root / pykota / trunk / conf / pykota.conf.sample @ 1185

Revision 1152, 12.5 kB (checked in by jalet, 21 years ago)

External policies for printers works !
We can now auto-add users on first print, and do other useful things if needed.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# PyKota sample configuration file
2#
3# Copy this file into the /etc/pykota/ directory
4# under the name /etc/pykota/pykota.conf
5#
6# PyKota - Print Quotas for CUPS and LPRng
7#
8# (c) 2003 Jerome Alet <alet@librelogiciel.com>
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; either version 2 of the License, or
12# (at your option) any later version.
13#
14# This program is distributed in the hope that it will be useful,
15# but WITHOUT ANY WARRANTY; without even the implied warranty of
16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17# GNU General Public License for more details.
18#
19# You should have received a copy of the GNU General Public License
20# along with this program; if not, write to the Free Software
21# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
22#
23# $Id$
24#
25
26[global]
27# Storage backend for quotas
28# only PGStorage (PostgreSQL) and LDAPStorage (OpenLDAP) are supported.
29# MySQL and BerkeleyDB are planned.
30
31# the 'postgresql' value is deprecated, use 'pgstorage' instead.
32storagebackend: pgstorage
33
34# Quota Storage Server hostname (and optional port)
35# e.g. db.mydomain.com:5432
36storageserver: localhost
37
38#
39# name of the Quota Storage Database
40storagename: pykota
41
42#
43# Quota Storage normal user's name and password
44# These two fields contain a username and optional password
45# which may give readonly access to your print quota database.
46#
47# PLEASE ENSURE THAT THIS USER CAN'T WRITE TO YOUR PRINT QUOTA
48# DATABASE, OTHERWISE ANY USER WHO COULD READ THIS CONFIGURATION
49# FILE COULD CHANGE HIS PRINT QUOTA.
50#
51storageuser: pykotauser
52# storageuserpw: Comment out if unused, or set to Quota Storage user password
53
54# Should the database caching mechanism be enabled or not ?
55# If unset, caching is disabled. Possible values Y/N/YES/NO
56# caching mechanism works with both PostgreSQL and OpenLDAP backends
57# but may be really interesting only with OpenLDAP.
58#
59# ACTIVATING CACHE IS HEAVILY RECOMMANDED WITH THE LDAP BACKEND !
60#
61storagecaching: No
62
63# Should full job history be disabled ?
64# If unset or set to No, full job history is kept in the database.
65# This will be useful in the future when the report generator
66# will be written.
67# Disabling the job history can be useful with heavily loaded
68# LDAP servers, to not make the LDAP tree grow out of control.
69# Disabling the job history with the PostgreSQL backend works too
70# but it's probably less useful than with LDAP.
71disablehistory: No
72
73# LDAP example, uncomment and adapt it to your own configuration :
74#storagebackend: ldapstorage
75#storageserver: ldap://ldap.librelogiciel.com:389
76#storagename: dc=librelogiciel,dc=com
77#storageuser: cn=notadmin,dc=librelogiciel,dc=com
78#storageuserpw: abc.123
79#
80# Here we define some helpers to know where
81# to plug into an existing LDAP directory
82#userbase: ou=People,dc=librelogiciel,dc=com
83#userrdn: uid
84#balancebase: ou=People,dc=librelogiciel,dc=com
85#balancerdn: uid
86#groupbase: ou=Groups,dc=librelogiciel,dc=com
87#grouprdn: cn
88#printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com
89#printerrdn: cn
90#jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com
91#userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com
92#groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com
93#lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com
94#
95# How to create new accounts and groups
96# authorized values are "below" and "attach(objectclass name)"
97#
98# "below" creates the new accounts/groups as standalone entries
99# below the above defined 'userbase' ou
100#
101# attach(objectclass name) tries to find some existing user/group
102# using the above defined 'userrdn' or 'grouprdn' and 'userbase'
103# 'groupbase', and attach the PyKota specific entries to it.
104#
105# a possible value:  newuser: attach(posixAccount)
106#newuser : below
107#newgroup : below
108#
109# LDAP attribute which stores the user's email address
110#usermail : mail
111
112#
113# Choose what attribute contains the list of group members
114# common values are : memberUid, uniqueMember, member
115#groupmembers: memberUid
116
117# Where to log ?
118# supported values : stderr, system (system means syslog, but don't use 'syslog' here)
119# if the value is not set then the default SYSTEM applies.
120logger: system
121
122# Enable debugging ? Put YES instead here,
123# but only if something went wrong and you want
124# to learn from where the problem comes from.
125# Actually only database queries are logged.
126debug : No
127
128# Mail server to use to warn users
129# If the value is not set then localhost is used.
130smtpserver: localhost
131
132# What is the accounting backend to use
133#
134# supported values :
135#
136#    - querying : asks the printer for its lifetime page counter
137#                 via either SNMP, AppleTalk, or any external
138#                 command. This method is the method used by
139#                 default in PyKota since its beginning.
140#
141#    - external : delegates the job's size computation to any
142#                 external command of your choice. A stupid and
143#                 completely unreliable example, but which
144#                 shows what this command may be is :
145#
146#                   accounter: external(/bin/grep -c showpage)
147#
148#                 Another one, which should work with all DSC
149#                 compliant Postscript files :
150#
151#                   accounter: external(/bin/grep -c "%%Page:")
152#
153#    - stupid : counts the occurences of the 'showpage' postscript
154#               statement in the document to be printed.
155#               THIS IS NOT RELIABLE. This is just to serve as
156#               an example on how to implement your own accounting
157#               method.
158#
159# This value can be set either globally or on a per printer basis
160# If both are defined, the printer option has priority.
161# if not set it defaults to 'querying'.
162#
163# A script which seems to be accurate, copy it from the
164# untested/postscript directory to another place.
165# accounter: external(/usr/local/bin/pagecount.sh)
166# WARNING : it may not work when multiple copies are asked.
167#           this breaks ghostscript, I don't know why yet.
168#
169# default value
170accounter: querying
171
172# Print Quota administrator
173# These values can be set either globally or per printer or both.
174# If both are defined, the printer option has priority.
175# If these values are not set, the default admin root
176# and the default adminmail root@localhost are used.
177admin: Jerome Alet
178adminmail: alet@librelogiciel.com
179
180#
181# Who should we send an email to in case a quota is reached ?
182# possible values are : DevNull, User, Admin, Both
183# The Both value means that the User and the Admin will receive
184# an email message.
185# The DevNull value means no email message will be sent.
186# This value can be set either globally or per printer or both.
187# If both are defined, the printer option has priority.
188# If the value is not set, then the default BOTH applies.
189mailto: both
190
191#
192# Grace delay in days
193# This value can be set either globally or per printer or both.
194# If both are defined, the printer option has priority.
195# If the value is not set then the default seven (7) days applies.
196gracedelay: 7
197
198#
199# Poor man's threshold
200# If account balance reaches below this amount,
201# a warning message is sent by email
202#
203# If unset, default poor man's threshold is 1.0.
204# This option can only appear in the global section
205poorman: 2.0
206
207# Poor man's warning message
208# The warning message that is sent if the "poorman" value is reached
209# Again this must appear in the global section
210poorwarn: Your Print Quota account balance is low.
211 Soon you'll not be allowed to print anymore.
212
213# Soft limit reached warning message
214# The warning message that is sent if the soft quota limit is reached
215# May appear either globally or on a per-printer basis
216softwarn: Your Print Quota Soft Limit is reached.
217 This means that you may still be allowed to print for some
218 time, but you must contact your administrator to purchase
219 more print quota.
220 
221# Hard limit reached error message
222# The error message that is sent if the hard quota limit is reached
223# May appear either globally or on a per-printer basis
224hardwarn: Your Print Quota Hard Limit is reached.
225 This means that you are not allowed to print anymore.
226 Please contact your administrator at root@localhost
227 as soon as possible to solve the problem.
228
229# one section per printer, or no other section at all if all options
230# are defined globally.
231# Each section's name must be the same as the printer's queue name as defined
232# in your printing system, be it CUPS or LPRng.
233# If you don't want any special printer section, just comment out
234# the line below so that following options are global.
235[hpmarketing]
236
237# How to query the hpmarketing printer for its page counter.
238# THIS IS ONLY USED IF YOU HAVE SET 'accounter' TO 'querying'
239# JUST COMMENT IT OUT IF YOU USE ANY OTHER ACCOUNTING METHOD.
240# (it would be ignored anyway)
241#
242# In the lines below "%(printer)s" is automatically replaced
243# at run time with your printer's Fully Qualified Domain Name
244# e.g. myprinter.domain.com
245#
246# Only snmp(community, oid) and external(command) are supported
247#
248# Example :
249#     requester: external(/usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ")
250# and :
251#     requester: snmp(public, mib-2.43.10.2.1.4.1.1)
252# are equivalent
253#
254# Another untested example, using npadmin :
255#     requester: external(/usr/bin/npadmin --pagecount %(printer)s)
256#
257# Another example, for AppleTalk printers which works fine :
258# (You may need the pap CUPS backend installed, and copy the
259# pagecount.ps file from untested/netatalk into /etc or any
260# appropriate location)
261#     requester: external(/usr/bin/pap -p "%(printer)s:LaserWriter" /etc/pagecount.ps  2>/dev/null | grep -v status | grep -v Connect | tail -1)
262#
263# This value can be set either globally or per printer or both.
264# If both are defined, the printer option has priority.
265#
266# NB : The SNMP oid mib-2.43.10.2.1.4.1.1 works on HP Laserjet Printers, but it may
267#      be different with other brands, refer to your printer's documentation
268#      for details. Also you may have to specify -v2c or -v3 depending on your
269#      printer's support for different versions of the SNMP specification.
270#
271#
272# Some examples and comments provided by Bob Martel from csuohio.edu
273#
274# For several printers I could not get the page count using snmpget.  I
275# resorted to snmpwalk:
276#
277# requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public %(printer)s | grep mib-2.43.10.2.1.4.1.1 | cut -d " " -f4)
278#
279# The last example is still more ugly, some of the printers only provided
280# their counters without names, but at least always on the same line:
281#
282# requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public -Ov %(printer)s | grep Counter32 | tail -2 | head -1 | cut -d " " -f2)
283#
284#
285# An example using netcat and a preformatted PJL job which you can find
286# in the untested/pjl directory, which is sent to a JetDirect print
287# server on port 9100 :
288#
289# requester: external(/bin/nc -w 2 %(printer)s 9100 <pagecount.pjl | /usr/bin/tail -2)
290#
291#
292# WARNING : In any case, when using an external requester, please test the command line outside
293#           of PyKota before. This will save you some headaches in case it doesn't work as expected.
294#
295# The waitprinter.sh is there to wait until the printer is idle again.
296# This should prevent a job to be sent to the printer while another one is
297# not yet finished (not all pages are printed, but the complete job is in
298# the printer)
299requester: external(/usr/bin/waitprinter.sh %(printer)s && /usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ")
300
301# Default policy for inexistant users (e.g. root)
302# either allow or deny or external(some command here)
303# This value can be set either globally or per printer or both.
304# If both are defined, the printer option has priority.
305# If the value is not set then the default policy DENY applies.
306# ATTENTION :
307#     Before 1.04 the default value was ALLOW, but unknown users
308#     allowed to print causes accuracy problems : their jobs are
309#     charged to the next person who prints on the same printer.
310# There's no policy wrt inexistant groups, they are ignored.
311#
312# external policy can be used to launch any external command of your choice,
313# for example to automatically add the user to the quota storage
314# if he is unknown. Example :
315#
316#       policy: external(/usr/bin/edpykota --add --printer %(printer)s --softlimit 50 --hardlimit 60 %(user)s)
317#
318#       NB : '%(user)s' and '%(printer)s' will be automatically replaced
319#            by the user and printer names.
320#
321# Of course you can launch any command of your choice with this, e.g. :
322#
323#       policy: external(/usr/local/bin/myadminscript.sh %(user)s)
324#
325policy: deny
Note: See TracBrowser for help on using the browser.