File: ldapextras.conf

package info (click to toggle)
websieve 0.62-1
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 276 kB
  • ctags: 92
  • sloc: perl: 3,532; makefile: 53
file content (386 lines) | stat: -rwxr-xr-x 13,986 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
# Configuration file for websieve ldapextras
# ldapextras.pl and ldapextras.conf copyright 2001 Jules Agee
# Licensed under the LGPL - see http://www.gnu.org for details
# this software is provided at no charge WITH NO WARRANTY of any kind, implied
# or otherwise.

# Note that use of the ldapextras features requires that you have edited the
# websieve.conf file and set both the $useldapextras and the $useauth parameters
# to a non-zero (true) value.
# 
# See the bottom of this file for a description of the LDAP configuration that
# was used in development of these functions. Please note that these functions
# are still in a very early stage of development, and while I tried to make
# it fairly flexible and applicable to other LDAP configurations, making some
# assumptions about the configuration was necessary and at this point in 
# development you will probably run into problems if your configuration 
# deviates from the configuration described below by much. Hopefully as time
# goes by I'll get a better feel for how others have configured their
# directories and this program will become more flexible and easily
# configurable.

#####
# $suggestpass can be set to the pathname of a program that will generate
# a random password to suggest to the admin upon creating a new account.
# If left undefined, while creating a new user the admin will be asked to
# enter a password twice in standard non-echoing password fields.
$suggestpass = "/usr/local/bin/apg -m8 -x8 -a0 -CL -n1";


######
# $manageruid should be undefined by default. Management options will appear
# if this is defined and the user has authenticated successfully with this uid.
#
# NOTE: The LDAP server MUST be configured to allow the entry with
# this UID to have adminstrative privileges on the LDAP server!
# This UID must also have admin privileges on the IMAP server!
# uncomment the following line to use these features:
$manageruid = "admin";

# if the manager account is actually used to receive mail, set this to true.
# it should be set to zero if no mail is delivered to this UID.
$mgrrecmail = 0;

######
# The next few options are used as defaults when creating new entries
# in your LDAP directory.

# this item must be changed to the string that appears in the DN
# immediately following the RDN, for example, the string below
# would be used if a DN for your CorpOffice group looked like this:
# dn: cn=CorpOffice,ou=Groups,dc=pcf,dc=com,o=internet
$ldapgroup_ou = ("ou=Groups");

# Exactly the same as $ldapgroup_ou except for user entries in the
# directory. If your average user DN looks like this:
# dn: cn=Joe Friday (joef),ou=People,dc=pcf,dc=com,o=internet
# then your $ldapperson_ou should look like this:
$ldapperson_ou = ("ou=People");

# Hash of default attributes and values that will be added to EVERY
# newly created group, and will have the same values in every group:
%ldapgroupdefatts = (
    objectClass=>[ "top", "groupOfNames", "rfc822MailGroup" ],
    owner=>"cn=,ou=People,dc=pcf,dc=com,o=internet",

    errorsTo=>"ldap:///Postmaster,ou=People,dc=pcf,dc=com,o=Internet",
    requestsTo=>"ldap:///Postmaster,ou=People,dc=pcf,dc=com,o=Internet"
);

# Hash of default attributes and values that will be added to EVERY
# newly created Person entry, and will have all the same values for
# every person.
%ldappersondefatts = (
    objectClass=>[ "top", "person", "organizationalPerson", "inetOrgPerson" ],
);

# List the mailhost and partition attributes that are used when creating
# an imap account on the server indicated by mailhost
# ie: $mailhostatt="mailHost";
$mailhostatt="mailroutingaddress";
$mailpartitionatt="mailmessagestore";

#user password attribute
$ldappassattr="userPassword";

# Array of ldap Person attributes that the admin will need to edit manually, 
# **EXCLUDING** dn, cn, uid, mail, sn, and givenname which will all
# automatically be generated from the $ldapuid, first name, last name,
# $maildomain, and @ldapperson_ou data as follows:
# dn=cn=$firstname $lastname ($ldapuid),$ldapperson_ou
# cn=$firstname $lastname ($ldapuid)
# uid=$ldapuid
# mail=$ldapuid@$maildomain
# sn=$lastname
# givenname=$firstname
#
# The array is used like a hash but is implemented as an array to preserve
# the order of the values, so put them here in the order you want to see them.
# The hash key should be the name of the attribute, and the value
# should be a short label which describes the attribute in
# user-friendly terms will appear on the user editing screen, like so:

@ldappersonatts = (
    title=>"Job Title",
    l=>"Location Description",
    streetAddress=>"Address, City, Zip",
    telephonenumber=>"Phone number",
    facsimileTelephoneNumber=>"Fax number",
    mobile=>"Cellphone number",
    pager=>"Pager number",
    photo=>"URL of photo",
    $mailhostatt=>"Mail Host",
    $mailpartitionatt=>"Partition",
    maildrop=>"MailDrop",
);

# Attributes that can appear multiple times in an ldap record
# such as mail aliases,etc
# do not put these attribute names in @ldappersonatts

@multilineatts = (
    alternatemailaddress=>"Alias"
);


# Attributes which will be displayed as a popup menu instead of a text box
# The values on the right are the values that are offered as choices for each attribute
# Note: these attributes should also be listed in @ldappersonatts
# Here we list the user hosts that a mailbox can be created on as well
# as the hosts that we don't want an imap account but do want a directory entry

%ldapselectatts = (
	$mailhostatt => ["",@serverlist,"nonimaphost"],
	$mailpartitionatt=>["","default","marketing"]
);

# Attributes that we want to display as a textarea field.  These attributes must
# also appear in @ldappersonatts.  Value is the number of rows to display
%ldaptextareaatts = (
	maildrop => "2",
	streetAddress => "4"
);

# This is a list of mail hosts where an imap account will NOT be created 
# only ldap data will be entered.
# This is used when you need a directory entry for a user whose account does not
# live on an imap server (ie: a user who uses Lotus Notes mail for example)
#
@nonimapmailhosts = ("nonimaphost");

# A hash of LDAP attributes that you do NOT want to be displayed to ordinary
# users when displaying an LDAP entry. It doesn't matter what the values 
# of each attribute are, we are only using a hash for performance reasons - 
# it's more efficient to see if a particular element of a hash exists than to
# iterate through an array checking whether each element matches.
%donotdisplay = ( 
    photo => 1,
    userPassword => 1 
);

# LDAP attribute which defines a user as a member of a group,
# for example, "member", or "uniqueMember"
$ldapmemberatt = "member";

$NEWUSERURL="<a href=$program_url?op=printuser>New User</a>";
$NEWGROUPURL="<a href=$program_url?op=printgroup>New Group</a>";
$LDAPSEARCHURL="<a href=$program_url?op=ldapsearch>View Users & Groups</a>";

##############################################################################
#                  Default LDAP structure and objectclasses                  #
##############################################################################
# 
# Since I'm writing this, the structure I'm using gets to be the default. :)
# If anyone has suggestions for the default config, please send them to me.
# If I find a consensus that any single structure is more common than the
# defaults here, I might be willing to change them.
#
#   -Jules Agee     julesa@pcf<NO.SPAM.PLEASE!>.com
#
# I'm using OpenLDAP 1.2.xx, which is pretty common, so I'll include the
# parts of the slapd.oc.conf file that I modified to make OpenLDAP work with
# our existing LDAP directory structure, and therefore with the defaults in
# this script. Of course, you'll have to modify the dc=pcf,dc=com entries
# to reflect your own domain, but if you're starting from scratch with a new
# OpenLDAP 1.2.xx server, you could pretty much use the defaults defined above
# after adding my modified slapd.oc.conf entries to your slapd.oc.conf file.
# 
# Then, once you had the LDAP server configured and running, you would have
# to use ldapadd to add the following entries to your empty directory before
# you could add users and groups. Again, you would have to change the dc=pcf
# and dc=com entries to reflect your own domain name. This also assumes that
# the LDAP manager/admin DN is set to "cn=Manager,o=internet" in your
# slapd.conf file.
#
#  o=internet
#  objectclass=top
#  objectclass=organization
#  o=internet
#  
#  cn=Manager,o=internet
#  objectclass=top
#  objectclass=organizationalRole
#  objectclass=inetOrgPerson
#  cn=Manager
#  sn=postmaster
#  uid=cyrus
#  
#  dc=com,o=internet
#  objectclass=top
#  objectclass=domain
#  dc=com
#  
#  dc=pcf,dc=com,o=internet
#  objectclass=top
#  objectclass=domain
#  dc=pcf
#  
#  ou=People, dc=pcf, dc=com, o=internet
#  objectclass=top
#  objectclass=organizationalUnit
#  ou=People
#  
#  ou=Groups, dc=pcf, dc=com, o=internet
#  objectclass=top
#  objectclass=organizationalUnit
#  ou=Groups
#
#
############### end of LDIF
#
# Here are the relevant entries I have modified from slapd.oc.conf. 
#
# If you have an existing directory or already know the attributes you want to 
# use for data in your directory, you will have to modify most of the defaults
# in this file to match the objectclass definitions you're using anyway, so this
# will probably be useless info for you. 
#
# objectclass organizationalPerson
#         requires
#                 objectClass,
#                 sn,
#                 cn
#         allows
#                 description,
#                 destinationIndicator,
#                 facsimileTelephoneNumber,
#                 givenName,
#                 internationaliSDNNumber,
#                 l,
#                 ou,
#                 physicalDeliveryOfficeName,
#                 postOfficeBox,
#                 postalAddress,
#                 postalCode,
#                 preferredDeliveryMethod,
#                 registeredAddress,
#                 seeAlso,
#                 st,
#                 streetAddress,
#                 telephoneNumber,
#                 teletexTerminalIdentifier,
#                 telexNumber,
#                 title,
#                 userPassword,
#                 x121Address
# 
# objectclass inetOrgPerson
#         requires
#                 objectClass,
#                 sn,
#                 cn,
#                 uid
#         allows
#                 affiliationCode,
#                 alternatemailaddress,
#                 audio,
#                 businessCategory,
#                 departmentNumber,
#                 description,
#                 destinationIndicator,
#                 doNotDelete,
#                 doNotMove,
#                 drink,
#                 expire,
#                 facsimileTelephoneNumber,
#                 homePhone,
#                 homePostalAddress,
#                 initials,
#                 internationaliSDNNumber,
#                 jpegPhoto,
#                 keepNames,
#                 krbName,
#                 l,
#                 labeledURL,
#                 mail,
#                 mailautoreplytext,
#                 mailhost,
#                 mailPreferenceOption,
#                 mailprogramdeliveryinfo,
#                 mobile,
#                 multiLineDescription,
#                 mailAutoreply,
#                 mailForward,
#                 mailForwardingAddress,
#                 mailQuota,
#                 mailRoutingAddress,
#                 onVacation,
#                 organizationalStatus,
#                 otherMailbox,
#                 ou,
#                 pager,
#                 personalSignature,
#                 personalTitle,
#                 photo,
#                 physicalDeliveryOfficeName,
#                 phplibdata,
#                 postOfficeBox,
#                 postalAddress,
#                 postalCode,
#                 preferredDeliveryMethod,
#                 proxy,
#                 registeredAddress,
#                 registrationStatus,
#                 roomNumber,
#                 secretary,
#                 seeAlso,
#                 st,
#                 streetAddress,
#                 telephoneNumber,
#                 teletexTerminalIdentifier,
#                 telexNumber,
#                 textEncodedORaddress,
#                 title,
#                 updateSource,
#                 userCertificate,
#                 userClass,
#                 userPassword,
#                 vacationMessage,
#                 x121Address,
#                 xacl
# 
# objectclass rfc822MailGroup
#         requires
#                 objectClass,
#                 owner,
#                 cn
#         allows
#                 associatedDomain,
#                 autoMgt,
#                 description,
#                 destinationIndicator,
#                 errorsTo,
#                 facsimileTelephoneNumber,
#                 internationaliSDNNumber,
#                 joinable,
#                 krbName,
#                 labeledURL,
#                 mail,
#                 mailhost,
#                 member,
#                 memberOfGroup,
#                 moderator,
#                 multiLineDescription,
#                 notice,
#                 physicalDeliveryOfficeName,
#                 postOfficeBox,
#                 postalAddress,
#                 postalCode,
#                 preferredDeliveryMethod,
#                 registeredAddress,
#                 requestsTo,
#                 rfc822ErrorsTo,
#                 rfc822RequestsTo,
#                 rfc822Mailbox,
#                 seeAlso,
#                 streetAddress,
#                 suppressNoEmailError,
#                 telephoneNumber,
#                 teletexTerminalIdentifier,
#                 telexNumber,
#                 userPassword,
#                 x121Address,
#                 xacl
# 
# 
1; # make require happy