mirror of
https://github.com/samba-team/samba.git
synced 2025-02-04 17:47:26 +03:00
249 lines
8.3 KiB
Perl
249 lines
8.3 KiB
Perl
#!/usr/bin/perl
|
|
use strict;
|
|
package smbldap_conf;
|
|
|
|
# smbldap-tools.conf : Q & D configuration file for smbldap-tools
|
|
|
|
# This code was developped by IDEALX (http://IDEALX.org/) and
|
|
# contributors (their names can be found in the CONTRIBUTORS file).
|
|
#
|
|
# Copyright (C) 2001-2002 IDEALX
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License
|
|
# as published by the Free Software Foundation; either version 2
|
|
# of the License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
|
|
# USA.
|
|
|
|
# Purpose :
|
|
# . be the configuration file for all smbldap-tools scripts
|
|
|
|
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS
|
|
$UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
|
|
$slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
|
|
$ldap_path $ldap_opts $ldapmodify $suffix $usersdn $computersdn
|
|
$groupsdn $scope $binddn $bindpasswd
|
|
$slaveDN $slavePw $masterDN $masterPw
|
|
$_userLoginShell $_userHomePrefix $_userGecos
|
|
$_defaultUserGid $_defaultComputerGid
|
|
$_skeletonDir $_userSmbHome
|
|
$_userProfile $_userHomeDrive
|
|
$_userScript $usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge
|
|
);
|
|
|
|
use Exporter;
|
|
$VERSION = 1.00;
|
|
@ISA = qw(Exporter);
|
|
|
|
@EXPORT = qw(
|
|
$UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
|
|
$slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
|
|
$ldap_path $ldap_opts $ldapmodify $suffix $usersdn
|
|
$computersdn $groupsdn $scope $binddn $bindpasswd
|
|
$slaveDN $slavePw $masterDN $masterPw
|
|
$_userLoginShell $_userHomePrefix $_userGecos
|
|
$_defaultUserGid $_defaultComputerGid $_skeletonDir
|
|
$_userSmbHome $_userProfile $_userHomeDrive $_userScript
|
|
$usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge
|
|
);
|
|
|
|
|
|
##############################################################################
|
|
#
|
|
# General Configuration
|
|
#
|
|
##############################################################################
|
|
|
|
# UID and GID starting at...
|
|
$UID_START = 1000;
|
|
$GID_START = 1000;
|
|
|
|
# Put your own SID
|
|
# to obtain this number do: "net getlocalsid"
|
|
$SID='S-1-5-21-3516781642-1962875130-3438800523';
|
|
|
|
##############################################################################
|
|
#
|
|
# LDAP Configuration
|
|
#
|
|
##############################################################################
|
|
|
|
# Notes: to use to dual ldap servers backend for Samba, you must patch
|
|
# Samba with the dual-head patch from IDEALX. If not using this patch
|
|
# just use the same server for slaveLDAP and masterLDAP.
|
|
# Those two servers declarations can also be used when you have
|
|
# . one master LDAP server where all writing operations must be done
|
|
# . one slave LDAP server where all reading operations must be done
|
|
# (typically a replication directory)
|
|
|
|
# Ex: $slaveLDAP = "127.0.0.1";
|
|
$slaveLDAP = "127.0.0.1";
|
|
$slavePort = "389";
|
|
|
|
# Master LDAP : needed for write operations
|
|
# Ex: $masterLDAP = "127.0.0.1";
|
|
$masterLDAP = "127.0.0.1";
|
|
$masterPort = "389";
|
|
|
|
# Use SSL for LDAP
|
|
# If set to "1", this option will use start_tls for connection
|
|
# (you should also used the port 389)
|
|
$ldapSSL = "0";
|
|
|
|
# LDAP Suffix
|
|
# Ex: $suffix = "dc=IDEALX,dc=ORG";
|
|
$suffix = "dc=IDEALX,dc=COM";
|
|
|
|
|
|
# Where are stored Users
|
|
# Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG
|
|
$usersou = q(_USERS_);
|
|
$usersdn = "ou=$usersou,$suffix";
|
|
|
|
# Where are stored Computers
|
|
# Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG
|
|
$computersou = q(_COMPUTERS_);
|
|
$computersdn = "ou=$computersou,$suffix";
|
|
|
|
# Where are stored Groups
|
|
# Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG
|
|
$groupsou = q(_GROUPS_);
|
|
$groupsdn = "ou=$groupsou,$suffix";
|
|
|
|
# Default scope Used
|
|
$scope = "sub";
|
|
|
|
# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
|
|
$hash_encrypt="SSHA";
|
|
|
|
############################
|
|
# Credential Configuration #
|
|
############################
|
|
# Bind DN used
|
|
# Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org
|
|
$binddn = "cn=Manager,$suffix";
|
|
|
|
# Bind DN passwd used
|
|
# Ex: $bindpasswd = 'secret'; for 'secret'
|
|
$bindpasswd = "secret";
|
|
|
|
# Notes: if using dual ldap patch, you can specify to different configuration
|
|
# By default, we will use the same DN (so it will work for standard Samba
|
|
# release)
|
|
$slaveDN = $binddn;
|
|
$slavePw = $bindpasswd;
|
|
$masterDN = $binddn;
|
|
$masterPw = $bindpasswd;
|
|
|
|
##############################################################################
|
|
#
|
|
# Unix Accounts Configuration
|
|
#
|
|
##############################################################################
|
|
|
|
# Login defs
|
|
# Default Login Shell
|
|
# Ex: $_userLoginShell = q(/bin/bash);
|
|
$_userLoginShell = q(_LOGINSHELL_);
|
|
|
|
# Home directory prefix (without username)
|
|
# Ex: $_userHomePrefix = q(/home/);
|
|
$_userHomePrefix = q(_HOMEPREFIX_);
|
|
|
|
# Gecos
|
|
$_userGecos = q(System User);
|
|
|
|
# Default User (POSIX and Samba) GID
|
|
$_defaultUserGid = 513;
|
|
|
|
# Default Computer (Samba) GID
|
|
$_defaultComputerGid = 553;
|
|
|
|
# Skel dir
|
|
$_skeletonDir = q(/etc/skel);
|
|
|
|
# Default password validation time (time in days) Comment the next line if
|
|
# you don't want password to be enable for $_defaultMaxPasswordAge days (be
|
|
# careful to the sambaPwdMustChange attribute's value)
|
|
$_defaultMaxPasswordAge = 45;
|
|
|
|
##############################################################################
|
|
#
|
|
# SAMBA Configuration
|
|
#
|
|
##############################################################################
|
|
|
|
# The UNC path to home drives location without the username last extension
|
|
# (will be dynamically prepended)
|
|
# Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes
|
|
# Just comment this if you want to use the smb.conf 'logon home' directive
|
|
# and/or desabling roaming profiles
|
|
$_userSmbHome = q(\\\\_PDCNAME_\\homes);
|
|
|
|
# The UNC path to profiles locations without the username last extension
|
|
# (will be dynamically prepended)
|
|
# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles
|
|
# Just comment this if you want to use the smb.conf 'logon path' directive
|
|
# and/or desabling roaming profiles
|
|
$_userProfile = q(\\\\_PDCNAME_\\profiles\\);
|
|
|
|
# The default Home Drive Letter mapping
|
|
# (will be automatically mapped at logon time if home directory exist)
|
|
# Ex: q(U:) for U:
|
|
$_userHomeDrive = q(_HOMEDRIVE_);
|
|
|
|
# The default user netlogon script name
|
|
# if not used, will be automatically username.cmd
|
|
# $_userScript = q(startup.cmd); # make sure script file is edited under dos
|
|
|
|
|
|
##############################################################################
|
|
#
|
|
# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
|
|
#
|
|
##############################################################################
|
|
|
|
# Allows not to use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm) but
|
|
# prefer mkntpwd... most of the time, it's a wise choice :-)
|
|
$with_smbpasswd = 0;
|
|
$smbpasswd = "/usr/bin/smbpasswd";
|
|
$mk_ntpasswd = "/usr/local/sbin/mkntpwd";
|
|
|
|
# those next externals commands are kept fot the migration scripts and
|
|
# for the populate script: this will be updated as soon as possible
|
|
$slaveURI = "ldap://$slaveLDAP:$slavePort";
|
|
$masterURI = "ldap://$masterLDAP:$masterPort";
|
|
|
|
$ldap_path = "/usr/bin";
|
|
|
|
if ( $ldapSSL eq "0" ) {
|
|
$ldap_opts = "-x";
|
|
} elsif ( $ldapSSL eq "1" ) {
|
|
$ldap_opts = "-x -Z";
|
|
} else {
|
|
die "ldapSSL option must be either 0 or 1.\n";
|
|
}
|
|
|
|
#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
|
|
#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
|
|
$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
|
|
#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
|
|
#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
|
|
#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
|
|
#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
|
|
|
|
|
|
|
|
1;
|
|
|
|
# - The End
|