[1015] | 1 | # $Id$ |
---|
| 2 | |
---|
[3259] | 3 | PyKota - Print Quotas for CUPS |
---|
[1015] | 4 | |
---|
[3279] | 5 | (c) 2003, 2004, 2005, 2006, 2007, 2008 Jerome Alet <alet@librelogiciel.com> |
---|
[3259] | 6 | This program is free software: you can redistribute it and/or modify |
---|
[1015] | 7 | it under the terms of the GNU General Public License as published by |
---|
[3259] | 8 | the Free Software Foundation, either version 3 of the License, or |
---|
[1015] | 9 | (at your option) any later version. |
---|
| 10 | |
---|
| 11 | This program is distributed in the hope that it will be useful, |
---|
| 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 14 | GNU General Public License for more details. |
---|
| 15 | |
---|
| 16 | You should have received a copy of the GNU General Public License |
---|
[3259] | 17 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
---|
[1015] | 18 | |
---|
| 19 | ============================================================ |
---|
| 20 | |
---|
| 21 | Documentation : |
---|
[3336] | 22 | =============== |
---|
[1015] | 23 | |
---|
[3336] | 24 | OpenLDAP : |
---|
| 25 | ---------- |
---|
[1015] | 26 | |
---|
[3336] | 27 | The pykota.schema file can be used to modify an existing OpenLDAP |
---|
| 28 | directory to add the necessary object classes and attributes for |
---|
| 29 | use with PyKota. |
---|
[1016] | 30 | |
---|
| 31 | Include it in your LDAP server's configuration. |
---|
[2361] | 32 | For example, with OpenLDAP under Debian : |
---|
[1016] | 33 | |
---|
| 34 | $ cp pykota.schema /etc/ldap/schema |
---|
[2361] | 35 | (no need to do this if you install from PyKota's Debian package) |
---|
[3277] | 36 | |
---|
| 37 | NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is |
---|
| 38 | referenced, substitute /etc/openldap. e.g. |
---|
| 39 | |
---|
| 40 | $ cp pykota.schema /etc/openldap/schema |
---|
[1016] | 41 | |
---|
| 42 | Then edit /etc/ldap/slapd.conf and add a line to |
---|
| 43 | include the PyKota schema. You should have something |
---|
| 44 | like : |
---|
| 45 | |
---|
| 46 | # Schema and objectClass definitions |
---|
| 47 | include /etc/ldap/schema/core.schema |
---|
| 48 | include /etc/ldap/schema/cosine.schema |
---|
| 49 | include /etc/ldap/schema/nis.schema |
---|
| 50 | include /etc/ldap/schema/inetorgperson.schema |
---|
| 51 | include /etc/ldap/schema/pykota.schema |
---|
| 52 | |
---|
[1163] | 53 | While this is not mandatory, you may want to create |
---|
| 54 | some indexes to speed things up a bit : |
---|
| 55 | |
---|
| 56 | You should already have these : |
---|
| 57 | |
---|
| 58 | index objectClass eq |
---|
| 59 | index cn pres,eq,sub |
---|
| 60 | index uid pres,eq,sub |
---|
| 61 | |
---|
| 62 | But we recommend that you add these : |
---|
| 63 | |
---|
[1200] | 64 | index pykotaUserName pres,eq,sub |
---|
| 65 | index pykotaGroupName pres,eq,sub |
---|
| 66 | index pykotaPrinterName pres,eq,sub |
---|
[2361] | 67 | index pykotaBillingCode pres,eq,sub |
---|
[1163] | 68 | index pykotaLastJobIdent eq |
---|
| 69 | |
---|
[2576] | 70 | Now you must ensure that the DNs PyKota will use to bind to |
---|
[1352] | 71 | your OpenLDAP server don't have search queries size limits, |
---|
| 72 | which gives for example (OpenLDAP 2.1.x or above) : |
---|
| 73 | |
---|
[2576] | 74 | limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft |
---|
| 75 | limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft |
---|
[1352] | 76 | |
---|
[2576] | 77 | Where pykotaadmin and pykotauser are the usernames used to bind to your |
---|
| 78 | OpenLDAP server within PyKota, respectively in complete ReadWrite mode |
---|
[1352] | 79 | (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf). |
---|
| 80 | |
---|
[2576] | 81 | NB : YOU have to define the ACLs necessary for user pykotaadmin to |
---|
| 82 | have unlimited Read+Write access to your LDAP tree, and for user |
---|
| 83 | pykotauser to have unlimited ReadOnly access to your LDAP tree. |
---|
| 84 | In the sentence above, "unlimited" means no limit with regard to |
---|
| 85 | the number of records returned by a search operation. Of course |
---|
| 86 | you may want to restrict the access to only some attributes, but |
---|
[2911] | 87 | this is up to you to decide. An example giving full write access |
---|
| 88 | to the pykotaadmin user is : |
---|
[1016] | 89 | |
---|
[2911] | 90 | access to dn.subtree="ou=PyKota,dc=example,dc=com" |
---|
| 91 | by dn="cn=pykotaadmin,dc=example,dc=com" write |
---|
| 92 | |
---|
| 93 | access to dn.subtree="ou=People,dc=example,dc=com" |
---|
| 94 | by dn="cn=pykotaadmin,dc=example,dc=com" write |
---|
| 95 | |
---|
| 96 | access to dn.subtree="ou=Groups,dc=example,dc=com" |
---|
| 97 | by dn="cn=pykotaadmin,dc=example,dc=com" write |
---|
| 98 | |
---|
| 99 | Please adapt this to your own needs and configuration. |
---|
| 100 | |
---|
[2576] | 101 | Now, stop the OpenLDAP server : |
---|
| 102 | |
---|
| 103 | $ /etc/init.d/slapd stop |
---|
[3277] | 104 | |
---|
[2576] | 105 | Generate the index files : |
---|
| 106 | |
---|
| 107 | $ slapindex |
---|
| 108 | |
---|
| 109 | And finally restart the OpenLDAP server : |
---|
| 110 | |
---|
| 111 | $ /etc/init.d/slapd start |
---|
[1015] | 112 | |
---|
[3277] | 113 | NB: On Red Hat-based distros, use '/sbin/service ldap stop' and |
---|
| 114 | '/sbin/service ldap start' instead. |
---|
[3336] | 115 | |
---|
| 116 | Sun Directory Server : |
---|
| 117 | ---------------------- |
---|
[1015] | 118 | |
---|
[3336] | 119 | Use the pykota-schema-sunds.ldif file to make PyKota's LDAP schema known |
---|
| 120 | to your Sun Directory Server : |
---|
[1015] | 121 | |
---|
[3336] | 122 | % ldapmodify -h sunds.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif |
---|
| 123 | |
---|
| 124 | |
---|
| 125 | Initial datas : |
---|
| 126 | =============== |
---|
| 127 | |
---|
| 128 | You can use the pykota-sample.ldif file to initialize an LDAP tree |
---|
| 129 | for PyKota, if you want. |
---|
| 130 | |
---|
[1200] | 131 | The structure used in this file is NOT mandatory ! |
---|
| 132 | Provided you put correct parameters into /etc/pykota/pykota.conf, |
---|
| 133 | you can structure your LDAP directory the way you want. |
---|
| 134 | |
---|
[1036] | 135 | To use an LDAP directory as the Quota Storage, just modify |
---|
[3336] | 136 | ~pykota/pykota.conf to make it contain lines similar to the LDAP |
---|
[1036] | 137 | related ones in conf/pykota.conf.sample, but adapted to your |
---|
| 138 | own configuration. Also de-activate the PostgreSQL-related lines. |
---|
[3336] | 139 | Don't forget to adapt ~pykota/pykotadmin.conf as well. |
---|
[1015] | 140 | ============================================================ |
---|