# Copyright (C) 2005 GanaКl LAPLANCHE - Linagora # Copyright (C) 2006-2011 GanaКl LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # LDAP server SERVER="ldap://localhost" # Suffixes SUFFIX="dc=kommunar,dc=alx" # Global suffix GSUFFIX="ou=groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=users" # Users ou (just under $SUFFIX) MSUFFIX="ou=computers" # Machines ou (just under $SUFFIX) # Authentication type # If empty, use simple authentication # Else, use the value as an SASL authentication mechanism SASLAUTH="" #SASLAUTH="GSSAPI" # Simple authentication parameters # The following BIND* parameters are ignored if SASLAUTH is set BINDDN="cn=root,dc=kommunar,dc=alx" # The following file contains the raw password of the BINDDN # Create it with something like : echo -n 'secret' > $BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable ### BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd" # For older versions of OpenLDAP, it is still possible to use # unsecure command-line passwords by defining the following option # AND commenting the previous one (BINDPWDFILE takes precedence) BINDPWD="111111" # Start with these IDs *if no entry found in LDAP* GIDSTART="10000" # Group ID UIDSTART="10000" # User ID MIDSTART="20000" # Machine ID # Group membership management # ObjectCLass used for groups # Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) # Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). # Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, # the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! # When using groupOfNames or groupOfUniqueNames, creating a group requires an initial # member. Specify it below, you will be able to remove it once groups are populated. #GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" # User properties USHELL="/usr/sbin/nologin" UHOMES="/home/%u" # You may use %u for username here CREATEHOMES="no" # Create home directories and set rights ? HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. HOMEPERMS="700" # Default permissions for home directories # User passwords generation # Command-line used to generate a password for added users. # You may use %u for username here ; special value "" will ask for a password interactively # WARNING !!!! This is evaluated, everything specified here will be run ! # WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). # In this case, consider using /dev/urandom instead. ### PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" #PASSWORDGEN="pwgen" #PASSWORDGEN="echo changeme" #PASSWORDGEN="echo %u" PASSWORDGEN="echo 123456" #PASSWORDGEN="" # User passwords recording # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS # (useful when performing a massive creation / net rpc vampire) # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! RECORDPASSWORDS="yes" PASSWORDFILE="/var/log/ldapscripts_passwd.log" # Where to log LOGFILE="/var/log/ldapscripts.log" # Temporary folder TMPDIR="/tmp" # Various binaries used within the scripts # Warning : they also use uuencode, date, grep, sed, cut, which... # Please check they are installed before using these scripts # Note that many of them should come with your OS # OpenLDAP client commands LDAPSEARCHBIN="/usr/local/bin/ldapsearch" LDAPADDBIN="/usr/local/bin/ldapadd" LDAPDELETEBIN="/usr/local/bin/ldapdelete" LDAPMODIFYBIN="/usr/local/bin/ldapmodify" LDAPMODRDNBIN="/usr/local/bin/ldapmodrdn" LDAPPASSWDBIN="/usr/local/bin/ldappasswd" # Character set conversion : $ICONVCHAR <-> UTF-8 # Comment ICONVBIN to disable UTF-8 conversion # ICONVBIN="/usr/local/bin/iconv" #ICONVCHAR="ISO-8859-15" # Base64 decoding # Comment UUDECODEBIN to disable Base64 decoding UUDECODEBIN="/usr/bin/uudecode" # Getent command to use - choose the ones used # on your system. Leave blank or comment for auto-guess. # GNU/Linux #GETENTPWCMD="getent passwd" #GETENTGRCMD="getent group" # FreeBSD #GETENTPWCMD="pw usershow" #GETENTGRCMD="pw groupshow" # Auto GETENTPWCMD="" GETENTGRCMD="" # You can specify custom LDIF templates here # Leave empty to use default templates # See *.template.sample for default templates #GTEMPLATE="/path/to/ldapaddgroup.template" #UTEMPLATE="/path/to/ldapadduser.template" #MTEMPLATE="/path/to/ldapaddmachine.template" GTEMPLATE="" UTEMPLATE="" MTEMPLATE=""