[695] | 1 | # PyKota sample configuration file |
---|
| 2 | # |
---|
[1087] | 3 | # Copy this file into the /etc/pykota/ directory |
---|
| 4 | # under the name /etc/pykota/pykota.conf |
---|
[695] | 5 | # |
---|
[952] | 6 | # PyKota - Print Quotas for CUPS and LPRng |
---|
[695] | 7 | # |
---|
| 8 | # (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
[873] | 9 | # This program is free software; you can redistribute it and/or modify |
---|
| 10 | # it under the terms of the GNU General Public License as published by |
---|
| 11 | # the Free Software Foundation; either version 2 of the License, or |
---|
| 12 | # (at your option) any later version. |
---|
[695] | 13 | # |
---|
[873] | 14 | # This program is distributed in the hope that it will be useful, |
---|
| 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | # GNU General Public License for more details. |
---|
| 18 | # |
---|
| 19 | # You should have received a copy of the GNU General Public License |
---|
| 20 | # along with this program; if not, write to the Free Software |
---|
| 21 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
[695] | 22 | # |
---|
| 23 | # $Id$ |
---|
| 24 | # |
---|
| 25 | |
---|
| 26 | [global] |
---|
| 27 | # Storage backend for quotas |
---|
[1047] | 28 | # only PGStorage (PostgreSQL) and LDAPStorage (OpenLDAP) are supported. |
---|
| 29 | # MySQL and BerkeleyDB are planned. |
---|
[859] | 30 | |
---|
[1021] | 31 | # the 'postgresql' value is deprecated, use 'pgstorage' instead. |
---|
| 32 | storagebackend: pgstorage |
---|
| 33 | |
---|
[952] | 34 | # Quota Storage Server hostname (and optional port) |
---|
[859] | 35 | # e.g. db.mydomain.com:5432 |
---|
[695] | 36 | storageserver: localhost |
---|
[859] | 37 | |
---|
| 38 | # |
---|
| 39 | # name of the Quota Storage Database |
---|
[695] | 40 | storagename: pykota |
---|
[859] | 41 | |
---|
[1087] | 42 | # |
---|
| 43 | # Quota Storage normal user's name and password |
---|
| 44 | # These two fields contain a username and optional password |
---|
| 45 | # which may give readonly access to your print quota database. |
---|
| 46 | # |
---|
| 47 | # PLEASE ENSURE THAT THIS USER CAN'T WRITE TO YOUR PRINT QUOTA |
---|
| 48 | # DATABASE, OTHERWISE ANY USER WHO COULD READ THIS CONFIGURATION |
---|
| 49 | # FILE COULD CHANGE HIS PRINT QUOTA. |
---|
| 50 | # |
---|
| 51 | storageuser: pykotauser |
---|
| 52 | # storageuserpw: Comment out if unused, or set to Quota Storage user password |
---|
[695] | 53 | |
---|
[1130] | 54 | # Should the database caching mechanism be enabled or not ? |
---|
| 55 | # If unset, caching is disabled. Possible values Y/N/YES/NO |
---|
| 56 | # caching mechanism works with both PostgreSQL and OpenLDAP backends |
---|
[1147] | 57 | # but may be really interesting only with OpenLDAP. |
---|
| 58 | # |
---|
[1186] | 59 | # ACTIVATING CACHE MAY CAUSE PRECISION PROBLEMS IN PRINT ACCOUNTING |
---|
| 60 | # IF AN USER PRINTS ON SEVERAL PRINTERS AT THE SAME TIME. |
---|
| 61 | # YOU MAY FIND IT INTERESTING ANYWAY, ESPECIALLY FOR LDAP. |
---|
[1147] | 62 | # |
---|
[1130] | 63 | storagecaching: No |
---|
| 64 | |
---|
[1149] | 65 | # Should full job history be disabled ? |
---|
| 66 | # If unset or set to No, full job history is kept in the database. |
---|
| 67 | # This will be useful in the future when the report generator |
---|
| 68 | # will be written. |
---|
| 69 | # Disabling the job history can be useful with heavily loaded |
---|
| 70 | # LDAP servers, to not make the LDAP tree grow out of control. |
---|
| 71 | # Disabling the job history with the PostgreSQL backend works too |
---|
| 72 | # but it's probably less useful than with LDAP. |
---|
| 73 | disablehistory: No |
---|
| 74 | |
---|
[1038] | 75 | # LDAP example, uncomment and adapt it to your own configuration : |
---|
[1016] | 76 | #storagebackend: ldapstorage |
---|
| 77 | #storageserver: ldap://ldap.librelogiciel.com:389 |
---|
| 78 | #storagename: dc=librelogiciel,dc=com |
---|
[1087] | 79 | #storageuser: cn=notadmin,dc=librelogiciel,dc=com |
---|
| 80 | #storageuserpw: abc.123 |
---|
[1025] | 81 | # |
---|
| 82 | # Here we define some helpers to know where |
---|
| 83 | # to plug into an existing LDAP directory |
---|
[1029] | 84 | #userbase: ou=People,dc=librelogiciel,dc=com |
---|
[1025] | 85 | #userrdn: uid |
---|
[1038] | 86 | #balancebase: ou=People,dc=librelogiciel,dc=com |
---|
| 87 | #balancerdn: uid |
---|
[1029] | 88 | #groupbase: ou=Groups,dc=librelogiciel,dc=com |
---|
[1025] | 89 | #grouprdn: cn |
---|
[1029] | 90 | #printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1025] | 91 | #printerrdn: cn |
---|
[1029] | 92 | #jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 93 | #userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 94 | #groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 95 | #lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1105] | 96 | # |
---|
| 97 | # How to create new accounts and groups |
---|
| 98 | # authorized values are "below" and "attach(objectclass name)" |
---|
| 99 | # |
---|
| 100 | # "below" creates the new accounts/groups as standalone entries |
---|
| 101 | # below the above defined 'userbase' ou |
---|
[1029] | 102 | # |
---|
[1105] | 103 | # attach(objectclass name) tries to find some existing user/group |
---|
| 104 | # using the above defined 'userrdn' or 'grouprdn' and 'userbase' |
---|
| 105 | # 'groupbase', and attach the PyKota specific entries to it. |
---|
| 106 | # |
---|
| 107 | # a possible value: newuser: attach(posixAccount) |
---|
[1114] | 108 | #newuser : below |
---|
| 109 | #newgroup : below |
---|
[1111] | 110 | # |
---|
| 111 | # LDAP attribute which stores the user's email address |
---|
[1114] | 112 | #usermail : mail |
---|
[1105] | 113 | |
---|
| 114 | # |
---|
[1029] | 115 | # Choose what attribute contains the list of group members |
---|
| 116 | # common values are : memberUid, uniqueMember, member |
---|
| 117 | #groupmembers: memberUid |
---|
[1016] | 118 | |
---|
[695] | 119 | # Where to log ? |
---|
[707] | 120 | # supported values : stderr, system (system means syslog, but don't use 'syslog' here) |
---|
[853] | 121 | # if the value is not set then the default SYSTEM applies. |
---|
[782] | 122 | logger: system |
---|
[695] | 123 | |
---|
[1186] | 124 | # Enable debugging ? Put YES or NO there. |
---|
| 125 | # From now on, YES is the default in this sample |
---|
| 126 | # configuration file, so that debugging is activated |
---|
| 127 | # when configuring PyKota. After all works, just |
---|
| 128 | # put NO instead to save some disk space in your |
---|
| 129 | # logs. |
---|
[1047] | 130 | # Actually only database queries are logged. |
---|
[1021] | 131 | debug : No |
---|
| 132 | |
---|
[695] | 133 | # Mail server to use to warn users |
---|
[853] | 134 | # If the value is not set then localhost is used. |
---|
[695] | 135 | smtpserver: localhost |
---|
[806] | 136 | |
---|
[974] | 137 | # What is the accounting backend to use |
---|
| 138 | # |
---|
| 139 | # supported values : |
---|
| 140 | # |
---|
| 141 | # - querying : asks the printer for its lifetime page counter |
---|
[976] | 142 | # via either SNMP, AppleTalk, or any external |
---|
| 143 | # command. This method is the method used by |
---|
| 144 | # default in PyKota since its beginning. |
---|
| 145 | # |
---|
[980] | 146 | # - external : delegates the job's size computation to any |
---|
| 147 | # external command of your choice. A stupid and |
---|
| 148 | # completely unreliable example, but which |
---|
| 149 | # shows what this command may be is : |
---|
| 150 | # |
---|
| 151 | # accounter: external(/bin/grep -c showpage) |
---|
[1000] | 152 | # |
---|
| 153 | # Another one, which should work with all DSC |
---|
| 154 | # compliant Postscript files : |
---|
| 155 | # |
---|
| 156 | # accounter: external(/bin/grep -c "%%Page:") |
---|
[980] | 157 | # |
---|
[976] | 158 | # - stupid : counts the occurences of the 'showpage' postscript |
---|
[1001] | 159 | # statement in the document to be printed. |
---|
| 160 | # THIS IS NOT RELIABLE. This is just to serve as |
---|
[976] | 161 | # an example on how to implement your own accounting |
---|
| 162 | # method. |
---|
| 163 | # |
---|
[974] | 164 | # This value can be set either globally or on a per printer basis |
---|
[976] | 165 | # If both are defined, the printer option has priority. |
---|
| 166 | # if not set it defaults to 'querying'. |
---|
[994] | 167 | # |
---|
| 168 | # A script which seems to be accurate, copy it from the |
---|
| 169 | # untested/postscript directory to another place. |
---|
| 170 | # accounter: external(/usr/local/bin/pagecount.sh) |
---|
[1000] | 171 | # WARNING : it may not work when multiple copies are asked. |
---|
| 172 | # this breaks ghostscript, I don't know why yet. |
---|
[994] | 173 | # |
---|
| 174 | # default value |
---|
[974] | 175 | accounter: querying |
---|
[806] | 176 | |
---|
| 177 | # Print Quota administrator |
---|
| 178 | # These values can be set either globally or per printer or both. |
---|
| 179 | # If both are defined, the printer option has priority. |
---|
[853] | 180 | # If these values are not set, the default admin root |
---|
| 181 | # and the default adminmail root@localhost are used. |
---|
[1186] | 182 | admin: John Doe |
---|
| 183 | adminmail: root@localhost |
---|
[806] | 184 | |
---|
[695] | 185 | # |
---|
[852] | 186 | # Who should we send an email to in case a quota is reached ? |
---|
[1192] | 187 | # possible values are : DevNull, User, Admin, Both, External(some command) |
---|
[852] | 188 | # The Both value means that the User and the Admin will receive |
---|
| 189 | # an email message. |
---|
| 190 | # The DevNull value means no email message will be sent. |
---|
| 191 | # This value can be set either globally or per printer or both. |
---|
| 192 | # If both are defined, the printer option has priority. |
---|
[853] | 193 | # If the value is not set, then the default BOTH applies. |
---|
[1192] | 194 | # |
---|
[1193] | 195 | # For mailto: external(/usr/bin/mycommand >/dev/null) |
---|
[1192] | 196 | # |
---|
| 197 | # You can use : |
---|
| 198 | # |
---|
| 199 | # '%(action)s' will contain either WARN or DENY |
---|
| 200 | # '%(username)s' will contain the user's name |
---|
| 201 | # '%(printername)s' will contain the printer's name |
---|
| 202 | # '%(email)s' will contain the user's email address |
---|
| 203 | # '%(message)s' will contain the message if you want |
---|
| 204 | # use it. |
---|
| 205 | # |
---|
| 206 | # On your command line, to pass arguments to your command. |
---|
| 207 | # Example : |
---|
| 208 | # |
---|
[1193] | 209 | # mailto: external(/usr/bin/callpager %(username)s "Quota problem on %(printername)s" >/dev/null) |
---|
[1192] | 210 | # |
---|
[1193] | 211 | # NB : Don't forget to redirect your command's standard output somewhere |
---|
| 212 | # (e.g. >/dev/null) so that there's no perturbation to the underlying |
---|
| 213 | # layer (filter or backend) |
---|
| 214 | # |
---|
[852] | 215 | mailto: both |
---|
| 216 | |
---|
| 217 | # |
---|
[695] | 218 | # Grace delay in days |
---|
[806] | 219 | # This value can be set either globally or per printer or both. |
---|
| 220 | # If both are defined, the printer option has priority. |
---|
[853] | 221 | # If the value is not set then the default seven (7) days applies. |
---|
[695] | 222 | gracedelay: 7 |
---|
| 223 | |
---|
[1077] | 224 | # |
---|
| 225 | # Poor man's threshold |
---|
| 226 | # If account balance reaches below this amount, |
---|
| 227 | # a warning message is sent by email |
---|
| 228 | # |
---|
| 229 | # If unset, default poor man's threshold is 1.0. |
---|
| 230 | # This option can only appear in the global section |
---|
| 231 | poorman: 2.0 |
---|
| 232 | |
---|
| 233 | # Poor man's warning message |
---|
| 234 | # The warning message that is sent if the "poorman" value is reached |
---|
| 235 | # Again this must appear in the global section |
---|
| 236 | poorwarn: Your Print Quota account balance is low. |
---|
| 237 | Soon you'll not be allowed to print anymore. |
---|
| 238 | |
---|
| 239 | # Soft limit reached warning message |
---|
| 240 | # The warning message that is sent if the soft quota limit is reached |
---|
| 241 | # May appear either globally or on a per-printer basis |
---|
| 242 | softwarn: Your Print Quota Soft Limit is reached. |
---|
| 243 | This means that you may still be allowed to print for some |
---|
| 244 | time, but you must contact your administrator to purchase |
---|
| 245 | more print quota. |
---|
| 246 | |
---|
| 247 | # Hard limit reached error message |
---|
| 248 | # The error message that is sent if the hard quota limit is reached |
---|
| 249 | # May appear either globally or on a per-printer basis |
---|
| 250 | hardwarn: Your Print Quota Hard Limit is reached. |
---|
| 251 | This means that you are not allowed to print anymore. |
---|
| 252 | Please contact your administrator at root@localhost |
---|
| 253 | as soon as possible to solve the problem. |
---|
| 254 | |
---|
[853] | 255 | # one section per printer, or no other section at all if all options |
---|
[1025] | 256 | # are defined globally. |
---|
[1047] | 257 | # Each section's name must be the same as the printer's queue name as defined |
---|
[1025] | 258 | # in your printing system, be it CUPS or LPRng. |
---|
[1027] | 259 | # If you don't want any special printer section, just comment out |
---|
| 260 | # the line below so that following options are global. |
---|
[1025] | 261 | [hpmarketing] |
---|
[806] | 262 | |
---|
[1047] | 263 | # How to query the hpmarketing printer for its page counter. |
---|
[980] | 264 | # THIS IS ONLY USED IF YOU HAVE SET 'accounter' TO 'querying' |
---|
| 265 | # JUST COMMENT IT OUT IF YOU USE ANY OTHER ACCOUNTING METHOD. |
---|
[1002] | 266 | # (it would be ignored anyway) |
---|
| 267 | # |
---|
[1047] | 268 | # In the lines below "%(printer)s" is automatically replaced |
---|
| 269 | # at run time with your printer's Fully Qualified Domain Name |
---|
| 270 | # e.g. myprinter.domain.com |
---|
| 271 | # |
---|
[780] | 272 | # Only snmp(community, oid) and external(command) are supported |
---|
[903] | 273 | # |
---|
| 274 | # Example : |
---|
[1025] | 275 | # requester: external(/usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[780] | 276 | # and : |
---|
[998] | 277 | # requester: snmp(public, mib-2.43.10.2.1.4.1.1) |
---|
[794] | 278 | # are equivalent |
---|
[903] | 279 | # |
---|
| 280 | # Another untested example, using npadmin : |
---|
[1025] | 281 | # requester: external(/usr/bin/npadmin --pagecount %(printer)s) |
---|
[903] | 282 | # |
---|
[919] | 283 | # Another example, for AppleTalk printers which works fine : |
---|
[952] | 284 | # (You may need the pap CUPS backend installed, and copy the |
---|
| 285 | # pagecount.ps file from untested/netatalk into /etc or any |
---|
| 286 | # appropriate location) |
---|
[1226] | 287 | # requester: external(/usr/bin/papwaitprinter.sh "MyPrinter:LaserWriter@*" && /usr/bin/pap -p "MyPrinter:LaserWriter@*" /etc/pagecount.ps 2>/dev/null | grep -v status | grep -v Connect | tail -1) |
---|
[919] | 288 | # |
---|
[806] | 289 | # This value can be set either globally or per printer or both. |
---|
| 290 | # If both are defined, the printer option has priority. |
---|
[830] | 291 | # |
---|
[998] | 292 | # NB : The SNMP oid mib-2.43.10.2.1.4.1.1 works on HP Laserjet Printers, but it may |
---|
[830] | 293 | # be different with other brands, refer to your printer's documentation |
---|
[999] | 294 | # for details. Also you may have to specify -v2c or -v3 depending on your |
---|
| 295 | # printer's support for different versions of the SNMP specification. |
---|
[1002] | 296 | # |
---|
[1055] | 297 | # |
---|
| 298 | # Some examples and comments provided by Bob Martel from csuohio.edu |
---|
| 299 | # |
---|
| 300 | # For several printers I could not get the page count using snmpget. I |
---|
| 301 | # resorted to snmpwalk: |
---|
| 302 | # |
---|
| 303 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public %(printer)s | grep mib-2.43.10.2.1.4.1.1 | cut -d " " -f4) |
---|
| 304 | # |
---|
| 305 | # The last example is still more ugly, some of the printers only provided |
---|
| 306 | # their counters without names, but at least always on the same line: |
---|
| 307 | # |
---|
| 308 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public -Ov %(printer)s | grep Counter32 | tail -2 | head -1 | cut -d " " -f2) |
---|
| 309 | # |
---|
| 310 | # |
---|
[1093] | 311 | # An example using netcat and a preformatted PJL job which you can find |
---|
| 312 | # in the untested/pjl directory, which is sent to a JetDirect print |
---|
| 313 | # server on port 9100 : |
---|
| 314 | # |
---|
[1094] | 315 | # requester: external(/bin/nc -w 2 %(printer)s 9100 <pagecount.pjl | /usr/bin/tail -2) |
---|
[1093] | 316 | # |
---|
| 317 | # |
---|
[1002] | 318 | # WARNING : In any case, when using an external requester, please test the command line outside |
---|
| 319 | # of PyKota before. This will save you some headaches in case it doesn't work as expected. |
---|
[1095] | 320 | # |
---|
| 321 | # The waitprinter.sh is there to wait until the printer is idle again. |
---|
| 322 | # This should prevent a job to be sent to the printer while another one is |
---|
| 323 | # not yet finished (not all pages are printed, but the complete job is in |
---|
| 324 | # the printer) |
---|
| 325 | requester: external(/usr/bin/waitprinter.sh %(printer)s && /usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[806] | 326 | |
---|
[695] | 327 | # Default policy for inexistant users (e.g. root) |
---|
[1152] | 328 | # either allow or deny or external(some command here) |
---|
[806] | 329 | # This value can be set either globally or per printer or both. |
---|
| 330 | # If both are defined, the printer option has priority. |
---|
[956] | 331 | # If the value is not set then the default policy DENY applies. |
---|
| 332 | # ATTENTION : |
---|
[960] | 333 | # Before 1.04 the default value was ALLOW, but unknown users |
---|
[956] | 334 | # allowed to print causes accuracy problems : their jobs are |
---|
| 335 | # charged to the next person who prints on the same printer. |
---|
[1038] | 336 | # There's no policy wrt inexistant groups, they are ignored. |
---|
[1152] | 337 | # |
---|
| 338 | # external policy can be used to launch any external command of your choice, |
---|
| 339 | # for example to automatically add the user to the quota storage |
---|
| 340 | # if he is unknown. Example : |
---|
| 341 | # |
---|
[1197] | 342 | # policy: external(/usr/bin/edpykota --add --printer %(printername)s --softlimit 50 --hardlimit 60 %(username)s >/dev/null) |
---|
[1152] | 343 | # |
---|
| 344 | # Of course you can launch any command of your choice with this, e.g. : |
---|
| 345 | # |
---|
[1197] | 346 | # policy: external(/usr/local/bin/myadminscript.sh %(username)s >/dev/null) |
---|
[1196] | 347 | |
---|
| 348 | # You can use : |
---|
[1152] | 349 | # |
---|
[1196] | 350 | # '%(username)s' will contain the user's name |
---|
| 351 | # '%(printername)s' will contain the printer's name |
---|
| 352 | # |
---|
| 353 | # On your command line, to pass arguments to your command. |
---|
| 354 | # |
---|
| 355 | # NB : Don't forget to redirect your command's standard output somewhere |
---|
| 356 | # (e.g. >/dev/null) so that there's no perturbation to the underlying |
---|
| 357 | # layer (filter or backend) |
---|
| 358 | # |
---|
| 359 | # If the user still doesn't exist after external policy command was |
---|
| 360 | # launched (the external command didn't add it), or if an error occured |
---|
| 361 | # during the execution of the external policy command, the job is rejected. |
---|
| 362 | # |
---|
[956] | 363 | policy: deny |
---|