[debian-edu-commits] debian-edu/ 07/12: Use share/debian-edu-config/gosa.conf.template (Closes: #848347).

Wolfgang Schweer schweer-guest at moszumanska.debian.org
Fri Feb 9 14:49:13 UTC 2018


This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-config.

commit 8840c57386af75c42d577624980d5577abbb96d1
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Fri Feb 9 15:36:49 2018 +0100

    Use share/debian-edu-config/gosa.conf.template (Closes: #848347).
    
     Ship the gosa.conf template explicitly as such and copy the modified file
     at LDAP setup time to /etc/gosa to don't confuse users upon upgrades.
    
     Avoid to show users non-functional GOsa² action buttons.
     - gosa.conf.template: Set enableSnapshots="false" and copyPaste="false".
---
 share/debian-edu-config/gosa.conf.template | 441 +++++++++++++++++++++++++++++
 1 file changed, 441 insertions(+)

diff --git a/share/debian-edu-config/gosa.conf.template b/share/debian-edu-config/gosa.conf.template
new file mode 100644
index 0000000..7ac2cdf
--- /dev/null
+++ b/share/debian-edu-config/gosa.conf.template
@@ -0,0 +1,441 @@
+<?xml version="1.0"?>
+<conf configVersion="Managed-by-Debian-Edu">
+
+  <!-- GOsa menu definition **************************************************
+
+       This tag defines the side and icon menu inside the
+       interface. Defining an entry here is no guarantie to get it shown,
+       though. Only entries with matching ACL's get shown.
+
+       There are two types of entries inside of the menu: section and plugin
+
+       Defining a section:
+
+       Open a <section> tag including a "name" attribute. This will show up in
+       the menu as a new section later on. Own entries are not handled via I18N
+       by default. Close the </section> tag after your plugin definitions.
+
+       Defining a plugin:
+
+       Open a <plugin> tag including a "class" attribute. The "class" should be
+       present inside your GOsa setup - the entry will be ignored if it is not.
+
+       Plugins should have an "acl" entry, that allows GOsa to decide whether
+       a user is allowed to see a plugin or not. The "acl" string matches with
+       an ACL definition done inside of GOsa -> ACLs.
+
+       You can override an icon by specifying the "icon" attribute.
+
+       For more information about possible configuration parameters, please take
+       a look at the gosa.conf(5) manual page.
+   -->
+  <menu>
+
+    <!-- Section to enable administrative services -->
+    <section name="Administration">
+      <plugin acl="department" class="departmentManagement" />
+
+      <!-- This long ACL list is required to exclude the users menu entry when only 
+            'viewFaxEntries' permissions are set -->
+      <plugin acl="users/netatalk,users/environment,users/posixAccount,users/kolabAccount,users/phpscheduleitAccount,users/oxchangeAccount,users/proxyAccount,users/connectivity,users/pureftpdAccount,users/phpgwAccount,users/opengwAccount,users/pptpAccount,users/intranetAccount,users/webdavAccount,users/nagiosAccount,users/sambaAccount,users/groupware,users/mailAccount,users/user,users/scalixAccount,users/password,users/gofaxAccount,users/phoneAccount,users/Groupware" 
+              class="userManagement" />
+      <plugin acl="groups" class="groupManagement" />
+      <plugin acl="roles" class="roleManagement" />
+      <plugin acl="acl"  class="aclManagement" />
+      <plugin acl="ogroups" class="ogroupManagement" />
+      <plugin acl="sudo" class="sudoManagement" />
+      <plugin acl="netgroup" class="netgroupManagement" />
+      <plugin acl="terminal/termgeneric,workstation/workgeneric,server/servgeneric,phone/phoneGeneric,printer/printgeneric,component/componentGeneric,winworkstation/wingeneric,opsi/opsiGeneric" class="systemManagement" />
+      <!-- Use 'lockDn'      for dn
+               'lockName'    for name
+               'lockType'    for branch/freeze -->
+      <plugin acl="fai/faiScript,fai/faiHook,fai/faiTemplate,fai/faiVariable,fai/faiPartitionTable,fai/faiPackage,fai/faiProfile,fai/faiManagement,opsi/opsiProperties" class="faiManagement" />
+      <plugin acl="opsi" class="opsiLicenses"/>
+      <plugin acl="gofaxlist" class="blocklist" />
+      <plugin acl="gofonmacro" class="goFonMacro" />
+      <plugin acl="gofonconference" class="phoneConferenceManagment" />
+    </section>
+
+    <!-- Section to enable addon plugins -->
+    <section name="Addons">
+      <plugin acl="all/all"  class="propertyEditor" />
+      <plugin acl="server/rSyslogServer" class="rsyslog" />
+<!--      <plugin acl="mailqueue" class="mailqueue" />-->
+      <plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
+      <plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
+      <plugin acl="ldapmanager" class="ldif" />
+      <plugin acl="schoolmanager" class="schoolmgr" />
+      <plugin acl="pwreset" class="pwreset"/>
+    </section>
+  </menu>
+
+  <!-- These entries will be rendered on the short-cut menu -->
+  <shortCutMenu>
+      <plugin acl="none" class="welcome" />
+  </shortCutMenu>
+
+  <!-- These entries will be rendered on the path navigator -->
+  <pathMenu>
+      <plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/sambaAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccoun [...]
+      <plugin acl="users/password:self" class="password"
+              postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'"
+              postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'"
+              postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
+  </pathMenu>
+
+
+  <!-- Tab definitions *******************************************************
+
+       Tab definitions define the sub plugins which get included for certain
+       tabbed dialogs. If you change something here, never (!) remove the
+       primary (the first) "tab" tag which is defined. Most tabbed dialogs
+       need a primary plugin.
+
+       "*tab" should be looked for by a defined plugin. This one will take
+       every "tab" defined "class" and will show it inside of a tabbed dialog
+       with the header defined in "name".
+   -->
+
+  <!-- ACL dialog -->
+  <acltab>
+    <tab class="acl" name="ACL" />
+  </acltab>
+
+  <aclroletab>
+    <tab class="aclrole" name="ACL Role" />
+  </aclroletab>
+
+  <!-- User dialog -->
+  <usertabs>
+     <tab class="user" name="Generic" />
+     <tab class="posixAccount" name="POSIX"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create %uid"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove %uid %homeDirectory" />
+     <tab class="sambaAccount" name="Samba" />
+     <tab class="netatalk" name="Netatalk" />
+     <tab class="mailAccount" name="Mail" />
+<!--     <tab class="Groupware" name="Groupware" />-->
+     <tab class="scalixAccount" name="Scalix" />
+     <tab class="connectivity" name="Connectivity" />
+     <tab class="gofaxAccount" name="Fax" />
+     <tab class="phoneAccount" name="Phone" />
+     <tab class="nagiosAccount" name="Nagios" />
+   </usertabs>
+
+  <!-- User dialog -->
+  <MyAccountTabs>
+     <tab class="user" name="Generic" />
+     <tab class="posixAccount" name="POSIX" />
+   </MyAccountTabs>
+
+  <opsiLicenseTabs>
+    <tab class="licensePoolGeneric" name="Generic" />
+    <tab class="licenseUsage" name="Usage" />
+  </opsiLicenseTabs>
+
+  <!-- Group dialog -->
+  <grouptabs>
+    <tab class="group" name="Generic" />
+    <tab class="appgroup" name="Startmenu" />
+    <tab class="mailgroup" name="Mail" />
+<!--    <tab class="GroupwareSharedFolder" name="Groupware" />-->
+  </grouptabs>
+
+  <!-- Sudo dialog -->
+  <sudotabs>
+    <tab class="sudo" name="Generic" />
+    <tab class="sudoOption" name="Options" />
+  </sudotabs>
+
+  <!-- GOfax plugins -->
+  <faxblocktabs>
+    <tab class="blocklistGeneric" name="Generic" />
+  </faxblocktabs>
+
+  <!-- GOfon plugins -->
+  <conferencetabs>
+    <tab class="conference" name="Generic" />
+  </conferencetabs>
+
+  <macrotabs>
+    <tab class="macro" name="Generic" />
+    <tab class="macroParameter" name="Parameter" />
+  </macrotabs>
+
+  <phonetabs>
+    <tab class="phoneGeneric" name="Generic" />
+  </phonetabs>
+
+  <!-- GOto plugins -->
+  <appstabs>
+    <tab class="application" name="Generic" />
+    <tab class="applicationParameters" name="Parameter" />
+  </appstabs>
+
+  <mimetabs>
+    <tab class="mimetype" name="Generic" />
+  </mimetabs>
+
+  <devicetabs>
+    <tab class="deviceGeneric" name="Generic"
+         postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+         postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+         postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+  </devicetabs>
+
+  <arpnewdevicetabs>
+    <tab class="ArpNewDevice" name="Generic" />
+  </arpnewdevicetabs>
+
+  <termtabs>
+     <tab class="termgeneric" name="Generic"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+     <tab class="netgroupSystem" name="NIS Netgroup" />
+  </termtabs>
+
+  <servtabs>
+     <tab class="servgeneric" name="Generic"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+     <tab class="ServerService" name="Services" />
+     <tab class="netgroupSystem" name="NIS Netgroup" />
+     <!-- <tab class="glpiAccount" name="Inventory" /> -->
+  </servtabs>
+
+  <worktabs>
+     <tab class="workgeneric" name="Generic"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+     <tab class="netgroupSystem" name="NIS Netgroup" />
+  </worktabs>
+
+  <printtabs>
+     <tab class="printgeneric" name="Generic" />
+  </printtabs>
+
+  <componenttabs>
+     <tab class="componentGeneric" name="Generic"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+     <tab class="netgroupSystem" name="NIS Netgroup" />
+  </componenttabs>
+
+  <wintabs>
+     <tab class="wingeneric" name="Generic"
+          postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+          postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+     <tab class="netgroupSystem" name="NIS Netgroup" />
+  </wintabs>
+
+  <serverservice>
+    <tab class="goMailServer" />
+    <tab class="servkolab" />
+    <tab class="goNtpServer" />
+    <tab class="servrepository" />
+    <tab class="goImapServer" />
+    <tab class="goKrbServer" />
+    <tab class="goFaxServer" />
+    <tab class="goFonServer" />
+    <tab class="goCupsServer" />
+    <tab class="goKioskService" />
+    <tab class="goTerminalServer" />
+    <tab class="goLdapServer" />
+    <tab class="goShareServer" />
+    <tab class="gospamserver" />
+    <tab class="govirusserver" />
+    <tab class="servdhcp" />
+    <tab class="servdns" />
+    <tab class="rSyslogServer" />
+  </serverservice>
+
+  <!-- Department plugin -->
+  <deptabs>
+    <tab class="department" name="Generic" />
+  </deptabs>
+
+  <organization_tabs>
+    <tab class="organization" name="Generic" />
+  </organization_tabs>
+
+  <locality_tabs>
+    <tab class="locality" name="Generic" />
+  </locality_tabs>
+
+  <country_tabs>
+    <tab class="country" name="Generic" />
+  </country_tabs>
+
+  <dcobject_tabs>
+    <tab class="dcObject" name="Generic" />
+  </dcobject_tabs>
+
+  <domain_tabs>
+    <tab class="domain" name="Generic" />
+  </domain_tabs>
+
+  <!-- Role tabs -->
+  <roletabs>
+    <tab class="roleGeneric" name="Generic" />
+  </roletabs>
+
+  <ogrouptabs>
+    <tab class="ogroup" name="Generic" />
+  </ogrouptabs>
+
+  <!-- Connectivity plugins -->
+  <connectivity>
+    <tab class='kolabAccount' />
+    <tab class="proxyAccount" />
+    <tab class="pureftpdAccount" />
+    <tab class="webdavAccount" />
+    <tab class="phpgwAccount" />
+    <tab class="intranetAccount" />
+    <tab class="pptpAccount" />
+    <tab class="phpscheduleitAccount" />
+    <tab class="oxchangeAccount" />
+    <tab class="opengwAccount" />
+  </connectivity>
+
+  <ldiftab>
+    <tab class="ldifexport" name="Export" />
+    <tab class="xlsexport" name="Excel Export" />
+    <tab class="ldifimport" name="Import" />
+    <tab class="csvimport" name="CSV Import" />
+  </ldiftab>
+
+  <schoolmanagertab>
+    <tab class="schoolmanagerintro" name="Introduction" />
+    <tab class="importteachers" name="Import Teachers" />
+    <tab class="importstudentsandparents" name="Import Students and Parents" />
+    <tab class="importstudentsonly" name="Import Students (only)" />
+    <tab class="archiveaccounts" name="Archive Accounts" />
+  </schoolmanagertab>
+
+  <pwresettab>
+    <tab class="managepws" name="Reset Passwords" />
+  </pwresettab>
+
+  <faipartitiontabs>
+    <tab class="faiPartitionTable" name="Partitions" />
+  </faipartitiontabs>
+
+  <faiscripttabs>
+    <tab class="faiScript" name="Scripts" />
+  </faiscripttabs>
+
+  <faihooktabs>
+    <tab class="faiHook" name="Hooks" />
+  </faihooktabs>
+
+  <faivariabletabs>
+    <tab class="faiVariable" name="Variables" />
+  </faivariabletabs>
+
+  <faitemplatetabs>
+    <tab class="faiTemplate" name="Templates" />
+  </faitemplatetabs>
+
+  <faiprofiletabs>
+    <tab class="faiProfile" name="Profiles" />
+    <tab class="faiSummaryTab" name="Summary" />
+  </faiprofiletabs>
+
+  <faipackagetabs>
+    <tab class="faiPackage" name="Packages" />
+  </faipackagetabs>
+
+  <opsitabs>
+    <tab class="opsiGeneric" name="Generic" />
+    <tab class="opsiSoftware" name="Hardware" />
+    <tab class="opsiHardware" name="Software" />
+    <tab class="licenseUsageByHost" name="License usage" />
+  </opsitabs>
+
+  <opsiprodconfig>
+    <tab class="opsiProperties" name="Properties" />
+    <tab class="licenseByProduct" name="License usage" />
+  </opsiprodconfig>
+
+  <!-- rSyslog plugin -->
+  <rsyslogtabs>
+      <tab class="rsyslog" name="System logs" />
+  </rsyslogtabs>
+
+  <!-- Netgroup dialog -->
+  <netgrouptabs>
+    <tab class="netgroup" name="Generic" />
+  </netgrouptabs>
+
+  <!-- Main section **********************************************************
+
+       The main section defines global settings, which might be overridden by
+       each location definition inside.
+
+       For more information about the configuration parameters, take a look at
+       the gosa.conf(5) manual page.
+
+  -->
+  <!-- If you broke your setup using the propertyEditor, then set 'ignoreLdapProperties' to true. -->
+  <main default="default"
+    logging="true"
+    listSummary="true"
+    displayErrors="false"
+    schemaCheck="true"
+    copyPaste="false"
+    forceGlobals="true"
+    forceSSL="true"
+    ldapStats="false"
+    warnSSL="true"
+    primaryGroupFilter="true"
+    storeFilterSettings="true"
+    sendCompressedOutput="true"
+    modificationDetectionAttribute="entryCSN"
+    language=""
+    theme="default"
+    sessionLifetime="7200"
+    templateCompileDirectory="/var/spool/gosa"
+    debugLevel="0"
+    passwordMinLength="5"
+    passwordMinDiffer="2"
+    passwordHook="">
+
+    <!-- Location definition -->
+    <location name="Debian Edu"
+        passwordDefaultHash="ssha"
+        accountPrimaryAttribute="uid"
+        userRDN="ou=people"
+        groupRDN="ou=group"
+        netgroupRDN="ou=netgroup"
+        gidNumberBase="1000"
+        uidNumberBase="1000"
+        loginAttribute="uid"
+        timezone="Etc/UTC"
+        honourUnitTags="false"
+        useSaslForKerberos="false"
+        rfc2307bis="false"
+        personalTitleInDN="false"
+        idGenerator="{%givenName[1-3]}{%sn[1-3]}"
+        strictNamingRules="true"
+        mailAttribute="mail"
+        gosaSharedPrefix=""
+        mailUserCreation=""
+        mailFolderCreation=""
+        imapTimeout="10"
+        ldapTLS="true"
+        honourIvbbAttributes="false"
+        enableSnapshots="false"
+        snapshotBase="ou=snapshots,dc=skole,dc=skolelinux,dc=no"
+        snapshotAdminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" snapshotAdminPassword="$GOSAPWD"
+        snapshotURI="ldaps://ldap.intern/"
+        config="ou=gosa,ou=configs,ou=systems,dc=skole,dc=skolelinux,dc=no">
+            <referral URI="ldap://ldap.intern/dc=skole,dc=skolelinux,dc=no"
+                adminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" adminPassword="$GOSAPWD" />
+    </location>
+  </main>
+</conf>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git



More information about the debian-edu-commits mailing list