Context Navigation

README.sunds @ 3351

Revision 3351, 5.3 kB (checked in by jerome, 16 years ago)
Improved SUN DS support.

Rev	Line
[3351]	1	#=====================================================
	2	#
	3	# (c) 2008 Darin Perusich <darin _AT_ darins _DOT_ net>
	4	#
	5	# This program is free software: you can redistribute it and/or modify
	6	# it under the terms of the GNU General Public License as published by
	7	# the Free Software Foundation, either version 3 of the License, or
	8	# (at your option) any later version.
	9	#
	10	# This program is distributed in the hope that it will be useful,
	11	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	12	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	13	# GNU General Public License for more details.
	14	#
	15	# You should have received a copy of the GNU General Public License
	16	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	17	#
	18	#=====================================================
	19
[3342]	20	Documentation :
	21	---------------
	22
	23	Schema Modifications :
	24	----------------------
	25
	26	pykota-schema-sunds.ldif :
	27
[3351]	28	This file can be used to extend the schema for
	29	Sun Directory Server to add the necessary object classes
	30	and attribute type for use with PyKota.
[3342]	31
[3351]	32	To extend the schema:
[3342]	33
[3351]	34	% ldapmodify -h ldap.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif
[3342]	35
[3351]	36	Sun Directory Server will replicate schema changes in a
	37	multi-master replication environment.
[3342]	38
	39	Database Indexes :
	40	------------------
	41
	42	pykota-sunds-indexes.ldif :
	43
[3351]	44	Creating indexes while not mandatory will speed up queries
	45	to the PyKota objects. This will setup the following indexes:
[3342]	46
[3351]	47	pykotaUserName: presence, equality, substring
	48	pykotaGroupName: presence, equality, substring
	49	pykotaPrinterName: presence, equality, substring
	50	pykotaBillingCode: presence, equality, substring
	51	pykotaLastJobIdent: equality
[3342]	52
[3351]	53	To define the indexes:
[3342]	54
[3351]	55	% ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif
	56
	57	By default configuration settings are NOT replicated in a
	58	replication environment so the following indexes must be
	59	defined on all hosts.
[3342]	60
[3351]	61	To initialize the indexes:
[3342]	62
[3351]	63	% ServerRoot/slapd-serverID/db2index.pl \
	64	-D "cn=Directory Manager" -w password -n userRoot \
	65	-t pykotaUserName
[3342]	66
[3351]	67	% ServerRoot/slapd-serverID/db2index.pl \
	68	-D "cn=Directory Manager" -w password -n userRoot \
	69	-t pykotaGroupName
[3342]	70
[3351]	71	% ServerRoot/slapd-serverID/db2index.pl \
	72	-D "cn=Directory Manager" -w password -n userRoot \
	73	-t pykotaPrinterName
[3342]	74
[3351]	75	% ServerRoot/slapd-serverID/db2index.pl \
	76	-D "cn=Directory Manager" -w password -n userRoot \
	77	-t pykotaBillingCode
[3342]	78
[3351]	79	% ServerRoot/slapd-serverID/db2index.pl \
	80	-D "cn=Directory Manager" -w password -n userRoot \
	81	-t pykotaLastJobIdent
[3342]	82
[3351]	83	This must be preformed on all hosts within a replication environment.
[3342]	84
[3351]	85	Managing Indexes References :
	86	http://docs.sun.com/source/816-6698-10/indexing.html
[3342]	87
	88	Directory Information Tree (DIT) :
	89	----------------------------------
	90
	91	pykota-sample.ldif :
	92
[3351]	93	This is provided with PyKota though it will need to be modified
	94	in order to be incorporated into your environment. Sun Directory Server
	95	will encrypt the userPassword entry so you may wish to leave it as
	96	plain text when creating the pykotaadmin and pykotauser entries.
	97
	98	If a Password Policy is being enforced it would be advisable exclude
	99	both the pykotauser and pykotaadmin from that policy. This is especially
	100	true if passwordMustChange is set to 'On' since they will fail to authenticate
	101	until the password is changed.
[3342]	102
[3351]	103	Sun Directory Server will replicate DIT changes in a
	104	multi-master replication environment.
[3342]	105
	106	Access Control Instructions (ACI) :
	107	-----------------------------------
	108
[3351]	109	The provided ACI's must not be blindly added using ldapmodify or
	110	ldapadd, if you do so you will clobber any existing ACI's for a
	111	given object! You must first query the server for any existing
	112	ACI's and capture them to a file, append the PyKota ACI's to said
	113	file and then modify the object. This is especially pertinent in
	114	regards to ou=People which has 5 default ACI's associated with it.
[3342]	115
[3351]	116	It is stongly recommended to use the Directory Server Console to
	117	add the ACI's. You have been warned, there is no warrenty, good luck.
[3342]	118
[3351]	119	Managing Access Control:
	120	http://docs.sun.com/source/816-6698-10/aci.html
[3342]	121
	122	pykota-admin-aci :
	123
[3351]	124	dn: ou=pykota,dc=example,dc=com
	125	aci: (targetattr="*") (version 3.0; acl "PyKota Pykota ACI"; allow(all) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
[3342]	126
[3351]	127	dn: ou=People,dc=example,dc=com
	128	aci: (targetattr="*") (version 3.0; acl "PyKota People ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
[3342]	129
[3351]	130	dn: ou=groups,dc=example,dc=com
	131	aci: (targetattr="*") (version 3.0; acl "PyKota Groups ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
[3342]	132
[3351]	133	Sun Directory Server will replicate ACI changes in a
	134	multi-master replication environment.

Note: See TracBrowser for help on using the browser.

Download in other formats:

Original Format