Browse Source

Initialisation et récupération des fichiers depuis conf-scribe

Ref #4560 @1h
tags/release/2.4.0^0
Joël Cuissinat 6 years ago
commit
cf8b185e10

+ 21
- 0
Makefile View File

@@ -0,0 +1,21 @@
1
+################################
2
+# Makefile pour eole-annuaire
3
+################################
4
+
5
+SOURCE=eole-annuaire
6
+VERSION=2.4
7
+EOLE_VERSION=2.4
8
+PKGAPPS=non
9
+
10
+################################
11
+# Début de zone à ne pas éditer
12
+################################
13
+
14
+include eole.mk
15
+include apps.mk
16
+
17
+################################
18
+# Fin de zone à ne pas éditer
19
+################################
20
+
21
+

+ 41
- 0
apps.mk View File

@@ -0,0 +1,41 @@
1
+# Le variables suivantes sont a votre disposition : 
2
+#
3
+# SRC_APPS        : Répertoire des sources de l'application
4
+# SRC_APPS_PLUGIN : Répertoires des plugins pour l'application
5
+# SRC_APPS_LANG   : Répértoires des traductions
6
+#
7
+
8
+# Répertoires de destination
9
+
10
+ifeq ($(PKGAPPS),oui)
11
+#################
12
+# Sanity checks #
13
+#################
14
+test -d $(SRC_APPS) || $(error $$(PKGAPPS) is enable but $$(SRC_APPS)='$(SRC_APPS)' does not exist)
15
+
16
+APPS_DEST   := $(DESTDIR)/var/www/html/$(SOURCE)
17
+LANG_DEST   := $(APPS_DEST)/lang
18
+PLUGIN_DEST := $(APPS_DEST)/plugin
19
+endif
20
+
21
+install-apps-dirs:
22
+ifeq ($(PKGAPPS),oui)
23
+	test ! -d $(SRC_APPS)           || $(INSTALL_DIRECTORY) $(APPS_DEST)
24
+	test ! -d $(SRC_APPS_LANG)      || $(INSTALL_DIRECTORY) $(LANG_DEST)
25
+	test ! -d $(SRC_APPS_PLUGIN)    || $(INSTALL_DIRECTORY) $(PLUGIN_DEST)
26
+endif
27
+
28
+install-apps: install-apps-dirs
29
+ifeq ($(PKGAPPS),oui)
30
+	# Installation de l'application
31
+	$(INSTALL_RECURSIVE) $(SRC_APPS)/* $(APPS_DEST)
32
+
33
+	# Installation des répertoires de plugins
34
+	$(call fc_install_file,$(INSTALL_RECURSIVE),$(SRC_APPS_PLUGIN),$(PLUGIN_DEST))
35
+
36
+	# Installation des répertoires de traductions (lang)
37
+	$(call fc_install_file,$(INSTALL_RECURSIVE),$(SRC_APPS_LANG),$(LANG_DEST))
38
+endif
39
+
40
+
41
+.PHONY: install-apps install-apps-dirs

+ 15
- 0
dicos/20_annuaire.xml View File

@@ -0,0 +1,15 @@
1
+<?xml version="1.0" encoding="utf-8"?>
2
+
3
+<creole>
4
+    <containers>
5
+        <container name="annuaire" id="10">
6
+            <service servicelist="slapd" pty="False">slapd</service>
7
+        </container>
8
+    </containers>
9
+
10
+    <variables/>
11
+    <constraints/>
12
+    <help/>
13
+</creole>
14
+<!-- vim: ts=4 sw=4 expandtab
15
+-->

+ 101
- 0
dicos/23_annuaire.xml View File

@@ -0,0 +1,101 @@
1
+<?xml version="1.0" encoding="utf-8"?>
2
+
3
+<creole>
4
+
5
+    <files>
6
+        <file name='/etc/eole/eoleldap.conf'/>
7
+        <file name='/usr/share/eole/firewall/00_annuaire.fw'/>
8
+    </files>
9
+    <containers>
10
+        <container name="annuaire">
11
+            <package>annuaire-pkg</package>
12
+            <file name='/etc/ldap/slapd.conf' group="openldap" mode="0640"/>
13
+            <file name='/var/lib/ldap/DB_CONFIG'/>
14
+            <file name='/etc/default/slapd' source='default.slapd'/>
15
+            <!-- /!\ c'est le /var/lib/eole du conteneur annuaire /!\ -->
16
+            <file name='/var/lib/eole/00_annuaire.ldif' mkdir='True'/>
17
+            <!--<file name='/etc/ldap/ldap.conf'/>
18
+            <file name='/etc/ldap.conf'/>-->
19
+        </container>
20
+    </containers>
21
+
22
+    <variables>
23
+        <family name='general'>
24
+            <variable name='adresse_ip_annuaire' type='ip' hidden='True' description="Adresse IP du conteneur annuaire"/>
25
+            <variable name='adresse_ip_ldap_exterieur' type='ip' hidden='True' description="Adresse IP du serveur sur le réseau local"/>
26
+        </family>
27
+        <family name='services'>
28
+            <variable name='activer_client_ldap' redefine='True' description="Emplacement du serveur LDAP">
29
+                <value>local</value>
30
+            </variable>
31
+        </family>
32
+        <family name="client_ldap">
33
+            <variable name='ldap_tls' redefine='True'>
34
+                <value>non</value>
35
+            </variable>
36
+        </family>
37
+        <family name='openldap' mode='expert'>
38
+            <variable name='ldap_replication' type='oui/non' description='Activer la réplication LDAP (fournisseur)'>
39
+                <value>non</value>
40
+            </variable>
41
+            <variable name='ldap_replication_client' type='oui/non' description='Activer la réplication LDAP (client)' hidden='True'>
42
+                <value>non</value>
43
+            </variable>
44
+            <variable name='ldap_loglevel' type='number' description='Niveau de log'>
45
+                <value>0</value>
46
+            </variable>
47
+            <variable name='ldap_sizelimit' type='number' description="Nombre maximum d'entrées à retourner lors d'une requête">
48
+                <value>5000</value>
49
+            </variable>
50
+            <variable name='ldap_timelimit' type='number' description='Temps de réponse maximum à une requête (en secondes)'>
51
+                <value>3600</value>
52
+            </variable>
53
+            <variable name='ldap_cachesize' type='number' description="Taille du cache (en nombre d'entrées)">
54
+                <value>1000</value>
55
+            </variable>
56
+            <variable name='ldap_ssl' type="string" description="Activer LDAP sur le port SSL">
57
+                <value>non</value>
58
+            </variable>
59
+            <variable name='ldap_restrict_access' type="string" description="Utilisateur autorisé à accéder à distance au serveur LDAP">
60
+                <value>tous</value>
61
+            </variable>
62
+       </family>
63
+    </variables>
64
+
65
+    <constraints>
66
+        <check name='valid_enum' target='ldap_restrict_access'>
67
+            <param>['tous', 'authentifié', 'aucun']</param>
68
+        </check>
69
+        <check name='valid_enum' target='activer_client_ldap'>
70
+            <param>['local', 'distant']</param>
71
+        </check>
72
+        <check name='valid_enum' target='ldap_ssl'>
73
+            <param>['non', 'oui', 'uniquement']</param>
74
+        </check>
75
+        <auto name='calc_container' target='adresse_ip_annuaire'>
76
+           <param type='eole'>mode_conteneur_actif</param>
77
+           <param type='container'>annuaire</param>
78
+           <param type='eole' optional='True'>mode_zephir</param>
79
+        </auto>
80
+        <auto name='auto_ip_ldap' target='adresse_ip_ldap'>
81
+            <param type='eole'>activer_client_ldap</param>
82
+            <param type='eole' name='ip_annuaire'>adresse_ip_annuaire</param>
83
+        </auto>
84
+        <auto name='calc_val' target='adresse_ip_ldap_exterieur'>
85
+            <param type='eole' name='valeur'>adresse_ip_eth0</param>
86
+        </auto>
87
+        <!-- slapd est activé si client_ldap est configuré sur local -->
88
+        <condition name='hidden_if_not_in' source='activer_client_ldap'>
89
+            <param>local</param>
90
+            <target type='servicelist'>slapd</target>
91
+            <target type='family'>openldap</target>
92
+        </condition>
93
+    </constraints>
94
+
95
+    <help>
96
+        <variable name='ldap_ssl'>Permet d'activer LDAP sur le port SSL (636). Si 'uniquement' est choisi, le firewall ne rend accessible que ce port. Le service reste néanmoins accessible en local sur le port 389.</variable>
97
+    </help>
98
+
99
+</creole>
100
+<!-- vim: ts=4 sw=4 expandtab
101
+-->

+ 175
- 0
eole.mk View File

@@ -0,0 +1,175 @@
1
+# 
2
+# NE PAS EDITER CE FICHIER
3
+#
4
+
5
+#################
6
+# Sanity checks #
7
+#################
8
+
9
+ifeq (, $(DESTDIR))
10
+$(warning $$(DESTDIR) is empty, installation will be done in /)
11
+endif
12
+
13
+ifeq (, $(filter-out XXX-XXX, $(strip $(SOURCE))))
14
+$(error $$(SOURCE) variable has incorrect value '$(SOURCE)')
15
+endif
16
+
17
+ifeq (, $(filter-out X.X, $(strip $(VERSION))))
18
+$(error $$(VERSION) variable has incorrect value '$(VERSION)')
19
+endif
20
+
21
+#########################
22
+# Variables definitions #
23
+#########################
24
+
25
+INSTALL                 := install
26
+INSTALL_DATA            := install -m 644
27
+INSTALL_PROGRAM         := install -m 755
28
+INSTALL_DIRECTORY       := install -m 755 -d
29
+INSTALL_RECURSIVE       := cp -dr --no-preserve=ownership
30
+
31
+# Base
32
+eole_DIR                := $(DESTDIR)/usr/share/eole
33
+
34
+ifeq ($(strip $(EOLE_VERSION)), 2.3)
35
+diagnose_PROG_DIR       := $(eole_DIR)/diagnose/module
36
+else
37
+diagnose_PROG_DIR       := $(eole_DIR)/diagnose/
38
+endif
39
+
40
+# Creole
41
+creole_DIR              := $(eole_DIR)/creole
42
+dicos_DATA_DIR          := $(creole_DIR)/dicos
43
+tmpl_DATA_DIR           := $(creole_DIR)/distrib
44
+pretemplate_PROG_DIR    := $(eole_DIR)/pretemplate
45
+posttemplate_PROG_DIR   := $(eole_DIR)/posttemplate
46
+postservice_PROG_DIR    := $(eole_DIR)/postservice
47
+firewall_DATA_DIR       := $(eole_DIR)/firewall
48
+
49
+# Zéphir
50
+zephir_DATA_DIR         := $(DESTDIR)/usr/share/zephir
51
+zephir_configs_DATA_DIR := $(DESTDIR)/usr/share/zephir/monitor/configs
52
+zephir_srv_DATA_DIR     := $(zephir_DATA_DIR)/services
53
+
54
+# SSO
55
+sso_DATA_DIR            := $(DESTDIR)/usr/share/sso
56
+sso_filtres_DATA_DIR    := $(sso_DATA_DIR)/app_filters
57
+sso_user-info_DATA_DIR  := $(sso_DATA_DIR)/user_infos
58
+
59
+# EAD
60
+ead_DATA_DIR            := $(DESTDIR)/usr/share/ead2/backend/config
61
+ead_actions_DATA_DIR    := $(ead_DATA_DIR)/actions
62
+ead_perms_DATA_DIR      := $(ead_DATA_DIR)/perms
63
+ead_roles_DATA_DIR      := $(ead_DATA_DIR)/roles
64
+
65
+# Program libraries goes under /usr/lib/<PROGRAM>/
66
+lib_$(SOURCE)_DATA_DIR	:= $(DESTDIR)/usr/lib/$(SOURCE)
67
+
68
+# Scripts Eole
69
+scripts_PROG_DIR        := $(eole_DIR)/sbin
70
+lib_eole_DATA_DIR	:= $(DESTDIR)/usr/lib/eole
71
+
72
+# LDAP
73
+ldap_passwords_DATA_DIR := $(eole_DIR)/annuaire/password_files
74
+
75
+# LXC
76
+lxc_DATA_DIR            := $(eole_DIR)/lxc
77
+lxc_fstab_DATA_DIR      := $(lxc_DATA_DIR)/fstab
78
+lxc_hosts_DATA_DIR	:= $(lxc_DATA_DIR)/hosts
79
+
80
+# SQL
81
+sql_DATA_DIR            := $(eole_DIR)/mysql/$(SOURCE)
82
+sql_gen_DATA_DIR        := $(sql_DATA_DIR)/gen
83
+sql_updates_DATA_DIR     := $(sql_DATA_DIR)/updates
84
+
85
+sql_conf_gen_DATA_DIR		:= $(eole_DIR)/applications/gen
86
+sql_conf_passwords_DATA_DIR	:= $(eole_DIR)/applications/passwords
87
+sql_conf_updates_DATA_DIR	:= $(eole_DIR)/applications/updates/$(SOURCE)
88
+
89
+# Envole
90
+sharenvole_PROG_DIR     := $(DESTDIR)/usr/share/envole/$(SOURCE)
91
+
92
+SRC_APPS                := src/$(SOURCE)-$(VERSION)
93
+SRC_APPS_PLUGIN         := src/plugins-$(VERSION)
94
+SRC_APPS_LANG           := src/lang-$(VERSION)
95
+
96
+
97
+#############################################
98
+# Common directories and files installation #
99
+#############################################
100
+
101
+all:
102
+
103
+install: install-dirs install-files install-apps
104
+
105
+# $1 = command to run
106
+# $2 = source directory
107
+# $3 = destination directory
108
+define fc_install_file  
109
+	if [ -d $2 ]; then					\
110
+		for file in `ls -1 $2/`; do			\
111
+		   $1 $2/$$file $3 || true;			\
112
+	    done;						\
113
+	fi
114
+endef
115
+
116
+##
117
+## Directory creation
118
+##
119
+
120
+# use % to catch local name in $*
121
+# data, program and recursive directory require a corresponding
122
+# directory in local sources
123
+%_DATA_DIR %_PROG_DIR %REC_DIR:
124
+	test ! -d $(subst _,/,$*) || $(INSTALL_DIRECTORY) $($@)
125
+
126
+# Create the directory referenced by the variable without a local one.
127
+%_DIR:
128
+	$(INSTALL_DIRECTORY) $($@)
129
+
130
+##
131
+## Install files present directly under data, program and recursive directories
132
+##
133
+
134
+# $*   : name of variable
135
+# $($*): value of variable 
136
+%-instdata:
137
+	$(call fc_install_file, $(INSTALL_DATA), $(subst _,/,$(subst _DATA_DIR,,$*)), $($*))
138
+
139
+%-instprog:
140
+	$(call fc_install_file, $(INSTALL_PROGRAM), $(subst _,/,$(subst _PROG_DIR,,$*)), $($*))
141
+
142
+%-instrec:
143
+	$(call fc_install_file, $(INSTALL_RECURSIVE), $(subst _,/,$(subst _REC_DIR,,$*)), $($*))
144
+
145
+
146
+# Use second expansion as variables may be created in included
147
+# Makefiles
148
+.SECONDEXPANSION:
149
+
150
+# List of all directories
151
+installdirs_LIST	= $(foreach V, $(filter %_DIR, $(.VARIABLES)),	\
152
+				$(if $(filter file, $(origin $(V))),	\
153
+					$(V)))
154
+# List of data directories
155
+installdata_LIST	= $(filter %_DATA_DIR, $(installdirs_LIST))
156
+# List of program directories
157
+installprog_LIST	= $(filter %_PROG_DIR, $(installdirs_LIST))
158
+# List of recursive directories
159
+installrec_LIST	 	= $(filter %_REC_DIR, $(installdirs_LIST))
160
+
161
+# Expand directories to create as dependency
162
+# Use double-colon to permit user to define additionnal install-dirs
163
+install-dirs:: $$(installdirs_LIST)
164
+
165
+# Expand files to install as dependency
166
+# Use double-colon to permit user to define additionnal install-files
167
+install-files:: install-data-files install-prog-files install-rec-dirs
168
+
169
+install-data-files: $$(patsubst %,%-instdata,$$(installdata_LIST))
170
+
171
+install-prog-files: $$(patsubst %,%-instprog,$$(installprog_LIST))
172
+
173
+install-rec-dirs:   $$(patsubst %,%-instrec,$$(installrec_LIST))
174
+
175
+.PHONY: install install-dirs install-files install-data-files install-prog-files install-rec-dirs

+ 16
- 0
ldap/passwords/annuaire.ini View File

@@ -0,0 +1,16 @@
1
+# fichiers nécessitant mot de passe ldap
2
+# pour les services annuaire
3
+
4
+[slapd.conf]
5
+container='annuaire'
6
+path='/etc/ldap/'
7
+string='rootpw '
8
+rights='root:openldap'
9
+mode='0640'
10
+
11
+[eoleldap.conf]
12
+path='/etc/eole'
13
+string='ldap_passwd = "'
14
+rights='root:root'
15
+mode='0600'
16
+

+ 14
- 0
posttemplate/00-annuaire View File

@@ -0,0 +1,14 @@
1
+#!/bin/bash
2
+
3
+# initialisation du fichier des fournisseurs ldap
4
+touch $(CreoleGet container_path_annuaire)/etc/ldap/replication.conf
5
+
6
+if [ $(CreoleGet activer_client_ldap) = "local" ];then
7
+    echo -e "\n## Gestion du mot de passe LDAP ##"
8
+    if [ ! -f /root/.reader ];then
9
+	pwgen -cn1 56 > /root/.reader
10
+        chmod 600 /root/.reader
11
+    fi
12
+    /usr/share/eole/sbin/ldap_pwd.py `/usr/bin/pwgen -cn1 12` > /dev/null
13
+fi
14
+exit 0

+ 107
- 0
posttemplate/02-annuaire View File

@@ -0,0 +1,107 @@
1
+#!/bin/bash
2
+#############################################
3
+# Création/Mise à niveau de l'annuaire ldap #
4
+#############################################
5
+. /usr/lib/eole/ihm.sh
6
+option=$1
7
+container_path_annuaire=$(CreoleGet container_path_annuaire)
8
+
9
+SlapdStop() {
10
+    # arrêt et vérification du service slapd
11
+    CreoleService slapd stop 'annuaire'
12
+    ret=0
13
+    cpt=0
14
+    while [ $ret = 0 ]
15
+    do
16
+        cpt=$((cpt+1))
17
+        if [ $cpt = 15 ]; then
18
+            echo "Slapd n'est pas arrêté !"
19
+            exit 1
20
+        fi
21
+        sleep 1
22
+        CreoleRun "ps -C slapd --noheader >/dev/null" "annuaire"
23
+        ret=$?
24
+    done
25
+}
26
+
27
+GenReader() {
28
+    # génération/modification du compte ldap en lecteur seule
29
+    if [ ! -f /root/.reader ];then
30
+        echo "Erreur : fichier /root/.reader introuvable !"
31
+        exit 1
32
+    fi
33
+    pass=`cat /root/.reader`
34
+    if [ "$1" = "create" ];then
35
+        READER=/var/lib/ldap/reader.ldif
36
+        C_READER=$container_path_annuaire/$READER
37
+        cpass=`RunCmd "slappasswd -s \"$pass\"" annuaire`
38
+        echo "dn: cn=reader,o=gouv,c=fr" > $C_READER
39
+        echo "objectClass: person" >> $C_READER
40
+        echo "cn: reader" >> $C_READER
41
+        echo "sn: Compte en lecture seule" >> $C_READER
42
+        echo "userPassword: $cpass" >> $C_READER
43
+        $CHROOT su openldap -s /bin/bash -c "slapadd -l $READER -f /etc/ldap/slapd.conf"
44
+        rm -f $C_READER
45
+    else
46
+        pwd=`grep ldap_passwd /etc/eole/eoleldap.conf | cut -d '"' -f 2`
47
+        ldappasswd -D "cn=admin,o=gouv,c=fr" -w "$pwd" -s "$pass" "cn=reader,o=gouv,c=fr"
48
+    fi
49
+}
50
+
51
+if [ $(CreoleGet activer_client_ldap) = "local" ];then
52
+    Regen="1"
53
+    CHROOT=''
54
+    [ ! "$container_path_annuaire" = "" ] && CHROOT="chroot $container_path_annuaire"
55
+    if [ "$option" = "instance" ];then
56
+        if [ -e $container_path_annuaire/var/lib/ldap/cn.bdb ]
57
+        then
58
+            echo
59
+            Question_ouinon "Voulez vous re-générer l'annuaire LDAP (attention, cela detruira l'existant !) ?" "non" "warn"
60
+            Regen=$?
61
+        else
62
+            Regen="0"
63
+        fi
64
+        if [ "$Regen" = "0" ]
65
+        then
66
+            echo -e "\n## Initialisation de l'annuaire ##"
67
+            SlapdStop
68
+            rm -f $container_path_annuaire/var/lib/ldap/*.*
69
+            # création de l'arborescence LDAP et des entrées de base
70
+            unset DISPLAY
71
+            cd $container_path_annuaire/var/lib/eole/
72
+            # test si le SID a bien été réappliqué (si est différent de [sambasid])
73
+            grep -q ^"sambaSID: \[sambasid\]" *
74
+            if [ $? = 1 ]; then
75
+                for ldif in `ls *.ldif`;do
76
+                    $CHROOT su openldap -s /bin/bash -c "slapadd -l /var/lib/eole/${ldif} -f /etc/ldap/slapd.conf" > /dev/null
77
+                done
78
+                GenReader "create"
79
+            else
80
+                need_exit='yes'
81
+            fi
82
+            cd - > /dev/null
83
+            Service slapd start 'annuaire'
84
+            [ "$need_exit" = "yes" ] && EchoRouge "Le SID n'a pas été modifié dans le fichier LDIF" && exit 1
85
+        fi
86
+    fi
87
+    if [ "$Regen" != "0" ]
88
+    then
89
+        # vérification du reader
90
+        $CHROOT slapcat -f /etc/ldap/slapd.conf -a cn=reader | grep "dn: cn=reader,o=gouv,c=fr" >/dev/null
91
+        if [ $? -ne 0 ];then
92
+            SlapdStop
93
+            echo "Création de l'utilisateur ldap en lecture seule"
94
+            GenReader "create"
95
+            CreoleService slapd start 'annuaire'
96
+        else
97
+            # mise à jour, on lance l'annuaire si nécessaire
98
+            CreoleService slapd status 'annuaire' > /dev/null
99
+            if [ $? -ne 0 ];then
100
+                CreoleService slapd start 'annuaire' > /dev/null
101
+            fi
102
+            GenReader "modify"
103
+        fi
104
+    fi
105
+fi
106
+
107
+exit 0

+ 183
- 0
scripts/active_replication.py View File

@@ -0,0 +1,183 @@
1
+#! /usr/bin/env python
2
+# -*- coding: utf-8 -*-
3
+###########################################################################
4
+#
5
+# Eole NG
6
+# Copyright Pole de Competence Eole (Ministere Education - Academie Dijon)
7
+# Licence CeCill  http://www.cecill.info/licences/Licence_CeCILL_V2-fr.html
8
+# eole@ac-dijon.fr
9
+#
10
+###########################################################################
11
+import sys
12
+#from time import sleep
13
+from os.path import isfile
14
+#from subprocess import Popen, PIPE
15
+from creole import parsedico
16
+#from creole.eosfunc import gen_random
17
+from creole.utils import print_red, print_green #, print_orange
18
+from zephir import lib_zephir
19
+#from scribe.eoleldap import Ldap
20
+#from scribe.eoletools import format_current_date
21
+
22
+def format_current_date(format="%Y%m%d"):
23
+    """
24
+    renvoie la date du jour formatée
25
+    repris de scribe/eoletools.py
26
+    """
27
+    from datetime import datetime
28
+    now = datetime.today()
29
+    return datetime.strftime(now, format)
30
+
31
+def err_msg(message):
32
+    """
33
+    Sortie avec message d'erreur
34
+    """
35
+    print_red("Erreur : ", newline=False)
36
+    print message
37
+    print
38
+    sys.exit(1)
39
+
40
+def readdefault(message, valeur):
41
+    """
42
+    Question avec valeur proposée
43
+    """
44
+    print message
45
+    res = raw_input('[%s] : ' % valeur)
46
+    if not res:
47
+        return valeur
48
+    else:
49
+        return res
50
+
51
+def send_zephir(conf_data):
52
+    """
53
+    Envoi de la configuration à Zephir pour prise en compte par le serveur de réplication
54
+    """
55
+    from zephir.zephir_conf.zephir_conf import id_serveur, adresse_zephir
56
+    print_green("\nEnvoi de la configuration sur Zephir")
57
+    import sys, xmlrpclib, getpass, base64
58
+    try:
59
+        login = ""
60
+        con_ok = False
61
+        zephir_proxy = None
62
+        while not con_ok:
63
+            # saisie des informations de connexion
64
+            login = raw_input("\nVeuillez saisir votre identifiant Zéphir (rien pour annuler l'envoi) :")
65
+            if login == "":
66
+                return False
67
+            passwd = getpass.getpass('Mot de passe pour %s :' % login)
68
+            zephir_proxy = xmlrpclib.ServerProxy("https://%s:%s@%s:7080" % (login,passwd,adresse_zephir), transport=lib_zephir.TransportEole())
69
+            # test des identifiants
70
+            try:
71
+                res = lib_zephir.convert(zephir_proxy.get_permissions(login))
72
+                assert res[0] == 1
73
+                con_ok = True
74
+            except:
75
+                print_red('Erreur de connexion au serveur ou indentifiants incorrects')
76
+        # saisie du serveur de réplication
77
+        num_serv = ""
78
+        serv_ok = False
79
+        while not serv_ok:
80
+            num_serv = raw_input("\nIdentifiant Zéphir du serveur de réplication (rien pour annuler l'envoi) :")
81
+            if num_serv == "":
82
+                return False
83
+            # vérification des données
84
+            try:
85
+                res = lib_zephir.convert(zephir_proxy.uucp.add_replication(int(num_serv), id_serveur, base64.encodestring(conf_data)))
86
+                # Envoi des données de configuration
87
+                if res[0] != 1:
88
+                    print_red("Erreur lors de l'envoi à zephir : %s" % str(res[1]))
89
+                else:
90
+                    serv_ok = True
91
+                print_green("""Cette configuration sera prise en compte par le serveur
92
+de réplication lors de sa prochaine connexion à Zéphir""")
93
+
94
+            except xmlrpclib.ProtocolError:
95
+                print_red('Serveur %s non retrouvé ou permissions insuffisantes' % num_serv)
96
+            except Exception, e:
97
+                print_red("Erreur lors de l'envoi de la configuration à Zéphir : %s" % str(e))
98
+    except:
99
+        # erreur de récupération
100
+        sys.exit("Erreur d'envoi de la configuration sur zephir")
101
+
102
+dico = parsedico.parse_dico()
103
+ldif = "/root/annuaire-%s.ldif" % format_current_date()
104
+conf = "/root/replication-%(numero_etab)s.conf" % dico
105
+replicator = "/root/.reader"
106
+print
107
+## test de la vestion d'openldap
108
+#cmd = "dpkg-query -W -f='${Version}' 'slapd'"
109
+#slapd = Popen(cmd, shell=True, stdout=PIPE).stdout.read()
110
+#if 'eole' not in slapd:
111
+#    err_msg("Mise à jour du paquet slapd nécessaire")
112
+
113
+# test du dictionnaire
114
+if dico.get('ldap_replication', '') != 'oui':
115
+    err_msg("""Vous devez d'abord activer la réplication ldap
116
+dans l'interface de configuration du module (mode expert)
117
+et reconfigurer votre serveur""")
118
+
119
+# test de la configuration réelle
120
+if file('/etc/ldap/slapd.conf').read().find('syncprov') == -1:
121
+    err_msg("""Votre serveur est mal paramétré, lancez la commande reconfigure""")
122
+
123
+# présence du réplicator
124
+#if file(ldif).read().find('cn=replicator,o=gouv,c=fr') != -1:
125
+#    print_orange("Le compte de réplication existe déjà")
126
+#    print
127
+if True: # FIXME XXX
128
+    if not isfile(replicator):
129
+        replicator_pwd = ''
130
+    else:
131
+        replicator_pwd = file(replicator).read().strip()
132
+    if replicator_pwd != '':
133
+        print_green("Utilisation du compte de réplication existant")
134
+        print
135
+    else:
136
+        err_msg("impossible de récupérer le mot de passe du compte de réplication")
137
+#else:
138
+#    print_green("Création du compte de réplication")
139
+#    print
140
+#    sleep(2)
141
+#    replicator_pwd = gen_random()
142
+#    rdn = "cn=replicator,o=gouv,c=fr"
143
+#    datas = [('objectClass', 'person'),
144
+#             ('cn', 'replicator'),
145
+#             ('sn', 'Compte de replication'),
146
+#             ('userPassword', sshaDigest(replicator_pwd))]
147
+#    conn = Ldap()
148
+#    conn.connect()
149
+#    conn._add(rdn, datas)
150
+#    conn.close()
151
+#    fic = file(replicator, 'w')
152
+#    fic.write(replicator_pwd)
153
+#    fic.close()
154
+print_green("Génération de la configuration client")
155
+adresse_scribe = readdefault("Adresse utilisée pour accéder au Scribe depuis le client", dico['adresse_ip_eth0'])
156
+libelle = dico['libelle_etab'].replace('%', '%%')
157
+numero = dico['numero_etab'].replace('%', '%%')
158
+acad = dico['nom_academie'].replace('%', '%%')
159
+print
160
+print_green("Ecriture du fichier %s" % conf)
161
+tmpl = """# %s (%s)
162
+syncrepl rid=%%i
163
+        provider=ldap://%s:389
164
+        type=refreshAndPersist
165
+        interval=00:01:00:00
166
+        retry="60 10 300 +"
167
+        searchbase="ou=%s,ou=%s,ou=education,o=gouv,c=fr"
168
+        filter="(&(objectClass=ENTPerson)(!(uid=admin)))"
169
+        scope=sub
170
+        schemachecking=off
171
+        bindmethod=simple
172
+        binddn="cn=reader,o=gouv,c=fr"
173
+        credentials=%s
174
+
175
+""" % (libelle, numero, adresse_scribe, numero, acad, replicator_pwd)
176
+fic = file(conf, 'w')
177
+fic.write(tmpl)
178
+fic.close()
179
+# La configuration est générée localement, on l'envoie via zephir si possible
180
+if lib_zephir.registered == 1:
181
+    send_zephir(tmpl)
182
+print
183
+print "fin"

+ 136
- 0
scripts/ldap_pwd.py View File

@@ -0,0 +1,136 @@
1
+#!/usr/bin/env python
2
+# -*- coding: UTF-8 -*-
3
+
4
+# Mise à jour du mot de passe LDAP
5
+# Equipe Eole eole@ac-dijon.fr
6
+
7
+import sys
8
+from glob import glob
9
+from os.path import join
10
+from pyeole.process import system_code
11
+from creole.eosfunc import load_container_var
12
+from creole.parsedico import parse_dico
13
+from pyeole.service import service_code
14
+from pyeole.ssha import ssha_encode
15
+from pyeole.dict4ini import DictIni
16
+
17
+container_vars = load_container_var()
18
+dico = parse_dico()
19
+
20
+# on demande le nouveau mot de passe
21
+# si il n'est pas passé comme paramètre
22
+try:
23
+    new_pass = sys.argv[1]
24
+    #reindex = True
25
+except:
26
+    new_pass = ""
27
+    while len(new_pass) < 5:
28
+        if new_pass != "":
29
+            print "le mot de passe est trop court (5 caractères au moins)"
30
+        new_pass = raw_input("\nNouveau mot de passe pour l'admin LDAP ? ")
31
+    #reindex = False
32
+
33
+# récupération du mot de passe chiffré
34
+crypt_pwd = ssha_encode(new_pass)
35
+
36
+# recupération de la liste des fichiers à modifier
37
+modifs = {}
38
+password_files = glob("/usr/share/eole/annuaire/password_files/*.ini")
39
+for fic in password_files:
40
+    for cle, opts in DictIni(fic):
41
+        if cle not in modifs:
42
+            modifs[cle] = opts
43
+        else:
44
+            # hack pour les fichier multi-conteneurs
45
+            old_container = modifs[cle].get('container', '')
46
+            new_container = opts.get('container', '')
47
+            if type(old_container) is list:
48
+                modifs[cle]['container'].append(new_container)
49
+            else:
50
+                modifs[cle]['container'] = [old_container, new_container]
51
+
52
+all_containers = []
53
+# parcours du dictionnaire des fichiers
54
+for name, option in modifs.items():
55
+
56
+    # lecture des options
57
+    chaines_recherche = option['string']
58
+    container_list = option.get('container', '')
59
+    short_path = join(option['path'], name)
60
+    if type(chaines_recherche) != list:
61
+        chaines_recherche = (chaines_recherche,)
62
+    if type(container_list) is not list:
63
+        container_list = [container_list]
64
+
65
+    for container in container_list:
66
+
67
+        if container != '':
68
+            all_containers.append(container)
69
+            prefix = container_vars.get('container_path_%s' % container, '/')
70
+            file_path = prefix+short_path
71
+        else:
72
+            file_path = short_path
73
+
74
+        for chaine_recherche in chaines_recherche:
75
+
76
+            # lecture du fichier de conf
77
+            print "\nMise à jour du fichier %s..." % file_path
78
+            conf_file = open(file_path)
79
+            buffer_in = conf_file.readlines()
80
+            conf_file.close()
81
+
82
+            buffer_out = ""
83
+            # on parcourt le fichier
84
+            for line in buffer_in:
85
+                # si la ligne actuelle contient la chaine recherchée
86
+                if line.startswith(chaine_recherche):
87
+                    print "définition du mot de passe trouvée : %s" % line.strip()
88
+                    # on ajoute les possibles tabulations ou espaces en début de ligne
89
+                    buffer_out += line[0:line.index(chaine_recherche)]
90
+                    buffer_out += chaine_recherche
91
+                    if name == 'slapd.conf':
92
+                        buffer_out += crypt_pwd
93
+                    else:
94
+                        buffer_out += new_pass
95
+                    if chaine_recherche.endswith('"'):
96
+                        # si le mot de passe est entre guillemets, on ajoute le guillemet fermant
97
+                        buffer_out += '"'
98
+                    if name.endswith('.pl') or name.endswith('.pm') or name.endswith('.php'):
99
+                        buffer_out += ';'
100
+                    buffer_out += "\n"
101
+                else:
102
+                    # sinon, on recopie la ligne d'origine
103
+                    buffer_out += line
104
+
105
+            # sauvegarde du fichier de conf
106
+            conf_file = open(file_path,"w")
107
+            conf_file.write(buffer_out)
108
+            conf_file.close()
109
+
110
+        rights = option.get('rights')
111
+        if rights:
112
+            cmd = ['chown', rights, short_path]
113
+            system_code(cmd, container=container)
114
+        mode = option.get('mode')
115
+        if mode:
116
+            system_code(['chmod', mode, file_path])
117
+
118
+# mise à jour du mot de passe LDAP pour samba
119
+if 'fichier' in all_containers:
120
+    print "\nMise à jour de Samba .."
121
+    cmd = ["smbpasswd", '-w', new_pass]
122
+    ret = system_code(cmd, container='fichier')
123
+    if ret != 0:
124
+        raise Exception, 'Erreur à la mise à jour Samba : %s' % str(ret[1:])
125
+
126
+print "\nredémarrage des services, veuillez patienter ..."
127
+# visiblement il vaut mieux le faire à chaque fois surtout pour ldap !
128
+service_code('slapd', 'restart', 'annuaire')
129
+#if reindex:
130
+#    print "réindexation de l'annuaire..."
131
+#    cmd = ['/usr/bin/sudo', '-u', 'openldap', '/usr/sbin/slapindex']
132
+#    system_res(cmd)
133
+if 'fichier' in all_containers:
134
+    service_code('smbd', 'restart', 'fichier')
135
+if dico.get('activer_courier', 'non') != 'non':
136
+    service_code('courier-authdaemon', 'restart', 'mail')

+ 8
- 0
tmpl/00_annuaire.fw View File

@@ -0,0 +1,8 @@
1
+%if %%ldap_restrict_access != 'aucun'
2
+ %if %%ldap_ssl != 'uniquement'
3
+allow_src(interface='eth0', ip="0/0", port='389', tcpwrapper="slapd")
4
+ %end if
5
+ %if %%ldap_ssl != 'non'
6
+allow_src(interface='eth0', ip="0/0", port='636', tcpwrapper="slapd")
7
+ %end if
8
+%end if

+ 22
- 0
tmpl/00_annuaire.ldif View File

@@ -0,0 +1,22 @@
1
+#######################################################
2
+#
3
+## DIT.ldif
4
+#
5
+## Equipe Eole eole@ac-dijon.fr
6
+#
7
+########################################################
8
+
9
+#eole-annuaire
10
+dn: o=gouv,c=fr
11
+objectClass: organization
12
+o: gouv
13
+description: Gouvernemental
14
+
15
+dn: ou=education,o=gouv,c=fr
16
+objectClass: organizationalUnit
17
+ou: education
18
+description: Education Nationale
19
+
20
+dn: ou=%%nom_academie,ou=education,o=gouv,c=fr
21
+objectClass: organizationalUnit
22
+ou: %%nom_academie

+ 75
- 0
tmpl/DB_CONFIG View File

@@ -0,0 +1,75 @@
1
+# WARNING: Before tuning the following parameters, _PLEASE READ_
2
+#   /usr/share/doc/slapd/README.DB_CONFIG.gz
3
+
4
+# Set the database in memory cache size.
5
+#
6
+# set_cachesize <gbytes> <bytes> <ncache>
7
+#   Sets the database in memory cache size. 
8
+#   Database entries and indexes will be stored in this cache to 
9
+#   avoid disk access during database read and write operations. 
10
+#   Tuning this value can greatly effect your database performance. 
11
+#   The parameters are:
12
+#      <gbytes>: The number of gigabytes of memory to allocate to the cache.
13
+#      <bytes>: The number of bytes of memory to allocate to the cache.
14
+#      <ncache>: The number of cache segments to use. If this value is set to 
15
+#          0 or 1 then Berkeley DB will try to allocate one contiguous section 
16
+#          of memory for the cache. If this value is greater than 1, the cache 
17
+#          will be split into that number of segments.
18
+set_cachesize   0       52428800        0
19
+
20
+
21
+# Sets the database startup flags.
22
+#
23
+# set_flags <flag>
24
+#   There are various flag options that may be set. The DB_TXN_NOSYNC flag 
25
+#   tells the database not to immediately flush transaction buffers to disk. 
26
+#   Setting this flag can help speed up database access during periods of 
27
+#   database write activity BUT at expense of data safety. Enable it only
28
+#   to load data with slapadd, while slapd is not running.
29
+#set_flags       DB_TXN_NOSYNC
30
+
31
+
32
+# Set the maximum in memory cache in <bytes> for database file name caching.
33
+#
34
+# set_lg_regionmax <bytes>
35
+#   This value should be increased as the number of database files increases 
36
+#   (tables and indexes).
37
+#set_lg_regionmax        1048576
38
+
39
+# Set the maximum size of log files in <bytes>.
40
+#
41
+# set_lg_max <bytes>
42
+#   Logs will be rotated when <bytes> amount of data have been written to 
43
+#   one log file. This value should be at least four times the size of 
44
+#   set_lg_bsize.
45
+#set_lg_max              10485760
46
+
47
+# Set the in memory cache for log information.
48
+#
49
+# set_lg_bsize <bytes>
50
+#   When <bytes> amount of logging information have been written to this 
51
+#   cache it will be flushed to disk.
52
+set_lg_bsize            2097152
53
+
54
+# Set the log file directory to <directory>. 
55
+#
56
+# set_lg_dir              /usr/local/var/openldap-logs
57
+#   Log files should preferably be on a different disk than the 
58
+#   database files. This both improves reliability (for disastrous
59
+#   recovery) and speed of the database.
60
+#set_lg_dir <directory>
61
+
62
+
63
+# Sven Hartge reported that he had to set this value incredibly high
64
+# to get slapd running at all. See http://bugs.debian.org/303057
65
+# for more information.
66
+
67
+# Number of objects that can be locked at the same time.
68
+set_lk_max_objects      5000
69
+# Number of locks (both requested and granted)
70
+set_lk_max_locks        5000
71
+# Number of lockers
72
+set_lk_max_lockers	5000
73
+
74
+# Purge automatique des logs
75
+set_flags       DB_LOG_AUTOREMOVE

+ 52
- 0
tmpl/default.slapd View File

@@ -0,0 +1,52 @@
1
+# Location of the slapd configuration to use.  If using the cn=config
2
+# backend to store configuration in LDIF, set this variable to the
3
+# directory containing the cn=config data; otherwise set it to the location
4
+# of your slapd.conf file.  If empty, use the compiled-in default
5
+# (/etc/ldap/slapd.d).
6
+SLAPD_CONF="/etc/ldap/slapd.conf"
7
+
8
+# System account to run the slapd server under. If empty the server
9
+# will run as root.
10
+SLAPD_USER="openldap"
11
+
12
+# System group to run the slapd server under. If empty the server will
13
+# run in the primary group of its user.
14
+SLAPD_GROUP="openldap"
15
+
16
+# Path to the pid file of the slapd server. If not set the init.d script
17
+# will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.d by
18
+# default)
19
+SLAPD_PIDFILE=
20
+
21
+# slapd normally serves ldap only on all TCP-ports 389. slapd can also
22
+# service requests on TCP-port 636 (ldaps) and requests via unix
23
+# sockets.
24
+# Example usage:
25
+# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
26
+%if %%ldap_ssl == 'non'
27
+SLAPD_SERVICES="ldap:/// ldapi:///"
28
+%else
29
+SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"
30
+%end if
31
+
32
+# If SLAPD_NO_START is set, the init script will not start or restart
33
+# slapd (but stop will still work).  Uncomment this if you are
34
+# starting slapd via some other means or if you don't want slapd normally
35
+# started at boot.
36
+#SLAPD_NO_START=1
37
+
38
+# If SLAPD_SENTINEL_FILE is set to path to a file and that file exists,
39
+# the init script will not start or restart slapd (but stop will still
40
+# work).  Use this for temporarily disabling startup of slapd (when doing
41
+# maintenance, for example, or through a configuration management system)
42
+# when you don't want to edit a configuration file.
43
+SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
44
+
45
+# For Kerberos authentication (via SASL), slapd by default uses the system
46
+# keytab file (/etc/krb5.keytab).  To use a different keytab file,
47
+# uncomment this line and change the path.
48
+#export KRB5_KTNAME=/etc/krb5.keytab
49
+
50
+# Additional options to pass to slapd
51
+SLAPD_OPTIONS=""
52
+

+ 189
- 0
tmpl/slapd.conf View File

@@ -0,0 +1,189 @@
1
+#
2
+# configuration ldap pour Eole-2.3
3
+#
4
+# Equipe Eole <eole@ac-dijon.fr>
5
+#
6
+
7
+#
8
+# See slapd.conf(5) for details on configuration options.
9
+# This file should NOT be world readable.
10
+#
11
+include        /etc/ldap/schema/core.schema
12
+include        /etc/ldap/schema/cosine.schema
13
+include        /etc/ldap/schema/nis.schema
14
+include        /etc/ldap/schema/inetorgperson.schema
15
+include        /etc/ldap/schema/openldap.schema
16
+include        /etc/ldap/schema/samba.schema
17
+include        /etc/ldap/schema/eole.schema
18
+include        /etc/ldap/schema/eoleshare.schema
19
+include        /etc/ldap/schema/radius.schema
20
+include        /etc/ldap/schema/ent.schema
21
+
22
+## Support du TLS
23
+TLSCertificateFile      %%server_cert
24
+TLSCertificateKeyFile   %%server_key
25
+TLSCACertificateFile    /etc/ssl/certs/ca.crt
26
+TLSVerifyClient         never
27
+
28
+# Define global ACLs to disable default read access.
29
+
30
+# Do not enable referrals until AFTER you have a working directory
31
+# service AND an understanding of referrals.
32
+#referral    ldap://root.openldap.org
33
+
34
+pidfile         /var/run/slapd/slapd.pid
35
+argsfile        /var/run/slapd/slapd.args
36
+
37
+# Where the dynamically loaded modules are stored
38
+modulepath      /usr/lib/ldap
39
+moduleload      back_bdb
40
+%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
41
+moduleload      syncprov
42
+%end if
43
+
44
+# Sample security restrictions
45
+#    Require integrity protection (prevent hijacking)
46
+#    Require 112-bit (3DES or better) encryption for updates
47
+#    Require 63-bit encryption for simple bind
48
+# security ssf=1 update_ssf=112 simple_bind=64
49
+
50
+# Sample access control policy:
51
+#    Root DSE: allow anyone to read it
52
+#    Subschema (sub)entry DSE: allow anyone to read it
53
+#    Other DSEs:
54
+#        Allow self write access
55
+#        Allow authenticated users read access
56
+#        Allow anonymous users to authenticate
57
+#    Directives needed to implement policy:
58
+# access to dn.base="" by * read
59
+# access to dn.base="cn=Subschema" by * read
60
+# access to *
61
+#    by self write
62
+#    by users read
63
+#    by anonymous auth
64
+#
65
+# if no access controls are present, the default policy
66
+# allows anyone and everyone to read anything but restricts
67
+# updates to rootdn.  (e.g., "access to * by * read")
68
+#
69
+# rootdn can always read and write EVERYTHING!
70
+
71
+#######################################################################
72
+# BDB database definitions
73
+#######################################################################
74
+
75
+# compatibilite EAD1 et appli PHP
76
+allow   bind_v2
77
+
78
+database    bdb
79
+# The base of your directory
80
+suffix        "o=gouv,c=fr"
81
+rootdn        "cn=admin,o=gouv,c=fr"
82
+
83
+# Cleartext passwords, especially for the rootdn, should
84
+# be avoid.  See slappasswd(8) and slapd.conf(5) for details.
85
+# Use of strong authentication encouraged.
86
+rootpw {CRYPT}dyJWGdOe6Pgec
87
+
88
+# The database directory MUST exist prior to running slapd AND
89
+# should only be accessible by the slapd and slap tools.
90
+# Mode 700 recommended.
91
+directory    /var/lib/ldap
92
+
93
+# Indices to maintain
94
+index   objectClass         eq
95
+index   uid,cn,sn           eq,subinitial
96
+index   ENTPersonLogin      eq
97
+index   FederationKey       eq
98
+index   ENTEleveStructRattachId eq
99
+# Samba
100
+index   memberuid            eq
101
+index   gidnumber,uidnumber  eq
102
+index   sambaSID             eq,sub
103
+index   sambaPrimaryGroupSID eq
104
+index   sambaDomainName      eq
105
+index   sambaGroupType       eq
106
+index   sambaSIDList         eq
107
+index   uniqueMember         eq
108
+index   sambaShareGroup      eq
109
+# recherches diverses
110
+index   description          eq,subinitial
111
+index   type                 eq
112
+index   eleve                eq
113
+index   displayName          eq
114
+index   mail                 eq
115
+# réplication
116
+index   entryCSN,entryUUID   eq
117
+index   contextCSN           eq
118
+
119
+# Basic ACL
120
+access to attrs=userPassword,sambaLMPassword,sambaNTPassword
121
+        by self write
122
+        by anonymous auth
123
+        by dn="cn=reader,o=gouv,c=fr" read
124
+        by * none
125
+
126
+# ACL pour Scribe
127
+access to attrs=employeeNumber,Ine,dateNaissance,ENTPersonDateNaissance,ENTPersonAdresse,ENTPersonCodePostal,ENTPersonVille,ENTPersonPays,telephoneNumber,mobile,homePhone,eleve,ENTAuxPersRelEleveEleve,ENTEleveStructRattachId
128
+        by self read
129
+        by dn="cn=reader,o=gouv,c=fr" read
130
+        by * none
131
+
132
+# ACL par défaut
133
+access to *
134
+%if %%ldap_restrict_access == 'tous'
135
+        by * read
136
+%else
137
+ %if %%mode_conteneur_actif == 'oui'
138
+        %set %%separator='%'
139
+        by peername.ip=%%adresse_network_br0%%separator%%adresse_netmask_br0 read
140
+ %end if
141
+        by peername.ip=127.0.0.1 read
142
+ %if %%ldap_restrict_access != 'aucun'
143
+        by users read
144
+ %end if
145
+        by * none
146
+%end if
147
+
148
+%if %%ldap_replication == 'oui'
149
+# recherches illimitées pour le reader
150
+limits dn.exact="cn=reader,o=gouv,c=fr" size=unlimited time=unlimited
151
+%end if
152
+
153
+# logging
154
+loglevel     %%ldap_loglevel
155
+
156
+# Specify the maximum number of entries to return from a search operation
157
+sizelimit    %%ldap_sizelimit
158
+
159
+# Specify the maximum number of seconds (in  real  time)
160
+# slapd  will  spend  answering  a  search request
161
+timelimit    %%ldap_timelimit
162
+
163
+# Controls whether slapd will automatically maintain
164
+# the modifiersName, modifyTimestamp, creatorsName, and createTimestamp attributes for entries.
165
+lastmod      on
166
+
167
+
168
+#######################################################################
169
+# These slapd.conf options apply to the bdb and hdb backend database
170
+#######################################################################
171
+
172
+# Specify the size in entries of the in-memory entry cache
173
+cachesize    %%ldap_cachesize
174
+
175
+## dbcachesize est une specifique au backend ldbm => ne pas l'utiliser
176
+
177
+%if %%ldap_replication == 'oui'
178
+overlay syncprov
179
+# création d'un checkpoint
180
+# toutes les 100 opérations
181
+# ou toutes les 10 minutes
182
+syncprov-checkpoint 100 10
183
+# nombre maximum de sessions à conserver
184
+syncprov-sessionlog 100
185
+%end if
186
+
187
+%if %%ldap_replication_client == 'oui'
188
+include /etc/ldap/replication.conf
189
+%end if

+ 13
- 0
zephir/srv/20_ldap.srv View File

@@ -0,0 +1,13 @@
1
+# -*- coding: UTF-8 -*-
2
+"""
3
+Surveillance d'OpenLdap
4
+"""
5
+
6
+from zephir.monitor.agents.services import TCPServices
7
+
8
+if DICO['activer_client_ldap'] == 'local':
9
+    adresse = DICO.get('adresse_ip_annuaire', '127.0.0.1')
10
+    test = '%s:389' % adresse
11
+    data = {test : "Annuaire d'authentification (LDAP)"}
12
+    AGENTS.append(TCPServices('ldap', data, period=115,
13
+                              description="Etat de l'annuaire LDAP"))

Loading…
Cancel
Save