[695] | 1 | # PyKota sample configuration file |
---|
| 2 | # |
---|
[1087] | 3 | # Copy this file into the /etc/pykota/ directory |
---|
| 4 | # under the name /etc/pykota/pykota.conf |
---|
[695] | 5 | # |
---|
[952] | 6 | # PyKota - Print Quotas for CUPS and LPRng |
---|
[695] | 7 | # |
---|
| 8 | # (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
[873] | 9 | # This program is free software; you can redistribute it and/or modify |
---|
| 10 | # it under the terms of the GNU General Public License as published by |
---|
| 11 | # the Free Software Foundation; either version 2 of the License, or |
---|
| 12 | # (at your option) any later version. |
---|
[695] | 13 | # |
---|
[873] | 14 | # This program is distributed in the hope that it will be useful, |
---|
| 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | # GNU General Public License for more details. |
---|
| 18 | # |
---|
| 19 | # You should have received a copy of the GNU General Public License |
---|
| 20 | # along with this program; if not, write to the Free Software |
---|
| 21 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
[695] | 22 | # |
---|
| 23 | # $Id$ |
---|
| 24 | # |
---|
| 25 | |
---|
| 26 | [global] |
---|
| 27 | # Storage backend for quotas |
---|
[1047] | 28 | # only PGStorage (PostgreSQL) and LDAPStorage (OpenLDAP) are supported. |
---|
| 29 | # MySQL and BerkeleyDB are planned. |
---|
[859] | 30 | |
---|
[1021] | 31 | # the 'postgresql' value is deprecated, use 'pgstorage' instead. |
---|
| 32 | storagebackend: pgstorage |
---|
| 33 | |
---|
[952] | 34 | # Quota Storage Server hostname (and optional port) |
---|
[859] | 35 | # e.g. db.mydomain.com:5432 |
---|
[695] | 36 | storageserver: localhost |
---|
[859] | 37 | |
---|
| 38 | # |
---|
| 39 | # name of the Quota Storage Database |
---|
[695] | 40 | storagename: pykota |
---|
[859] | 41 | |
---|
[1087] | 42 | # |
---|
| 43 | # Quota Storage normal user's name and password |
---|
| 44 | # These two fields contain a username and optional password |
---|
| 45 | # which may give readonly access to your print quota database. |
---|
| 46 | # |
---|
| 47 | # PLEASE ENSURE THAT THIS USER CAN'T WRITE TO YOUR PRINT QUOTA |
---|
| 48 | # DATABASE, OTHERWISE ANY USER WHO COULD READ THIS CONFIGURATION |
---|
| 49 | # FILE COULD CHANGE HIS PRINT QUOTA. |
---|
| 50 | # |
---|
| 51 | storageuser: pykotauser |
---|
| 52 | # storageuserpw: Comment out if unused, or set to Quota Storage user password |
---|
[695] | 53 | |
---|
[1130] | 54 | # Should the database caching mechanism be enabled or not ? |
---|
| 55 | # If unset, caching is disabled. Possible values Y/N/YES/NO |
---|
| 56 | # caching mechanism works with both PostgreSQL and OpenLDAP backends |
---|
| 57 | # but may be interesting only with OpenLDAP. |
---|
| 58 | storagecaching: No |
---|
| 59 | |
---|
[1038] | 60 | # LDAP example, uncomment and adapt it to your own configuration : |
---|
[1016] | 61 | #storagebackend: ldapstorage |
---|
| 62 | #storageserver: ldap://ldap.librelogiciel.com:389 |
---|
| 63 | #storagename: dc=librelogiciel,dc=com |
---|
[1087] | 64 | #storageuser: cn=notadmin,dc=librelogiciel,dc=com |
---|
| 65 | #storageuserpw: abc.123 |
---|
[1025] | 66 | # |
---|
| 67 | # Here we define some helpers to know where |
---|
| 68 | # to plug into an existing LDAP directory |
---|
[1029] | 69 | #userbase: ou=People,dc=librelogiciel,dc=com |
---|
[1025] | 70 | #userrdn: uid |
---|
[1038] | 71 | #balancebase: ou=People,dc=librelogiciel,dc=com |
---|
| 72 | #balancerdn: uid |
---|
[1029] | 73 | #groupbase: ou=Groups,dc=librelogiciel,dc=com |
---|
[1025] | 74 | #grouprdn: cn |
---|
[1029] | 75 | #printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1025] | 76 | #printerrdn: cn |
---|
[1029] | 77 | #jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 78 | #userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 79 | #groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 80 | #lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1105] | 81 | # |
---|
| 82 | # How to create new accounts and groups |
---|
| 83 | # authorized values are "below" and "attach(objectclass name)" |
---|
| 84 | # |
---|
| 85 | # "below" creates the new accounts/groups as standalone entries |
---|
| 86 | # below the above defined 'userbase' ou |
---|
[1029] | 87 | # |
---|
[1105] | 88 | # attach(objectclass name) tries to find some existing user/group |
---|
| 89 | # using the above defined 'userrdn' or 'grouprdn' and 'userbase' |
---|
| 90 | # 'groupbase', and attach the PyKota specific entries to it. |
---|
| 91 | # |
---|
| 92 | # a possible value: newuser: attach(posixAccount) |
---|
[1114] | 93 | #newuser : below |
---|
| 94 | #newgroup : below |
---|
[1111] | 95 | # |
---|
| 96 | # LDAP attribute which stores the user's email address |
---|
[1114] | 97 | #usermail : mail |
---|
[1105] | 98 | |
---|
| 99 | # |
---|
[1029] | 100 | # Choose what attribute contains the list of group members |
---|
| 101 | # common values are : memberUid, uniqueMember, member |
---|
| 102 | #groupmembers: memberUid |
---|
[1016] | 103 | |
---|
[695] | 104 | # Where to log ? |
---|
[707] | 105 | # supported values : stderr, system (system means syslog, but don't use 'syslog' here) |
---|
[853] | 106 | # if the value is not set then the default SYSTEM applies. |
---|
[782] | 107 | logger: system |
---|
[695] | 108 | |
---|
[1047] | 109 | # Enable debugging ? Put YES instead here, |
---|
| 110 | # but only if something went wrong and you want |
---|
| 111 | # to learn from where the problem comes from. |
---|
| 112 | # Actually only database queries are logged. |
---|
[1021] | 113 | debug : No |
---|
| 114 | |
---|
[695] | 115 | # Mail server to use to warn users |
---|
[853] | 116 | # If the value is not set then localhost is used. |
---|
[695] | 117 | smtpserver: localhost |
---|
[806] | 118 | |
---|
[974] | 119 | # What is the accounting backend to use |
---|
| 120 | # |
---|
| 121 | # supported values : |
---|
| 122 | # |
---|
| 123 | # - querying : asks the printer for its lifetime page counter |
---|
[976] | 124 | # via either SNMP, AppleTalk, or any external |
---|
| 125 | # command. This method is the method used by |
---|
| 126 | # default in PyKota since its beginning. |
---|
| 127 | # |
---|
[980] | 128 | # - external : delegates the job's size computation to any |
---|
| 129 | # external command of your choice. A stupid and |
---|
| 130 | # completely unreliable example, but which |
---|
| 131 | # shows what this command may be is : |
---|
| 132 | # |
---|
| 133 | # accounter: external(/bin/grep -c showpage) |
---|
[1000] | 134 | # |
---|
| 135 | # Another one, which should work with all DSC |
---|
| 136 | # compliant Postscript files : |
---|
| 137 | # |
---|
| 138 | # accounter: external(/bin/grep -c "%%Page:") |
---|
[980] | 139 | # |
---|
[976] | 140 | # - stupid : counts the occurences of the 'showpage' postscript |
---|
[1001] | 141 | # statement in the document to be printed. |
---|
| 142 | # THIS IS NOT RELIABLE. This is just to serve as |
---|
[976] | 143 | # an example on how to implement your own accounting |
---|
| 144 | # method. |
---|
| 145 | # |
---|
[974] | 146 | # This value can be set either globally or on a per printer basis |
---|
[976] | 147 | # If both are defined, the printer option has priority. |
---|
| 148 | # if not set it defaults to 'querying'. |
---|
[994] | 149 | # |
---|
| 150 | # A script which seems to be accurate, copy it from the |
---|
| 151 | # untested/postscript directory to another place. |
---|
| 152 | # accounter: external(/usr/local/bin/pagecount.sh) |
---|
[1000] | 153 | # WARNING : it may not work when multiple copies are asked. |
---|
| 154 | # this breaks ghostscript, I don't know why yet. |
---|
[994] | 155 | # |
---|
| 156 | # default value |
---|
[974] | 157 | accounter: querying |
---|
[806] | 158 | |
---|
| 159 | # Print Quota administrator |
---|
| 160 | # These values can be set either globally or per printer or both. |
---|
| 161 | # If both are defined, the printer option has priority. |
---|
[853] | 162 | # If these values are not set, the default admin root |
---|
| 163 | # and the default adminmail root@localhost are used. |
---|
[806] | 164 | admin: Jerome Alet |
---|
| 165 | adminmail: alet@librelogiciel.com |
---|
| 166 | |
---|
[695] | 167 | # |
---|
[852] | 168 | # Who should we send an email to in case a quota is reached ? |
---|
| 169 | # possible values are : DevNull, User, Admin, Both |
---|
| 170 | # The Both value means that the User and the Admin will receive |
---|
| 171 | # an email message. |
---|
| 172 | # The DevNull value means no email message will be sent. |
---|
| 173 | # This value can be set either globally or per printer or both. |
---|
| 174 | # If both are defined, the printer option has priority. |
---|
[853] | 175 | # If the value is not set, then the default BOTH applies. |
---|
[852] | 176 | mailto: both |
---|
| 177 | |
---|
| 178 | # |
---|
[695] | 179 | # Grace delay in days |
---|
[806] | 180 | # This value can be set either globally or per printer or both. |
---|
| 181 | # If both are defined, the printer option has priority. |
---|
[853] | 182 | # If the value is not set then the default seven (7) days applies. |
---|
[695] | 183 | gracedelay: 7 |
---|
| 184 | |
---|
[1077] | 185 | # |
---|
| 186 | # Poor man's threshold |
---|
| 187 | # If account balance reaches below this amount, |
---|
| 188 | # a warning message is sent by email |
---|
| 189 | # |
---|
| 190 | # If unset, default poor man's threshold is 1.0. |
---|
| 191 | # This option can only appear in the global section |
---|
| 192 | poorman: 2.0 |
---|
| 193 | |
---|
| 194 | # Poor man's warning message |
---|
| 195 | # The warning message that is sent if the "poorman" value is reached |
---|
| 196 | # Again this must appear in the global section |
---|
| 197 | poorwarn: Your Print Quota account balance is low. |
---|
| 198 | Soon you'll not be allowed to print anymore. |
---|
| 199 | |
---|
| 200 | # Soft limit reached warning message |
---|
| 201 | # The warning message that is sent if the soft quota limit is reached |
---|
| 202 | # May appear either globally or on a per-printer basis |
---|
| 203 | softwarn: Your Print Quota Soft Limit is reached. |
---|
| 204 | This means that you may still be allowed to print for some |
---|
| 205 | time, but you must contact your administrator to purchase |
---|
| 206 | more print quota. |
---|
| 207 | |
---|
| 208 | # Hard limit reached error message |
---|
| 209 | # The error message that is sent if the hard quota limit is reached |
---|
| 210 | # May appear either globally or on a per-printer basis |
---|
| 211 | hardwarn: Your Print Quota Hard Limit is reached. |
---|
| 212 | This means that you are not allowed to print anymore. |
---|
| 213 | Please contact your administrator at root@localhost |
---|
| 214 | as soon as possible to solve the problem. |
---|
| 215 | |
---|
[853] | 216 | # one section per printer, or no other section at all if all options |
---|
[1025] | 217 | # are defined globally. |
---|
[1047] | 218 | # Each section's name must be the same as the printer's queue name as defined |
---|
[1025] | 219 | # in your printing system, be it CUPS or LPRng. |
---|
[1027] | 220 | # If you don't want any special printer section, just comment out |
---|
| 221 | # the line below so that following options are global. |
---|
[1025] | 222 | [hpmarketing] |
---|
[806] | 223 | |
---|
[1047] | 224 | # How to query the hpmarketing printer for its page counter. |
---|
[980] | 225 | # THIS IS ONLY USED IF YOU HAVE SET 'accounter' TO 'querying' |
---|
| 226 | # JUST COMMENT IT OUT IF YOU USE ANY OTHER ACCOUNTING METHOD. |
---|
[1002] | 227 | # (it would be ignored anyway) |
---|
| 228 | # |
---|
[1047] | 229 | # In the lines below "%(printer)s" is automatically replaced |
---|
| 230 | # at run time with your printer's Fully Qualified Domain Name |
---|
| 231 | # e.g. myprinter.domain.com |
---|
| 232 | # |
---|
[780] | 233 | # Only snmp(community, oid) and external(command) are supported |
---|
[903] | 234 | # |
---|
| 235 | # Example : |
---|
[1025] | 236 | # requester: external(/usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[780] | 237 | # and : |
---|
[998] | 238 | # requester: snmp(public, mib-2.43.10.2.1.4.1.1) |
---|
[794] | 239 | # are equivalent |
---|
[903] | 240 | # |
---|
| 241 | # Another untested example, using npadmin : |
---|
[1025] | 242 | # requester: external(/usr/bin/npadmin --pagecount %(printer)s) |
---|
[903] | 243 | # |
---|
[919] | 244 | # Another example, for AppleTalk printers which works fine : |
---|
[952] | 245 | # (You may need the pap CUPS backend installed, and copy the |
---|
| 246 | # pagecount.ps file from untested/netatalk into /etc or any |
---|
| 247 | # appropriate location) |
---|
[964] | 248 | # requester: external(/usr/bin/pap -p "%(printer)s:LaserWriter" /etc/pagecount.ps 2>/dev/null | grep -v status | grep -v Connect | tail -1) |
---|
[919] | 249 | # |
---|
[806] | 250 | # This value can be set either globally or per printer or both. |
---|
| 251 | # If both are defined, the printer option has priority. |
---|
[830] | 252 | # |
---|
[998] | 253 | # NB : The SNMP oid mib-2.43.10.2.1.4.1.1 works on HP Laserjet Printers, but it may |
---|
[830] | 254 | # be different with other brands, refer to your printer's documentation |
---|
[999] | 255 | # for details. Also you may have to specify -v2c or -v3 depending on your |
---|
| 256 | # printer's support for different versions of the SNMP specification. |
---|
[1002] | 257 | # |
---|
[1055] | 258 | # |
---|
| 259 | # Some examples and comments provided by Bob Martel from csuohio.edu |
---|
| 260 | # |
---|
| 261 | # For several printers I could not get the page count using snmpget. I |
---|
| 262 | # resorted to snmpwalk: |
---|
| 263 | # |
---|
| 264 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public %(printer)s | grep mib-2.43.10.2.1.4.1.1 | cut -d " " -f4) |
---|
| 265 | # |
---|
| 266 | # The last example is still more ugly, some of the printers only provided |
---|
| 267 | # their counters without names, but at least always on the same line: |
---|
| 268 | # |
---|
| 269 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public -Ov %(printer)s | grep Counter32 | tail -2 | head -1 | cut -d " " -f2) |
---|
| 270 | # |
---|
| 271 | # |
---|
[1093] | 272 | # An example using netcat and a preformatted PJL job which you can find |
---|
| 273 | # in the untested/pjl directory, which is sent to a JetDirect print |
---|
| 274 | # server on port 9100 : |
---|
| 275 | # |
---|
[1094] | 276 | # requester: external(/bin/nc -w 2 %(printer)s 9100 <pagecount.pjl | /usr/bin/tail -2) |
---|
[1093] | 277 | # |
---|
| 278 | # |
---|
[1002] | 279 | # WARNING : In any case, when using an external requester, please test the command line outside |
---|
| 280 | # of PyKota before. This will save you some headaches in case it doesn't work as expected. |
---|
[1095] | 281 | # |
---|
| 282 | # The waitprinter.sh is there to wait until the printer is idle again. |
---|
| 283 | # This should prevent a job to be sent to the printer while another one is |
---|
| 284 | # not yet finished (not all pages are printed, but the complete job is in |
---|
| 285 | # the printer) |
---|
| 286 | requester: external(/usr/bin/waitprinter.sh %(printer)s && /usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[806] | 287 | |
---|
[695] | 288 | # Default policy for inexistant users (e.g. root) |
---|
[713] | 289 | # either allow or deny |
---|
[806] | 290 | # This value can be set either globally or per printer or both. |
---|
| 291 | # If both are defined, the printer option has priority. |
---|
[956] | 292 | # If the value is not set then the default policy DENY applies. |
---|
| 293 | # ATTENTION : |
---|
[960] | 294 | # Before 1.04 the default value was ALLOW, but unknown users |
---|
[956] | 295 | # allowed to print causes accuracy problems : their jobs are |
---|
| 296 | # charged to the next person who prints on the same printer. |
---|
[1038] | 297 | # There's no policy wrt inexistant groups, they are ignored. |
---|
[956] | 298 | policy: deny |
---|