1 | Documentation : |
---|
2 | --------------- |
---|
3 | |
---|
4 | Schema Modifications : |
---|
5 | ---------------------- |
---|
6 | |
---|
7 | pykota-schema-sunds.ldif : |
---|
8 | |
---|
9 | This file can be used to extend the schema for |
---|
10 | Sun Directory Server to add the necessary object classes |
---|
11 | and attribute type for use with PyKota. |
---|
12 | |
---|
13 | To extend the schema: |
---|
14 | |
---|
15 | % ldapmodify -h ldap.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif |
---|
16 | |
---|
17 | Sun Directory Server will replicate schema changes in a |
---|
18 | multi-master replication environment. |
---|
19 | |
---|
20 | Database Indexes : |
---|
21 | ------------------ |
---|
22 | |
---|
23 | pykota-sunds-indexes.ldif : |
---|
24 | |
---|
25 | Creating indexes while not mandatory will speed up queries |
---|
26 | to the PyKota objects. This will setup the following indexes: |
---|
27 | |
---|
28 | pykotaUserName: presence, equality, substring |
---|
29 | pykotaGroupName: presence, equality, substring |
---|
30 | pykotaPrinterName: presence, equality, substring |
---|
31 | pykotaBillingCode: presence, equality, substring |
---|
32 | pykotaLastJobIdent: equality |
---|
33 | |
---|
34 | To define the indexes: |
---|
35 | |
---|
36 | % ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif |
---|
37 | |
---|
38 | By default configuration settings are NOT replicated in a |
---|
39 | replication environment so the following indexes must be |
---|
40 | defined on all hosts. |
---|
41 | |
---|
42 | To initialize the indexes: |
---|
43 | |
---|
44 | % ServerRoot/slapd-serverID/db2index.pl \ |
---|
45 | -D "cn=Directory Manager" -w password -n userRoot \ |
---|
46 | -t pykotaUserName |
---|
47 | |
---|
48 | % ServerRoot/slapd-serverID/db2index.pl \ |
---|
49 | -D "cn=Directory Manager" -w password -n userRoot \ |
---|
50 | -t pykotaGroupName |
---|
51 | |
---|
52 | % ServerRoot/slapd-serverID/db2index.pl \ |
---|
53 | -D "cn=Directory Manager" -w password -n userRoot \ |
---|
54 | -t pykotaPrinterName |
---|
55 | |
---|
56 | % ServerRoot/slapd-serverID/db2index.pl \ |
---|
57 | -D "cn=Directory Manager" -w password -n userRoot \ |
---|
58 | -t pykotaBillingCode |
---|
59 | |
---|
60 | % ServerRoot/slapd-serverID/db2index.pl \ |
---|
61 | -D "cn=Directory Manager" -w password -n userRoot \ |
---|
62 | -t pykotaLastJobIdent |
---|
63 | |
---|
64 | This must be preformed on all hosts within a replication environment. |
---|
65 | |
---|
66 | Managing Indexes References : |
---|
67 | http://docs.sun.com/source/816-6698-10/indexing.html |
---|
68 | |
---|
69 | Directory Information Tree (DIT) : |
---|
70 | ---------------------------------- |
---|
71 | |
---|
72 | pykota-sample.ldif : |
---|
73 | |
---|
74 | This is provided with PyKota though it will need to be modified |
---|
75 | in order to be incorporated into your environment. Sun Directory Server |
---|
76 | will encrypt the userPassword entry so you may wish to leave it as |
---|
77 | plain text when creating the pykotaadmin and pykotauser entries. |
---|
78 | |
---|
79 | If a Password Policy is being enforced it would be advisable exclude |
---|
80 | both the pykotauser and pykotaadmin from that policy. This is especially |
---|
81 | true if passwordMustChange is set to 'On' since they will fail to authenticate |
---|
82 | until the password is changed. |
---|
83 | |
---|
84 | Sun Directory Server will replicate DIT changes in a |
---|
85 | multi-master replication environment. |
---|
86 | |
---|
87 | Access Control Instructions (ACI) : |
---|
88 | ----------------------------------- |
---|
89 | |
---|
90 | The provided ACI's must not be blindly added using ldapmodify or |
---|
91 | ldapadd, if you do so you will clobber any existing ACI's for a |
---|
92 | given object! You must first query the server for any existing |
---|
93 | ACI's and capture them to a file, append the PyKota ACI's to said |
---|
94 | file and then modify the object. This is especially pertinent in |
---|
95 | regards to ou=People which has 5 default ACI's associated with it. |
---|
96 | |
---|
97 | It is stongly recommended to use the Directory Server Console to |
---|
98 | add the ACI's. You have been warned, there is no warrenty, good luck. |
---|
99 | |
---|
100 | Managing Access Control: |
---|
101 | http://docs.sun.com/source/816-6698-10/aci.html |
---|
102 | |
---|
103 | pykota-admin-aci : |
---|
104 | |
---|
105 | dn: ou=pykota,dc=example,dc=com |
---|
106 | aci: (targetattr="*") (version 3.0; acl "PyKota Pykota ACI"; allow(all) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) |
---|
107 | |
---|
108 | dn: ou=People,dc=example,dc=com |
---|
109 | aci: (targetattr="*") (version 3.0; acl "PyKota People ACI"; allow(write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) |
---|
110 | |
---|
111 | dn: ou=groups,dc=example,dc=com |
---|
112 | aci: (targetattr="*") (version 3.0; acl "PyKota Groups ACI"; allow(write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) |
---|
113 | |
---|
114 | Sun Directory Server will replicate ACI changes in a |
---|
115 | multi-master replication environment. |
---|