles", $event, "05");
-event_link("purge-old-logs", $event, "75");
-
-safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/rsyslog");
-
-#--------------------------------------------------
-# actions for local event
-#--------------------------------------------------
-
-$event = "local";
-
-#--------------------------------------------------
-# actions for ldap-update event
-#--------------------------------------------------
-
-$event = "ldap-update";
-
-templates2events("/home/e-smith/ssl.pem/pem", $event);
-
-#--------------------------------------------------
-# actions for ldap-update event
-#--------------------------------------------------
-
-$event = "ssl-update";
-
-templates2events("/home/e-smith/ssl.pem/pem", $event);
-
-
-#--------------------------------------------------
-# actions for email-update event:
-# email parameters have been changed in the e-smith
-# manager; update system security, rewrite email config
-# files, configure other system files (crontab is the
-# important one), and restart server
-#--------------------------------------------------
-$event = "email-update";
-
-
-my %service2order =
-(
-    # Start rsyslog up before network!
-    raidmonitor => "15",
-    network  	=> "37",
-    dhcpd    	=> "65",
-    'local'    	=> "99",
-);
-
-foreach my $service (keys %service2order)
-{
-    service_link_enhanced($service, $service2order{$service}, 7);
-}
-
-%service2order =
-(
-    dhcpd       => "K35",
-);
-
-foreach my $service (keys %service2order)
-{
-    service_link_enhanced($service, $service2order{$service}, 0);
-    service_link_enhanced($service, $service2order{$service}, 6);
-    service_link_enhanced($service, $service2order{$service}, 1);
-}
-
-# Set up links to daemontools.
-safe_symlink("daemontools", "root/etc/rc.d/init.d/raidmonitor");
-
-safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPHostname");
-safe_symlink("run.dhclient", "root/var/service/wan/run.DHCPEthernetAddress");
-
-# Local event
-safe_symlink("../daemontools", "root/etc/rc.d/init.d/supervise/local");
-safe_symlink("/var/service/local" , 'root/service/local');
-safe_touch("root/var/service/local/down");
-
-# no template headers for /etc/pam_ldap.secret
-safe_touch("root/etc/e-smith/templates/etc/pam_ldap.secret/template-begin");
-
-
-system('mkdir -p root/usr/lib/systemd/system/multi-user.target.wants/');
-	unlink "root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service";
-symlink("/usr/lib/systemd/system/bootstrap-console.service",
-		"root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service")
-	or die "Can't symlink to root/usr/lib/systemd/system/multi-user.target.wants/bootstrap-console.service: $!";
-
-# languages links
-foreach (qw(fr-be fr-lu fr-mc fr-ch))
-{
-	safe_symlink("fr", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(en-bz en-ca en-ie en-in en-jm en-my en-ph en-sg en-tt en-za en-zw))
-{
-        safe_symlink("en-us", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(es-ar es-bo es-cl es-co es-cr es-do es-ec es-es es-gt es-hn es-mx es-ni es-pa es-pe es-pr es-py es-sv es-us es-uy es-ve))
-{
-        safe_symlink("es", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(de-at de-ch de-de de-li de-lu))
-{
-        safe_symlink("de", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(it-ch it-it))
-{
-	safe_symlink("it", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(ro-ro ro-md))
-{
-        safe_symlink("ro", "root/etc/e-smith/locale/$_");
-}
-foreach (qw(sv-fi sv-se))
-{
-	safe_symlink("sv", "root/etc/e-smith/locale/$_");
-}
-safe_symlink("zh-tw", "root/etc/e-smith/locale/zh-hk");

contriborbase

@@ -1 +0,0 @@
-sme10

createlinks

@@ -309,6 +309,7 @@ templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $even
 event_link("systemd-journald", $event, "02");
 event_link("fix-startup", $event, "05");
 event_link("init-accounts", $event, "05");
+event_link("mail-spool-fix", $event, "05");
 event_link("logrotate-migrate", $event, "06");
 event_link("rotate_logfiles", $event, "07");
 event_link("set-hostname", $event, "10");
@@ -325,6 +326,7 @@ event_link("conf-routes", $event, "89");
 event_link("systemd-default", $event, "88");
 event_link("systemd-isolate", $event, "89");
 event_link("systemd-reload", $event, "89");
+event_link("fix-noise-el8", $event, "89");
 event_link("raidmonitor-check", $event, "92");
 
 safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/network");
@@ -457,6 +459,7 @@ event_link("conf-modules", $event, "30");
 event_link("create-mnt-floppy", $event, "50");
 event_link("systemd-default", $event, "88");
 event_link("systemd-reload", $event, "89");
+event_link("fix-noise-el8", $event, "89");
 
 #--------------------------------------------------
 # actions for post-upgrade event
@@ -469,6 +472,7 @@ templates2events("/usr/lib/systemd/system/dhcpd.service.d/50koozali.conf", $even
 event_link("systemd-journald", $event, "02");
 event_link("fix-startup", $event, "05");
 event_link("init-accounts", $event, "05");
+event_link("mail-spool-fix", $event, "05");
 event_link("logrotate-migrate", $event, "06");
 event_link("rotate_logfiles", $event, "07");
 event_link("conf-startup", $event, "10");
@@ -512,6 +516,7 @@ $event = "user-create";
 event_link("user-create-unix", $event, "04");
 event_link("count-active-user-accounts", $event, "25");
 event_link("user-group-modify", $event, "85");
+event_link("mail-spool-fix", $event, "89");
 
 #--------------------------------------------------
 # actions for user-delete event
@@ -523,6 +528,7 @@ event_link("user-delete-groups-and-pseudonyms", $event, "02");
 event_link("user-delete-unix", $event, "15");
 event_link("initialize-default-databases", $event, "23");
 event_link("count-active-user-accounts", $event, "25");
+event_link("mail-spool-fix", $event, "89");
 
 #--------------------------------------------------
 # actions for user-modify event
@@ -624,6 +630,7 @@ templates2events("/home/e-smith/ssl.pem/pem", $event);
 $event = "email-update";
 event_link("systemd-default", $event, "88");
 event_link("systemd-reload", $event, "89");
+event_link("mail-spool-fix", $event, "89");
 
 #--------------------------------------------------
 # actions for webapps-update event

root/etc/dnf/plugins/post-transaction-actions.d/smeserver.action

@@ -0,0 +1,2 @@
+# cockpit noise [SME: 12575]
+cockpit-ws:any:ln -sfn /dev/null /etc/motd.d/cockpit 

root/etc/e-smith/events/actions/fix-noise-el8

@@ -0,0 +1,4 @@
+#!/bin/bash
+# remove cockpit alert forever [SME: 12575]
+ln -sfn /dev/null /etc/motd.d/cockpit 
+

root/etc/e-smith/events/actions/group-create-unix

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 1999-2005 Mitel Networks Corporation
+# copyright (C) 2024 Koozali foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,7 +28,8 @@ use strict;
 use Errno;
 use esmith::ConfigDB;
 use esmith::AccountsDB;
-use File::Temp;
+use esmith::util::ldap;
+use esmith::util;
 
 my $conf = esmith::ConfigDB->open_ro
     or die "Could not open Config DB";
@@ -36,10 +38,10 @@ my $accounts = esmith::AccountsDB->open
 
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
+my $result;
 
-my $domain = $conf->get('DomainName')
-    || die("Couldn't determine domain name");
-$domain = $domain->value;
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
 
 my $event = $ARGV [0];
 my $groupName = $ARGV [1];
@@ -97,41 +99,20 @@ if ($ldapauth ne 'enabled')
         ) == 0 or ( $x = 255, warn "Failed to create (unix) user $groupName.\n" );
 }
 
-# Create the user's unique group first (in ldap)
-my $tmpattr = File::Temp->new();
-print $tmpattr "mail: $groupName\@$domain\n";
-print $tmpattr "description: $description\n";
-$tmpattr->flush();
-system(
-        "/usr/sbin/cpu", "groupadd",
-        "-a", "$tmpattr",
-        "-g", $gid,
-        $groupName
-    ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
-undef $tmpattr;
+# create group
+$result = $ldap->ldapgroup($group);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
 
-# Now create the dummy user account (in ldap)
-system(
-        "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
-        "-u", $uid,
-        "-g", $gid,
-        "-d",
-        "/home/e-smith",
-        "-s",
-        "/bin/false",
-        "$groupName"
-    ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
+#create dedicated group user
+$result = $ldap->ldapuser($group);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
 
-# Set the cn of the dummy user account (in ldap)
-$tmpattr = File::Temp->new();
-print $tmpattr "cn: $description\n";
-$tmpattr->flush();
-system( 
-        "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
-        "-a", $tmpattr,
-        "$groupName"
-    ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to update (ldap) user $groupName.\n" );
-undef $tmpattr;
+# add to supplementary group
+# as it is regular group, pm will add www and admin, so no need to add it
+my @UserArr = ($groupName);
+$result = $ldap->ldapsetgroupmembers($groupName,\@UserArr);
+# error code 20 is entry already exits.
+$result  &&  ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $groupName to supplementary group.\n" );
 
 # Release lock if we have one
 $lock && esmith::lockfile::UnlockFile($lock);
@@ -150,8 +131,7 @@ my @groupMembers = split (/,/, $members);
 # "www" and "admin" are implicit members of all groups
 push @groupMembers, 'admin', 'www';
 
-my $member;
-foreach $member (@groupMembers)
+foreach my $member (@groupMembers)
 {
     # Get a list of this member's supplementary groups, then add the
     # new group to the list. Finally sort, join and run the usermod
@@ -179,13 +159,6 @@ foreach $member (@groupMembers)
         system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
             or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
     }
-
-    # root user/group isn't in ldap
-    @groupList = grep (!/^root$/, @groupList);
-    $groups = join (',', sort (@groupList));
-
-    system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
-        or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
 }
 
 exit ($x);

root/etc/e-smith/events/actions/group-delete-unix

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 1999-2005 Mitel Networks Corporation
+# copyright (C) 2024 Koozali Foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -26,6 +27,8 @@ package esmith;
 use strict;
 use Errno;
 use esmith::ConfigDB;
+use esmith::util;
+use esmith::util::ldap;
 
 my $conf = esmith::ConfigDB->open_ro
     or die "Could not open Config DB";
@@ -33,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
 
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
+
 my $event = $ARGV [0];
 my $groupName = $ARGV [1] or die "Groupname argument missing.";
 
@@ -45,10 +51,15 @@ if ($ldapauth ne 'enabled')
         or ( $x = 255, warn "Failed to delete (unix) group $groupName.\n" );
 }
 
-system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
-    or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
+# delete dedicated user group
+my $result = $ldap->ldapdeluser($groupName);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
 
-system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
-    or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
+# delete group
+$result = $ldap->ldapdelgroup($groupName);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
+
+# delete mail spool file
+unless ($x == 255) { (if -e "/var/spool/mail/$groupName" ) {unlink("/var/spool/mail/$groupName") or ( $x = 255, warn "Failed to delete /var/spool/mail/$groupName.\n" );} }
 
 exit ($x);

root/etc/e-smith/events/actions/group-modify-unix

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 2002-2005 Mitel Networks Corporation
+# copyright (C) 2024 Koozali Foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,17 +28,19 @@ use strict;
 use Errno;
 use esmith::ConfigDB;
 use esmith::AccountsDB;
-use File::Temp;
+use esmith::util;
+use utf8;
+use esmith::util::ldap;
 
 my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
 my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
 
 my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
+my $result;
 
-my $domain = $c->get('DomainName')
-    || die("Couldn't determine domain name");
-$domain = $domain->value;
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
 
 my $event = shift || die "Event name arg missing\n";;
 my @groups;
@@ -51,6 +54,11 @@ else
     @groups = $a->groups;
 }
 
+# fix www missing in shared
+my ( $name,   $passwd,   $gid,       $members  ) = getgrnam('shared');
+my @mb= split(/ /, $members);
+system("usermod -a -G shared www") unless ( grep(/^www$/, @mb) ) ;
+
 foreach my $group (@groups)
 {
     my $groupName = $group->key;
@@ -78,22 +86,12 @@ foreach my $group (@groups)
             or ( $x = 255, warn "Failed to modify (unix) group description for $groupName.\n" );
     }
 
-    my $tmpattr = File::Temp->new();
-    print $tmpattr "cn: $groupDesc\n";
-    $tmpattr->flush();
-    system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-a", "$tmpattr", "$groupName") == 0
-        or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
-
-    $tmpattr = File::Temp->new();
-    print $tmpattr "mail: $groupName\@$domain\n";
-    print $tmpattr "description: $groupDesc\n";
-    $tmpattr->flush();
-    system(
-            "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod", 
-            "-a", "$tmpattr",
-            "$groupName"
-        ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
-    undef $tmpattr;
+    # modify group dedicated user cn
+    $result = $ldap->ldapmoduser($group);
+    $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
+    # modify Group description and mail
+    $result = $ldap->ldapmodgroup($group);
+    $result  && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
 
     my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
     my @oldMembers = split (/\s+/, $members);
@@ -116,7 +114,11 @@ foreach my $group (@groups)
     {
 	$oldMembers{$member} = 1;
     }
-    my (@addMembers, @delMembers);
+
+    # applying list of user memberUid for LDAP for this group
+    $result = $ldap->ldapsetgroupmembers($groupName,\@newMembers);
+    # error code 20 is entry already exits.
+    $result &&  ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group membership for $groupName.\n" );
 
     foreach $member (@newMembers, @oldMembers)
     {
@@ -128,18 +130,23 @@ foreach my $group (@groups)
 	# We need to add or remove this member from the group
 	# Get the supplementary group list for the member we are adding or
 	# deleting.
-	my $cmd = "/usr/bin/id -G -n '$member'";
+	#my $cmd = "/usr/bin/id -G -n '$member'";
+  # this will not fail in case of apache before www in passwd
+  my $cmd = "/usr/bin/groups '$member'"; 
 	my $groups = `$cmd 2>/dev/null`; 
 	if ($? != 0)
 	{
 	    die "Failed to get supplementary group list for $member.\n";
 	}
+  $groups =~ s/^.*:\s+//;
 	chomp ($groups);
 
 	my @groupList = split (/\s+/, $groups);
 	@groupList = grep (!/^$member$/, @groupList);
 	# Apache is an alias for www
 	@groupList = map { $_ =~ s/^apache$/www/g; $_ } @groupList;
+  # www needs to be in shared
+  push(@groupList,'shared') if ( ($member eq 'www') and (! grep{$_ eq 'shared'} @groupList));
 
 	if ($oldMembers{$member})
 	{
@@ -157,13 +164,8 @@ foreach my $group (@groups)
                 or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
         }
 
-        # root user/group isn't in ldap
-        @groupList = grep (!/^root$/, @groupList);
-        $groups = join (',', sort (@groupList));
-
-        system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
-            or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
     }
-}
+
+} # end of list of groups
 
 exit ($x);

root/etc/e-smith/events/actions/mail-spool-fix

@@ -0,0 +1,47 @@
+#! /bin/bash
+
+#----------------------------------------------------------------------
+# copyright (C) 2023 Koozali SME Server
+#               
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#               
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#               
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+# 
+#----------------------------------------------------------------------
+
+# fix ownership of spool folder content
+pushd /var/spool/mail/ >/dev/null
+for file in *; do
+  if [ ! -f "$file" ]; then
+    continue
+  fi
+  if ( ! `id -u $file 2>/dev/null 1>&2`) ; then
+    echo "$file user does not exist deleting mail spool file" 
+    rm -f /var/spool/mail/$file
+    continue
+  fi
+  userf=$(stat -c %U /var/spool/mail/$file 2>/dev/null)
+  if [[ "$userf" != "$file" ]]; then
+    uidf=$(stat -c %u /var/spool/mail/$file 2>/dev/null)
+    uiduser=$(id -u $file 2>/dev/null )
+    # extra step needed if username has an alias eg www=apache
+    if [[ "$uidf" != "$uiduser" ]]; then
+    echo "fixing ownership of $file spool mail"
+    # extra security we want to clean it from sensitive information
+    echo ""> /var/spool/mail/$file
+    chown $file /var/spool/mail/$file
+    fi
+  fi
+done
+popd >/dev/null
+

root/etc/e-smith/events/actions/systemd-default

@@ -105,7 +105,7 @@ foreach my $filen (reverse sort keys %files) {
 	    my $multiple = $service;
 	    ($multiple = $service ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $service =~ /@/ );
 	    #print "$stats $service $multiple\n";
-	    next unless ( -e "/usr/lib/systemd/system/$service" or -e "/etc/lib/systemd/system/$service" or -e "/usr/lib/systemd/system/$multiple");
+	    next unless ( -e "/usr/lib/systemd/system/$service" or -e "/etc/systemd/system/$service" or -e "/usr/lib/systemd/system/$multiple");
 	    # eliminate duplicates, this way we keep only the last entry of the lowest file as we do it in reverse order of file,
 	    # but from top to bottom of file.
 	    $services{$service}=$stats;

root/etc/e-smith/events/actions/user-create-unix

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 1999-2005 Mitel Networks Corporation
+# copyright (C) 2024 Koozali foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,7 +28,9 @@ use strict;
 use Errno;
 use esmith::ConfigDB;
 use esmith::AccountsDB;
-use File::Temp;
+use esmith::util;
+use utf8;
+use esmith::util::ldap;
 
 my $conf = esmith::ConfigDB->open_ro;
 my $accounts = esmith::AccountsDB->open;
@@ -35,9 +38,8 @@ my $accounts = esmith::AccountsDB->open;
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
 
-my $domain = $conf->get('DomainName')
-    || die("Couldn't determine domain name");
-$domain = $domain->value;
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
 
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
@@ -65,13 +67,13 @@ unless ($uid = $acct->prop('Uid'))
     $acct->set_prop('Uid', $uid);
 }
 my $gid = $acct->prop('Gid') || $uid;
-my $first = $acct->prop('FirstName') || '';
-my $last = $acct->prop('LastName') || '';
-my $phone = $acct->prop('Phone') || '';
-my $company = $acct->prop('Company') || '';
-my $dept = $acct->prop('Dept') || '';
-my $city = $acct->prop('City') || '';
-my $street = $acct->prop('Street') || '';
+my $first = stringToASCII($acct->prop('FirstName')) || '';
+my $last = stringToASCII($acct->prop('LastName')) || '';
+my $phone = stringToASCII($acct->prop('Phone')) || '';
+my $company = stringToASCII($acct->prop('Company')) || '';
+my $dept = stringToASCII($acct->prop('Dept')) || '';
+my $city = stringToASCII($acct->prop('City')) || '';
+my $street = stringToASCII($acct->prop('Street')) || '';
 my $shell = $acct->prop('Shell') || '/usr/bin/false';
 my $groups = "shared";
 
@@ -101,38 +103,17 @@ if ($ldapauth ne 'enabled')
 }
 
 # Create the user's unique group first (in ldap)
-system(
-        "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
-        "-g",
-        $gid,
-        $userName
-    ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
+my $result = $ldap->ldapgroup($acct);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
 
 # Now create the user account (in ldap)
-my $tmpattr = File::Temp->new();
-print $tmpattr "telephoneNumber: $phone\n";
-print $tmpattr "o: $company\n";
-print $tmpattr "ou: $dept\n";
-print $tmpattr "l: $city\n";
-print $tmpattr "street: $street\n";
-$tmpattr->flush();
-system(
-        "/usr/sbin/cpu", "useradd",
-        "-u", $uid,
-        "-g", $gid,
-        "-f", "$first",
-        "-E", "$last",
-        "-e", "$userName\@$domain",
-        "-a", "$tmpattr",
-        "-d", "/home/e-smith/files/users/$userName",
-        "-G", "$groups",
-        "-m",
-        "-k/etc/e-smith/skel/user",
-        "-s", "$shell",
-        $userName
-    ) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
-undef $tmpattr;
+$result = $ldap->ldapuser($acct);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
 
+# add to supplementary group
+my @UserArr = ($userName);
+$result = $ldap->ldapsetgroupmembers($userName,\@UserArr);
+$result &&  ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $userName to supplementary group.\n" );
 
 # Release lock if we have one
 $lock && esmith::lockfile::UnlockFile($lock);
@@ -141,13 +122,15 @@ $lock && esmith::lockfile::UnlockFile($lock);
 
 chmod 0700, "/home/e-smith/files/users/$userName";
 
+# lock user password
 if ($ldapauth ne 'enabled')
 {
     system("/usr/bin/passwd", "-l", "$userName")
         and ( $x = 255, warn "Could not lock (unix) password for $userName\n" );
 }
-system("/usr/sbin/cpu", "usermod", "-L", "$userName")
-    and ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Could not lock (ldap) password for $userName\n" );
+
+# esmith::util::ldap already lock user on creation, this avoid one more ldap write access.
+
 system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
     and ( $x = 255, warn "Could not lock (smb) password for $userName\n" );
 

root/etc/e-smith/events/actions/user-delete-unix

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 1999-2005 Mitel Networks Corporation
+# copyright (C) 2024 Koozali Foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,6 +28,7 @@ use strict;
 use Errno;
 use esmith::util;
 use esmith::ConfigDB;
+use esmith::util::ldap;
 
 my $conf = esmith::ConfigDB->open_ro
     or die "Could not open Config DB";
@@ -34,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
 
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
+
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
 
@@ -53,11 +58,21 @@ if ($ldapauth ne 'enabled')
         ( $x = 255, warn "Failed to delete (unix) account $userName.\n" );
     }
 }
+else
+{
+    my $discard = `/bin/rm -rf /home/e-smith/files/users/$userName`;
+    if ($? != 0)
+    {
+        ( $x = 255, warn "Failed to delete home dir of account $userName.\n" );
+    }
 
-system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
-    or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
+}
+# delete user
+my $result = $ldap->ldapdeluser($userName);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
 
-system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
-    or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
+# delete user dedicated group
+$result = $ldap->ldapdelgroup($userName);
+$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
 
 exit ($x);

root/etc/e-smith/events/actions/user-lock-passwd

@@ -2,6 +2,7 @@
 
 #----------------------------------------------------------------------
 # copyright (C) 2001-2006 Mitel Networks Corporation
+# copyright (C) 2024 Koozali foundation inc.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -25,13 +26,18 @@ use Errno;
 use esmith::AccountsDB;
 use esmith::ConfigDB;
 use English;
+use esmith::util::ldap;
 
 my $a = esmith::AccountsDB->open or die "Could not open accounts db";
 my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
 
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
+my $result;
 my $x = 0; # exit value
 
+# prepare LDAP bind
+my $ldap=esmith::util::ldap->new();
+
 my $event = $ARGV [0];
 
 my @users_to_lock = bad_password_users();
@@ -54,13 +60,16 @@ sub lock_user
 
     my $u = $a->get($userName) or die "No account record for user $userName";
 
+    # lock in unix shadow/passwd if used.
     if ($ldapauth ne 'enabled')
     {
         system("/usr/bin/passwd", "-l", $userName) == 0
             or ( $x = 255, warn "Error locking (unix) account $userName" );
     }
-    system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
-        or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName" );
+    # lock in LDAP
+    $result = $ldap->ldaplockuser($userName);
+    $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName.\n" );
+    # lock in samba
     system("/usr/bin/smbpasswd", "-d", $userName) == 0
         or ( $x = 255, warn "Error locking (smb) account $userName" );
     $u->set_prop('PasswordSet', 'no');

root/etc/e-smith/events/actions/user-modify-unix

@@ -22,29 +22,17 @@ use strict;
 use Errno;
 use esmith::AccountsDB;
 use esmith::ConfigDB;
-use Net::LDAP;
 use esmith::util;
+use utf8;
+use esmith::util::ldap;
 
 my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
 
 my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 my $x = 0; # exit value
 
-my $domain = $conf->get('DomainName')
-    || die("Couldn't determine domain name");
-$domain = $domain->value;
-
 # prepare LDAP bind
-my $pw = esmith::util::LdapPassword();
-my $base = esmith::util::ldapBase ($domain);
-
-my $ldap = Net::LDAP->new('localhost')
-    or die "$@";
-
-$ldap->bind(
-    dn => "cn=root,$base",
-    password => $pw
-);
+my $ldap=esmith::util::ldap->new();
 
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
@@ -94,22 +82,14 @@ foreach my $u (@users)
             system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
                 or ( $x = 255, warn "Failed to modify shell of (unix) account $userName.\n" );
         }
-
-        my @new_shell = ($new_shell);
-        $result = $ldap->modify("uid=$userName,ou=Users,$base",
-                      replace => {
-                          loginShell => \@new_shell
-                      }
-        );
-        $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify shell of (ldap) account $userName.\n" );
     }
 
     #------------------------------------------------------------
     # Modify user's first name and last name if required,
     # in /etc/passwd using "usermod"
     #------------------------------------------------------------
-    my $first = $u->prop('FirstName') || "";
-    my $last = $u->prop('LastName') || "";
+    my $first = stringToASCII($u->prop('FirstName') || "");
+    my $last = stringToASCII($u->prop('LastName') || "");
     my $new_comment = "$first $last";
 
     unless ($comment eq $new_comment)
@@ -119,36 +99,11 @@ foreach my $u (@users)
             system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
                 or ( $x = 255, warn "Failed to modify comment of (unix) account $userName.\n" );
         }
-
-        my @new_comment = ($new_comment);
-        my @first = ($first);
-        my @last = ($last);
-        $result = $ldap->modify("uid=$userName,ou=Users,$base",
-                      replace => {
-                          givenName => \@first,
-                          sn => \@last,
-                          cn => \@new_comment,
-                          displayName => \@new_comment
-                      }
-        );
-        $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify comment/name of (ldap) account $userName.\n" );
     }
 
-    my @new_phone = ($u->prop('Phone')) || ();
-    my @new_company = ($u->prop('Company')) || ();
-    my @new_dept = ($u->prop('Dept')) || ();
-    my @new_city = ($u->prop('City')) || ();
-    my @new_street = ($u->prop('Street')) || ();
-    $result = $ldap->modify("uid=$userName,ou=Users,$base",
-                            replace => {
-                                telephoneNumber => \@new_phone,
-                                o => \@new_company,
-                                ou => \@new_dept,
-                                l => \@new_city,
-                                street => \@new_street
-                            }
-    );
-    $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
+    # we do all the test in ldap pm to avoid 3 differents write access, which are costly.
+    $result = $ldap->ldapuser($u);
+    $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
 
 }
 

root/etc/e-smith/templates/etc/pam.d/system-auth/40password

@@ -2,7 +2,7 @@ password    sufficient    pam_unix.so nullok md5 shadow
 {
     my $status = $ldap{Authentication} || 'disabled';
     return unless $status eq 'enabled';
-    $OUT .= "password    sufficient    pam_ldap.so use_authtok";
+    $OUT .= "password    sufficient    pam_ldap.so";
 }
 password    required      pam_deny.so
 

root/etc/e-smith/templates/etc/pam.d/system-auth/50session

@@ -1,4 +1,6 @@
 session     required      pam_limits.so
+-session    optional                                     pam_systemd.so
+session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet_success use_uid
 session     required      pam_unix.so
 {
     my $status = $ldap{Authentication} || 'disabled';

root/etc/e-smith/templates/etc/systemd/system-preset/49-koozali.preset/20services

@@ -11,7 +11,7 @@ foreach my $service ($c->get_all_by_prop(type => 'service')){
   my $multiple = $servicename;
   ($multiple = $servicename ) =~ s/([a-zA-Z0-9\-_.]+@)(.*)/$1.service/ if ( $servicename =~ /@/ );
 
-  $OUT .= "# Systemd service file  does not exist :	" unless -e "/usr/lib/systemd/system/$servicename" || -e "/etc/lib/systemd/system/$servicename" ||  -e "/usr/lib/systemd/system/$multiple";
+  $OUT .= "# Systemd service file  does not exist :	" unless -e "/usr/lib/systemd/system/$servicename" || -e "/etc/systemd/system/$servicename" ||  -e "/usr/lib/systemd/system/$multiple";
   $OUT .= "$status $servicename\n";
   $OUT .= "$status $multiple\n" unless $multiple eq $servicename ;
   

root/etc/e-smith/templates/home/e-smith/ssl.crt

@@ -4,6 +4,8 @@
     use Date::Parse;
     use Cwd;
     use Net::IP qw(ip_is_ipv4 ip_is_ipv6);
+    use esmith::Logger;
+    tie *FH, 'esmith::Logger';
     my $here = getcwd;
 
     my $Country = $modSSL{Country} || "--";
@@ -52,16 +54,16 @@
 	my $key_md5 = `openssl rsa -noout -modulus -in $key | openssl md5`;
 
         if ( ($ttl_days > 2) && ( "$crt_md5" eq "$key_md5" ) ) {
-            my $expected_issuer = '/C='.$Country .
-                              '/ST='.$State;
-            $expected_issuer .= '/L=' . ($defaultCity ? $defaultCity : 'Default City');
-            $expected_issuer .= '/O=' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
-            $expected_issuer .= "/OU=$defaultDepartment" if $defaultDepartment;
-            $expected_issuer .= "/CN=$commonName" .
-                                  "/emailAddress=$email";
+            my $expected_issuer = 'C = '.$Country .
+                              ', ST = '.$State;
+            $expected_issuer .= ', L = ' . ($defaultCity ? $defaultCity : 'Default City');
+            $expected_issuer .= ', O = ' . ($defaultCompany ? $defaultCompany : 'Default Company Ltd');
+            $expected_issuer .= ", OU = $defaultDepartment" if $defaultDepartment;
+            $expected_issuer .= ", CN = $commonName" .
+                                  ", emailAddress = $email";
             my $issuer = `openssl x509 -issuer -noout -in $crt`;
             chomp $issuer;
-            $issuer =~ s/^issuer= //;
+            $issuer =~ s/^issuer=//;
             my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
             chomp $signatureAlg;
             $signatureAlg =~ s/^ *Signature Algorithm: //;
@@ -70,6 +72,9 @@
             # openssl x509 -text -noout -in /etc/dehydrated/certs/domain/cert.pem | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\n//;:a;s/^\( *\)\(.*\), /\2,\1/;ta;p;q; }'
 	    $expected_subjectAltName = `openssl x509 -text -noout -in $crt | sed -ne '/X509v3 Subject Alternative Name/{ N;s/^.*\\n//;:a;s/^\\( *\\)\\(.*\\), /\\2,\\1/;ta;p;q; }'`;
 	    chomp $expected_subjectAltName;
+            print FH "Self-Signed Cert: $issuer\n expected $expected_issuer" unless ($issuer eq $expected_issuer);
+            print FH "Self-Signed Cert: $signatureAlg "unless ($signatureAlg ne "sha1WithRSAEncryption");
+            print FH "Self-Signed Cert: $subjectAltName\n expected: $expected_subjectAltName" unless ($subjectAltName eq $expected_subjectAltName);
             if (
 	                 ($issuer eq $expected_issuer)
 	              && ($signatureAlg ne "sha1WithRSAEncryption")
@@ -117,4 +122,5 @@
     }
     close(SSL) or die "Closing openssl pipe reported: $!";
     chdir $here;
+    close FH;
 }

root/etc/logrotate.d/systemd

@@ -2,7 +2,7 @@
     missingok
     sharedscripts
     postrotate
-        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
+        /usr/bin/systemctl -s HUP kill rsyslog.service >/dev/null 2>&1 || true
     endscript
 }
 

root/etc/tmpfiles.d/portreserve.conf

@@ -0,0 +1 @@
+d /run/portreserve 0755 root root 10d

smeserver-base.spec

@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
 %define name smeserver-base
 Name: %{name}
 %define version 11.0.0
-%define release 8
+%define release 15
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -15,7 +15,7 @@ Source: %{name}-%{version}.tar.xz
 
 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
 Requires: pwauth
-Requires: smeserver-lib >= 2.2.0-2
+Requires: smeserver-lib >= 11.0.0-7
 Requires: server-manager-images, server-manager
 Requires: smeserver-formmagick >= 1.4.0-12
 Requires: plymouth
@@ -50,7 +50,7 @@ Requires: smeserver-runit >= 2.6.0-7
 Requires: smeserver-php >= 3.0.0-22
 Requires: smeserver-yum >= 2.6.0-43 
 Obsoletes: nss_ldap < 254
-Requires: cpu >= 1.4.3
+Obsoletes: cpu
 Obsoletes: rlinetd, e-smith-mod_ssl
 Obsoletes: e-smith-serial-console
 Obsoletes: sshell
@@ -184,6 +184,35 @@ fi
 
 
 %changelog
+* Sat Dec 21 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-15.sme
+- fix use of passwd command when ldap auth enabled [SME: 6453]
+- delete spool file only if exists to avoid error [SME: 12763]
+
+* Mon Sep 23 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-14.sme
+- fix result variable not initialized [SME: 12663]
+
+* Sun Sep 22 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-13.sme
+- fix mail spool perms [SME: 12654]
+- fix motd noise related to cockpit [SME: 12575]
+- fix /run vs /var/run temps dir noise [SME: 12639]
+
+* Wed Aug 14 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
+- fix 3 regressions from SME10 [SME: 12654]
+  fix www missing from shared and few groups [SME: 12146]
+  fix group deletion leaves mail spool file [SME: 12431]
+  fix path to /etc/systemd for seeking service files [SME: 12421]
+
+* Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
+- fix new systemd.log does not fill after log rotate [SME: 12688]
+
+* Wed May 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
+- fix user@0.service failed to start [SME: 12568]
+- stop loging in audit crond success
+- drop cpu and use esmith:util::ldap [SME: 12663]
+
+* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
+- fix self-signed cert renewd when not necessary [SME: 12606]
+
 * Tue Apr 16 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
 - add requirement for ppp [SME: 12622]
 - add requirement for rp-pppoe [SME: 12628]