Changeset 3351

Show
Ignore:
Timestamp:
03/07/08 23:34:37 (13 years ago)
Author:
jerome
Message:

Improved SUN DS support.

Location:
pykota/trunk/initscripts/ldap
Files:
3 modified

Legend:

Unmodified
Added
Removed
  • pykota/trunk/initscripts/ldap/pykota-schema-sunds.ldif

    r3342 r3351  
    99# Modified by Jerome Alet 2003-06-01 
    1010# 
    11 # Adapted for Sun Directory Server by Darin Perusich 
     11# Adapted for Sun Directory Server by Darin Perusich <darin _AT_ darins _DOT_ net> 
    1212# 
    1313#       Implementaion Details: 
  • pykota/trunk/initscripts/ldap/pykota-sunds-indexes.ldif

    r3342 r3351  
     1#===================================================== 
     2# 
     3# (c) 2008 Darin Perusich <darin _AT_ darins _DOT_ net> 
     4# 
     5# This program is free software: you can redistribute it and/or modify 
     6# it under the terms of the GNU General Public License as published by 
     7# the Free Software Foundation, either version 3 of the License, or 
     8# (at your option) any later version. 
     9#  
     10# This program is distributed in the hope that it will be useful, 
     11# but WITHOUT ANY WARRANTY; without even the implied warranty of 
     12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
     13# GNU General Public License for more details. 
     14#  
     15# You should have received a copy of the GNU General Public License 
     16# along with this program.  If not, see <http://www.gnu.org/licenses/>. 
     17# 
     18#===================================================== 
     19 
    120dn: cn=pykotaUserName, cn=index, cn=userRoot,cn=ldbm database,cn=plugins,cn=config 
    221objectClass: nsIndex 
  • pykota/trunk/initscripts/ldap/README.sunds

    r3342 r3351  
     1#===================================================== 
     2# 
     3# (c) 2008 Darin Perusich <darin _AT_ darins _DOT_ net> 
     4# 
     5# This program is free software: you can redistribute it and/or modify 
     6# it under the terms of the GNU General Public License as published by 
     7# the Free Software Foundation, either version 3 of the License, or 
     8# (at your option) any later version. 
     9#  
     10# This program is distributed in the hope that it will be useful, 
     11# but WITHOUT ANY WARRANTY; without even the implied warranty of 
     12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the 
     13# GNU General Public License for more details. 
     14#  
     15# You should have received a copy of the GNU General Public License 
     16# along with this program.  If not, see <http://www.gnu.org/licenses/>. 
     17# 
     18#===================================================== 
     19 
    120Documentation : 
    221--------------- 
     
    726pykota-schema-sunds.ldif : 
    827 
    9         This file can be used to extend the schema for 
    10         Sun Directory Server to add the necessary object classes 
    11         and attribute type for use with PyKota. 
     28        This file can be used to extend the schema for 
     29        Sun Directory Server to add the necessary object classes 
     30        and attribute type for use with PyKota. 
    1231 
    13         To extend the schema: 
     32        To extend the schema: 
    1433 
    15         % ldapmodify -h ldap.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif 
     34        % ldapmodify -h ldap.domain.com -D "cn=Directory Manager" -f pykota-schema-sunds.ldif 
    1635 
    17         Sun Directory Server will replicate schema changes in a 
    18         multi-master replication environment. 
     36        Sun Directory Server will replicate schema changes in a 
     37        multi-master replication environment. 
    1938 
    2039Database Indexes : 
     
    2342pykota-sunds-indexes.ldif : 
    2443 
    25         Creating indexes while not mandatory will speed up queries 
    26         to the PyKota objects. This will setup the following indexes: 
     44        Creating indexes while not mandatory will speed up queries 
     45        to the PyKota objects. This will setup the following indexes: 
    2746 
    28         pykotaUserName:         presence, equality, substring 
    29         pykotaGroupName:        presence, equality, substring 
    30         pykotaPrinterName:      presence, equality, substring 
    31         pykotaBillingCode:      presence, equality, substring 
    32         pykotaLastJobIdent:     equality 
     47        pykotaUserName:         presence, equality, substring 
     48        pykotaGroupName:        presence, equality, substring 
     49        pykotaPrinterName:      presence, equality, substring 
     50        pykotaBillingCode:      presence, equality, substring 
     51        pykotaLastJobIdent:     equality 
    3352 
    34         To define the indexes: 
     53        To define the indexes: 
    3554 
    36         % ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif 
    37          
    38         By default configuration settings are NOT replicated in a 
    39         replication environment so the following indexes must be 
    40         defined on all hosts. 
     55        % ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif 
     56         
     57        By default configuration settings are NOT replicated in a 
     58        replication environment so the following indexes must be 
     59        defined on all hosts. 
    4160 
    42         To initialize the indexes: 
     61        To initialize the indexes: 
    4362 
    44         % ServerRoot/slapd-serverID/db2index.pl \ 
    45                         -D "cn=Directory Manager" -w password -n userRoot \ 
    46                         -t pykotaUserName 
     63        % ServerRoot/slapd-serverID/db2index.pl \ 
     64                        -D "cn=Directory Manager" -w password -n userRoot \ 
     65                        -t pykotaUserName 
    4766 
    48         % ServerRoot/slapd-serverID/db2index.pl \ 
    49                         -D "cn=Directory Manager" -w password -n userRoot \ 
    50                         -t pykotaGroupName 
     67        % ServerRoot/slapd-serverID/db2index.pl \ 
     68                        -D "cn=Directory Manager" -w password -n userRoot \ 
     69                        -t pykotaGroupName 
    5170 
    52         % ServerRoot/slapd-serverID/db2index.pl \ 
    53                         -D "cn=Directory Manager" -w password -n userRoot \ 
    54                         -t pykotaPrinterName 
     71        % ServerRoot/slapd-serverID/db2index.pl \ 
     72                        -D "cn=Directory Manager" -w password -n userRoot \ 
     73                        -t pykotaPrinterName 
    5574 
    56         % ServerRoot/slapd-serverID/db2index.pl \ 
    57                         -D "cn=Directory Manager" -w password -n userRoot \ 
    58                         -t pykotaBillingCode 
     75        % ServerRoot/slapd-serverID/db2index.pl \ 
     76                        -D "cn=Directory Manager" -w password -n userRoot \ 
     77                        -t pykotaBillingCode 
    5978 
    60         % ServerRoot/slapd-serverID/db2index.pl \ 
    61                         -D "cn=Directory Manager" -w password -n userRoot \ 
    62                         -t pykotaLastJobIdent 
     79        % ServerRoot/slapd-serverID/db2index.pl \ 
     80                        -D "cn=Directory Manager" -w password -n userRoot \ 
     81                        -t pykotaLastJobIdent 
    6382 
    64         This must be preformed on all hosts within a replication environment. 
     83        This must be preformed on all hosts within a replication environment. 
    6584 
    66         Managing Indexes References : 
    67                 http://docs.sun.com/source/816-6698-10/indexing.html 
     85        Managing Indexes References : 
     86                http://docs.sun.com/source/816-6698-10/indexing.html 
    6887 
    6988Directory Information Tree (DIT) : 
     
    7291pykota-sample.ldif : 
    7392 
    74         This is provided with PyKota though it will need to be modified 
    75         in order to be incorporated into your environment. Sun Directory Server 
    76         will encrypt the userPassword entry so you may wish to leave it as 
    77         plain text when creating the pykotaadmin and pykotauser entries. 
    78          
    79         If a Password Policy is being enforced it would be advisable exclude 
    80         both the pykotauser and pykotaadmin from that policy. This is especially 
    81         true if passwordMustChange is set to 'On' since they will fail to authenticate 
    82         until the password is changed. 
     93        This is provided with PyKota though it will need to be modified 
     94        in order to be incorporated into your environment. Sun Directory Server 
     95        will encrypt the userPassword entry so you may wish to leave it as 
     96        plain text when creating the pykotaadmin and pykotauser entries. 
     97         
     98        If a Password Policy is being enforced it would be advisable exclude 
     99        both the pykotauser and pykotaadmin from that policy. This is especially 
     100        true if passwordMustChange is set to 'On' since they will fail to authenticate 
     101        until the password is changed. 
    83102 
    84         Sun Directory Server will replicate DIT changes in a 
    85         multi-master replication environment. 
     103        Sun Directory Server will replicate DIT changes in a 
     104        multi-master replication environment. 
    86105 
    87106Access Control Instructions (ACI) : 
    88107----------------------------------- 
    89108  
    90         The provided ACI's must not be blindly added using ldapmodify or 
    91         ldapadd, if you do so you will clobber any existing ACI's for a 
    92         given object! You must first query the server for any existing 
    93         ACI's and capture them to a file, append the PyKota ACI's to said 
    94         file and then modify the object. This is especially pertinent in 
    95         regards to ou=People which has 5 default ACI's associated with it. 
     109        The provided ACI's must not be blindly added using ldapmodify or 
     110        ldapadd, if you do so you will clobber any existing ACI's for a 
     111        given object! You must first query the server for any existing 
     112        ACI's and capture them to a file, append the PyKota ACI's to said 
     113        file and then modify the object. This is especially pertinent in 
     114        regards to ou=People which has 5 default ACI's associated with it. 
    96115 
    97         It is stongly recommended to use the Directory Server Console to 
    98         add the ACI's. You have been warned, there is no warrenty, good luck. 
     116        It is stongly recommended to use the Directory Server Console to 
     117        add the ACI's. You have been warned, there is no warrenty, good luck. 
    99118 
    100         Managing Access Control: 
    101                 http://docs.sun.com/source/816-6698-10/aci.html 
     119        Managing Access Control: 
     120                http://docs.sun.com/source/816-6698-10/aci.html 
    102121 
    103122pykota-admin-aci : 
    104123 
    105         dn: ou=pykota,dc=example,dc=com 
    106         aci: (targetattr="*") (version 3.0; acl "PyKota Pykota ACI"; allow(all) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
     124        dn: ou=pykota,dc=example,dc=com 
     125        aci: (targetattr="*") (version 3.0; acl "PyKota Pykota ACI"; allow(all) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
    107126 
    108         dn: ou=People,dc=example,dc=com 
    109         aci: (targetattr="*") (version 3.0; acl "PyKota People ACI"; allow(write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
     127        dn: ou=People,dc=example,dc=com 
     128        aci: (targetattr="*") (version 3.0; acl "PyKota People ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
    110129 
    111         dn: ou=groups,dc=example,dc=com 
    112         aci: (targetattr="*") (version 3.0; acl "PyKota Groups ACI"; allow(write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
     130        dn: ou=groups,dc=example,dc=com 
     131        aci: (targetattr="*") (version 3.0; acl "PyKota Groups ACI"; allow(add, write) userdn="ldap:///cn=pykotaadmin,ou=PyKota,dc=example,dc=com";) 
    113132 
    114         Sun Directory Server will replicate ACI changes in a 
    115         multi-master replication environment. 
     133        Sun Directory Server will replicate ACI changes in a 
     134        multi-master replication environment. 
    116135