Changeset 3413 for pykota/trunk/initscripts/ldap/README.ldap
- Timestamp:
- 09/27/08 22:02:37 (16 years ago)
- Files:
-
- 1 modified
Legend:
- Unmodified
- Added
- Removed
-
pykota/trunk/initscripts/ldap/README.ldap
r3343 r3413 22 22 =============== 23 23 24 OpenLDAP : 24 OpenLDAP : 25 25 ---------- 26 26 27 The pykota.schema file can be used to modify an existing OpenLDAP 28 directory to add the necessary object classes and attributes for 27 The pykota.schema file can be used to modify an existing OpenLDAP 28 directory to add the necessary object classes and attributes for 29 29 use with PyKota. 30 30 31 31 Include it in your LDAP server's configuration. 32 32 For example, with OpenLDAP under Debian : 33 33 34 34 $ cp pykota.schema /etc/ldap/schema 35 35 (no need to do this if you install from PyKota's Debian package) 36 36 37 NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is 38 referenced, substitute /etc/openldap. e.g. 37 NB: With OpenLDAP under Red Hat-based distros, where /etc/ldap is 38 referenced, substitute /etc/openldap. e.g. 39 39 40 40 $ cp pykota.schema /etc/openldap/schema 41 42 Then edit /etc/ldap/slapd.conf and add a line to 41 42 Then edit /etc/ldap/slapd.conf and add a line to 43 43 include the PyKota schema. You should have something 44 44 like : 45 45 46 46 # Schema and objectClass definitions 47 47 include /etc/ldap/schema/core.schema … … 50 50 include /etc/ldap/schema/inetorgperson.schema 51 51 include /etc/ldap/schema/pykota.schema 52 53 While this is not mandatory, you may want to create 52 53 While this is not mandatory, you may want to create 54 54 some indexes to speed things up a bit : 55 55 56 56 You should already have these : 57 57 58 58 index objectClass eq 59 59 index cn pres,eq,sub 60 60 index uid pres,eq,sub 61 62 But we recommend that you add these : 63 61 62 But we recommend that you add these : 63 64 64 index pykotaUserName pres,eq,sub 65 65 index pykotaGroupName pres,eq,sub … … 67 67 index pykotaBillingCode pres,eq,sub 68 68 index pykotaLastJobIdent eq 69 69 70 70 Now you must ensure that the DNs PyKota will use to bind to 71 71 your OpenLDAP server don't have search queries size limits, 72 72 which gives for example (OpenLDAP 2.1.x or above) : 73 73 74 74 limits dn="cn=pykotaadmin,dc=example,dc=com" size.soft=-1 size.hard=soft 75 75 limits dn="cn=pykotauser,dc=example,dc=com" size.soft=-1 size.hard=soft 76 76 77 77 Where pykotaadmin and pykotauser are the usernames used to bind to your 78 OpenLDAP server within PyKota, respectively in complete ReadWrite mode 78 OpenLDAP server within PyKota, respectively in complete ReadWrite mode 79 79 (as set in pykotadmin.conf) and in ReadOnly mode (pykota.conf). 80 80 81 81 NB : YOU have to define the ACLs necessary for user pykotaadmin to 82 82 have unlimited Read+Write access to your LDAP tree, and for user … … 87 87 this is up to you to decide. An example giving full write access 88 88 to the pykotaadmin user is : 89 90 access to dn.subtree="ou=PyKota,dc=example,dc=com" 91 by dn="cn=pykotaadmin,dc=example,dc=com" write 92 93 access to dn.subtree="ou=People,dc=example,dc=com" 94 by dn="cn=pykotaadmin,dc=example,dc=com" write 95 96 access to dn.subtree="ou=Groups,dc=example,dc=com" 97 by dn="cn=pykotaadmin,dc=example,dc=com" write 98 89 90 access to dn.subtree="ou=PyKota,dc=example,dc=com" 91 by dn="cn=pykotaadmin,dc=example,dc=com" write 92 93 access to dn.subtree="ou=People,dc=example,dc=com" 94 by dn="cn=pykotaadmin,dc=example,dc=com" write 95 96 access to dn.subtree="ou=Groups,dc=example,dc=com" 97 by dn="cn=pykotaadmin,dc=example,dc=com" write 98 99 99 Please adapt this to your own needs and configuration. 100 101 Now, stop the OpenLDAP server : 102 100 101 Now, stop the OpenLDAP server : 102 103 103 $ /etc/init.d/slapd stop 104 105 Generate the index files : 106 104 105 Generate the index files : 106 107 107 $ slapindex 108 109 And finally restart the OpenLDAP server : 110 108 109 And finally restart the OpenLDAP server : 110 111 111 $ /etc/init.d/slapd start 112 112 113 NB: On Red Hat-based distros, use '/sbin/service ldap stop' and 113 NB: On Red Hat-based distros, use '/sbin/service ldap stop' and 114 114 '/sbin/service ldap start' instead. 115 116 Sun Directory Server : 115 116 Sun Directory Server : 117 117 ---------------------- 118 118 119 119 See README.sunds 120 121 Initial datas : 120 121 Initial datas : 122 122 =============== 123 124 You can use the pykota-sample.ldif file to initialize an LDAP tree 123 124 You can use the pykota-sample.ldif file to initialize an LDAP tree 125 125 for PyKota, if you want. 126 126 127 127 The structure used in this file is NOT mandatory ! 128 128 Provided you put correct parameters into /etc/pykota/pykota.conf, 129 129 you can structure your LDAP directory the way you want. 130 131 To use an LDAP directory as the Quota Storage, just modify 130 131 To use an LDAP directory as the Quota Storage, just modify 132 132 ~pykota/pykota.conf to make it contain lines similar to the LDAP 133 133 related ones in conf/pykota.conf.sample, but adapted to your 134 134 own configuration. Also de-activate the PostgreSQL-related lines. 135 Don't forget to adapt ~pykota/pykotadmin.conf as well. 135 Don't forget to adapt ~pykota/pykotadmin.conf as well. 136 136 ============================================================