root / pykota / trunk / initscripts / ldap / README.ldap @ 3279

Revision 3279, 4.8 kB (checked in by jerome, 16 years ago)

Finished changing copyright years, excepted for contributed stuff
and database schema migration scripts which would only be useful to
people with very very old releases of PyKota : these scripts won't change
for sure, and might disappear anyway...

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quotas for CUPS
4
5(c) 2003, 2004, 2005, 2006, 2007, 2008 Jerome Alet <alet@librelogiciel.com>
6This program is free software: you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation, either version 3 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
19============================================================
20
21Documentation :
22---------------
23
24pykota.schema :
25
26    This file can be used to modify an existing LDAP directory
27    to add the necessary object classes and attributes for use
28    with PyKota.
29   
30    Include it in your LDAP server's configuration.
31    For example, with OpenLDAP under Debian :
32   
33        $ cp pykota.schema /etc/ldap/schema
34        (no need to do this if you install from PyKota's Debian package)
35
36    NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is
37        referenced, substitute /etc/openldap. e.g.
38
39        $ cp pykota.schema /etc/openldap/schema
40       
41    Then edit /etc/ldap/slapd.conf and add a line to   
42    include the PyKota schema. You should have something
43    like :
44   
45        # Schema and objectClass definitions
46        include         /etc/ldap/schema/core.schema
47        include         /etc/ldap/schema/cosine.schema
48        include         /etc/ldap/schema/nis.schema
49        include         /etc/ldap/schema/inetorgperson.schema
50        include         /etc/ldap/schema/pykota.schema
51       
52    While this is not mandatory, you may want to create   
53    some indexes to speed things up a bit :
54   
55      You should already have these :
56     
57        index objectClass eq
58        index cn pres,eq,sub
59        index uid pres,eq,sub
60       
61      But we recommend that you add these : 
62     
63        index pykotaUserName pres,eq,sub
64        index pykotaGroupName pres,eq,sub
65        index pykotaPrinterName pres,eq,sub
66        index pykotaBillingCode pres,eq,sub
67        index pykotaLastJobIdent eq
68       
69    Now you must ensure that the DNs PyKota will use to bind to
70    your OpenLDAP server don't have search queries size limits,
71    which gives for example (OpenLDAP 2.1.x or above) :
72   
73        limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
74        limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
75   
76    Where pykotaadmin and pykotauser are the usernames used to bind to your
77    OpenLDAP server within PyKota, respectively in complete ReadWrite mode
78    (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf).
79   
80    NB : YOU have to define the ACLs necessary for user pykotaadmin to
81    have unlimited Read+Write access to your LDAP tree, and for user
82    pykotauser to have unlimited ReadOnly access to your LDAP tree.
83    In the sentence above, "unlimited" means no limit with regard to
84    the number of records returned by a search operation. Of course
85    you may want to restrict the access to only some attributes, but
86    this is up to you to decide. An example giving full write access
87    to the pykotaadmin user is :
88   
89        access to dn.subtree="ou=PyKota,dc=example,dc=com"
90               by dn="cn=pykotaadmin,dc=example,dc=com" write   
91               
92        access to dn.subtree="ou=People,dc=example,dc=com"
93               by dn="cn=pykotaadmin,dc=example,dc=com" write   
94               
95        access to dn.subtree="ou=Groups,dc=example,dc=com"
96               by dn="cn=pykotaadmin,dc=example,dc=com" write   
97               
98    Please adapt this to your own needs and configuration.
99   
100    Now, stop the OpenLDAP server :   
101   
102        $ /etc/init.d/slapd stop
103   
104    Generate the index files :   
105   
106        $ slapindex
107       
108    And finally restart the OpenLDAP server :   
109   
110        $ /etc/init.d/slapd start
111
112    NB: On Red Hat-based distros, use '/sbin/service ldap stop' and
113        '/sbin/service ldap start' instead.
114   
115pykota-sample.ldif :
116
117    You can use this file to initialize an LDAP tree for PyKota, if
118    you want.
119   
120    The structure used in this file is NOT mandatory !
121    Provided you put correct parameters into /etc/pykota/pykota.conf,
122    you can structure your LDAP directory the way you want.
123   
124To use an LDAP directory as the Quota Storage, just modify 
125/etc/pykota/pykota.conf to make it contain lines similar to the LDAP
126related ones in conf/pykota.conf.sample, but adapted to your
127own configuration. Also de-activate the PostgreSQL-related lines.
128   
129============================================================
Note: See TracBrowser for help on using the browser.