1#!/usr/bin/perl 2use strict; 3package smbldap_conf; 4 5# smbldap-tools.conf : Q & D configuration file for smbldap-tools 6 7# This code was developped by IDEALX (http://IDEALX.org/) and 8# contributors (their names can be found in the CONTRIBUTORS file). 9# 10# Copyright (C) 2001-2002 IDEALX 11# 12# This program is free software; you can redistribute it and/or 13# modify it under the terms of the GNU General Public License 14# as published by the Free Software Foundation; either version 2 15# of the License, or (at your option) any later version. 16# 17# This program is distributed in the hope that it will be useful, 18# but WITHOUT ANY WARRANTY; without even the implied warranty of 19# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20# GNU General Public License for more details. 21# 22# You should have received a copy of the GNU General Public License 23# along with this program; if not, write to the Free Software 24# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 25# USA. 26 27# Purpose : 28# . be the configuration file for all smbldap-tools scripts 29 30use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS 31 $UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP 32 $slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd 33 $ldap_path $ldap_opts $ldapmodify $suffix $usersdn $computersdn 34 $groupsdn $scope $binddn $bindpasswd 35 $slaveDN $slavePw $masterDN $masterPw 36 $_userLoginShell $_userHomePrefix $_userGecos 37 $_defaultUserGid $_defaultComputerGid 38 $_skeletonDir $_userSmbHome 39 $_userProfile $_userHomeDrive 40 $_userScript $usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge 41 ); 42 43use Exporter; 44$VERSION = 1.00; 45@ISA = qw(Exporter); 46 47@EXPORT = qw( 48 $UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP 49 $slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd 50 $ldap_path $ldap_opts $ldapmodify $suffix $usersdn 51 $computersdn $groupsdn $scope $binddn $bindpasswd 52 $slaveDN $slavePw $masterDN $masterPw 53 $_userLoginShell $_userHomePrefix $_userGecos 54 $_defaultUserGid $_defaultComputerGid $_skeletonDir 55 $_userSmbHome $_userProfile $_userHomeDrive $_userScript 56 $usersou $computersou $groupsou $SID $hash_encrypt $_defaultMaxPasswordAge 57 ); 58 59 60############################################################################## 61# 62# General Configuration 63# 64############################################################################## 65 66# UID and GID starting at... 67$UID_START = 1000; 68$GID_START = 1000; 69 70# Put your own SID 71# to obtain this number do: "net getlocalsid" 72$SID='S-1-5-21-3516781642-1962875130-3438800523'; 73 74############################################################################## 75# 76# LDAP Configuration 77# 78############################################################################## 79 80# Notes: to use to dual ldap servers backend for Samba, you must patch 81# Samba with the dual-head patch from IDEALX. If not using this patch 82# just use the same server for slaveLDAP and masterLDAP. 83# Those two servers declarations can also be used when you have 84# . one master LDAP server where all writing operations must be done 85# . one slave LDAP server where all reading operations must be done 86# (typically a replication directory) 87 88# Ex: $slaveLDAP = "127.0.0.1"; 89$slaveLDAP = "127.0.0.1"; 90$slavePort = "389"; 91 92# Master LDAP : needed for write operations 93# Ex: $masterLDAP = "127.0.0.1"; 94$masterLDAP = "127.0.0.1"; 95$masterPort = "389"; 96 97# Use SSL for LDAP 98# If set to "1", this option will use start_tls for connection 99# (you should also used the port 389) 100$ldapSSL = "0"; 101 102# LDAP Suffix 103# Ex: $suffix = "dc=IDEALX,dc=ORG"; 104$suffix = "dc=IDEALX,dc=COM"; 105 106 107# Where are stored Users 108# Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG 109$usersou = q(_USERS_); 110$usersdn = "ou=$usersou,$suffix"; 111 112# Where are stored Computers 113# Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG 114$computersou = q(_COMPUTERS_); 115$computersdn = "ou=$computersou,$suffix"; 116 117# Where are stored Groups 118# Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG 119$groupsou = q(_GROUPS_); 120$groupsdn = "ou=$groupsou,$suffix"; 121 122# Default scope Used 123$scope = "sub"; 124 125# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) 126$hash_encrypt="SSHA"; 127 128############################ 129# Credential Configuration # 130############################ 131# Bind DN used 132# Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org 133$binddn = "cn=Manager,$suffix"; 134 135# Bind DN passwd used 136# Ex: $bindpasswd = 'secret'; for 'secret' 137$bindpasswd = "secret"; 138 139# Notes: if using dual ldap patch, you can specify to different configuration 140# By default, we will use the same DN (so it will work for standard Samba 141# release) 142$slaveDN = $binddn; 143$slavePw = $bindpasswd; 144$masterDN = $binddn; 145$masterPw = $bindpasswd; 146 147############################################################################## 148# 149# Unix Accounts Configuration 150# 151############################################################################## 152 153# Login defs 154# Default Login Shell 155# Ex: $_userLoginShell = q(/bin/bash); 156$_userLoginShell = q(_LOGINSHELL_); 157 158# Home directory prefix (without username) 159# Ex: $_userHomePrefix = q(/home/); 160$_userHomePrefix = q(_HOMEPREFIX_); 161 162# Gecos 163$_userGecos = q(System User); 164 165# Default User (POSIX and Samba) GID 166$_defaultUserGid = 513; 167 168# Default Computer (Samba) GID 169$_defaultComputerGid = 553; 170 171# Skel dir 172$_skeletonDir = q(/etc/skel); 173 174# Default password validation time (time in days) Comment the next line if 175# you don't want password to be enable for $_defaultMaxPasswordAge days (be 176# careful to the sambaPwdMustChange attribute's value) 177$_defaultMaxPasswordAge = 45; 178 179############################################################################## 180# 181# SAMBA Configuration 182# 183############################################################################## 184 185# The UNC path to home drives location without the username last extension 186# (will be dynamically prepended) 187# Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes 188# Just comment this if you want to use the smb.conf 'logon home' directive 189# and/or desabling roaming profiles 190$_userSmbHome = q(\\\\_PDCNAME_\\homes); 191 192# The UNC path to profiles locations without the username last extension 193# (will be dynamically prepended) 194# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles 195# Just comment this if you want to use the smb.conf 'logon path' directive 196# and/or desabling roaming profiles 197$_userProfile = q(\\\\_PDCNAME_\\profiles\\); 198 199# The default Home Drive Letter mapping 200# (will be automatically mapped at logon time if home directory exist) 201# Ex: q(U:) for U: 202$_userHomeDrive = q(_HOMEDRIVE_); 203 204# The default user netlogon script name 205# if not used, will be automatically username.cmd 206# $_userScript = q(startup.cmd); # make sure script file is edited under dos 207 208 209############################################################################## 210# 211# SMBLDAP-TOOLS Configuration (default are ok for a RedHat) 212# 213############################################################################## 214 215# Allows not to use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm) but 216# prefer mkntpwd... most of the time, it's a wise choice :-) 217$with_smbpasswd = 0; 218$smbpasswd = "/usr/bin/smbpasswd"; 219$mk_ntpasswd = "/usr/local/sbin/mkntpwd"; 220 221# those next externals commands are kept fot the migration scripts and 222# for the populate script: this will be updated as soon as possible 223$slaveURI = "ldap://$slaveLDAP:$slavePort"; 224$masterURI = "ldap://$masterLDAP:$masterPort"; 225 226$ldap_path = "/usr/bin"; 227 228if ( $ldapSSL eq "0" ) { 229 $ldap_opts = "-x"; 230} elsif ( $ldapSSL eq "1" ) { 231 $ldap_opts = "-x -Z"; 232} else { 233 die "ldapSSL option must be either 0 or 1.\n"; 234} 235 236#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'"; 237#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI"; 238$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 239#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 240#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 241#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 242#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; 243 244 245 2461; 247 248# - The End 249