root / pykota / trunk / initscripts / ldap / README.sunds @ 3385

Revision 3351, 5.3 kB (checked in by jerome, 17 years ago)

Improved SUN DS support.

Line 
1#=====================================================
2#
3# (c) 2008 Darin Perusich <darin _AT_ darins _DOT_ net>
4#
5# This program is free software: you can redistribute it and/or modify
6# it under the terms of the GNU General Public License as published by
7# the Free Software Foundation, either version 3 of the License, or
8# (at your option) any later version.
9#
10# This program is distributed in the hope that it will be useful,
11# but WITHOUT ANY WARRANTY; without even the implied warranty of
12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13# GNU General Public License for more details.
14#
15# You should have received a copy of the GNU General Public License
16# along with this program.  If not, see <http://www.gnu.org/licenses/>.
17#
18#=====================================================
19
20Documentation :
21---------------
22
23Schema Modifications :
24----------------------
25
26pykota-schema-sunds.ldif :
27
28        This file can be used to extend the schema for
29        Sun Directory Server to add the necessary object classes
30        and attribute type for use with PyKota.
31
32        To extend the schema:
33
34        % ldapmodify -h ldap.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif
35
36        Sun Directory Server will replicate schema changes in a
37        multi-master replication environment.
38
39Database Indexes :
40------------------
41
42pykota-sunds-indexes.ldif :
43
44        Creating indexes while not mandatory will speed up queries
45        to the PyKota objects. This will setup the following indexes:
46
47        pykotaUserName:         presence, equality, substring
48        pykotaGroupName:        presence, equality, substring
49        pykotaPrinterName:      presence, equality, substring
50        pykotaBillingCode:      presence, equality, substring
51        pykotaLastJobIdent:     equality
52
53        To define the indexes:
54
55        % ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif
56       
57        By default configuration settings are NOT replicated in a
58        replication environment so the following indexes must be
59        defined on all hosts.
60
61        To initialize the indexes:
62
63        % ServerRoot/slapd-serverID/db2index.pl \
64                        -D "cn=Directory Manager" -w password -n userRoot \
65                        -t pykotaUserName
66
67        % ServerRoot/slapd-serverID/db2index.pl \
68                        -D "cn=Directory Manager" -w password -n userRoot \
69                        -t pykotaGroupName
70
71        % ServerRoot/slapd-serverID/db2index.pl \
72                        -D "cn=Directory Manager" -w password -n userRoot \
73                        -t pykotaPrinterName
74
75        % ServerRoot/slapd-serverID/db2index.pl \
76                        -D "cn=Directory Manager" -w password -n userRoot \
77                        -t pykotaBillingCode
78
79        % ServerRoot/slapd-serverID/db2index.pl \
80                        -D "cn=Directory Manager" -w password -n userRoot \
81                        -t pykotaLastJobIdent
82
83        This must be preformed on all hosts within a replication environment.
84
85        Managing Indexes References :
86                http://docs.sun.com/source/816-6698-10/indexing.html
87
88Directory Information Tree (DIT) :
89----------------------------------
90
91pykota-sample.ldif :
92
93        This is provided with PyKota though it will need to be modified
94        in order to be incorporated into your environment. Sun Directory Server
95        will encrypt the userPassword entry so you may wish to leave it as
96        plain text when creating the pykotaadmin and pykotauser entries.
97       
98        If a Password Policy is being enforced it would be advisable exclude
99        both the pykotauser and pykotaadmin from that policy. This is especially
100        true if passwordMustChange is set to 'On' since they will fail to authenticate
101        until the password is changed.
102
103        Sun Directory Server will replicate DIT changes in a
104        multi-master replication environment.
105
106Access Control Instructions (ACI) :
107-----------------------------------
108 
109        The provided ACI's must not be blindly added using ldapmodify or
110        ldapadd, if you do so you will clobber any existing ACI's for a
111        given object! You must first query the server for any existing
112        ACI's and capture them to a file, append the PyKota ACI's to said
113        file and then modify the object. This is especially pertinent in
114        regards to ou=People which has 5 default ACI's associated with it.
115
116        It is stongly recommended to use the Directory Server Console to
117        add the ACI's. You have been warned, there is no warrenty, good luck.
118
119        Managing Access Control:
120                http://docs.sun.com/source/816-6698-10/aci.html
121
122pykota-admin-aci :
123
124        dn: ou=pykota,dc=example,dc=com
125        aci: (targetattr="*") (version 3.0; acl "PyKota Pykota ACI"; allow(all) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
126
127        dn: ou=People,dc=example,dc=com
128        aci: (targetattr="*") (version 3.0; acl "PyKota People ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
129
130        dn: ou=groups,dc=example,dc=com
131        aci: (targetattr="*") (version 3.0; acl "PyKota Groups ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";)
132
133        Sun Directory Server will replicate ACI changes in a
134        multi-master replication environment.
Note: See TracBrowser for help on using the browser.