root / pykota / trunk / initscripts / ldap / README.ldap @ 3336

Revision 3336, 5.2 kB (checked in by jerome, 16 years ago)

Added PyKota schema for Sun Directory Server, thanks to Darin Perusich.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quotas for CUPS
4
5(c) 2003, 2004, 2005, 2006, 2007, 2008 Jerome Alet <alet@librelogiciel.com>
6This program is free software: you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation, either version 3 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
19============================================================
20
21Documentation :
22===============
23
24OpenLDAP :
25----------
26
27    The pykota.schema file can be used to modify an existing OpenLDAP
28    directory to add the necessary object classes and attributes for
29    use with PyKota.
30   
31    Include it in your LDAP server's configuration.
32    For example, with OpenLDAP under Debian :
33   
34        $ cp pykota.schema /etc/ldap/schema
35        (no need to do this if you install from PyKota's Debian package)
36
37    NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is
38        referenced, substitute /etc/openldap. e.g.
39
40        $ cp pykota.schema /etc/openldap/schema
41       
42    Then edit /etc/ldap/slapd.conf and add a line to   
43    include the PyKota schema. You should have something
44    like :
45   
46        # Schema and objectClass definitions
47        include         /etc/ldap/schema/core.schema
48        include         /etc/ldap/schema/cosine.schema
49        include         /etc/ldap/schema/nis.schema
50        include         /etc/ldap/schema/inetorgperson.schema
51        include         /etc/ldap/schema/pykota.schema
52       
53    While this is not mandatory, you may want to create   
54    some indexes to speed things up a bit :
55   
56      You should already have these :
57     
58        index objectClass eq
59        index cn pres,eq,sub
60        index uid pres,eq,sub
61       
62      But we recommend that you add these : 
63     
64        index pykotaUserName pres,eq,sub
65        index pykotaGroupName pres,eq,sub
66        index pykotaPrinterName pres,eq,sub
67        index pykotaBillingCode pres,eq,sub
68        index pykotaLastJobIdent eq
69       
70    Now you must ensure that the DNs PyKota will use to bind to
71    your OpenLDAP server don't have search queries size limits,
72    which gives for example (OpenLDAP 2.1.x or above) :
73   
74        limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft
75        limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft
76   
77    Where pykotaadmin and pykotauser are the usernames used to bind to your
78    OpenLDAP server within PyKota, respectively in complete ReadWrite mode
79    (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf).
80   
81    NB : YOU have to define the ACLs necessary for user pykotaadmin to
82    have unlimited Read+Write access to your LDAP tree, and for user
83    pykotauser to have unlimited ReadOnly access to your LDAP tree.
84    In the sentence above, "unlimited" means no limit with regard to
85    the number of records returned by a search operation. Of course
86    you may want to restrict the access to only some attributes, but
87    this is up to you to decide. An example giving full write access
88    to the pykotaadmin user is :
89   
90        access to dn.subtree="ou=PyKota,dc=example,dc=com"
91               by dn="cn=pykotaadmin,dc=example,dc=com" write   
92               
93        access to dn.subtree="ou=People,dc=example,dc=com"
94               by dn="cn=pykotaadmin,dc=example,dc=com" write   
95               
96        access to dn.subtree="ou=Groups,dc=example,dc=com"
97               by dn="cn=pykotaadmin,dc=example,dc=com" write   
98               
99    Please adapt this to your own needs and configuration.
100   
101    Now, stop the OpenLDAP server :   
102   
103        $ /etc/init.d/slapd stop
104   
105    Generate the index files :   
106   
107        $ slapindex
108       
109    And finally restart the OpenLDAP server :   
110   
111        $ /etc/init.d/slapd start
112
113    NB: On Red Hat-based distros, use '/sbin/service ldap stop' and
114        '/sbin/service ldap start' instead.
115       
116Sun Directory Server :       
117----------------------
118
119    Use the pykota-schema-sunds.ldif file to make PyKota's LDAP schema known
120    to your Sun Directory Server :
121   
122    % ldapmodify -h sunds.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif
123   
124   
125Initial datas :   
126===============
127   
128    You can use the pykota-sample.ldif file to initialize an LDAP tree
129    for PyKota, if you want.
130   
131    The structure used in this file is NOT mandatory !
132    Provided you put correct parameters into /etc/pykota/pykota.conf,
133    you can structure your LDAP directory the way you want.
134   
135To use an LDAP directory as the Quota Storage, just modify 
136~pykota/pykota.conf to make it contain lines similar to the LDAP
137related ones in conf/pykota.conf.sample, but adapted to your
138own configuration. Also de-activate the PostgreSQL-related lines.
139Don't forget to adapt ~pykota/pykotadmin.conf as well.   
140============================================================
Note: See TracBrowser for help on using the browser.