root / pykota / trunk / initscripts / ldap / README.ldap @ 3481

Revision 3481, 4.8 kB (checked in by jerome, 15 years ago)

Changed copyright years.
Copyright years are now dynamic when displayed by a command line tool.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
RevLine 
[1015]1# $Id$
2
[3259]3PyKota - Print Quotas for CUPS
[1015]4
[3481]5(c) 2003-2009 Jerome Alet <alet@librelogiciel.com>
[3259]6This program is free software: you can redistribute it and/or modify
[1015]7it under the terms of the GNU General Public License as published by
[3259]8the Free Software Foundation, either version 3 of the License, or
[1015]9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
[3259]17along with this program.  If not, see <http://www.gnu.org/licenses/>.
[1015]18
19============================================================
20
21Documentation :
[3336]22===============
[1015]23
[3413]24OpenLDAP :
[3336]25----------
[1015]26
[3413]27    The pykota.schema file can be used to modify an existing OpenLDAP
28    directory to add the necessary object classes and attributes for
[3336]29    use with PyKota.
[3413]30
[1016]31    Include it in your LDAP server's configuration.
[2361]32    For example, with OpenLDAP under Debian :
[3413]33
[1016]34        $ cp pykota.schema /etc/ldap/schema
[2361]35        (no need to do this if you install from PyKota's Debian package)
[3277]36
[3413]37    NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is
38        referenced, substitute /etc/openldap. e.g.
[3277]39
40        $ cp pykota.schema /etc/openldap/schema
[3413]41
42    Then edit /etc/ldap/slapd.conf and add a line to
[1016]43    include the PyKota schema. You should have something
44    like :
[3413]45
[1016]46        # Schema and objectClass definitions
47        include         /etc/ldap/schema/core.schema
48        include         /etc/ldap/schema/cosine.schema
49        include         /etc/ldap/schema/nis.schema
50        include         /etc/ldap/schema/inetorgperson.schema
51        include         /etc/ldap/schema/pykota.schema
[3413]52
53    While this is not mandatory, you may want to create
[1163]54    some indexes to speed things up a bit :
[3413]55
[1163]56      You should already have these :
[3413]57
[1163]58        index objectClass eq
59        index cn pres,eq,sub
60        index uid pres,eq,sub
[3413]61
62      But we recommend that you add these :
63
[1200]64        index pykotaUserName pres,eq,sub
65        index pykotaGroupName pres,eq,sub
66        index pykotaPrinterName pres,eq,sub
[2361]67        index pykotaBillingCode pres,eq,sub
[1163]68        index pykotaLastJobIdent eq
[3413]69
[2576]70    Now you must ensure that the DNs PyKota will use to bind to
[1352]71    your OpenLDAP server don't have search queries size limits,
72    which gives for example (OpenLDAP 2.1.x or above) :
[3413]73
[2576]74        limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
75        limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
[3413]76
[2576]77    Where pykotaadmin and pykotauser are the usernames used to bind to your
[3413]78    OpenLDAP server within PyKota, respectively in complete ReadWrite mode
[1352]79    (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf).
[3413]80
[2576]81    NB : YOU have to define the ACLs necessary for user pykotaadmin to
82    have unlimited Read+Write access to your LDAP tree, and for user
83    pykotauser to have unlimited ReadOnly access to your LDAP tree.
84    In the sentence above, "unlimited" means no limit with regard to
85    the number of records returned by a search operation. Of course
86    you may want to restrict the access to only some attributes, but
[2911]87    this is up to you to decide. An example giving full write access
88    to the pykotaadmin user is :
[3413]89
90        access to dn.subtree="ou=PyKota,dc=example,dc=com"
91               by dn="cn=pykotaadmin,dc=example,dc=com" write
92
93        access to dn.subtree="ou=People,dc=example,dc=com"
94               by dn="cn=pykotaadmin,dc=example,dc=com" write
95
96        access to dn.subtree="ou=Groups,dc=example,dc=com"
97               by dn="cn=pykotaadmin,dc=example,dc=com" write
98
[2911]99    Please adapt this to your own needs and configuration.
[3413]100
101    Now, stop the OpenLDAP server :
102
[2576]103        $ /etc/init.d/slapd stop
[3413]104
105    Generate the index files :
106
[2576]107        $ slapindex
[3413]108
109    And finally restart the OpenLDAP server :
110
[2576]111        $ /etc/init.d/slapd start
[1015]112
[3413]113    NB: On Red Hat-based distros, use '/sbin/service ldap stop' and
[3277]114        '/sbin/service ldap start' instead.
[3413]115
116Sun Directory Server :
[3336]117----------------------
[1015]118
[3343]119    See README.sunds
[3413]120
121Initial datas :
[3336]122===============
[3413]123
124    You can use the pykota-sample.ldif file to initialize an LDAP tree
[3336]125    for PyKota, if you want.
[3413]126
[1200]127    The structure used in this file is NOT mandatory !
128    Provided you put correct parameters into /etc/pykota/pykota.conf,
129    you can structure your LDAP directory the way you want.
[3413]130
131To use an LDAP directory as the Quota Storage, just modify
[3336]132~pykota/pykota.conf to make it contain lines similar to the LDAP
[1036]133related ones in conf/pykota.conf.sample, but adapted to your
134own configuration. Also de-activate the PostgreSQL-related lines.
[3413]135Don't forget to adapt ~pykota/pykotadmin.conf as well.
[1015]136============================================================
Note: See TracBrowser for help on using the browser.