root / pykota / trunk / initscripts / ldap / README.ldap @ 3489

Revision 3481, 4.8 kB (checked in by jerome, 16 years ago)

Changed copyright years.
Copyright years are now dynamic when displayed by a command line tool.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quotas for CUPS
4
5(c) 2003-2009 Jerome Alet <alet@librelogiciel.com>
6This program is free software: you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation, either version 3 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
19============================================================
20
21Documentation :
22===============
23
24OpenLDAP :
25----------
26
27    The pykota.schema file can be used to modify an existing OpenLDAP
28    directory to add the necessary object classes and attributes for
29    use with PyKota.
30
31    Include it in your LDAP server's configuration.
32    For example, with OpenLDAP under Debian :
33
34        $ cp pykota.schema /etc/ldap/schema
35        (no need to do this if you install from PyKota's Debian package)
36
37    NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is
38        referenced, substitute /etc/openldap. e.g.
39
40        $ cp pykota.schema /etc/openldap/schema
41
42    Then edit /etc/ldap/slapd.conf and add a line to
43    include the PyKota schema. You should have something
44    like :
45
46        # Schema and objectClass definitions
47        include         /etc/ldap/schema/core.schema
48        include         /etc/ldap/schema/cosine.schema
49        include         /etc/ldap/schema/nis.schema
50        include         /etc/ldap/schema/inetorgperson.schema
51        include         /etc/ldap/schema/pykota.schema
52
53    While this is not mandatory, you may want to create
54    some indexes to speed things up a bit :
55
56      You should already have these :
57
58        index objectClass eq
59        index cn pres,eq,sub
60        index uid pres,eq,sub
61
62      But we recommend that you add these :
63
64        index pykotaUserName pres,eq,sub
65        index pykotaGroupName pres,eq,sub
66        index pykotaPrinterName pres,eq,sub
67        index pykotaBillingCode pres,eq,sub
68        index pykotaLastJobIdent eq
69
70    Now you must ensure that the DNs PyKota will use to bind to
71    your OpenLDAP server don't have search queries size limits,
72    which gives for example (OpenLDAP 2.1.x or above) :
73
74        limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
75        limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
76
77    Where pykotaadmin and pykotauser are the usernames used to bind to your
78    OpenLDAP server within PyKota, respectively in complete ReadWrite mode
79    (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf).
80
81    NB : YOU have to define the ACLs necessary for user pykotaadmin to
82    have unlimited Read+Write access to your LDAP tree, and for user
83    pykotauser to have unlimited ReadOnly access to your LDAP tree.
84    In the sentence above, "unlimited" means no limit with regard to
85    the number of records returned by a search operation. Of course
86    you may want to restrict the access to only some attributes, but
87    this is up to you to decide. An example giving full write access
88    to the pykotaadmin user is :
89
90        access to dn.subtree="ou=PyKota,dc=example,dc=com"
91               by dn="cn=pykotaadmin,dc=example,dc=com" write
92
93        access to dn.subtree="ou=People,dc=example,dc=com"
94               by dn="cn=pykotaadmin,dc=example,dc=com" write
95
96        access to dn.subtree="ou=Groups,dc=example,dc=com"
97               by dn="cn=pykotaadmin,dc=example,dc=com" write
98
99    Please adapt this to your own needs and configuration.
100
101    Now, stop the OpenLDAP server :
102
103        $ /etc/init.d/slapd stop
104
105    Generate the index files :
106
107        $ slapindex
108
109    And finally restart the OpenLDAP server :
110
111        $ /etc/init.d/slapd start
112
113    NB: On Red Hat-based distros, use '/sbin/service ldap stop' and
114        '/sbin/service ldap start' instead.
115
116Sun Directory Server :
117----------------------
118
119    See README.sunds
120
121Initial datas :
122===============
123
124    You can use the pykota-sample.ldif file to initialize an LDAP tree
125    for PyKota, if you want.
126
127    The structure used in this file is NOT mandatory !
128    Provided you put correct parameters into /etc/pykota/pykota.conf,
129    you can structure your LDAP directory the way you want.
130
131To use an LDAP directory as the Quota Storage, just modify
132~pykota/pykota.conf to make it contain lines similar to the LDAP
133related ones in conf/pykota.conf.sample, but adapted to your
134own configuration. Also de-activate the PostgreSQL-related lines.
135Don't forget to adapt ~pykota/pykotadmin.conf as well.
136============================================================
Note: See TracBrowser for help on using the browser.