1#!/usr/bin/perl
2use strict;
3package smbldap_conf;
4
5# smbldap-tools.conf : Q & D configuration file for smbldap-tools
6
7#  This code was developped by IDEALX (http://IDEALX.org/) and
8#  contributors (their names can be found in the CONTRIBUTORS file).
9#
10#                 Copyright (C) 2001-2002 IDEALX
11#
12#  This program is free software; you can redistribute it and/or
13#  modify it under the terms of the GNU General Public License
14#  as published by the Free Software Foundation; either version 2
15#  of the License, or (at your option) any later version.
16#
17#  This program is distributed in the hope that it will be useful,
18#  but WITHOUT ANY WARRANTY; without even the implied warranty of
19#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20#  GNU General Public License for more details.
21#
22#  You should have received a copy of the GNU General Public License
23#  along with this program; if not, write to the Free Software
24#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
25#  USA.
26
27#  Purpose :
28#       . be the configuration file for all smbldap-tools scripts
29
30use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS
31			$UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
32			$slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
33			$ldap_path $ldap_opts $ldapmodify $suffix $usersdn $computersdn
34			$groupsdn $scope $binddn $bindpasswd
35			$slaveDN $slavePw $masterDN $masterPw
36			$_userLoginShell $_userHomePrefix $_userGecos
37			$_defaultUserGid $_defaultComputerGid
38			$_skeletonDir $_userSmbHome
39			$_userProfile $_userHomeDrive
40			$_userScript $usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge
41		   );
42
43use Exporter;
44$VERSION = 1.00;
45@ISA = qw(Exporter);
46
47@EXPORT = qw(
48			 $UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
49			 $slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
50			 $ldap_path $ldap_opts $ldapmodify $suffix $usersdn
51			 $computersdn $groupsdn $scope $binddn $bindpasswd
52			 $slaveDN $slavePw $masterDN $masterPw
53			 $_userLoginShell $_userHomePrefix $_userGecos
54			 $_defaultUserGid $_defaultComputerGid $_skeletonDir
55			 $_userSmbHome $_userProfile $_userHomeDrive $_userScript
56			 $usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge
57			);
58
59
60##############################################################################
61#
62# General Configuration
63#
64##############################################################################
65
66# UID and GID starting at...
67$UID_START = 1000;
68$GID_START = 1000;
69
70# Put your own SID
71# to obtain this number do: "net getlocalsid"
72$SID='S-1-5-21-3516781642-1962875130-3438800523';
73
74##############################################################################
75#
76# LDAP Configuration
77#
78##############################################################################
79
80# Notes: to use to dual ldap servers backend for Samba, you must patch
81# Samba with the dual-head patch from IDEALX. If not using this patch
82# just use the same server for slaveLDAP and masterLDAP.
83# Those two servers declarations can also be used when you have
84# . one master LDAP server where all writing operations must be done
85# . one slave LDAP server where all reading operations must be done
86#   (typically a replication directory)
87
88# Ex: $slaveLDAP = "127.0.0.1";
89$slaveLDAP = "127.0.0.1";
90$slavePort = "389";
91
92# Master LDAP : needed for write operations
93# Ex: $masterLDAP = "127.0.0.1";
94$masterLDAP = "127.0.0.1";
95$masterPort = "389";
96
97# Use SSL for LDAP
98# If set to "1", this option will use start_tls for connection
99# (you should also used the port 389)
100$ldapSSL = "0";
101
102# LDAP Suffix
103# Ex: $suffix = "dc=IDEALX,dc=ORG";
104$suffix = "dc=IDEALX,dc=COM";
105
106
107# Where are stored Users
108# Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG
109$usersou = q(_USERS_);
110$usersdn = "ou=$usersou,$suffix";
111
112# Where are stored Computers
113# Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG
114$computersou = q(_COMPUTERS_);
115$computersdn = "ou=$computersou,$suffix";
116
117# Where are stored Groups
118# Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG
119$groupsou = q(_GROUPS_);
120$groupsdn = "ou=$groupsou,$suffix";
121
122# Default scope Used
123$scope = "sub";
124
125# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
126$hash_encrypt="SSHA";
127
128############################
129# Credential Configuration #
130############################
131# Bind DN used
132# Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org
133$binddn = "cn=Manager,$suffix";
134
135# Bind DN passwd used
136# Ex: $bindpasswd = 'secret'; for 'secret'
137$bindpasswd = "secret";
138
139# Notes: if using dual ldap patch, you can specify to different configuration
140# By default, we will use the same DN (so it will work for standard Samba
141# release)
142$slaveDN = $binddn;
143$slavePw = $bindpasswd;
144$masterDN = $binddn;
145$masterPw = $bindpasswd;
146
147##############################################################################
148#
149# Unix Accounts Configuration
150#
151##############################################################################
152
153# Login defs
154# Default Login Shell
155# Ex: $_userLoginShell = q(/bin/bash);
156$_userLoginShell = q(_LOGINSHELL_);
157
158# Home directory prefix (without username)
159# Ex: $_userHomePrefix = q(/home/);
160$_userHomePrefix = q(_HOMEPREFIX_);
161
162# Gecos
163$_userGecos = q(System User);
164
165# Default User (POSIX and Samba) GID
166$_defaultUserGid = 513;
167
168# Default Computer (Samba) GID
169$_defaultComputerGid = 553;
170
171# Skel dir
172$_skeletonDir = q(/etc/skel);
173
174# Default password validation time (time in days) Comment the next line if
175# you don't want password to be enable for $_defaultMaxPasswordAge days (be
176# careful to the sambaPwdMustChange attribute's value)
177$_defaultMaxPasswordAge = 45;
178
179##############################################################################
180#
181# SAMBA Configuration
182#
183##############################################################################
184
185# The UNC path to home drives location without the username last extension
186# (will be dynamically prepended)
187# Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes
188# Just comment this if you want to use the smb.conf 'logon home' directive
189# and/or desabling roaming profiles
190$_userSmbHome = q(\\\\_PDCNAME_\\homes);
191
192# The UNC path to profiles locations without the username last extension
193# (will be dynamically prepended)
194# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles
195# Just comment this if you want to use the smb.conf 'logon path' directive
196# and/or desabling roaming profiles
197$_userProfile = q(\\\\_PDCNAME_\\profiles\\);
198
199# The default Home Drive Letter mapping
200# (will be automatically mapped at logon time if home directory exist)
201# Ex: q(U:) for U:
202$_userHomeDrive = q(_HOMEDRIVE_);
203
204# The default user netlogon script name
205# if not used, will be automatically username.cmd
206# $_userScript = q(startup.cmd); # make sure script file is edited under dos
207
208
209##############################################################################
210#
211# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
212#
213##############################################################################
214
215# Allows not to use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm) but
216# prefer mkntpwd... most of the time, it's a wise choice :-)
217$with_smbpasswd = 0;
218$smbpasswd = "/usr/bin/smbpasswd";
219$mk_ntpasswd = "/usr/local/sbin/mkntpwd";
220
221# those next externals commands are kept fot the migration scripts and
222# for the populate script: this will be updated as soon as possible
223$slaveURI = "ldap://$slaveLDAP:$slavePort";
224$masterURI = "ldap://$masterLDAP:$masterPort";
225
226$ldap_path = "/usr/bin";
227
228if ( $ldapSSL eq "0" ) {
229	$ldap_opts = "-x";
230} elsif ( $ldapSSL eq "1" ) {
231	$ldap_opts = "-x -Z";
232} else {
233	die "ldapSSL option must be either 0 or 1.\n";
234}
235
236#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
237#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
238$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
239#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
240#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
241#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
242#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
243
244
245
2461;
247
248# - The End
249