[D-community-commits] r184 - in trunk/fai-config-dir: class files/etc files/etc/ldap files/etc/ldap/schema files/etc/ldap/schema/dc.schema files/etc/ldap/slapd.conf files/etc/phpldapadmin files/etc/phpldapadmin/config.php files/etc/phpldapadmin/templates files/etc/phpldapadmin/templates/custom_dcPerson.xml package_config scripts scripts/LDAPSERVER
nd-guest at alioth.debian.org
nd-guest at alioth.debian.org
Sun Jan 6 22:31:41 UTC 2008
Author: nd-guest
Date: 2008-01-06 22:31:41 +0000 (Sun, 06 Jan 2008)
New Revision: 184
Added:
trunk/fai-config-dir/files/etc/ldap/
trunk/fai-config-dir/files/etc/ldap/schema/
trunk/fai-config-dir/files/etc/ldap/schema/dc.schema/
trunk/fai-config-dir/files/etc/ldap/schema/dc.schema/DEFAULT
trunk/fai-config-dir/files/etc/ldap/slapd.conf/
trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
trunk/fai-config-dir/files/etc/phpldapadmin/
trunk/fai-config-dir/files/etc/phpldapadmin/config.php/
trunk/fai-config-dir/files/etc/phpldapadmin/config.php/LDAPSERVER
trunk/fai-config-dir/files/etc/phpldapadmin/templates/
trunk/fai-config-dir/files/etc/phpldapadmin/templates/custom_dcPerson.xml/
trunk/fai-config-dir/files/etc/phpldapadmin/templates/custom_dcPerson.xml/DEFAULT
trunk/fai-config-dir/package_config/LDAPSERVER
trunk/fai-config-dir/scripts/LDAPSERVER/
trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
Modified:
trunk/fai-config-dir/class/50-host-classes
Log:
Initial LDAP server setup
Modified: trunk/fai-config-dir/class/50-host-classes
===================================================================
--- trunk/fai-config-dir/class/50-host-classes 2008-01-06 22:07:03 UTC (rev 183)
+++ trunk/fai-config-dir/class/50-host-classes 2008-01-06 22:31:41 UTC (rev 184)
@@ -5,7 +5,7 @@
# use a list of classes for our demo machine
case $HOSTNAME in
bikeshed)
- echo "ADMINGROUP FIREWALL MAILSERVER WEBSERVER" ;;
+ echo "ADMINGROUP FIREWALL MAILSERVER WEBSERVER LDAPSERVER" ;;
*)
echo "DEFAULT" ;;
esac
Added: trunk/fai-config-dir/files/etc/ldap/schema/dc.schema/DEFAULT
===================================================================
--- trunk/fai-config-dir/files/etc/ldap/schema/dc.schema/DEFAULT (rev 0)
+++ trunk/fai-config-dir/files/etc/ldap/schema/dc.schema/DEFAULT 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,44 @@
+# Debian Community schema file
+#
+#
+# 1.3.6.1.4.1.30229 is the toplevel OID
+#
+
+ObjectIdentifier DC 1.3.6.1.4.1.30229.1
+ObjectIdentifier dcP DC:1
+ObjectIdentifier dcPAttribute dcP:1
+ObjectIdentifier dcPObjClass dcP:2
+
+attributetype ( dcPAttribute:1
+ NAME 'dcPersonGpgKeyId'
+ DESC 'GnuPG Key ID'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (dcPAttribute:2
+ NAME 'dcPersonGpgPublicKey'
+ DESC 'GnuPG public key'
+ EQUALITY caseExactMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (dcPAttribute:3
+ NAME 'dcPersonLatitude'
+ DESC 'Latitude'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (dcPAttribute:4
+ NAME 'dcPersonLongitude'
+ DESC 'Longitude'
+ EQUALITY caseIgnoreMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass ( dcPObjClass
+ NAME 'dcPerson'
+ DESC 'debian-community.org person'
+ SUP inetOrgPerson
+ STRUCTURAL
+ MAY ( dcPersonGpgKeyId $ dcPersonGpgPublicKey $
+ dcPersonLatitude $ dcPersonLongitude )
+ )
+
Added: trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER (rev 0)
+++ trunk/fai-config-dir/files/etc/ldap/slapd.conf/LDAPSERVER 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,132 @@
+# This is the main slapd configuration file. See slapd.conf(5) for more
+# info on the configuration options.
+
+#######################################################################
+# Global Directives:
+
+# Features to permit
+#allow bind_v2
+
+# Schema and objectClass definitions
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/nis.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/dc.schema
+
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+pidfile /var/run/slapd/slapd.pid
+
+# List of arguments that were passed to the server
+argsfile /var/run/slapd/slapd.args
+
+# Read slapd.conf(5) for possible values
+loglevel 0
+
+# Where the dynamically loaded modules are stored
+modulepath /usr/lib/ldap
+moduleload back_bdb
+
+# The maximum number of entries that is returned for a search operation
+sizelimit 500
+
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+tool-threads 1
+
+#######################################################################
+# Specific Backend Directives for bdb:
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+backend bdb
+checkpoint 512 30
+
+#######################################################################
+# Specific Backend Directives for 'other':
+# Backend specific directives apply to this backend until another
+# 'backend' directive occurs
+#backend <other>
+
+#######################################################################
+# Specific Directives for database #1, of type bdb:
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+database bdb
+
+# The base of your directory in database #1
+suffix "dc=debian-community,dc=org"
+
+# rootdn directive for specifying a superuser on the database. This is needed
+# for syncrepl.
+# rootdn "cn=admin,dc=debian-community,dc=org"
+
+# Where the database file are physically stored for database #1
+directory "/var/lib/ldap"
+
+# For the Debian package we use 2MB as default but be sure to update this
+# value if you have plenty of RAM
+dbconfig set_cachesize 0 2097152 0
+
+# Sven Hartge reported that he had to set this value incredibly high
+# to get slapd running at all. See http://bugs.debian.org/303057
+# for more information.
+
+# Number of objects that can be locked at the same time.
+dbconfig set_lk_max_objects 1500
+# Number of locks (both requested and granted)
+dbconfig set_lk_max_locks 1500
+# Number of lockers
+dbconfig set_lk_max_lockers 1500
+
+# Indexing options for database #1
+index objectClass eq
+
+# Save the time that the entry gets modified, for database #1
+lastmod on
+
+# Where to store the replica logs for database #1
+# replogfile /var/lib/ldap/replog
+
+# The userPassword by default can be changed
+# by the entry owning it if they are authenticated.
+# Others should not be able to see it, except the
+# admin entry below
+# These access lines apply to database #1 only
+access to attrs=userPassword,shadowLastChange
+ by dn="cn=admin,dc=debian-community,dc=org" write
+ by anonymous auth
+ by self write
+ by * none
+
+# Ensure read access to the base for things like
+# supportedSASLMechanisms. Without this you may
+# have problems with SASL not knowing what
+# mechanisms are available and the like.
+# Note that this is covered by the 'access to *'
+# ACL below too but if you change that as people
+# are wont to do you'll still need this if you
+# want SASL (and possible other things) to work
+# happily.
+access to dn.base="" by * read
+
+# The admin dn has full write access, everyone else
+# can read everything.
+access to *
+ by dn="cn=admin,dc=debian-community,dc=org" write
+ by * read
+
+# For Netscape Roaming support, each user gets a roaming
+# profile for which they have write access to
+#access to dn=".*,ou=Roaming,o=morsnet"
+# by dn="cn=admin,dc=debian-community,dc=org" write
+# by dnattr=owner write
+
+#######################################################################
+# Specific Directives for database #2, of type 'other' (can be bdb too):
+# Database specific directives apply to this databasse until another
+# 'database' directive occurs
+#database <other>
+
+# The base of your directory for database #2
+#suffix "dc=debian,dc=org"
Added: trunk/fai-config-dir/files/etc/phpldapadmin/config.php/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/files/etc/phpldapadmin/config.php/LDAPSERVER (rev 0)
+++ trunk/fai-config-dir/files/etc/phpldapadmin/config.php/LDAPSERVER 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,376 @@
+<?php
+/**
+ * The phpLDAPadmin config file
+ *
+ * This is where you can customise some of the phpLDAPadmin defaults
+ * that are defined in config_default.php.
+ *
+ * To override a default, use the $config->custom variable to do so.
+ * For example, the default for defining the language in config_default.php
+ *
+ * $this->default->appearance['lang'] = array(
+ * 'desc'=>'Language',
+ * 'default'=>'auto');
+ *
+ * to override this, use $config->custom->appearance['lang'] = 'en';
+ *
+ * This file is also used to configure your LDAP server connections.
+ *
+ * You must specify at least one LDAP server there. You may add
+ * as many as you like. You can also specify your language, and
+ * many other options.
+ *
+ * NOTE: Commented out values in this file prefixed by //, represent the
+ * defaults that have been defined in config_default.php.
+ * Commented out values prefixed by #, dont reflect their default value, you can
+ * check config_default.php if you want to see what the default is.
+ *
+ * DONT change config_default.php, you changes will be lost by the next release
+ * of PLA. Instead change this file - as it will NOT be replaced by a new
+ * version of phpLDAPadmin.
+ */
+
+/*********************************************/
+/* Useful important configuration overrides */
+/*********************************************/
+
+/* If you are asked to put pla in debug mode, this is how you do it: */
+# $config->custom->debug['level'] = 255;
+# $config->custom->debug['syslog'] = true;
+# $config->custom->debug['file'] = '/tmp/pla_debug.log';
+
+/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+ to a big random string. */
+$config->custom->session['blowfish'] = '';
+
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+ to determine your language automatically. Otherwise, available lanaguages
+ are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
+ Localization is not complete yet, but most strings have been translated.
+ Please help by writing language files. See lang/en.php for an example. */
+// $config->custom->appearance['language'] = 'auto';
+
+/* The temporary storage directory where we will put jpegPhoto data
+ This directory must be readable and writable by your web server. */
+// $config->custom->jpeg['tmpdir'] = "/tmp"; // Example for Unix systems
+# $config->custom->jpeg['tmpdir'] = "c:\\temp"; // Example for Windows systems
+
+/*********************************************/
+/* Define your LDAP servers in this section */
+/*********************************************/
+
+$i=0;
+$ldapservers = new LDAPServers;
+
+/* A convenient name that will appear in the tree viewer and throughout
+ phpLDAPadmin to identify this LDAP server to users. */
+$ldapservers->SetValue($i,'server','name','My LDAP Server');
+
+/* Examples:
+ 'ldap.example.com',
+ 'ldaps://ldap.example.com/',
+ 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+ (Unix socket at /usr/local/var/run/ldap) */
+$ldapservers->SetValue($i,'server','host','localhost');
+
+/* The port your LDAP server listens on (no quotes). 389 is standard. */
+// $ldapservers->SetValue($i,'server','port','389');
+
+/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
+ auto-detect it for you. */
+#$ldapservers->SetValue($i,'server','base',array('dc=nodomain'));
+
+/* Three options for auth_type:
+ 1. 'cookie': you will login via a web form, and a client-side cookie will
+ store your login dn and password.
+ 2. 'session': same as cookie but your login dn and password are stored on the
+ web server in a persistent session variable.
+ 3. 'config': specify your login dn and password here in this config file. No
+ login will be required to use phpLDAPadmin for this server.
+
+ Choose wisely to protect your authentication information appropriately for
+ your situation. If you choose 'cookie', your cookie contents will be
+ encrypted using blowfish and the secret your specify above as
+ session['blowfish']. */
+$ldapservers->SetValue($i,'server','auth_type','session');
+
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+ 'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
+ you specify a login_attr in conjunction with a cookie or session auth_type,
+ then you can also specify the login_dn/login_pass here for searching the
+ directory for users (ie, if your LDAP server does not allow anonymous binds. */
+// $ldapservers->SetValue($i,'login','dn','');
+# $ldapservers->SetValue($i,'login','dn','cn=Manager,dc=example,dc=com');
+
+/* Your LDAP password. If you specified an empty login_dn above, this MUST also
+ be blank. */
+// $ldapservers->SetValue($i,'login','pass','');
+# $ldapservers->SetValue($i,'login','pass','secret');
+
+/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
+// $ldapservers->SetValue($i,'server','tls',false);
+
+/* If the link between your web server and this LDAP server is slow, it is
+ recommended that you set 'low_bandwidth' to true. This will enable
+ phpLDAPadmin to forego some "fancy" features to conserve bandwidth. */
+// $ldapservers->SetValue($i,'server','low_bandwidth',false);
+
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+ blowfish, crypt or leave blank for now default algorithm. */
+// $ldapservers->SetValue($i,'appearance','password_hash','md5');
+
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+ optionally specify here an attribute to use when logging in. If you enter
+ 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+ and log in as that user.
+ Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+ your LDAP server requires you to login to perform searches, you can enter the
+ DN to use when searching in 'login_dn' and 'login_pass' above. You may also
+ specify 'string', in which case you can provide a string to use for logging
+ users in. See 'login_string' directly below. */
+// $ldapservers->SetValue($i,'login','attr','dn');
+
+/* If you specified 'cookie' or 'session' as the auth_type above, and you
+ specified 'string' for 'login_attr' above, you must provide a string here for
+ logging users in. If, for example, I have a lot of user entries with DNs like
+ "uid=dsmith,ou=People,dc=example,dc=com", then I can specify a string
+ "uid=<username>,ou=People,dc=example,dc=com" and my users can login with
+ their user names alone, ie: "dsmith" in this case. */
+# $ldapservers->SetValue($i,'login','string','uid=<username>,ou=People,dc=example,dc=com');
+
+/* If 'login_attr' is used above such that phpLDAPadmin will search for your DN
+ at login, you may restrict the search to a specific objectClass. EG, set this
+ to 'posixAccount' or 'inetOrgPerson', depending upon your setup. */
+// $ldapservers->SetValue($i,'login','class','');
+
+/* Specify true If you want phpLDAPadmin to not display or permit any
+ modification to the LDAP server. */
+// $ldapservers->SetValue($i,'server','read_only',false);
+
+/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
+ in the tree viewer. */
+// $ldapservers->SetValue($i,'appearance','show_create',true);
+
+/* This feature allows phpLDAPadmin to automatically determine the next
+ available uidNumber for a new entry. */
+// $ldapservers->SetValue($i,'auto_number','enable',true);
+
+/* The mechanism to use when finding the next available uidNumber. Two possible
+ values: 'uidpool' or 'search'.
+ The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
+ blindly lookup the next available uidNumber. The 'search' mechanism searches
+ for entries with a uidNumber value and finds the first available uidNumber
+ (slower). */
+// $ldapservers->SetValue($i,'auto_number','mechanism','search');
+
+/* The DN of the search base when the 'search' mechanism is used above. */
+// $ldapservers->SetValue($i,'auto_number','search_base','ou=People,dc=example,dc=com');
+
+/* The minimum number to use when searching for the next available UID number
+ (only when 'search' is used for auto_uid_number_mechanism' */
+// $ldapservers->SetValue($i,'auto_number','min','1000');
+
+/* The DN of the uidPool entry when 'uidpool' mechanism is used above. */
+// $servers[$i]['auto_uid_number_uid_pool_dn'] = 'cn=uidPool,dc=example,dc=com';
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for the uidnumber. The idea is, this user id would have full
+ (readonly) access to uidnumber in your ldap directory (the logged in user
+ may not), so that you can be guaranteed to get a unique uidnumber for your
+ directory. */
+// $ldapservers->SetValue($i,'auto_number','dn','');
+
+/* The password for the dn above. */
+// $ldapservers->SetValue($i,'auto_number','pass','');
+
+/* Enable anonymous bind login. */
+// $ldapservers->SetValue($i,'login','anon_bind',true);
+
+/* Use customized page with prefix when available. */
+// $ldapservers->SetValue($i,'custom','pages_prefix','custom_');
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user when
+ testing for unique attributes (as set in unique_attrs array). If you want to
+ enforce unique attributes, than this id should have full (readonly) access
+ to the attributes in question (the logged in user may not have enough access)
+*/
+// $ldapservers->SetValue($i,'unique_attrs','dn','');
+
+/* The password for the dn above */
+// $ldapservers->SetValue($i,'unique_attrs','pass','');
+
+/* If you set this, then only these DNs are allowed to log in. This array can
+ contain individual users, groups or ldap search filter(s). Keep in mind that
+ the user has not authenticated yet, so this will be an anonymous search to
+ the LDAP server, so make your ACLs allow these searches to return results! */
+# $ldapservers->SetValue($i,'login','allowed_dns',array(
+# 'uid=stran,ou=People,dc=example,dc=com',
+# '(&(gidNumber=811)(objectClass=groupOfNames))',
+# '(|(uidNumber=200)(uidNumber=201))',
+# 'cn=callcenter,ou=Group,dc=example,dc=com'));
+
+/* Set this if you dont want this LDAP server to show in the tree */
+// $ldapservers->SetValue($i,'appearance','visible',true);
+
+/* This is the time out value in minutes for the server. After as many minutes
+ of inactivity you will be automatically logged out. If not set, the default
+ value will be ( session_cache_expire()-1 ) */
+# $ldapservers->SetValue($i,'login','timeout',30);
+
+/* Set this if you want phpldapadmin to perform rename operation on entry which
+ has children. Certain servers are known to allow it, certain are not */
+// $ldapservers->SetValue($i,'server','branch_rename',false);
+
+/**************************************************************************
+ * If you want to configure additional LDAP servers, do so below. *
+ * Remove the commented lines and use this section as a template for all *
+ * your other LDAP servers. *
+ **************************************************************************/
+
+/*
+$i++;
+$ldapservers->SetValue($i,'server','name','LDAP Server');
+$ldapservers->SetValue($i,'server','host','127.0.0.1');
+$ldapservers->SetValue($i,'server','port','389');
+$ldapservers->SetValue($i,'server','base',array(''));
+$ldapservers->SetValue($i,'server','auth_type','cookie');
+$ldapservers->SetValue($i,'login','dn','');
+$ldapservers->SetValue($i,'login','pass','');
+$ldapservers->SetValue($i,'server','tls',false);
+$ldapservers->SetValue($i,'server','low_bandwidth',false);
+$ldapservers->SetValue($i,'appearance','password_hash','md5');
+$ldapservers->SetValue($i,'login','attr','dn');
+$ldapservers->SetValue($i,'login','string','');
+$ldapservers->SetValue($i,'login','class','');
+$ldapservers->SetValue($i,'server','read_only',false);
+$ldapservers->SetValue($i,'appearance','show_create',true);
+$ldapservers->SetValue($i,'auto_number','enable',true);
+$ldapservers->SetValue($i,'auto_number','mechanism','search');
+$ldapservers->SetValue($i,'auto_number','search_base','');
+$ldapservers->SetValue($i,'auto_number','min','1000');
+$ldapservers->SetValue($i,'auto_number','dn','');
+$ldapservers->SetValue($i,'auto_number','pass','');
+$ldapservers->SetValue($i,'login','anon_bind',true);
+$ldapservers->SetValue($i,'custom','pages_prefix','custom_');
+$ldapservers->SetValue($i,'unique_attrs','dn','');
+$ldapservers->SetValue($i,'unique_attrs','pass','');
+*/
+
+/*********************************************/
+/* User-friendly attribute translation */
+/*********************************************/
+
+/* Use this array to map attribute names to user friendly names. For example, if
+ you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+$friendly_attrs = array();
+
+$friendly_attrs['facsimileTelephoneNumber'] = 'Fax';
+$friendly_attrs['telephoneNumber'] = 'Phone';
+
+/*********************************************/
+/* Support for attrs display order */
+/*********************************************/
+
+/* Use this array if you want to have your attributes displayed in a specific
+ order. You can use default attribute names or their fridenly names.
+ For example, "sn" will be displayed right after "givenName". All the other
+ attributes that are not specified in this array will be displayed after in
+ alphabetical order. */
+# $attrs_display_order = array(
+# 'givenName',
+# 'sn',
+# 'cn',
+# 'displayName',
+# 'uid',
+# 'uidNumber',
+# 'gidNumber',
+# 'homeDirectory',
+# 'mail',
+# 'userPassword'
+# );
+
+/*********************************************/
+/* Hidden attributes */
+/*********************************************/
+
+/* You may want to hide certain attributes from being displayed in the editor
+ screen. Do this by adding the desired attributes to this list (and uncomment
+ it). This only affects the editor screen. Attributes will still be visible in
+ the schema browser and elsewhere. An example is provided below:
+ NOTE: The user must be able to read the hidden_except_dn entry to be
+ excluded. */
+# $hidden_attrs = array( 'jpegPhoto', 'objectClass' );
+# $hidden_except_dn = "cn=PLA UnHide,ou=Groups,c=AU";
+
+/* Hidden attributes in read-only mode. If undefined, it will be equal to
+ $hidden_attrs. */
+# $hidden_attrs_ro = array(
+# 'objectClass','shadowWarning', 'shadowLastChange', 'shadowMax',
+# 'shadowFlag', 'shadowInactive', 'shadowMin', 'shadowExpire');
+
+/** **/
+/** Read-only attributes **/
+/** **/
+
+/* You may want to phpLDAPadmin to display certain attributes as read only,
+ meaning that users will not be presented a form for modifying those
+ attributes, and they will not be allowed to be modified on the "back-end"
+ either. You may configure this list here:
+ NOTE: The user must be able to read the read_only_except_dn entry to be
+ excluded. */
+# $read_only_attrs = array( 'objectClass' );
+# $read_only_except_dn = "cn=PLA ReadWrite,ou=Groups,c=AU";
+
+/* An example of how to specify multiple read-only attributes: */
+# $read_only_attrs = array( 'jpegPhoto', 'objectClass', 'someAttribute' );
+
+/*********************************************/
+/* Unique attributes */
+/*********************************************/
+
+/* You may want phpLDAPadmin to enforce some attributes to have unique values
+ (ie: not belong to other entries in your tree. This (together with
+ unique_attrs['dn'] and unique_attrs['pass'] option will not let updates to
+ occur with other attributes have the same value.
+ NOTE: Currently the unique_attrs is NOT enforced when copying a dn. (Need to
+ present a user with the option of changing the unique attributes. */
+# $unique_attrs = array('uid','uidNumber','mail');
+
+/*********************************************/
+/* Predefined Queries (canned views) */
+/*********************************************/
+
+/* To make searching easier, you may setup predefined queries below: */
+$q=0;
+$queries = array();
+
+/* The name that will appear in the simple search form */
+$queries[$q]['name'] = 'User List';
+
+/* The base to search on */
+$queries[$q]['base'] = 'dc=example,dc=com';
+
+/* The search scope (sub, base, one) */
+$queries[$q]['scope'] = 'sub';
+
+/* The LDAP filter to use */
+$queries[$q]['filter'] = '(&(objectClass=posixAccount)(uid=*))';
+
+/* The attributes to return */
+$queries[$q]['attributes'] = 'cn, uid, homeDirectory';
+
+/* If you want to configure more pre-defined queries, copy and paste the above (including the "$q++;") */
+$q++;
+$queries[$q]['name'] = 'Samba Users';
+$queries[$q]['base'] = 'dc=example,dc=com';
+$queries[$q]['scope'] = 'sub';
+$queries[$q]['filter'] = '(&(|(objectClass=sambaAccount)(objectClass=sambaSamAccount))(objectClass=posixAccount)(!(uid=*$)))';
+$queries[$q]['attributes'] = 'uid, smbHome, uidNumber';
+
+$q++;
+$queries[$q]['name'] = 'Samba Computers';
+$queries[$q]['base'] = 'dc=example,dc=com';
+$queries[$q]['scope'] = 'sub';
+$queries[$q]['filter'] = '(&(objectClass=sambaAccount)(uid=*$))';
+$queries[$q]['attributes'] = 'uid, homeDirectory';
+?>
Added: trunk/fai-config-dir/files/etc/phpldapadmin/templates/custom_dcPerson.xml/DEFAULT
===================================================================
--- trunk/fai-config-dir/files/etc/phpldapadmin/templates/custom_dcPerson.xml/DEFAULT (rev 0)
+++ trunk/fai-config-dir/files/etc/phpldapadmin/templates/custom_dcPerson.xml/DEFAULT 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+<template>
+<title>Debian Community Person</title>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<icon>images/mail_account.png</icon>
+<description>New Debian Community Person</description>
+<askcontainer>1</askcontainer>
+<rdn>cn</rdn>
+<visible>1</visible>
+<invalid>0</invalid>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="dcPerson"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="uid">
+ <display>User ID</display>
+ <icon>images/uid.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <icon>images/mail.png</icon>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="mailbox">
+ <display>Mailbox</display>
+ <order>3</order>
+ <page>1</page>
+ <spacer>1</spacer>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>autoFill:cn,%givenName% %sn%</onchange>
+ <onchange>autoFill:uid,%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%</onchange>
+ <onchange>autoFill:homeDirectory,/home/users/%gidNumber|0-0/T%/%uid|3-%</onchange>
+ <order>4</order>
+ <page>1</page>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>5</order>
+ <page>1</page>
+</attribute>
+<attribute id="dcPersonGpgKeyId">
+ <display>GnuPG Key ID</display>
+ <order>6</order>
+ <page>1</page>
+</attribute>
+<attribute id="dcPersonGpgPublicKey">
+ <display>GnuPG Public Key</display>
+ <order>7</order>
+ <page>1</page>
+</attribute>
+<attribute id="dcPersonLatitude">
+ <display>Latitude</display>
+ <order>8</order>
+ <page>1</page>
+</attribute>
+<attribute id="dcPersonLongitude">
+ <display>Longitude</display>
+ <order>9</order>
+ <page>1</page>
+</attribute>
+<attribute id="l">
+ <display>City</display>
+ <order>10</order>
+ <page>1</page>
+</attribute>
+<attribute id="st">
+ <display>State</display>
+ <order>11</order>
+ <page>1</page>
+</attribute>
+<attribute id="jpegPhoto">
+ <display>Photo</display>
+ <order>12</order>
+ <page>1</page>
+</attribute>
+<attribute id="uidNumber">
+ <display>UID Number</display>
+ <hint>Automatically determined</hint>
+ <icon>images/terminal.png</icon>
+ <order>15</order>
+ <page>1</page>
+ <presubmit>=php.GetNextNumber(/,uid)</presubmit>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <onchange>autoFill:homeDirectory,/home/users/%gidNumber|0-0/T%/%uid|3-%</onchange>
+ <order>16</order>
+ <page>1</page>
+ <value>=php.PickList(/,(objectClass=posixGroup),gidNumber,%cn%)</value>
+</attribute>
+<attribute id="homeDirectory">
+ <display>Home Directory</display>
+ <order>17</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <helper>
+ <default>md5</default>
+ <display>Encryption</display>
+ <id>enc</id>
+ <location>side</location>
+ <value>blowfish</value>
+ <value>clear</value>
+ <value>crypt</value>
+ <value>ext_des</value>
+ <value>md5</value>
+ <value>md5crypt</value>
+ <value>sha</value>
+ <value>smd5</value>
+ <value>ssha</value>
+ </helper>
+ <icon>images/lock.png</icon>
+ <order>18</order>
+ <page>1</page>
+ <post>=php.Password(%enc%,%userPassword%)</post>
+ <type>password</type>
+ <verify>1</verify>
+</attribute>
+</attributes>
+</template>
Added: trunk/fai-config-dir/package_config/LDAPSERVER
===================================================================
--- trunk/fai-config-dir/package_config/LDAPSERVER (rev 0)
+++ trunk/fai-config-dir/package_config/LDAPSERVER 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,3 @@
+PACKAGES aptitude-r
+lwat phpldapadmin
+ldap-utils ldapdiff slapd
Added: trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
===================================================================
--- trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd (rev 0)
+++ trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd 2008-01-06 22:31:41 UTC (rev 184)
@@ -0,0 +1,31 @@
+#! /bin/sh
+#
+# (C) 2008 Andreas Putzo <andreas at putzo.net>
+# GPL2 licenced
+
+fcopy -r -M /etc/ldap
+fcopy -r -M /etc/phpldapadmin
+
+/etc/init.d/slapd stop
+echo -n "Creating initial LDAP directory..."
+cat <<-EOF | slapadd
+dn: dc=debian-community,dc=org
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: debian-community
+dc: debian-community
+
+dn: cn=admin,dc=debian-community,dc=org
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: admin
+description: LDAP administrator
+userPassword: {crypt}DdkbhPPiiqExA
+
+dn: ou=People,dc=debian-community,dc=org
+ou: People
+objectClass: organizationalUnit
+objectClass: top
+EOF
+/etc/init.d/slapd start
Property changes on: trunk/fai-config-dir/scripts/LDAPSERVER/10-slapd
___________________________________________________________________
Name: svn:executable
+ *
More information about the D-community-commits
mailing list