1 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
2 # Copyright (C) 2006-2013 Ganaël LAPLANCHE
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
20 SERVER="ldap://controller"
23 SUFFIX="dc=cgcs,dc=local" # Global suffix
24 GSUFFIX="ou=Group" # Groups ou (just under $SUFFIX)
25 USUFFIX="ou=People" # Users ou (just under $SUFFIX)
26 MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX)
29 # If empty, use simple authentication
30 # Else, use the value as an SASL authentication mechanism
34 # Simple authentication parameters
35 # The following BIND* parameters are ignored if SASLAUTH is set
36 BINDDN="cn=ldapadmin,dc=cgcs,dc=local"
37 # The following file contains the raw password of the BINDDN
38 # Create it with something like : echo -n 'secret' > $BINDPWDFILE
39 # WARNING !!!! Be careful not to make this file world-readable
40 BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd"
41 # For older versions of OpenLDAP, it is still possible to use
42 # unsecure command-line passwords by defining the following option
43 # AND commenting the previous one (BINDPWDFILE takes precedence)
46 # Start with these IDs *if no entry found in LDAP*
47 GIDSTART="10000" # Group ID
48 UIDSTART="10000" # User ID
49 MIDSTART="20000" # Machine ID
51 # Group membership management
52 # ObjectCLass used for groups
53 # Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !)
54 # Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup).
55 # Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis,
56 # the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration.
57 GCLASS="posixGroup" # Leave "posixGroup" here if not sure !
58 # When using groupOfNames or groupOfUniqueNames, creating a group requires an initial
59 # member. Specify it below, you will be able to remove it once groups are populated.
60 #GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX"
64 UHOMES="/home/%u" # You may use %u for username here
65 CREATEHOMES="no" # Create home directories and set rights ?
66 HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
67 HOMEPERMS="700" # Default permissions for home directories
69 # User passwords generation
70 # Command-line used to generate a password for added users.
71 # You may use %u for username here ; special value "<ask>" will ask for a password interactively
72 # WARNING !!!! This is evaluated, everything specified here will be run !
73 # WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy).
74 # In this case, consider using /dev/urandom instead.
75 #PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8"
77 #PASSWORDGEN="echo changeme"
81 # User passwords recording
82 # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS
83 # (useful when performing a massive creation / net rpc vampire)
84 # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE !
85 # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE !
87 PASSWORDFILE="/var/log/ldapscripts_passwd.log"
90 LOGFILE="/var/log/ldapscripts.log"
95 # Various binaries used within the scripts
96 # Warning : they also use uuencode, date, grep, sed, cut, which...
97 # Please check they are installed before using these scripts
98 # Note that many of them should come with your OS
100 # OpenLDAP client commands
101 LDAPSEARCHBIN="/usr/bin/ldapsearch"
102 LDAPADDBIN="/usr/bin/ldapadd"
103 LDAPDELETEBIN="/usr/bin/ldapdelete"
104 LDAPMODIFYBIN="/usr/bin/ldapmodify"
105 LDAPMODRDNBIN="/usr/bin/ldapmodrdn"
106 LDAPPASSWDBIN="/usr/bin/ldappasswd"
108 # OpenLDAP client common additional options
109 # This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS
112 # OpenLDAP ldapsearch-specific additional options
113 # The following option disables long-line wrapping (which makes the scripts bug
114 # when handling long lines). The option was introduced in OpenLDAP 2.4.24, so
115 # comment it if you are using OpenLDAP < 2.4.24.
116 LDAPSEARCHOPTS="-o ldif-wrap=no"
117 # And here is an example to activate paged results
118 #LDAPSEARCHOPTS="-E pr=500/noprompt"
120 # Character set conversion : $ICONVCHAR <-> UTF-8
121 # Comment ICONVBIN to disable UTF-8 conversion
122 # ICONVBIN="/usr/bin/iconv"
126 # Comment UUDECODEBIN to disable Base64 decoding
127 #UUDECODEBIN="/usr/bin/uudecode"
129 # Getent command to use - choose the ones used
130 # on your system. Leave blank or comment for auto-guess.
132 GETENTPWCMD="getent passwd"
133 GETENTGRCMD="getent group"
135 #GETENTPWCMD="pw usershow"
136 #GETENTGRCMD="pw groupshow"
141 # You can specify custom LDIF templates here
142 # Leave empty to use default templates
143 # See *.template.sample for default templates
144 #GTEMPLATE="/path/to/ldapaddgroup.template"
145 #UTEMPLATE="/path/to/ldapadduser.template"
146 #MTEMPLATE="/path/to/ldapaddmachine.template"
147 GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs"
148 UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs"
149 UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs"
150 STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs"
151 SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs"
Code Review / pti / rtp.git / blob