root / pykota / trunk / initscripts / ldap / README.ldap @ 2984

Revision 2911, 4.6 kB (checked in by jerome, 18 years ago)

Added an example for ACLs.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quotas for CUPS and LPRng
4
5(c) 2003, 2004, 2005, 2006 Jerome Alet <alet@librelogiciel.com>
6This program is free software; you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation; either version 2 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program; if not, write to the Free Software
18Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
19
20============================================================
21
22Documentation :
23---------------
24
25pykota.schema :
26
27    This file can be used to modify an existing LDAP directory
28    to add the necessary object classes and attributes for use
29    with PyKota.
30   
31    Include it in your LDAP server's configuration.
32    For example, with OpenLDAP under Debian :
33   
34        $ cp pykota.schema /etc/ldap/schema
35        (no need to do this if you install from PyKota's Debian package)
36       
37    Then edit /etc/ldap/slapd.conf and add a line to   
38    include the PyKota schema. You should have something
39    like :
40   
41        # Schema and objectClass definitions
42        include         /etc/ldap/schema/core.schema
43        include         /etc/ldap/schema/cosine.schema
44        include         /etc/ldap/schema/nis.schema
45        include         /etc/ldap/schema/inetorgperson.schema
46        include         /etc/ldap/schema/pykota.schema
47       
48    While this is not mandatory, you may want to create   
49    some indexes to speed things up a bit :
50   
51      You should already have these :
52     
53        index objectClass eq
54        index cn pres,eq,sub
55        index uid pres,eq,sub
56       
57      But we recommend that you add these : 
58     
59        index pykotaUserName pres,eq,sub
60        index pykotaGroupName pres,eq,sub
61        index pykotaPrinterName pres,eq,sub
62        index pykotaBillingCode pres,eq,sub
63        index pykotaLastJobIdent eq
64       
65    Now you must ensure that the DNs PyKota will use to bind to
66    your OpenLDAP server don't have search queries size limits,
67    which gives for example (OpenLDAP 2.1.x or above) :
68   
69        limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
70        limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
71   
72    Where pykotaadmin and pykotauser are the usernames used to bind to your
73    OpenLDAP server within PyKota, respectively in complete ReadWrite mode
74    (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf).
75   
76    NB : YOU have to define the ACLs necessary for user pykotaadmin to
77    have unlimited Read+Write access to your LDAP tree, and for user
78    pykotauser to have unlimited ReadOnly access to your LDAP tree.
79    In the sentence above, "unlimited" means no limit with regard to
80    the number of records returned by a search operation. Of course
81    you may want to restrict the access to only some attributes, but
82    this is up to you to decide. An example giving full write access
83    to the pykotaadmin user is :
84   
85        access to dn.subtree="ou=PyKota,dc=example,dc=com"
86               by dn="cn=pykotaadmin,dc=example,dc=com" write   
87               
88        access to dn.subtree="ou=People,dc=example,dc=com"
89               by dn="cn=pykotaadmin,dc=example,dc=com" write   
90               
91        access to dn.subtree="ou=Groups,dc=example,dc=com"
92               by dn="cn=pykotaadmin,dc=example,dc=com" write   
93               
94    Please adapt this to your own needs and configuration.
95   
96    Now, stop the OpenLDAP server :   
97   
98        $ /etc/init.d/slapd stop
99       
100    Generate the index files :   
101   
102        $ slapindex
103       
104    And finally restart the OpenLDAP server :   
105   
106        $ /etc/init.d/slapd start
107
108pykota-sample.ldif :
109
110    You can use this file to initialize an LDAP tree for PyKota, if
111    you want.
112   
113    The structure used in this file is NOT mandatory !
114    Provided you put correct parameters into /etc/pykota/pykota.conf,
115    you can structure your LDAP directory the way you want.
116   
117To use an LDAP directory as the Quota Storage, just modify 
118/etc/pykota/pykota.conf to make it contain lines similar to the LDAP
119related ones in conf/pykota.conf.sample, but adapted to your
120own configuration. Also de-activate the PostgreSQL-related lines.
121   
122============================================================
Note: See TracBrowser for help on using the browser.