# Configuration file for websieve ldapextras
# ldapextras.pl and ldapextras.conf copyright 2001 Jules Agee
# Licensed under the LGPL - see http://www.gnu.org for details
# this software is provided at no charge WITH NO WARRANTY of any kind, implied
# or otherwise.
# Note that use of the ldapextras features requires that you have edited the
# websieve.conf file and set both the $useldapextras and the $useauth parameters
# to a non-zero (true) value.
#
# See the bottom of this file for a description of the LDAP configuration that
# was used in development of these functions. Please note that these functions
# are still in a very early stage of development, and while I tried to make
# it fairly flexible and applicable to other LDAP configurations, making some
# assumptions about the configuration was necessary and at this point in
# development you will probably run into problems if your configuration
# deviates from the configuration described below by much. Hopefully as time
# goes by I'll get a better feel for how others have configured their
# directories and this program will become more flexible and easily
# configurable.
#####
# $suggestpass can be set to the pathname of a program that will generate
# a random password to suggest to the admin upon creating a new account.
# If left undefined, while creating a new user the admin will be asked to
# enter a password twice in standard non-echoing password fields.
$suggestpass = "/usr/local/bin/apg -m8 -x8 -a0 -CL -n1";
######
# $manageruid should be undefined by default. Management options will appear
# if this is defined and the user has authenticated successfully with this uid.
#
# NOTE: The LDAP server MUST be configured to allow the entry with
# this UID to have adminstrative privileges on the LDAP server!
# This UID must also have admin privileges on the IMAP server!
# uncomment the following line to use these features:
$manageruid = "admin";
# if the manager account is actually used to receive mail, set this to true.
# it should be set to zero if no mail is delivered to this UID.
$mgrrecmail = 0;
######
# The next few options are used as defaults when creating new entries
# in your LDAP directory.
# this item must be changed to the string that appears in the DN
# immediately following the RDN, for example, the string below
# would be used if a DN for your CorpOffice group looked like this:
# dn: cn=CorpOffice,ou=Groups,dc=pcf,dc=com,o=internet
$ldapgroup_ou = ("ou=Groups");
# Exactly the same as $ldapgroup_ou except for user entries in the
# directory. If your average user DN looks like this:
# dn: cn=Joe Friday (joef),ou=People,dc=pcf,dc=com,o=internet
# then your $ldapperson_ou should look like this:
$ldapperson_ou = ("ou=People");
# Hash of default attributes and values that will be added to EVERY
# newly created group, and will have the same values in every group:
%ldapgroupdefatts = (
objectClass=>[ "top", "groupOfNames", "rfc822MailGroup" ],
owner=>"cn=,ou=People,dc=pcf,dc=com,o=internet",
errorsTo=>"ldap:///Postmaster,ou=People,dc=pcf,dc=com,o=Internet",
requestsTo=>"ldap:///Postmaster,ou=People,dc=pcf,dc=com,o=Internet"
);
# Hash of default attributes and values that will be added to EVERY
# newly created Person entry, and will have all the same values for
# every person.
%ldappersondefatts = (
objectClass=>[ "top", "person", "organizationalPerson", "inetOrgPerson" ],
);
# List the mailhost and partition attributes that are used when creating
# an imap account on the server indicated by mailhost
# ie: $mailhostatt="mailHost";
$mailhostatt="mailroutingaddress";
$mailpartitionatt="mailmessagestore";
#user password attribute
$ldappassattr="userPassword";
# Array of ldap Person attributes that the admin will need to edit manually,
# **EXCLUDING** dn, cn, uid, mail, sn, and givenname which will all
# automatically be generated from the $ldapuid, first name, last name,
# $maildomain, and @ldapperson_ou data as follows:
# dn=cn=$firstname $lastname ($ldapuid),$ldapperson_ou
# cn=$firstname $lastname ($ldapuid)
# uid=$ldapuid
# mail=$ldapuid@$maildomain
# sn=$lastname
# givenname=$firstname
#
# The array is used like a hash but is implemented as an array to preserve
# the order of the values, so put them here in the order you want to see them.
# The hash key should be the name of the attribute, and the value
# should be a short label which describes the attribute in
# user-friendly terms will appear on the user editing screen, like so:
@ldappersonatts = (
title=>"Job Title",
l=>"Location Description",
streetAddress=>"Address, City, Zip",
telephonenumber=>"Phone number",
facsimileTelephoneNumber=>"Fax number",
mobile=>"Cellphone number",
pager=>"Pager number",
photo=>"URL of photo",
$mailhostatt=>"Mail Host",
$mailpartitionatt=>"Partition",
maildrop=>"MailDrop",
);
# Attributes that can appear multiple times in an ldap record
# such as mail aliases,etc
# do not put these attribute names in @ldappersonatts
@multilineatts = (
alternatemailaddress=>"Alias"
);
# Attributes which will be displayed as a popup menu instead of a text box
# The values on the right are the values that are offered as choices for each attribute
# Note: these attributes should also be listed in @ldappersonatts
# Here we list the user hosts that a mailbox can be created on as well
# as the hosts that we don't want an imap account but do want a directory entry
%ldapselectatts = (
$mailhostatt => ["",@serverlist,"nonimaphost"],
$mailpartitionatt=>["","default","marketing"]
);
# Attributes that we want to display as a textarea field. These attributes must
# also appear in @ldappersonatts. Value is the number of rows to display
%ldaptextareaatts = (
maildrop => "2",
streetAddress => "4"
);
# This is a list of mail hosts where an imap account will NOT be created
# only ldap data will be entered.
# This is used when you need a directory entry for a user whose account does not
# live on an imap server (ie: a user who uses Lotus Notes mail for example)
#
@nonimapmailhosts = ("nonimaphost");
# A hash of LDAP attributes that you do NOT want to be displayed to ordinary
# users when displaying an LDAP entry. It doesn't matter what the values
# of each attribute are, we are only using a hash for performance reasons -
# it's more efficient to see if a particular element of a hash exists than to
# iterate through an array checking whether each element matches.
%donotdisplay = (
photo => 1,
userPassword => 1
);
# LDAP attribute which defines a user as a member of a group,
# for example, "member", or "uniqueMember"
$ldapmemberatt = "member";
$NEWUSERURL="New User";
$NEWGROUPURL="New Group";
$LDAPSEARCHURL="View Users & Groups";
##############################################################################
# Default LDAP structure and objectclasses #
##############################################################################
#
# Since I'm writing this, the structure I'm using gets to be the default. :)
# If anyone has suggestions for the default config, please send them to me.
# If I find a consensus that any single structure is more common than the
# defaults here, I might be willing to change them.
#
# -Jules Agee julesa@pcf.com
#
# I'm using OpenLDAP 1.2.xx, which is pretty common, so I'll include the
# parts of the slapd.oc.conf file that I modified to make OpenLDAP work with
# our existing LDAP directory structure, and therefore with the defaults in
# this script. Of course, you'll have to modify the dc=pcf,dc=com entries
# to reflect your own domain, but if you're starting from scratch with a new
# OpenLDAP 1.2.xx server, you could pretty much use the defaults defined above
# after adding my modified slapd.oc.conf entries to your slapd.oc.conf file.
#
# Then, once you had the LDAP server configured and running, you would have
# to use ldapadd to add the following entries to your empty directory before
# you could add users and groups. Again, you would have to change the dc=pcf
# and dc=com entries to reflect your own domain name. This also assumes that
# the LDAP manager/admin DN is set to "cn=Manager,o=internet" in your
# slapd.conf file.
#
# o=internet
# objectclass=top
# objectclass=organization
# o=internet
#
# cn=Manager,o=internet
# objectclass=top
# objectclass=organizationalRole
# objectclass=inetOrgPerson
# cn=Manager
# sn=postmaster
# uid=cyrus
#
# dc=com,o=internet
# objectclass=top
# objectclass=domain
# dc=com
#
# dc=pcf,dc=com,o=internet
# objectclass=top
# objectclass=domain
# dc=pcf
#
# ou=People, dc=pcf, dc=com, o=internet
# objectclass=top
# objectclass=organizationalUnit
# ou=People
#
# ou=Groups, dc=pcf, dc=com, o=internet
# objectclass=top
# objectclass=organizationalUnit
# ou=Groups
#
#
############### end of LDIF
#
# Here are the relevant entries I have modified from slapd.oc.conf.
#
# If you have an existing directory or already know the attributes you want to
# use for data in your directory, you will have to modify most of the defaults
# in this file to match the objectclass definitions you're using anyway, so this
# will probably be useless info for you.
#
# objectclass organizationalPerson
# requires
# objectClass,
# sn,
# cn
# allows
# description,
# destinationIndicator,
# facsimileTelephoneNumber,
# givenName,
# internationaliSDNNumber,
# l,
# ou,
# physicalDeliveryOfficeName,
# postOfficeBox,
# postalAddress,
# postalCode,
# preferredDeliveryMethod,
# registeredAddress,
# seeAlso,
# st,
# streetAddress,
# telephoneNumber,
# teletexTerminalIdentifier,
# telexNumber,
# title,
# userPassword,
# x121Address
#
# objectclass inetOrgPerson
# requires
# objectClass,
# sn,
# cn,
# uid
# allows
# affiliationCode,
# alternatemailaddress,
# audio,
# businessCategory,
# departmentNumber,
# description,
# destinationIndicator,
# doNotDelete,
# doNotMove,
# drink,
# expire,
# facsimileTelephoneNumber,
# homePhone,
# homePostalAddress,
# initials,
# internationaliSDNNumber,
# jpegPhoto,
# keepNames,
# krbName,
# l,
# labeledURL,
# mail,
# mailautoreplytext,
# mailhost,
# mailPreferenceOption,
# mailprogramdeliveryinfo,
# mobile,
# multiLineDescription,
# mailAutoreply,
# mailForward,
# mailForwardingAddress,
# mailQuota,
# mailRoutingAddress,
# onVacation,
# organizationalStatus,
# otherMailbox,
# ou,
# pager,
# personalSignature,
# personalTitle,
# photo,
# physicalDeliveryOfficeName,
# phplibdata,
# postOfficeBox,
# postalAddress,
# postalCode,
# preferredDeliveryMethod,
# proxy,
# registeredAddress,
# registrationStatus,
# roomNumber,
# secretary,
# seeAlso,
# st,
# streetAddress,
# telephoneNumber,
# teletexTerminalIdentifier,
# telexNumber,
# textEncodedORaddress,
# title,
# updateSource,
# userCertificate,
# userClass,
# userPassword,
# vacationMessage,
# x121Address,
# xacl
#
# objectclass rfc822MailGroup
# requires
# objectClass,
# owner,
# cn
# allows
# associatedDomain,
# autoMgt,
# description,
# destinationIndicator,
# errorsTo,
# facsimileTelephoneNumber,
# internationaliSDNNumber,
# joinable,
# krbName,
# labeledURL,
# mail,
# mailhost,
# member,
# memberOfGroup,
# moderator,
# multiLineDescription,
# notice,
# physicalDeliveryOfficeName,
# postOfficeBox,
# postalAddress,
# postalCode,
# preferredDeliveryMethod,
# registeredAddress,
# requestsTo,
# rfc822ErrorsTo,
# rfc822RequestsTo,
# rfc822Mailbox,
# seeAlso,
# streetAddress,
# suppressNoEmailError,
# telephoneNumber,
# teletexTerminalIdentifier,
# telexNumber,
# userPassword,
# x121Address,
# xacl
#
#
1; # make require happy