[debian-edu-commits] r79608 - in branches/wheezy/debian-edu-config: debian etc/gosa ldap-bootstrap
schweer-guest at alioth.debian.org
schweer-guest at alioth.debian.org
Mon Apr 15 22:03:10 UTC 2013
Author: schweer-guest
Date: 2013-04-15 22:03:10 +0000 (Mon, 15 Apr 2013)
New Revision: 79608
Modified:
branches/wheezy/debian-edu-config/debian/changelog
branches/wheezy/debian-edu-config/etc/gosa/gosa.conf
branches/wheezy/debian-edu-config/ldap-bootstrap/gosa.ldif
branches/wheezy/debian-edu-config/ldap-bootstrap/root.ldif
Log:
* Configure the GOsa gui stripped down to those menu items, tabs, and
options, that seem to be useful and usable. (Closes: #655274).
- Clean up gosa.conf for the sake of clarity. (A full version can
be found in /usr/share/doc/gosa.)
- Add ldif and csv import tabs to <ldiftab> in gosa.conf, as this will
show 'temporary disabled' in GOsa?\194?\178 as long as the add-on isn't
available -- and will be needed if it is.
- Change GOsa admin acl in ldap-bootstrap/root.ldif to disable
unusable options in Posix and Samba accounts.
- Add sambaAccount restrictions to jradmin-role acl in
ldap-bootstrap/gosa.ldif.
- Change description of admin-role to document restrictions.
Modified: branches/wheezy/debian-edu-config/debian/changelog
===================================================================
--- branches/wheezy/debian-edu-config/debian/changelog 2013-04-11 11:43:11 UTC (rev 79607)
+++ branches/wheezy/debian-edu-config/debian/changelog 2013-04-15 22:03:10 UTC (rev 79608)
@@ -1,3 +1,20 @@
+debian-edu-config (1.704~svn) UNRELEASED; urgency=low
+
+ * Configure the GOsa gui stripped down to those menu items, tabs, and
+ options, that seem to be useful and usable. (Closes: #655274).
+ - Clean up gosa.conf for the sake of clarity. (A full version can
+ be found in /usr/share/doc/gosa.)
+ - Add ldif and csv import tabs to <ldiftab> in gosa.conf, as this will
+ show 'temporary disabled' in GOsa² as long as the add-on isn't
+ available -- and will be needed if it is.
+ - Change GOsa admin acl in ldap-bootstrap/root.ldif to disable
+ unusable options in Posix and Samba accounts.
+ - Add sambaAccount restrictions to jradmin-role acl in
+ ldap-bootstrap/gosa.ldif.
+ - Change description of admin-role to document restrictions.
+
+ -- Wolfgang Schweer <wschweer at arcor.de> Mon, 15 Apr 2013 21:18:36 +0200
+
debian-edu-config (1.704~svn79603) wheezy-test; urgency=low
[ Mike Gabriel ]
Modified: branches/wheezy/debian-edu-config/etc/gosa/gosa.conf
===================================================================
--- branches/wheezy/debian-edu-config/etc/gosa/gosa.conf 2013-04-11 11:43:11 UTC (rev 79607)
+++ branches/wheezy/debian-edu-config/etc/gosa/gosa.conf 2013-04-15 22:03:10 UTC (rev 79608)
@@ -1,102 +1,32 @@
-<?xml version="1.0"?>
+<?xml version="1.0" encoding="UTF-8"?>
<conf configVersion="edb33ed1745798da76048582c2f16a48">
-
- <!-- GOsa menu definition **************************************************
-
- This tag defines the side and icon menu inside the
- interface. Defining an entry here is no guarantie to get it shown,
- though. Only entries with matching ACL's get shown.
-
- There are two types of entries inside of the menu: section and plugin
-
- Defining a section:
-
- Open a <section> tag including a "name" attribute. This will show up in
- the menu as a new section later on. Own entries are not handled via I18N
- by default. Close the </section> tag after your plugin definitions.
-
- Defining a plugin:
-
- Open a <plugin> tag including a "class" attribute. The "class" should be
- present inside your GOsa setup - the entry will be ignored if it is not.
-
- Plugins should have an "acl" entry, that allows GOsa to decide wether
- a user is allowed to see a plugin or not. The "acl" string matches with
- an ACL definition done inside of GOsa -> ACLs.
-
- You can override an icon by specifying the "icon" attribute.
-
- For more information about possible configuration parameters, please take
- a look at the gosa.conf(5) manual page.
- -->
<menu>
-
- <!-- Section to enable administrative services -->
<section name="Administration">
<plugin acl="department" class="departmentManagement" />
-
- <!-- This long ACL list is required to exclude the users menu entry when only
- 'viewFaxEntries' permissions are set -->
<plugin acl="users/netatalk,users/environment,users/posixAccount,users/kolabAccount,users/phpscheduleitAccount,users/oxchangeAccount,users/proxyAccount,users/connectivity,users/pureftpdAccount,users/phpgwAccount,users/opengwAccount,users/pptpAccount,users/intranetAccount,users/webdavAccount,users/nagiosAccount,users/sambaAccount,users/groupware,users/mailAccount,users/user,users/scalixAccount,users/password,users/gofaxAccount,users/phoneAccount,users/Groupware"
class="userManagement" />
<plugin acl="groups" class="groupManagement" />
<plugin acl="roles" class="roleManagement"/>
<plugin acl="acl" class="aclManagement" />
- <plugin acl="ogroups" class="ogroupManagement" />
<plugin acl="sudo" class="sudoManagement" />
- <plugin acl="application" class="applicationManagement" />
- <plugin acl="mimetypes" class="mimetypeManagement" />
- <plugin acl="devices" class="deviceManagement" />
<plugin acl="netgroup" class="netgroupManagement" />
- <plugin acl="terminal/termgeneric,workstation/workgeneric,server/servgeneric,phone/phoneGeneric,printer/printgeneric,component/componentGeneric,winworkstation/wingeneric,opsi/opsiGeneric" class="systemManagement" />
- <!-- Use 'lockDn' for dn
- 'lockName' for name
- 'lockType' for branch/freeze -->
- <plugin acl="fai/faiScript,fai/faiHook,fai/faiTemplate,fai/faiVariable,fai/faiPartitionTable,fai/faiPackage,fai/faiProfile,fai/faiManagement,opsi/opsiProperties" class="faiManagement" />
- <plugin acl="opsi" class="opsiLicenses"/>
- <plugin acl="gofaxlist" class="blocklist" />
- <plugin acl="gofonmacro" class="goFonMacro" />
- <plugin acl="gofonconference" class="phoneConferenceManagment" />
+ <plugin acl="workstation/workgeneric,server/servgeneric,printer/printgeneric,component/componentGeneric,winworkstation/wingeneric" class="systemManagement" />
</section>
-
- <!-- Section to enable addon plugins -->
<section name="Addons">
- <plugin acl="all/all" class="propertyEditor" />
- <plugin acl="server/rSyslogServer" class="rsyslog" />
-<!-- <plugin acl="mailqueue" class="mailqueue" />-->
- <plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
- <plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
- <plugin acl="gotomasses" class="gotomasses" />
<plugin acl="ldapmanager" class="ldif" />
</section>
</menu>
- <!-- These entries will be rendered on the short-cut menu -->
<shortCutMenu>
<plugin acl="none" class="welcome" />
</shortCutMenu>
- <!-- These entries will be rendered on the path navigator -->
<pathMenu>
<plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/sambaAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccount:self,users/gofaxAccount:self,users/phoneAccount:self,users/Groupware:self" class="MyAccount" />
<plugin acl="users/password:self" class="password"
postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync %dn"/>
</pathMenu>
-
- <!-- Tab definitions *******************************************************
-
- Tab definitions define the sub plugins which get included for certain
- tabbed dialogs. If you change something here, never (!) remove the
- primary (the first) "tab" tag which is defined. Most tabbed dialogs
- need a primary plugin.
-
- "*tab" should be looked for by a defined plugin. This one will take
- every "tab" defined "class" and will show it inside of a tabbed dialog
- with the header defined in "name".
- -->
-
- <!-- ACL dialog -->
<acltab>
<tab class="acl" name="ACL" />
</acltab>
@@ -105,124 +35,35 @@
<tab class="aclrole" name="ACL Role" />
</aclroletab>
- <!-- User dialog -->
<usertabs>
<tab class="user" name="Generic" />
<tab class="posixAccount" name="POSIX"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create %uid"
postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove %uid %homeDirectory" />
<tab class="sambaAccount" name="Samba" />
- <tab class="netatalk" name="Netatalk" />
- <tab class="mailAccount" name="Mail" />
-<!-- <tab class="Groupware" name="Groupware" />-->
- <tab class="scalixAccount" name="Scalix" />
- <tab class="environment" name="Desktop" />
- <tab class="connectivity" name="Connectivity" />
- <tab class="gofaxAccount" name="Fax" />
- <tab class="phoneAccount" name="Phone" />
- <tab class="nagiosAccount" name="Nagios" />
</usertabs>
- <!-- User dialog -->
<MyAccountTabs>
<tab class="user" name="Generic" />
<tab class="posixAccount" name="POSIX" />
- <tab class="sambaAccount" name="Samba" />
- <tab class="netatalk" name="Netatalk" />
- <tab class="mailAccount" name="Mail" />
-<!-- <tab class="Groupware" name="Groupware" />-->
- <tab class="scalixAccount" name="Scalix" />
- <tab class="environment" name="Desktop" />
- <tab class="connectivity" name="Connectivity" />
- <tab class="gofaxAccount" name="Fax" />
- <tab class="phoneAccount" name="Phone" />
- <tab class="nagiosAccount" name="Nagios" />
</MyAccountTabs>
- <opsiLicenseTabs>
- <tab class="licensePoolGeneric" name="Generic"/>
- <tab class="licenseUsage" name="Usage"/>
- </opsiLicenseTabs>
-
- <!-- Group dialog -->
<grouptabs>
<tab class="group" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
- <tab class="environment" name="Desktop" />
- <tab class="appgroup" name="Startmenu" />
- <tab class="mailgroup" name="Mail" />
-<!-- <tab class="GroupwareSharedFolder" name="Groupware" />-->
</grouptabs>
- <!-- Sudo dialog -->
<sudotabs>
<tab class="sudo" name="Generic" />
<tab class="sudoOption" name="Options" />
</sudotabs>
- <!-- GOfax plugins -->
- <faxblocktabs>
- <tab class="blocklistGeneric" name="Generic" />
- </faxblocktabs>
-
- <!-- GOfon plugins -->
- <conferencetabs>
- <tab class="conference" name="Generic" />
- </conferencetabs>
-
- <macrotabs>
- <tab class="macro" name="Generic" />
- <tab class="macroParameter" name="Parameter" />
- </macrotabs>
-
- <phonetabs>
- <tab class="phoneGeneric" name="Generic" />
- </phonetabs>
-
- <!-- GOto plugins -->
- <appstabs>
- <tab class="application" name="Generic" />
- <tab class="applicationParameters" name="Parameter" />
- </appstabs>
-
- <mimetabs>
- <tab class="mimetype" name="Generic" />
- </mimetabs>
-
- <devicetabs>
- <tab class="deviceGeneric" name="Generic"
- postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
- </devicetabs>
-
- <arpnewdevicetabs>
- <tab class="ArpNewDevice" name="Generic" />
- </arpnewdevicetabs>
-
- <termtabs>
- <tab class="termgeneric" name="Generic"
- postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
- <tab class="termstartup" name="Startup"/>
- <tab class="termservice" name="Devices"/>
- <tab class="terminfo" name="Information" snmpCommunity="goto"/>
- <!--<tab class="glpiAccount" name="Inventory" /> -->
- </termtabs>
-
<servtabs>
<tab class="servgeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
- <tab class="workstartup" name="Startup"/>
<tab class="ServerService" name="Services"/>
- <tab class="faiSummaryTab" name="Deployment summary"/>
- <tab class="gotoLogView" name="Installation logs"/>
- <tab class="terminfo" name="Information" snmpCommunity="goto"/>
<tab class="netgroupSystem" name="NIS Netgroup"/>
- <!-- <tab class="glpiAccount" name="Inventory" /> -->
</servtabs>
<worktabs>
@@ -230,242 +71,152 @@
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
- <tab class="workstartup" name="Startup"/>
- <tab class="workservice" name="Devices"/>
- <tab class="printgeneric" name="Printer"/>
- <tab class="terminfo" name="Information" snmpCommunity="goto"/>
- <tab class="faiSummaryTab" name="Deployment summary"/>
- <tab class="gotoLogView" name="Installation logs"/>
<tab class="netgroupSystem" name="NIS Netgroup"/>
- <!-- <tab class="glpiAccount" name="Inventory" /> -->
</worktabs>
<printtabs>
- <tab class="printgeneric" name="Generic"
- postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
- postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
- <!-- <tab class="glpiPrinterAccount" name="Inventory" /> -->
+ <tab class="printgeneric" name="Generic"/>
</printtabs>
<componenttabs>
- <tab class="componentGeneric" name="Generic"
+ <tab class="componentGeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
<tab class="netgroupSystem" name="NIS Netgroup"/>
- <!-- <tab class="glpiAccount" name="Inventory" /> -->
</componenttabs>
+ <termtabs>
+ <tab class="termgeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
+ <tab class="netgroupSystem" name="NIS Netgroup"/>
+
+ </termtabs>
+
<wintabs>
<tab class="wingeneric" name="Generic"
postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"/>
<tab class="netgroupSystem" name="NIS Netgroup"/>
- <!-- <tab class="glpiAccount" name="Inventory" /> -->
</wintabs>
<serverservice>
- <tab class="goMailServer" />
- <tab class="servkolab" />
<tab class="goNtpServer" />
- <tab class="servrepository" />
- <tab class="goImapServer" />
- <tab class="goKrbServer" />
- <tab class="goFaxServer" />
- <tab class="goFonServer" />
- <tab class="goCupsServer" />
- <tab class="goKioskService" />
- <tab class="goTerminalServer" />
<tab class="goLdapServer" />
- <tab class="goShareServer" />
- <tab class="gospamserver" />
- <tab class="govirusserver" />
<tab class="servdhcp" />
<tab class="servdns" />
<tab class="rSyslogServer" />
</serverservice>
- <!-- Department plugin -->
<deptabs>
<tab class="department" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</deptabs>
<organization_tabs>
<tab class="organization" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</organization_tabs>
<locality_tabs>
<tab class="locality" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</locality_tabs>
<country_tabs>
<tab class="country" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</country_tabs>
<dcobject_tabs>
<tab class="dcObject" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</dcobject_tabs>
<domain_tabs>
<tab class="domain" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</domain_tabs>
- <!-- Role tabs -->
<roletabs>
<tab class="roleGeneric" name="Generic"/>
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</roletabs>
<ogrouptabs>
<tab class="ogroup" name="Generic" />
- <tab class="DynamicLdapGroup" name="Dynamic object" />
</ogrouptabs>
- <!-- Connectivity plugins -->
- <connectivity>
- <tab class='kolabAccount' />
- <tab class="proxyAccount" />
- <tab class="pureftpdAccount" />
- <tab class="webdavAccount" />
- <tab class="phpgwAccount" />
- <tab class="intranetAccount" />
- <tab class="pptpAccount" />
- <tab class="phpscheduleitAccount" />
- <tab class="oxchangeAccount" />
- <tab class="opengwAccount" />
- </connectivity>
-
<ldiftab>
<tab class="ldifexport" name="Export" />
<tab class="xlsexport" name="Excel Export" />
+ <tab class="ldifimport" name="Import" />
+ <tab class="csvimport" name="CSV Import" />
</ldiftab>
- <faipartitiontabs>
- <tab class="faiPartitionTable" name="Partitions" />
- </faipartitiontabs>
-
- <faiscripttabs>
- <tab class="faiScript" name="Scripts" />
- </faiscripttabs>
-
- <faihooktabs>
- <tab class="faiHook" name="Hooks" />
- </faihooktabs>
-
- <faivariabletabs>
- <tab class="faiVariable" name="Variables" />
- </faivariabletabs>
-
- <faitemplatetabs>
- <tab class="faiTemplate" name="Templates" />
- </faitemplatetabs>
-
- <faiprofiletabs>
- <tab class="faiProfile" name="Profiles" />
- <tab class="faiSummaryTab" name="Summary" />
- </faiprofiletabs>
-
- <faipackagetabs>
- <tab class="faiPackage" name="Packages" />
- </faipackagetabs>
-
- <opsitabs>
- <tab class="opsiGeneric" name="Generic" />
- <tab class="opsiSoftware" name="Hardware" />
- <tab class="opsiHardware" name="Software" />
- <tab class="licenseUsageByHost" name="License usage"/>
- </opsitabs>
-
- <opsiprodconfig>
- <tab class="opsiProperties" name="Properties" />
- <tab class="licenseByProduct" name="License usage"/>
- </opsiprodconfig>
-
- <!-- rSyslog plugin -->
<rsyslogtabs>
<tab class="rsyslog" name="System logs" />
</rsyslogtabs>
- <!-- Netgroup dialog -->
<netgrouptabs>
<tab class="netgroup" name="Generic"/>
</netgrouptabs>
- <!-- Main section **********************************************************
-
- The main section defines global settings, which might be overridden by
- each location definition inside.
-
- For more information about the configuration parameters, take a look at
- the gosa.conf(5) manual page.
-
- -->
- <!-- If you broke your setup using the propertyEditor, then set 'ignoreLdapProperties' to true. -->
- <main default="default"
- logging="true"
- listSummary="true"
- displayErrors="false"
- schemaCheck="true"
- copyPaste="true"
- forceGlobals="true"
- forceSSL="true"
- ldapStats="false"
- warnSSL="true"
- primaryGroupFilter="true"
- storeFilterSettings="true"
- sendCompressedOutput="true"
- modificationDetectionAttribute="entryCSN"
- language=""
- theme="default"
- sessionLifetime="7200"
- templateCompileDirectory="/var/spool/gosa"
- debugLevel="0"
- passwordMinLength="5"
- passwordMinDiffer="2"
- passwordHook=""
- sambaHashHook="perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;"">
-
- <!-- Location definition -->
- <location name="Debian Edu"
- passwordDefaultHash="ssha"
- accountPrimaryAttribute="uid"
- userRDN="ou=people"
- groupRDN="ou=group"
- netgroupRDN="ou=netgroup"
- gidNumberBase="1000"
- uidNumberBase="1000"
- disabled_gosaSupportURI="gosa-si-secret at server:20081"
- disabled_gosaSupportTimeout="15"
- loginAttribute="uid"
- timezone="Etc/UTC"
- honourUnitTags="false"
- useSaslForKerberos="false"
- rfc2307bis="false"
- personalTitleInDN="false"
- idGenerator="{%givenName[1-3]}{%sn[1-3]}"
- strictNamingRules="true"
- mailAttribute="mail"
+ <main default="default"
+ ignoreLdapProperties="false"
+ logging="true"
+ listSummary="true"
+ displayErrors="false"
+ schemaCheck="true"
+ copyPaste="true"
+ forceGlobals="true"
+ forceSSL="true"
+ ldapStats="false"
+ warnSSL="true"
+ primaryGroupFilter="true"
+ storeFilterSettings="true"
+ sendCompressedOutput="true"
+ modificationDetectionAttribute="entryCSN"
+ language=""
+ theme="default"
+ sessionLifetime="7200"
+ templateCompileDirectory="/var/spool/gosa"
+ debugLevel="3"
+ passwordMinLength="5"
+ passwordMinDiffer="2"
+ passwordHook=""
+ sambaHashHook="perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;""
+ >
+ <location name="Debian Edu"
+ passwordDefaultHash="ssha"
+ accountPrimaryAttribute="uid"
+ userRDN="ou=people"
+ groupRDN="ou=group"
+ netgroupRDN="ou=netgroup"
+ gidNumberBase="1000"
+ uidNumberBase="1000"
+ loginAttribute="uid"
+ timezone="Etc/UTC"
+ honourUnitTags="false"
+ useSaslForKerberos="false"
+ rfc2307bis="false"
+ personalTitleInDN="false"
+ idGenerator="{%givenName[1-6]}{%sn[1-6]}"
+ strictNamingRules="true"
+ mailAttribute="mail"
gosaSharedPrefix=""
- mailUserCreation=""
- mailFolderCreation=""
- imapTimeout="10"
- ldapTLS="true"
- honourIvbbAttributes="false"
- enableSnapshots="true"
- snapshotBase="ou=snapshots,dc=skole,dc=skolelinux,dc=no"
- snapshotAdminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" snapshotAdminPassword="$GOSAPWD"
- snapshotURI="ldaps://ldap.intern/"
- config="ou=gosa,ou=configs,ou=systems,dc=skole,dc=skolelinux,dc=no">
- <referral URI="ldap://ldap.intern/dc=skole,dc=skolelinux,dc=no"
- adminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" adminPassword="$GOSAPWD"/>
+ mailUserCreation=""
+ mailFolderCreation=""
+ imapTimeout="10"
+ ldapTLS="true"
+ honourIvbbAttributes="false"
+ enableSnapshots="true"
+ snapshotBase="ou=snapshots,dc=skole,dc=skolelinux,dc=no"
+ snapshotAdminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no"
+ snapshotAdminPassword="19e84fab748fe3f663769cc87aece2c3"
+ snapshotURI="ldaps://ldap.intern/"
+ config="ou=gosa,ou=configs,ou=systems,dc=skole,dc=skolelinux,dc=no"
+ >
+ <referral URI="ldap://ldap.intern/dc=skole,dc=skolelinux,dc=no"
+ adminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no"
+ adminPassword="19e84fab748fe3f663769cc87aece2c3"
+ />
</location>
</main>
</conf>
Modified: branches/wheezy/debian-edu-config/ldap-bootstrap/gosa.ldif
===================================================================
--- branches/wheezy/debian-edu-config/ldap-bootstrap/gosa.ldif 2013-04-11 11:43:11 UTC (rev 79607)
+++ branches/wheezy/debian-edu-config/ldap-bootstrap/gosa.ldif 2013-04-15 22:03:10 UTC (rev 79608)
@@ -196,13 +196,13 @@
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:psub::all;cmdrw
-description: unlimited administrative permissions
+description: nearly unlimited administrative permissions
cn: admin-role
dn: cn=jradmin-role,ou=aclroles,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: gosaRole
-gosaAclTemplate: 0:sub::users/user;cmdrw,users/password;rw,users/posixAccount;r,groups/group;cmdr#description;w#memberUid;rw
+gosaAclTemplate: 0:sub::users/user;cmdrw,users/password;rw,users/posixAccount;r,users/sambaAccount;r,groups/group;cmdr#description;w#memberUid;rw
description: limited administrative permissions
cn: jradmin-role
Modified: branches/wheezy/debian-edu-config/ldap-bootstrap/root.ldif
===================================================================
--- branches/wheezy/debian-edu-config/ldap-bootstrap/root.ldif 2013-04-11 11:43:11 UTC (rev 79607)
+++ branches/wheezy/debian-edu-config/ldap-bootstrap/root.ldif 2013-04-15 22:03:10 UTC (rev 79608)
@@ -29,7 +29,7 @@
ou: skole
o: skole.skolelinux.no
labeledURI: http://www/ LDAP for Debian Edu/Skolelinux
-gosaAclEntry: 0:psub:$GOSAADMINSDN64:all;cmdrw
+gosaAclEntry: 0:psub:$GOSAADMINSDN64:all;cmdrw,department/department;cmdrw,department/domain;r,department/organization;r,department/dcObject;r,department/country;r,department/DynamicLdapGroup;r,users/posixAccount;#shadowLastChange;r#gotoLastSystemLogin;r#mustchangepassword;r#shadowMin;r#shadowMax;r#shadowWarning;r#shadowInactive;r#shadowExpire;r#sshPublicKey;r#accessTo;r,users/sambaAccount;#AllowLoginOnTerminalServer;r#InheritClientConfig;r#sambaKickoffTime;r#enforcePasswordChange;r#cannotChangePassword;r#noPasswordRequired;r#passwordNeverExpires;r#temporaryDisabled;r#sambaLogonHours;r#sambaUserWorkstations;r
gosaAclEntry: 1:psub:$TEACHERSDN64:users/user;r
gosaAclEntry: 2:psub:Kg==:users/user;sr#personalTitle;w#academicTitle;w#dateOfBirth;w#gender;w#preferredLanguage;w#userPicture;w#homePostalAddress;w#homePhone;w#labeledURI;w,users/password;srw
gosaAclEntry: 3:role:$ADMINROLEDN64:
More information about the debian-edu-commits
mailing list