Changeset 3413 for pykota/trunk/initscripts/ldap
- Timestamp:
- 09/27/08 22:02:37 (16 years ago)
- Location:
- pykota/trunk/initscripts/ldap
- Files:
-
- 6 modified
Legend:
- Unmodified
- Added
- Removed
-
pykota/trunk/initscripts/ldap/pykota-sample.ldif
r3280 r3413 3 3 # 4 4 # YOU CAN USE IT TO CREATE AN INITIAL LDAP TREE WITH PYKOTA SUPPORT. 5 # 5 # 6 6 # ITS STRUCTURE IS AN EXAMPLE : YOU CAN USE WHATEVER STRUCTURE YOU WANT, 7 7 # PROVIDED YOU PUT CORRECT CONFIGURATION PARAMETERS IN /etc/pykota/pykota.conf 8 # 8 # 9 9 # 10 10 # (c) 2003, 2004, 2005, 2006, 2007, 2008 Jerome Alet <alet@librelogiciel.com> … … 13 13 # the Free Software Foundation, either version 3 of the License, or 14 14 # (at your option) any later version. 15 # 15 # 16 16 # This program is distributed in the hope that it will be useful, 17 17 # but WITHOUT ANY WARRANTY; without even the implied warranty of 18 18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 19 # GNU General Public License for more details. 20 # 20 # 21 21 # You should have received a copy of the GNU General Public License 22 22 # along with this program. If not, see <http://www.gnu.org/licenses/>. … … 24 24 # $Id$ 25 25 # 26 26 27 27 # The encrypted password below in clear text is : BlfUPg7t 28 28 dn: cn=pykotaadmin,dc=example,dc=com -
pykota/trunk/initscripts/ldap/pykota.schema
r3280 r3413 10 10 # the Free Software Foundation, either version 3 of the License, or 11 11 # (at your option) any later version. 12 # 12 # 13 13 # This program is distributed in the hope that it will be useful, 14 14 # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 16 # GNU General Public License for more details. 17 # 17 # 18 18 # You should have received a copy of the GNU General Public License 19 19 # along with this program. If not, see <http://www.gnu.org/licenses/>. … … 31 31 # 16868.1.2.x => classes 32 32 # 33 # Contributors : Leif Johansson - Stockholm University 34 # 35 36 # 33 # Contributors : Leif Johansson - Stockholm University 34 # 35 36 # 37 37 # PyKota Attributes Types 38 38 # … … 73 73 EQUALITY caseIgnoreIA5Match 74 74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 75 76 # pykotaHardLimit 75 76 # pykotaHardLimit 77 77 attributetype ( 1.3.6.1.4.1.16868.1.1.7 NAME 'pykotaHardLimit' 78 78 DESC 'Hard limit in maximal number of pages' … … 121 121 EQUALITY caseExactIA5Match 122 122 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 123 124 # pykotaPrinterName 123 124 # pykotaPrinterName 125 125 attributetype ( 1.3.6.1.4.1.16868.1.1.15 NAME 'pykotaPrinterName' 126 126 DESC 'PyKota printer name as received from the printing subsystem' … … 128 128 SUBSTR caseExactIA5SubstringsMatch 129 129 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 130 131 # pykotaUserName 130 131 # pykotaUserName 132 132 attributetype ( 1.3.6.1.4.1.16868.1.1.16 NAME 'pykotaUserName' 133 133 DESC 'PyKota user name' … … 135 135 SUBSTR caseExactIA5SubstringsMatch 136 136 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 137 138 # pykotaGroupName 137 138 # pykotaGroupName 139 139 attributetype ( 1.3.6.1.4.1.16868.1.1.17 NAME 'pykotaGroupName' 140 140 DESC 'PyKota group name' … … 142 142 SUBSTR caseExactIA5SubstringsMatch 143 143 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 144 145 # pykotaLastJobIdent 144 145 # pykotaLastJobIdent 146 146 attributetype ( 1.3.6.1.4.1.16868.1.1.18 NAME 'pykotaLastJobIdent' 147 147 DESC 'Identifies the last job in the history' 148 148 EQUALITY caseExactIA5Match 149 149 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 150 151 # pykotaFileName 150 151 # pykotaFileName 152 152 attributetype ( 1.3.6.1.4.1.16868.1.1.19 NAME 'pykotaFileName' 153 153 DESC 'Print job filename' … … 155 155 SUBSTR caseExactSubstringsMatch 156 156 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 157 158 # pykotaTitle 157 158 # pykotaTitle 159 159 attributetype ( 1.3.6.1.4.1.16868.1.1.20 NAME 'pykotaTitle' 160 160 DESC 'Print job title' … … 162 162 SUBSTR caseIgnoreSubstringsMatch 163 163 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 164 164 165 165 # pykotaCopies 166 166 attributetype ( 1.3.6.1.4.1.16868.1.1.21 NAME 'pykotaCopies' … … 168 168 EQUALITY integerMatch 169 169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 170 171 # pykotaOptions 170 171 # pykotaOptions 172 172 attributetype ( 1.3.6.1.4.1.16868.1.1.22 NAME 'pykotaOptions' 173 173 DESC 'Print job options' … … 175 175 SUBSTR caseIgnoreSubstringsMatch 176 176 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 177 177 178 178 # pykotaJobPrice 179 179 attributetype ( 1.3.6.1.4.1.16868.1.1.23 NAME 'pykotaJobPrice' … … 188 188 SUBSTR caseIgnoreSubstringsMatch 189 189 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 190 190 191 191 # pykotaJobSizeBytes 192 192 attributetype ( 1.3.6.1.4.1.16868.1.1.25 NAME 'pykotaJobSizeBytes' … … 200 200 EQUALITY caseExactIA5Match 201 201 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 202 202 203 203 # pykotaOverCharge 204 204 attributetype ( 1.3.6.1.4.1.16868.1.1.27 NAME 'pykotaOverCharge' … … 206 206 EQUALITY caseIgnoreIA5Match 207 207 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 208 208 209 209 # pykotaWarnCount 210 210 attributetype ( 1.3.6.1.4.1.16868.1.1.28 NAME 'pykotaWarnCount' … … 212 212 EQUALITY integerMatch 213 213 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 214 215 # pykotaMD5Sum 214 215 # pykotaMD5Sum 216 216 attributetype ( 1.3.6.1.4.1.16868.1.1.29 NAME 'pykotaMD5Sum' 217 217 DESC 'MD5 Sum of the job datas' … … 219 219 SUBSTR caseExactIA5SubstringsMatch 220 220 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 221 222 # pykotaPages 221 222 # pykotaPages 223 223 attributetype ( 1.3.6.1.4.1.16868.1.1.30 NAME 'pykotaPages' 224 224 DESC 'Descriptor for each page settings in the history' … … 226 226 SUBSTR caseExactIA5SubstringsMatch 227 227 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) 228 228 229 229 # pykotaPrinterCoefficient 230 230 attributetype ( 1.3.6.1.4.1.16868.1.1.31 NAME 'pykotaPrinterCoefficient' … … 239 239 SUBSTR caseIgnoreSubstringsMatch 240 240 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 241 241 242 242 # pykotaPrecomputedJobSize 243 243 attributetype ( 1.3.6.1.4.1.16868.1.1.33 NAME 'pykotaPrecomputedJobSize' … … 251 251 EQUALITY caseIgnoreIA5Match 252 252 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 253 253 254 254 # pykotaMaxJobSize 255 255 attributetype ( 1.3.6.1.4.1.16868.1.1.35 NAME 'pykotaMaxJobSize' … … 264 264 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 265 265 266 # 266 # 267 267 # PyKota Object Classes 268 268 # … … 273 273 MUST ( uid ) 274 274 MAY ( pykotaUserName $ pykotaLimitBy $ mail $ description ) ) 275 276 # pykotaGroup 275 276 # pykotaGroup 277 277 objectclass ( 1.3.6.1.4.1.16868.1.2.2 NAME 'pykotaGroup' SUP top AUXILIARY 278 278 DESC 'PyKota Auxiliary Group' 279 279 MUST ( cn ) 280 280 MAY ( pykotaGroupName $ pykotaLimitBy $ memberUid $ uniqueMember $ member $ description ) ) 281 282 # pykotaPrinter 281 282 # pykotaPrinter 283 283 objectclass ( 1.3.6.1.4.1.16868.1.2.3 NAME 'pykotaPrinter' SUP top AUXILIARY 284 284 DESC 'PyKota Printer' 285 285 MUST ( cn ) 286 286 MAY ( pykotaMaxJobSize $ pykotaPassThrough $ description $ pykotaPrinterName $ pykotaPricePerPage $ pykotaPricePerJob $ pykotaPrinterCoefficient $ uniqueMember ) ) 287 288 # pykotaUserPQuota 287 288 # pykotaUserPQuota 289 289 objectclass ( 1.3.6.1.4.1.16868.1.2.4 NAME 'pykotaUserPQuota' SUP top AUXILIARY 290 290 DESC 'PyKota User Quota on a Printer' 291 291 MUST ( cn $ pykotaUserName $ pykotaPrinterName ) 292 292 MAY ( pykotaMaxJobSize $ pykotaPageCounter $ pykotaLifePageCounter $ pykotaSoftLimit $ pykotaHardLimit $ pykotaDateLimit $ pykotaWarnCount ) ) 293 294 # pykotaGroupPQuota 293 294 # pykotaGroupPQuota 295 295 objectclass ( 1.3.6.1.4.1.16868.1.2.5 NAME 'pykotaGroupPQuota' SUP top AUXILIARY 296 296 DESC 'PyKota Group Quota on a Printer' 297 297 MUST ( cn $ pykotaGroupName $ pykotaPrinterName ) 298 298 MAY ( pykotaMaxJobSize $ pykotaSoftLimit $ pykotaHardLimit $ pykotaDateLimit ) ) 299 300 # pykotaJob 299 300 # pykotaJob 301 301 objectclass ( 1.3.6.1.4.1.16868.1.2.6 NAME 'pykotaJob' SUP top AUXILIARY 302 302 DESC 'An entry in the job history for a printer' 303 303 MUST ( cn $ pykotaUserName $ pykotaPrinterName $ pykotaJobId ) 304 304 MAY ( pykotaPrecomputedJobPrice $ pykotaPrecomputedJobSize $ pykotaBillingCode $ pykotaPrinterPageCounter $ pykotaJobSize $ pykotaAction $ pykotaJobPrice $ pykotaFileName $ pykotaTitle $ pykotaCopies $ pykotaOptions $ pykotaHostName $ pykotaJobSizeBytes $ pykotaMD5Sum $ pykotaPages ) ) 305 305 306 306 # pykotaAccountBalance 307 307 objectclass ( 1.3.6.1.4.1.16868.1.2.7 NAME 'pykotaAccountBalance' SUP top AUXILIARY 308 308 DESC 'PyKota User account balance' 309 309 MAY ( pykotaUserName $ pykotaBalance $ pykotaLifeTimePaid $ pykotaOverCharge $ pykotaPayments ) ) 310 311 # pykotaLastJob 310 311 # pykotaLastJob 312 312 objectclass ( 1.3.6.1.4.1.16868.1.2.8 NAME 'pykotaLastJob' SUP top AUXILIARY 313 313 DESC 'Last job information for a printer' 314 314 MUST ( pykotaLastJobIdent ) 315 MAY ( pykotaPrinterName ) ) 316 315 MAY ( pykotaPrinterName ) ) 316 317 317 # pykotaBilling 318 318 objectclass ( 1.3.6.1.4.1.16868.1.2.10 NAME 'pykotaBilling' SUP top AUXILIARY … … 320 320 MUST ( cn $ pykotaBillingCode ) 321 321 MAY ( pykotaPageCounter $ pykotaBalance $ description ) ) 322 323 # pykotaObject - Use it if you have to 322 323 # pykotaObject - Use it if you have to 324 324 objectclass ( 1.3.6.1.4.1.16868.1.2.9 NAME 'pykotaObject' SUP top STRUCTURAL 325 325 DESC 'PyKota Object' 326 326 MUST ( cn ) ) 327 328 327 328 -
pykota/trunk/initscripts/ldap/pykota-schema-sunds.ldif
r3351 r3413 20 20 # 16868.1.2.x => classes 21 21 # 22 # Contributors : Leif Johansson - Stockholm University 22 # Contributors : Leif Johansson - Stockholm University 23 23 # 24 24 dn: cn=schema … … 295 295 DESC 'Last job information for a printer' 296 296 MUST ( pykotaLastJobIdent ) 297 MAY ( pykotaPrinterName ) ) 297 MAY ( pykotaPrinterName ) ) 298 298 - 299 299 add: objectClasses -
pykota/trunk/initscripts/ldap/pykota-sunds-indexes.ldif
r3351 r3413 7 7 # the Free Software Foundation, either version 3 of the License, or 8 8 # (at your option) any later version. 9 # 9 # 10 10 # This program is distributed in the hope that it will be useful, 11 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 13 # GNU General Public License for more details. 14 # 14 # 15 15 # You should have received a copy of the GNU General Public License 16 16 # along with this program. If not, see <http://www.gnu.org/licenses/>. -
pykota/trunk/initscripts/ldap/README.ldap
r3343 r3413 22 22 =============== 23 23 24 OpenLDAP : 24 OpenLDAP : 25 25 ---------- 26 26 27 The pykota.schema file can be used to modify an existing OpenLDAP 28 directory to add the necessary object classes and attributes for 27 The pykota.schema file can be used to modify an existing OpenLDAP 28 directory to add the necessary object classes and attributes for 29 29 use with PyKota. 30 30 31 31 Include it in your LDAP server's configuration. 32 32 For example, with OpenLDAP under Debian : 33 33 34 34 $ cp pykota.schema /etc/ldap/schema 35 35 (no need to do this if you install from PyKota's Debian package) 36 36 37 NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is 38 referenced, substitute /etc/openldap. e.g. 37 NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is 38 referenced, substitute /etc/openldap. e.g. 39 39 40 40 $ cp pykota.schema /etc/openldap/schema 41 42 Then edit /etc/ldap/slapd.conf and add a line to 41 42 Then edit /etc/ldap/slapd.conf and add a line to 43 43 include the PyKota schema. You should have something 44 44 like : 45 45 46 46 # Schema and objectClass definitions 47 47 include /etc/ldap/schema/core.schema … … 50 50 include /etc/ldap/schema/inetorgperson.schema 51 51 include /etc/ldap/schema/pykota.schema 52 53 While this is not mandatory, you may want to create 52 53 While this is not mandatory, you may want to create 54 54 some indexes to speed things up a bit : 55 55 56 56 You should already have these : 57 57 58 58 index objectClass eq 59 59 index cn pres,eq,sub 60 60 index uid pres,eq,sub 61 62 But we recommend that you add these : 63 61 62 But we recommend that you add these : 63 64 64 index pykotaUserName pres,eq,sub 65 65 index pykotaGroupName pres,eq,sub … … 67 67 index pykotaBillingCode pres,eq,sub 68 68 index pykotaLastJobIdent eq 69 69 70 70 Now you must ensure that the DNs PyKota will use to bind to 71 71 your OpenLDAP server don't have search queries size limits, 72 72 which gives for example (OpenLDAP 2.1.x or above) : 73 73 74 74 limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft 75 75 limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft 76 76 77 77 Where pykotaadmin and pykotauser are the usernames used to bind to your 78 OpenLDAP server within PyKota, respectively in complete ReadWrite mode 78 OpenLDAP server within PyKota, respectively in complete ReadWrite mode 79 79 (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf). 80 80 81 81 NB : YOU have to define the ACLs necessary for user pykotaadmin to 82 82 have unlimited Read+Write access to your LDAP tree, and for user … … 87 87 this is up to you to decide. An example giving full write access 88 88 to the pykotaadmin user is : 89 90 access to dn.subtree="ou=PyKota,dc=example,dc=com" 91 by dn="cn=pykotaadmin,dc=example,dc=com" write 92 93 access to dn.subtree="ou=People,dc=example,dc=com" 94 by dn="cn=pykotaadmin,dc=example,dc=com" write 95 96 access to dn.subtree="ou=Groups,dc=example,dc=com" 97 by dn="cn=pykotaadmin,dc=example,dc=com" write 98 89 90 access to dn.subtree="ou=PyKota,dc=example,dc=com" 91 by dn="cn=pykotaadmin,dc=example,dc=com" write 92 93 access to dn.subtree="ou=People,dc=example,dc=com" 94 by dn="cn=pykotaadmin,dc=example,dc=com" write 95 96 access to dn.subtree="ou=Groups,dc=example,dc=com" 97 by dn="cn=pykotaadmin,dc=example,dc=com" write 98 99 99 Please adapt this to your own needs and configuration. 100 101 Now, stop the OpenLDAP server : 102 100 101 Now, stop the OpenLDAP server : 102 103 103 $ /etc/init.d/slapd stop 104 105 Generate the index files : 106 104 105 Generate the index files : 106 107 107 $ slapindex 108 109 And finally restart the OpenLDAP server : 110 108 109 And finally restart the OpenLDAP server : 110 111 111 $ /etc/init.d/slapd start 112 112 113 NB: On Red Hat-based distros, use '/sbin/service ldap stop' and 113 NB: On Red Hat-based distros, use '/sbin/service ldap stop' and 114 114 '/sbin/service ldap start' instead. 115 116 Sun Directory Server : 115 116 Sun Directory Server : 117 117 ---------------------- 118 118 119 119 See README.sunds 120 121 Initial datas : 120 121 Initial datas : 122 122 =============== 123 124 You can use the pykota-sample.ldif file to initialize an LDAP tree 123 124 You can use the pykota-sample.ldif file to initialize an LDAP tree 125 125 for PyKota, if you want. 126 126 127 127 The structure used in this file is NOT mandatory ! 128 128 Provided you put correct parameters into /etc/pykota/pykota.conf, 129 129 you can structure your LDAP directory the way you want. 130 131 To use an LDAP directory as the Quota Storage, just modify 130 131 To use an LDAP directory as the Quota Storage, just modify 132 132 ~pykota/pykota.conf to make it contain lines similar to the LDAP 133 133 related ones in conf/pykota.conf.sample, but adapted to your 134 134 own configuration. Also de-activate the PostgreSQL-related lines. 135 Don't forget to adapt ~pykota/pykotadmin.conf as well. 135 Don't forget to adapt ~pykota/pykotadmin.conf as well. 136 136 ============================================================ -
pykota/trunk/initscripts/ldap/README.sunds
r3351 r3413 7 7 # the Free Software Foundation, either version 3 of the License, or 8 8 # (at your option) any later version. 9 # 9 # 10 10 # This program is distributed in the hope that it will be useful, 11 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 13 # GNU General Public License for more details. 14 # 14 # 15 15 # You should have received a copy of the GNU General Public License 16 16 # along with this program. If not, see <http://www.gnu.org/licenses/>. … … 54 54 55 55 % ldapmodify -a -h ldap.domain.com -D "cn=Directory Manager" -f pykota-sunds-indexes.ldif 56 56 57 57 By default configuration settings are NOT replicated in a 58 58 replication environment so the following indexes must be … … 95 95 will encrypt the userPassword entry so you may wish to leave it as 96 96 plain text when creating the pykotaadmin and pykotauser entries. 97 97 98 98 If a Password Policy is being enforced it would be advisable exclude 99 99 both the pykotauser and pykotaadmin from that policy. This is especially … … 106 106 Access Control Instructions (ACI) : 107 107 ----------------------------------- 108 108 109 109 The provided ACI's must not be blindly added using ldapmodify or 110 110 ldapadd, if you do so you will clobber any existing ACI's for a