1 | # PyKota sample configuration file |
---|
2 | # |
---|
3 | # Copy this file into the /etc/pykota/ directory |
---|
4 | # under the name /etc/pykota/pykota.conf |
---|
5 | # |
---|
6 | # PyKota - Print Quotas for CUPS and LPRng |
---|
7 | # |
---|
8 | # (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
9 | # This program is free software; you can redistribute it and/or modify |
---|
10 | # it under the terms of the GNU General Public License as published by |
---|
11 | # the Free Software Foundation; either version 2 of the License, or |
---|
12 | # (at your option) any later version. |
---|
13 | # |
---|
14 | # This program is distributed in the hope that it will be useful, |
---|
15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
17 | # GNU General Public License for more details. |
---|
18 | # |
---|
19 | # You should have received a copy of the GNU General Public License |
---|
20 | # along with this program; if not, write to the Free Software |
---|
21 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
22 | # |
---|
23 | # $Id$ |
---|
24 | # |
---|
25 | |
---|
26 | [global] |
---|
27 | # Storage backend for quotas |
---|
28 | # only PGStorage (PostgreSQL) and LDAPStorage (OpenLDAP) are supported. |
---|
29 | # MySQL and BerkeleyDB are planned. |
---|
30 | |
---|
31 | # the 'postgresql' value is deprecated, use 'pgstorage' instead. |
---|
32 | storagebackend: pgstorage |
---|
33 | |
---|
34 | # Quota Storage Server hostname (and optional port) |
---|
35 | # e.g. db.mydomain.com:5432 |
---|
36 | storageserver: localhost |
---|
37 | |
---|
38 | # |
---|
39 | # name of the Quota Storage Database |
---|
40 | storagename: pykota |
---|
41 | |
---|
42 | # |
---|
43 | # Quota Storage normal user's name and password |
---|
44 | # These two fields contain a username and optional password |
---|
45 | # which may give readonly access to your print quota database. |
---|
46 | # |
---|
47 | # PLEASE ENSURE THAT THIS USER CAN'T WRITE TO YOUR PRINT QUOTA |
---|
48 | # DATABASE, OTHERWISE ANY USER WHO COULD READ THIS CONFIGURATION |
---|
49 | # FILE COULD CHANGE HIS PRINT QUOTA. |
---|
50 | # |
---|
51 | storageuser: pykotauser |
---|
52 | # storageuserpw: Comment out if unused, or set to Quota Storage user password |
---|
53 | |
---|
54 | # Should the database caching mechanism be enabled or not ? |
---|
55 | # If unset, caching is disabled. Possible values Y/N/YES/NO |
---|
56 | # caching mechanism works with both PostgreSQL and OpenLDAP backends |
---|
57 | # but may be really interesting only with OpenLDAP. |
---|
58 | # |
---|
59 | # ACTIVATING CACHE IS HEAVILY RECOMMANDED WITH THE LDAP BACKEND ! |
---|
60 | # |
---|
61 | storagecaching: No |
---|
62 | |
---|
63 | # Should full job history be disabled ? |
---|
64 | # If unset or set to No, full job history is kept in the database. |
---|
65 | # This will be useful in the future when the report generator |
---|
66 | # will be written. |
---|
67 | # Disabling the job history can be useful with heavily loaded |
---|
68 | # LDAP servers, to not make the LDAP tree grow out of control. |
---|
69 | # Disabling the job history with the PostgreSQL backend works too |
---|
70 | # but it's probably less useful than with LDAP. |
---|
71 | disablehistory: No |
---|
72 | |
---|
73 | # LDAP example, uncomment and adapt it to your own configuration : |
---|
74 | #storagebackend: ldapstorage |
---|
75 | #storageserver: ldap://ldap.librelogiciel.com:389 |
---|
76 | #storagename: dc=librelogiciel,dc=com |
---|
77 | #storageuser: cn=notadmin,dc=librelogiciel,dc=com |
---|
78 | #storageuserpw: abc.123 |
---|
79 | # |
---|
80 | # Here we define some helpers to know where |
---|
81 | # to plug into an existing LDAP directory |
---|
82 | #userbase: ou=People,dc=librelogiciel,dc=com |
---|
83 | #userrdn: uid |
---|
84 | #balancebase: ou=People,dc=librelogiciel,dc=com |
---|
85 | #balancerdn: uid |
---|
86 | #groupbase: ou=Groups,dc=librelogiciel,dc=com |
---|
87 | #grouprdn: cn |
---|
88 | #printerbase: ou=Printers,ou=PyKota,dc=librelogiciel,dc=com |
---|
89 | #printerrdn: cn |
---|
90 | #jobbase: ou=Jobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
91 | #userquotabase: ou=UQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
92 | #groupquotabase: ou=GQuotas,ou=PyKota,dc=librelogiciel,dc=com |
---|
93 | #lastjobbase: ou=LastJobs,ou=PyKota,dc=librelogiciel,dc=com |
---|
94 | # |
---|
95 | # How to create new accounts and groups |
---|
96 | # authorized values are "below" and "attach(objectclass name)" |
---|
97 | # |
---|
98 | # "below" creates the new accounts/groups as standalone entries |
---|
99 | # below the above defined 'userbase' ou |
---|
100 | # |
---|
101 | # attach(objectclass name) tries to find some existing user/group |
---|
102 | # using the above defined 'userrdn' or 'grouprdn' and 'userbase' |
---|
103 | # 'groupbase', and attach the PyKota specific entries to it. |
---|
104 | # |
---|
105 | # a possible value: newuser: attach(posixAccount) |
---|
106 | #newuser : below |
---|
107 | #newgroup : below |
---|
108 | # |
---|
109 | # LDAP attribute which stores the user's email address |
---|
110 | #usermail : mail |
---|
111 | |
---|
112 | # |
---|
113 | # Choose what attribute contains the list of group members |
---|
114 | # common values are : memberUid, uniqueMember, member |
---|
115 | #groupmembers: memberUid |
---|
116 | |
---|
117 | # Where to log ? |
---|
118 | # supported values : stderr, system (system means syslog, but don't use 'syslog' here) |
---|
119 | # if the value is not set then the default SYSTEM applies. |
---|
120 | logger: system |
---|
121 | |
---|
122 | # Enable debugging ? Put YES instead here, |
---|
123 | # but only if something went wrong and you want |
---|
124 | # to learn from where the problem comes from. |
---|
125 | # Actually only database queries are logged. |
---|
126 | debug : No |
---|
127 | |
---|
128 | # Mail server to use to warn users |
---|
129 | # If the value is not set then localhost is used. |
---|
130 | smtpserver: localhost |
---|
131 | |
---|
132 | # What is the accounting backend to use |
---|
133 | # |
---|
134 | # supported values : |
---|
135 | # |
---|
136 | # - querying : asks the printer for its lifetime page counter |
---|
137 | # via either SNMP, AppleTalk, or any external |
---|
138 | # command. This method is the method used by |
---|
139 | # default in PyKota since its beginning. |
---|
140 | # |
---|
141 | # - external : delegates the job's size computation to any |
---|
142 | # external command of your choice. A stupid and |
---|
143 | # completely unreliable example, but which |
---|
144 | # shows what this command may be is : |
---|
145 | # |
---|
146 | # accounter: external(/bin/grep -c showpage) |
---|
147 | # |
---|
148 | # Another one, which should work with all DSC |
---|
149 | # compliant Postscript files : |
---|
150 | # |
---|
151 | # accounter: external(/bin/grep -c "%%Page:") |
---|
152 | # |
---|
153 | # - stupid : counts the occurences of the 'showpage' postscript |
---|
154 | # statement in the document to be printed. |
---|
155 | # THIS IS NOT RELIABLE. This is just to serve as |
---|
156 | # an example on how to implement your own accounting |
---|
157 | # method. |
---|
158 | # |
---|
159 | # This value can be set either globally or on a per printer basis |
---|
160 | # If both are defined, the printer option has priority. |
---|
161 | # if not set it defaults to 'querying'. |
---|
162 | # |
---|
163 | # A script which seems to be accurate, copy it from the |
---|
164 | # untested/postscript directory to another place. |
---|
165 | # accounter: external(/usr/local/bin/pagecount.sh) |
---|
166 | # WARNING : it may not work when multiple copies are asked. |
---|
167 | # this breaks ghostscript, I don't know why yet. |
---|
168 | # |
---|
169 | # default value |
---|
170 | accounter: querying |
---|
171 | |
---|
172 | # Print Quota administrator |
---|
173 | # These values can be set either globally or per printer or both. |
---|
174 | # If both are defined, the printer option has priority. |
---|
175 | # If these values are not set, the default admin root |
---|
176 | # and the default adminmail root@localhost are used. |
---|
177 | admin: Jerome Alet |
---|
178 | adminmail: alet@librelogiciel.com |
---|
179 | |
---|
180 | # |
---|
181 | # Who should we send an email to in case a quota is reached ? |
---|
182 | # possible values are : DevNull, User, Admin, Both |
---|
183 | # The Both value means that the User and the Admin will receive |
---|
184 | # an email message. |
---|
185 | # The DevNull value means no email message will be sent. |
---|
186 | # This value can be set either globally or per printer or both. |
---|
187 | # If both are defined, the printer option has priority. |
---|
188 | # If the value is not set, then the default BOTH applies. |
---|
189 | mailto: both |
---|
190 | |
---|
191 | # |
---|
192 | # Grace delay in days |
---|
193 | # This value can be set either globally or per printer or both. |
---|
194 | # If both are defined, the printer option has priority. |
---|
195 | # If the value is not set then the default seven (7) days applies. |
---|
196 | gracedelay: 7 |
---|
197 | |
---|
198 | # |
---|
199 | # Poor man's threshold |
---|
200 | # If account balance reaches below this amount, |
---|
201 | # a warning message is sent by email |
---|
202 | # |
---|
203 | # If unset, default poor man's threshold is 1.0. |
---|
204 | # This option can only appear in the global section |
---|
205 | poorman: 2.0 |
---|
206 | |
---|
207 | # Poor man's warning message |
---|
208 | # The warning message that is sent if the "poorman" value is reached |
---|
209 | # Again this must appear in the global section |
---|
210 | poorwarn: Your Print Quota account balance is low. |
---|
211 | Soon you'll not be allowed to print anymore. |
---|
212 | |
---|
213 | # Soft limit reached warning message |
---|
214 | # The warning message that is sent if the soft quota limit is reached |
---|
215 | # May appear either globally or on a per-printer basis |
---|
216 | softwarn: Your Print Quota Soft Limit is reached. |
---|
217 | This means that you may still be allowed to print for some |
---|
218 | time, but you must contact your administrator to purchase |
---|
219 | more print quota. |
---|
220 | |
---|
221 | # Hard limit reached error message |
---|
222 | # The error message that is sent if the hard quota limit is reached |
---|
223 | # May appear either globally or on a per-printer basis |
---|
224 | hardwarn: Your Print Quota Hard Limit is reached. |
---|
225 | This means that you are not allowed to print anymore. |
---|
226 | Please contact your administrator at root@localhost |
---|
227 | as soon as possible to solve the problem. |
---|
228 | |
---|
229 | # one section per printer, or no other section at all if all options |
---|
230 | # are defined globally. |
---|
231 | # Each section's name must be the same as the printer's queue name as defined |
---|
232 | # in your printing system, be it CUPS or LPRng. |
---|
233 | # If you don't want any special printer section, just comment out |
---|
234 | # the line below so that following options are global. |
---|
235 | [hpmarketing] |
---|
236 | |
---|
237 | # How to query the hpmarketing printer for its page counter. |
---|
238 | # THIS IS ONLY USED IF YOU HAVE SET 'accounter' TO 'querying' |
---|
239 | # JUST COMMENT IT OUT IF YOU USE ANY OTHER ACCOUNTING METHOD. |
---|
240 | # (it would be ignored anyway) |
---|
241 | # |
---|
242 | # In the lines below "%(printer)s" is automatically replaced |
---|
243 | # at run time with your printer's Fully Qualified Domain Name |
---|
244 | # e.g. myprinter.domain.com |
---|
245 | # |
---|
246 | # Only snmp(community, oid) and external(command) are supported |
---|
247 | # |
---|
248 | # Example : |
---|
249 | # requester: external(/usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
250 | # and : |
---|
251 | # requester: snmp(public, mib-2.43.10.2.1.4.1.1) |
---|
252 | # are equivalent |
---|
253 | # |
---|
254 | # Another untested example, using npadmin : |
---|
255 | # requester: external(/usr/bin/npadmin --pagecount %(printer)s) |
---|
256 | # |
---|
257 | # Another example, for AppleTalk printers which works fine : |
---|
258 | # (You may need the pap CUPS backend installed, and copy the |
---|
259 | # pagecount.ps file from untested/netatalk into /etc or any |
---|
260 | # appropriate location) |
---|
261 | # requester: external(/usr/bin/pap -p "%(printer)s:LaserWriter" /etc/pagecount.ps 2>/dev/null | grep -v status | grep -v Connect | tail -1) |
---|
262 | # |
---|
263 | # This value can be set either globally or per printer or both. |
---|
264 | # If both are defined, the printer option has priority. |
---|
265 | # |
---|
266 | # NB : The SNMP oid mib-2.43.10.2.1.4.1.1 works on HP Laserjet Printers, but it may |
---|
267 | # be different with other brands, refer to your printer's documentation |
---|
268 | # for details. Also you may have to specify -v2c or -v3 depending on your |
---|
269 | # printer's support for different versions of the SNMP specification. |
---|
270 | # |
---|
271 | # |
---|
272 | # Some examples and comments provided by Bob Martel from csuohio.edu |
---|
273 | # |
---|
274 | # For several printers I could not get the page count using snmpget. I |
---|
275 | # resorted to snmpwalk: |
---|
276 | # |
---|
277 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public %(printer)s | grep mib-2.43.10.2.1.4.1.1 | cut -d " " -f4) |
---|
278 | # |
---|
279 | # The last example is still more ugly, some of the printers only provided |
---|
280 | # their counters without names, but at least always on the same line: |
---|
281 | # |
---|
282 | # requester: external(/opt/local/net-snmp/bin/snmpwalk -v 1 -Cc -c public -Ov %(printer)s | grep Counter32 | tail -2 | head -1 | cut -d " " -f2) |
---|
283 | # |
---|
284 | # |
---|
285 | # An example using netcat and a preformatted PJL job which you can find |
---|
286 | # in the untested/pjl directory, which is sent to a JetDirect print |
---|
287 | # server on port 9100 : |
---|
288 | # |
---|
289 | # requester: external(/bin/nc -w 2 %(printer)s 9100 <pagecount.pjl | /usr/bin/tail -2) |
---|
290 | # |
---|
291 | # |
---|
292 | # WARNING : In any case, when using an external requester, please test the command line outside |
---|
293 | # of PyKota before. This will save you some headaches in case it doesn't work as expected. |
---|
294 | # |
---|
295 | # The waitprinter.sh is there to wait until the printer is idle again. |
---|
296 | # This should prevent a job to be sent to the printer while another one is |
---|
297 | # not yet finished (not all pages are printed, but the complete job is in |
---|
298 | # the printer) |
---|
299 | requester: external(/usr/bin/waitprinter.sh %(printer)s && /usr/bin/snmpget -v1 -c public -Ov %(printer)s mib-2.43.10.2.1.4.1.1 | cut -f 2,2 -d " ") |
---|
300 | |
---|
301 | # Default policy for inexistant users (e.g. root) |
---|
302 | # either allow or deny or external(some command here) |
---|
303 | # This value can be set either globally or per printer or both. |
---|
304 | # If both are defined, the printer option has priority. |
---|
305 | # If the value is not set then the default policy DENY applies. |
---|
306 | # ATTENTION : |
---|
307 | # Before 1.04 the default value was ALLOW, but unknown users |
---|
308 | # allowed to print causes accuracy problems : their jobs are |
---|
309 | # charged to the next person who prints on the same printer. |
---|
310 | # There's no policy wrt inexistant groups, they are ignored. |
---|
311 | # |
---|
312 | # external policy can be used to launch any external command of your choice, |
---|
313 | # for example to automatically add the user to the quota storage |
---|
314 | # if he is unknown. Example : |
---|
315 | # |
---|
316 | # policy: external(/usr/bin/edpykota --add --printer %(printer)s --softlimit 50 --hardlimit 60 %(user)s) |
---|
317 | # |
---|
318 | # NB : '%(user)s' and '%(printer)s' will be automatically replaced |
---|
319 | # by the user and printer names. |
---|
320 | # |
---|
321 | # Of course you can launch any command of your choice with this, e.g. : |
---|
322 | # |
---|
323 | # policy: external(/usr/local/bin/myadminscript.sh %(user)s) |
---|
324 | # |
---|
325 | policy: deny |
---|