From: Alexander Gerasiov Subject: Debian-specific changes in ldapscripts.conf and runtime In Debian we try to use some knowlege from other configs (see runtime.debian). So I commented out some values here, and add notes for Debian users. I've alo commented usage of some tools, suggested, but not really needed for common work. . Inclusion of runtime.debian added to runtime file. Forwarded: not-needed Index: ldapscripts/etc/ldapscripts.conf =================================================================== --- ldapscripts.orig/etc/ldapscripts.conf 2011-03-21 16:39:19.000000000 +0300 +++ ldapscripts/etc/ldapscripts.conf 2011-03-21 16:40:30.000000000 +0300 @@ -16,14 +16,22 @@ # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. +# Note for Debian users: +# On Debian system ldapscripts will try to parse and use some system config. +# Look on commented variables and description lines started with DEBIAN. +# But you could override it's values here. + + # LDAP server -SERVER="ldap://localhost" +# DEBIAN: values from /etc/pam_ldap.conf are used. +#SERVER="ldap://localhost" # Suffixes -SUFFIX="dc=example,dc=com" # Global suffix -GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) -USUFFIX="ou=Users" # Users ou (just under $SUFFIX) -MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) +# DEBIAN: values from /etc/pam_ldap.conf are used. +#SUFFIX="dc=example,dc=com" # Global suffix +#GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) +#USUFFIX="ou=Users" # Users ou (just under $SUFFIX) +#MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) # Authentication type # If empty, use simple authentication @@ -32,12 +40,14 @@ #SASLAUTH="GSSAPI" # Simple authentication parameters +# DEBIAN: values from /etc/pam_ldap.conf are used. # The following BIND* parameters are ignored if SASLAUTH is set -BINDDN="cn=Manager,dc=example,dc=com" +#BINDDN="cn=Manager,dc=example,dc=com" # The following file contains the raw password of the BINDDN # Create it with something like : echo -n 'secret' > $BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable -BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" +# DEBIAN: /etc/pam_ldap.secret or /etc/ldap.secret are used. +#BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" # For older versions of OpenLDAP, it is still possible to use # unsecure command-line passwords by defining the following option # AND commenting the previous one (BINDPWDFILE takes precedence) @@ -60,11 +70,12 @@ #GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" # User properties -USHELL="/bin/sh" -UHOMES="/home/%u" # You may use %u for username here +# DEBIAN: values from /etc/adduser.conf are used. +#USHELL="/bin/sh" +#UHOMES="/home/%u" # You may use %u for username here CREATEHOMES="no" # Create home directories and set rights ? -HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. -HOMEPERMS="700" # Default permissions for home directories +#HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. +#HOMEPERMS="755" # Default permissions for home directories # User passwords generation # Command-line used to generate a password for added users. @@ -72,11 +83,12 @@ # WARNING !!!! This is evaluated, everything specified here will be run ! # WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). # In this case, consider using /dev/urandom instead. -PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" +#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" #PASSWORDGEN="pwgen" #PASSWORDGEN="echo changeme" #PASSWORDGEN="echo %u" #PASSWORDGEN="" +PASSWORDGEN="pwgen" # User passwords recording # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS @@ -107,12 +119,12 @@ # Character set conversion : $ICONVCHAR <-> UTF-8 # Comment ICONVBIN to disable UTF-8 conversion -ICONVBIN="/usr/bin/iconv" +#ICONVBIN="/usr/bin/iconv" #ICONVCHAR="ISO-8859-15" # Base64 decoding # Comment UUDECODEBIN to disable Base64 decoding -UUDECODEBIN="/usr/bin/uudecode" +#UUDECODEBIN="/usr/bin/uudecode" # Getent command to use - choose the ones used # on your system. Leave blank or comment for auto-guess. Index: ldapscripts/lib/runtime =================================================================== --- ldapscripts.orig/lib/runtime 2011-03-21 16:39:19.000000000 +0300 +++ ldapscripts/lib/runtime 2011-03-21 16:41:01.000000000 +0300 @@ -649,6 +649,9 @@ ### Source configuration file +_RUNTIME_DEBIAN="/usr/share/ldapscripts/runtime.debian" +. "$_RUNTIME_DEBIAN" || end_die "Unable to source runtime.debian, exiting..." + _CONFIGFILE="/etc/ldapscripts/ldapscripts.conf" . "$_CONFIGFILE" || end_die "Unable to source configuration file ($_CONFIGFILE), exiting..."