[695] | 1 | # PyKota sample configuration file |
---|
| 2 | # |
---|
[1087] | 3 | # Copy this file into the /etc/pykota/ directory |
---|
| 4 | # under the name /etc/pykota/pykota.conf |
---|
[695] | 5 | # |
---|
[952] | 6 | # PyKota - Print Quotas for CUPS and LPRng |
---|
[695] | 7 | # |
---|
| 8 | # (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
[873] | 9 | # This program is free software; you can redistribute it and/or modify |
---|
| 10 | # it under the terms of the GNU General Public License as published by |
---|
| 11 | # the Free Software Foundation; either version 2 of the License, or |
---|
| 12 | # (at your option) any later version. |
---|
[695] | 13 | # |
---|
[873] | 14 | # This program is distributed in the hope that it will be useful, |
---|
| 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 17 | # GNU General Public License for more details. |
---|
| 18 | # |
---|
| 19 | # You should have received a copy of the GNU General Public License |
---|
| 20 | # along with this program; if not, write to the Free Software |
---|
| 21 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
[695] | 22 | # |
---|
| 23 | # $Id$ |
---|
| 24 | # |
---|
| 25 | |
---|
| 26 | [global] |
---|
| 27 | # Storage backend for quotas |
---|
[1047] | 28 | # only PGStorage (PostgreSQL) and LDAPStorage (OpenLDAP) are supported. |
---|
| 29 | # MySQL and BerkeleyDB are planned. |
---|
[859] | 30 | |
---|
[1021] | 31 | # the 'postgresql' value is deprecated, use 'pgstorage' instead. |
---|
| 32 | storagebackend: pgstorage |
---|
| 33 | |
---|
[952] | 34 | # Quota Storage Server hostname (and optional port) |
---|
[859] | 35 | # e.g. db.mydomain.com:5432 |
---|
[695] | 36 | storageserver: localhost |
---|
[859] | 37 | |
---|
| 38 | # |
---|
| 39 | # name of the Quota Storage Database |
---|
[695] | 40 | storagename: pykota |
---|
[859] | 41 | |
---|
[1087] | 42 | # |
---|
| 43 | # Quota Storage normal user's name and password |
---|
| 44 | # These two fields contain a username and optional password |
---|
| 45 | # which may give readonly access to your print quota database. |
---|
| 46 | # |
---|
| 47 | # PLEASE ENSURE THAT THIS USER CAN'T WRITE TO YOUR PRINT QUOTA |
---|
| 48 | # DATABASE, OTHERWISE ANY USER WHO COULD READ THIS CONFIGURATION |
---|
| 49 | # FILE COULD CHANGE HIS PRINT QUOTA. |
---|
| 50 | # |
---|
| 51 | storageuser: pykotauser |
---|
| 52 | # storageuserpw: Comment out if unused, or set to Quota Storage user password |
---|
[695] | 53 | |
---|
[1130] | 54 | # Should the database caching mechanism be enabled or not ? |
---|
| 55 | # If unset, caching is disabled. Possible values Y/N/YES/NO |
---|
| 56 | # caching mechanism works with both PostgreSQL and OpenLDAP backends |
---|
[1147] | 57 | # but may be really interesting only with OpenLDAP. |
---|
| 58 | # |
---|
[1186] | 59 | # ACTIVATING CACHE MAY CAUSE PRECISION PROBLEMS IN PRINT ACCOUNTING |
---|
| 60 | # IF AN USER PRINTS ON SEVERAL PRINTERS AT THE SAME TIME. |
---|
| 61 | # YOU MAY FIND IT INTERESTING ANYWAY, ESPECIALLY FOR LDAP. |
---|
[1147] | 62 | # |
---|
[1130] | 63 | storagecaching: No |
---|
| 64 | |
---|
[1149] | 65 | # Should full job history be disabled ? |
---|
| 66 | # If unset or set to No, full job history is kept in the database. |
---|
| 67 | # This will be useful in the future when the report generator |
---|
| 68 | # will be written. |
---|
| 69 | # Disabling the job history can be useful with heavily loaded |
---|
| 70 | # LDAP servers, to not make the LDAP tree grow out of control. |
---|
| 71 | # Disabling the job history with the PostgreSQL backend works too |
---|
| 72 | # but it's probably less useful than with LDAP. |
---|
| 73 | disablehistory: No |
---|
| 74 | |
---|
[1038] | 75 | # LDAP example, uncomment and adapt it to your own configuration : |
---|
[1016] | 76 | #storagebackend: ldapstorage |
---|
| 77 | #storageserver: ldap://ldap.librelogiciel.com:389 |
---|
| 78 | #storagename: dc=librelogiciel,dc=com |
---|
[1087] | 79 | #storageuser: cn=notadmin,dc=librelogiciel,dc=com |
---|
| 80 | #storageuserpw: abc.123 |
---|
[1025] | 81 | # |
---|
| 82 | # Here we define some helpers to know where |
---|
| 83 | # to plug into an existing LDAP directory |
---|
[1029] | 84 | #userbase: ou=People,dc=librelogiciel,dc=com |
---|
[1025] | 85 | #userrdn: uid |
---|
[1038] | 86 | #balancebase: ou=People,dc=librelogiciel,dc=com |
---|
| 87 | #balancerdn: uid |
---|
[1029] | 88 | #groupbase: ou=Groups,dc=librelogiciel,dc=com |
---|
[1025] | 89 | #grouprdn: cn |
---|
[1029] | 90 | #printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1025] | 91 | #printerrdn: cn |
---|
[1029] | 92 | #jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 93 | #userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 94 | #groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
| 95 | #lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
[1105] | 96 | # |
---|
| 97 | # How to create new accounts and groups |
---|
| 98 | # authorized values are "below" and "attach(objectclass name)" |
---|
| 99 | # |
---|
| 100 | # "below" creates the new accounts/groups as standalone entries |
---|
| 101 | # below the above defined 'userbase' ou |
---|
[1029] | 102 | # |
---|
[1105] | 103 | # attach(objectclass name) tries to find some existing user/group |
---|
| 104 | # using the above defined 'userrdn' or 'grouprdn' and 'userbase' |
---|
| 105 | # 'groupbase', and attach the PyKota specific entries to it. |
---|
| 106 | # |
---|
| 107 | # a possible value: newuser: attach(posixAccount) |
---|
[1114] | 108 | #newuser : below |
---|
| 109 | #newgroup : below |
---|
[1111] | 110 | # |
---|
| 111 | # LDAP attribute which stores the user's email address |
---|
[1114] | 112 | #usermail : mail |
---|
[1105] | 113 | |
---|
| 114 | # |
---|
[1029] | 115 | # Choose what attribute contains the list of group members |
---|
| 116 | # common values are : memberUid, uniqueMember, member |
---|
| 117 | #groupmembers: memberUid |
---|
[1016] | 118 | |
---|
[695] | 119 | # Where to log ? |
---|
[707] | 120 | # supported values : stderr, system (system means syslog, but don't use 'syslog' here) |
---|
[853] | 121 | # if the value is not set then the default SYSTEM applies. |
---|
[782] | 122 | logger: system |
---|
[695] | 123 | |
---|
[1186] | 124 | # Enable debugging ? Put YES or NO there. |
---|
| 125 | # From now on, YES is the default in this sample |
---|
| 126 | # configuration file, so that debugging is activated |
---|
| 127 | # when configuring PyKota. After all works, just |
---|
| 128 | # put NO instead to save some disk space in your |
---|
| 129 | # logs. |
---|
[1047] | 130 | # Actually only database queries are logged. |
---|
[1021] | 131 | debug : No |
---|
| 132 | |
---|
[695] | 133 | # Mail server to use to warn users |
---|
[853] | 134 | # If the value is not set then localhost is used. |
---|
[695] | 135 | smtpserver: localhost |
---|
[806] | 136 | |
---|
[1227] | 137 | # Should we force usernames to be all lowercase when printing ? |
---|
| 138 | # Default is No. |
---|
| 139 | # This is a global option only. |
---|
| 140 | # Some people reported that WinXP sends mixed case usernames |
---|
| 141 | # setting 'utolower: Yes' solves the problem. |
---|
| 142 | # Of course you have to user lowercase only when adding |
---|
| 143 | # users with edpykota, because ALL database accesses are |
---|
| 144 | # still case sensitive. |
---|
| 145 | # |
---|
| 146 | # If utolower is Yes, the usernames received from the printing |
---|
| 147 | # system is converted to lowercase at the start of the cupspykota |
---|
| 148 | # backend or of the pykota filter. |
---|
| 149 | # |
---|
| 150 | # If utolower is No, which is the default, strict case checking |
---|
| 151 | # is done, this means that users 'Jerome' and 'jerome' are |
---|
| 152 | # different. Printer and groups names are ALWAYS case sensitive. |
---|
| 153 | utolower: No |
---|
| 154 | |
---|
[974] | 155 | # What is the accounting backend to use |
---|
| 156 | # |
---|
| 157 | # supported values : |
---|
| 158 | # |
---|
| 159 | # - querying : asks the printer for its lifetime page counter |
---|
[976] | 160 | # via either SNMP, AppleTalk, or any external |
---|
| 161 | # command. This method is the method used by |
---|
| 162 | # default in PyKota since its beginning. |
---|
| 163 | # |
---|
[980] | 164 | # - external : delegates the job's size computation to any |
---|
| 165 | # external command of your choice. A stupid and |
---|
| 166 | # completely unreliable example, but which |
---|
| 167 | # shows what this command may be is : |
---|
| 168 | # |
---|
| 169 | # accounter: external(/bin/grep -c showpage) |
---|
[1000] | 170 | # |
---|
| 171 | # Another one, which should work with all DSC |
---|
| 172 | # compliant Postscript files : |
---|
| 173 | # |
---|
| 174 | # accounter: external(/bin/grep -c "%%Page:") |
---|
[980] | 175 | # |
---|
[976] | 176 | # - stupid : counts the occurences of the 'showpage' postscript |
---|
[1001] | 177 | # statement in the document to be printed. |
---|
| 178 | # THIS IS NOT RELIABLE. This is just to serve as |
---|
[976] | 179 | # an example on how to implement your own accounting |
---|
| 180 | # method. |
---|
| 181 | # |
---|
[974] | 182 | # This value can be set either globally or on a per printer basis |
---|
[976] | 183 | # If both are defined, the printer option has priority. |
---|
| 184 | # if not set it defaults to 'querying'. |
---|
[994] | 185 | # |
---|
| 186 | # A script which seems to be accurate, copy it from the |
---|
| 187 | # untested/postscript directory to another place. |
---|
| 188 | # accounter: external(/usr/local/bin/pagecount.sh) |
---|
[1000] | 189 | # WARNING : it may not work when multiple copies are asked. |
---|
| 190 | # this breaks ghostscript, I don't know why yet. |
---|
[994] | 191 | # |
---|
| 192 | # default value |
---|
[974] | 193 | accounter: querying |
---|
[806] | 194 | |
---|
| 195 | # Print Quota administrator |
---|
| 196 | # These values can be set either globally or per printer or both. |
---|
| 197 | # If both are defined, the printer option has priority. |
---|
[853] | 198 | # If these values are not set, the default admin root |
---|
| 199 | # and the default adminmail root@localhost are used. |
---|
[1186] | 200 | admin: John Doe |
---|
| 201 | adminmail: root@localhost |
---|
[806] | 202 | |
---|
[695] | 203 | # |
---|
[852] | 204 | # Who should we send an email to in case a quota is reached ? |
---|
[1192] | 205 | # possible values are : DevNull, User, Admin, Both, External(some command) |
---|
[852] | 206 | # The Both value means that the User and the Admin will receive |
---|
| 207 | # an email message. |
---|
| 208 | # The DevNull value means no email message will be sent. |
---|
| 209 | # This value can be set either globally or per printer or both. |
---|
| 210 | # If both are defined, the printer option has priority. |
---|
[853] | 211 | # If the value is not set, then the default BOTH applies. |
---|
[1192] | 212 | # |
---|
[1231] | 213 | # Format of the external syntax : |
---|
[1192] | 214 | # |
---|
[1231] | 215 | # mailto: external(/usr/bin/mycommand >/dev/null) |
---|
| 216 | # |
---|
[1192] | 217 | # You can use : |
---|
| 218 | # |
---|
| 219 | # '%(action)s' will contain either WARN or DENY |
---|
| 220 | # '%(username)s' will contain the user's name |
---|
| 221 | # '%(printername)s' will contain the printer's name |
---|
| 222 | # '%(email)s' will contain the user's email address |
---|
| 223 | # '%(message)s' will contain the message if you want |
---|
[1230] | 224 | # to use it. |
---|
[1192] | 225 | # |
---|
| 226 | # On your command line, to pass arguments to your command. |
---|
| 227 | # Example : |
---|
| 228 | # |
---|
[1193] | 229 | # mailto: external(/usr/bin/callpager %(username)s "Quota problem on %(printername)s" >/dev/null) |
---|
[1192] | 230 | # |
---|
[1231] | 231 | # To automatically send a WinPopup message : |
---|
| 232 | # |
---|
| 233 | # mailto: external(echo "%(message)s" | /usr/bin/smbclient -M "%(username)s" 2>&1 >/dev/null) |
---|
| 234 | # |
---|
[1193] | 235 | # NB : Don't forget to redirect your command's standard output somewhere |
---|
| 236 | # (e.g. >/dev/null) so that there's no perturbation to the underlying |
---|
| 237 | # layer (filter or backend) |
---|
| 238 | # |
---|
[852] | 239 | mailto: both |
---|
| 240 | |
---|
| 241 | # |
---|
[695] | 242 | # Grace delay in days |
---|
[806] | 243 | # This value can be set either globally or per printer or both. |
---|
| 244 | # If both are defined, the printer option has priority. |
---|
[853] | 245 | # If the value is not set then the default seven (7) days applies. |
---|
[695] | 246 | gracedelay: 7 |
---|
| 247 | |
---|
[1077] | 248 | # |
---|
| 249 | # Poor man's threshold |
---|
| 250 | # If account balance reaches below this amount, |
---|
| 251 | # a warning message is sent by email |
---|
| 252 | # |
---|
| 253 | # If unset, default poor man's threshold is 1.0. |
---|
| 254 | # This option can only appear in the global section |
---|
| 255 | poorman: 2.0 |
---|
| 256 | |
---|
| 257 | # Poor man's warning message |
---|
| 258 | # The warning message that is sent if the "poorman" value is reached |
---|
| 259 | # Again this must appear in the global section |
---|
| 260 | poorwarn: Your Print Quota account balance is low. |
---|
| 261 | Soon you'll not be allowed to print anymore. |
---|
| 262 | |
---|
| 263 | # Soft limit reached warning message |
---|
| 264 | # The warning message that is sent if the soft quota limit is reached |
---|
| 265 | # May appear either globally or on a per-printer basis |
---|
| 266 | softwarn: Your Print Quota Soft Limit is reached. |
---|
| 267 | This means that you may still be allowed to print for some |
---|
| 268 | time, but you must contact your administrator to purchase |
---|
| 269 | more print quota. |
---|
| 270 | |
---|
| 271 | # Hard limit reached error message |
---|
| 272 | # The error message that is sent if the hard quota limit is reached |
---|
| 273 | # May appear either globally or on a per-printer basis |
---|
| 274 | hardwarn: Your Print Quota Hard Limit is reached. |
---|
| 275 | This means that you are not allowed to print anymore. |
---|
| 276 | Please contact your administrator at root@localhost |
---|
| 277 | as soon as possible to solve the problem. |
---|
| 278 | |
---|
[853] | 279 | # one section per printer, or no other section at all if all options |
---|
[1025] | 280 | # are defined globally. |
---|
[1047] | 281 | # Each section's name must be the same as the printer's queue name as defined |
---|
[1025] | 282 | # in your printing system, be it CUPS or LPRng. |
---|
[1027] | 283 | # If you don't want any special printer section, just comment out |
---|
| 284 | # the line below so that following options are global. |
---|
[1025] | 285 | [hpmarketing] |
---|
[806] | 286 | |
---|
[1047] | 287 | # How to query the hpmarketing printer for its page counter. |
---|
[980] | 288 | # THIS IS ONLY USED IF YOU HAVE SET 'accounter' TO 'querying' |
---|
| 289 | # JUST COMMENT IT OUT IF YOU USE ANY OTHER ACCOUNTING METHOD. |
---|
[1002] | 290 | # (it would be ignored anyway) |
---|
| 291 | # |
---|
[1047] | 292 | # In the lines below "%(printer)s" is automatically replaced |
---|
| 293 | # at run time with your printer's Fully Qualified Domain Name |
---|
| 294 | # e.g. myprinter.domain.com |
---|
| 295 | # |
---|
[780] | 296 | # Only snmp(community, oid) and external(command) are supported |
---|
[903] | 297 | # |
---|
| 298 | # Example : |
---|
[1025] | 299 | # requester: external(/usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[780] | 300 | # and : |
---|
[998] | 301 | # requester: snmp(public, mib-2.43.10.2.1.4.1.1) |
---|
[794] | 302 | # are equivalent |
---|
[903] | 303 | # |
---|
| 304 | # Another untested example, using npadmin : |
---|
[1025] | 305 | # requester: external(/usr/bin/npadmin --pagecount %(printer)s) |
---|
[903] | 306 | # |
---|
[919] | 307 | # Another example, for AppleTalk printers which works fine : |
---|
[952] | 308 | # (You may need the pap CUPS backend installed, and copy the |
---|
| 309 | # pagecount.ps file from untested/netatalk into /etc or any |
---|
| 310 | # appropriate location) |
---|
[1226] | 311 | # requester: external(/usr/bin/papwaitprinter.sh "MyPrinter:LaserWriter@*" && /usr/bin/pap -p "MyPrinter:LaserWriter@*" /etc/pagecount.ps 2>/dev/null | grep -v status | grep -v Connect | tail -1) |
---|
[919] | 312 | # |
---|
[806] | 313 | # This value can be set either globally or per printer or both. |
---|
| 314 | # If both are defined, the printer option has priority. |
---|
[830] | 315 | # |
---|
[998] | 316 | # NB : The SNMP oid mib-2.43.10.2.1.4.1.1 works on HP Laserjet Printers, but it may |
---|
[830] | 317 | # be different with other brands, refer to your printer's documentation |
---|
[999] | 318 | # for details. Also you may have to specify -v2c or -v3 depending on your |
---|
| 319 | # printer's support for different versions of the SNMP specification. |
---|
[1002] | 320 | # |
---|
[1055] | 321 | # |
---|
| 322 | # Some examples and comments provided by Bob Martel from csuohio.edu |
---|
| 323 | # |
---|
| 324 | # For several printers I could not get the page count using snmpget. I |
---|
| 325 | # resorted to snmpwalk: |
---|
| 326 | # |
---|
| 327 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public %(printer)s | grep mib-2.43.10.2.1.4.1.1 | cut -d " " -f4) |
---|
| 328 | # |
---|
| 329 | # The last example is still more ugly, some of the printers only provided |
---|
| 330 | # their counters without names, but at least always on the same line: |
---|
| 331 | # |
---|
| 332 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public -Ov %(printer)s | grep Counter32 | tail -2 | head -1 | cut -d " " -f2) |
---|
| 333 | # |
---|
| 334 | # |
---|
[1093] | 335 | # An example using netcat and a preformatted PJL job which you can find |
---|
| 336 | # in the untested/pjl directory, which is sent to a JetDirect print |
---|
| 337 | # server on port 9100 : |
---|
| 338 | # |
---|
[1094] | 339 | # requester: external(/bin/nc -w 2 %(printer)s 9100 <pagecount.pjl | /usr/bin/tail -2) |
---|
[1093] | 340 | # |
---|
| 341 | # |
---|
[1002] | 342 | # WARNING : In any case, when using an external requester, please test the command line outside |
---|
| 343 | # of PyKota before. This will save you some headaches in case it doesn't work as expected. |
---|
[1095] | 344 | # |
---|
| 345 | # The waitprinter.sh is there to wait until the printer is idle again. |
---|
| 346 | # This should prevent a job to be sent to the printer while another one is |
---|
| 347 | # not yet finished (not all pages are printed, but the complete job is in |
---|
| 348 | # the printer) |
---|
| 349 | requester: external(/usr/bin/waitprinter.sh %(printer)s && /usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
[806] | 350 | |
---|
[695] | 351 | # Default policy for inexistant users (e.g. root) |
---|
[1152] | 352 | # either allow or deny or external(some command here) |
---|
[806] | 353 | # This value can be set either globally or per printer or both. |
---|
| 354 | # If both are defined, the printer option has priority. |
---|
[956] | 355 | # If the value is not set then the default policy DENY applies. |
---|
| 356 | # ATTENTION : |
---|
[960] | 357 | # Before 1.04 the default value was ALLOW, but unknown users |
---|
[956] | 358 | # allowed to print causes accuracy problems : their jobs are |
---|
| 359 | # charged to the next person who prints on the same printer. |
---|
[1038] | 360 | # There's no policy wrt inexistant groups, they are ignored. |
---|
[1152] | 361 | # |
---|
| 362 | # external policy can be used to launch any external command of your choice, |
---|
| 363 | # for example to automatically add the user to the quota storage |
---|
| 364 | # if he is unknown. Example : |
---|
| 365 | # |
---|
[1197] | 366 | # policy: external(/usr/bin/edpykota --add --printer %(printername)s --softlimit 50 --hardlimit 60 %(username)s >/dev/null) |
---|
[1152] | 367 | # |
---|
| 368 | # Of course you can launch any command of your choice with this, e.g. : |
---|
| 369 | # |
---|
[1197] | 370 | # policy: external(/usr/local/bin/myadminscript.sh %(username)s >/dev/null) |
---|
[1196] | 371 | |
---|
| 372 | # You can use : |
---|
[1152] | 373 | # |
---|
[1196] | 374 | # '%(username)s' will contain the user's name |
---|
| 375 | # '%(printername)s' will contain the printer's name |
---|
| 376 | # |
---|
| 377 | # On your command line, to pass arguments to your command. |
---|
| 378 | # |
---|
| 379 | # NB : Don't forget to redirect your command's standard output somewhere |
---|
| 380 | # (e.g. >/dev/null) so that there's no perturbation to the underlying |
---|
| 381 | # layer (filter or backend) |
---|
| 382 | # |
---|
| 383 | # If the user still doesn't exist after external policy command was |
---|
| 384 | # launched (the external command didn't add it), or if an error occured |
---|
| 385 | # during the execution of the external policy command, the job is rejected. |
---|
| 386 | # |
---|
[956] | 387 | policy: deny |
---|