[debian-edu-commits] debian-edu/ 07/12: Use share/debian-edu-config/gosa.conf.template (Closes: #848347).
Wolfgang Schweer
schweer-guest at moszumanska.debian.org
Fri Feb 9 14:49:13 UTC 2018
This is an automated email from the git hooks/post-receive script.
schweer-guest pushed a commit to branch master
in repository debian-edu-config.
commit 8840c57386af75c42d577624980d5577abbb96d1
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Fri Feb 9 15:36:49 2018 +0100
Use share/debian-edu-config/gosa.conf.template (Closes: #848347).
Ship the gosa.conf template explicitly as such and copy the modified file
at LDAP setup time to /etc/gosa to don't confuse users upon upgrades.
Avoid to show users non-functional GOsa² action buttons.
- gosa.conf.template: Set enableSnapshots="false" and copyPaste="false".
---
share/debian-edu-config/gosa.conf.template | 441 +++++++++++++++++++++++++++++
1 file changed, 441 insertions(+)
diff --git a/share/debian-edu-config/gosa.conf.template b/share/debian-edu-config/gosa.conf.template
new file mode 100644
index 0000000..7ac2cdf
--- /dev/null
+++ b/share/debian-edu-config/gosa.conf.template
@@ -0,0 +1,441 @@
+<?xml version="1.0"?>
+<conf configVersion="Managed-by-Debian-Edu">
+
+ <!-- GOsa menu definition **************************************************
+
+ This tag defines the side and icon menu inside the
+ interface. Defining an entry here is no guarantie to get it shown,
+ though. Only entries with matching ACL's get shown.
+
+ There are two types of entries inside of the menu: section and plugin
+
+ Defining a section:
+
+ Open a <section> tag including a "name" attribute. This will show up in
+ the menu as a new section later on. Own entries are not handled via I18N
+ by default. Close the </section> tag after your plugin definitions.
+
+ Defining a plugin:
+
+ Open a <plugin> tag including a "class" attribute. The "class" should be
+ present inside your GOsa setup - the entry will be ignored if it is not.
+
+ Plugins should have an "acl" entry, that allows GOsa to decide whether
+ a user is allowed to see a plugin or not. The "acl" string matches with
+ an ACL definition done inside of GOsa -> ACLs.
+
+ You can override an icon by specifying the "icon" attribute.
+
+ For more information about possible configuration parameters, please take
+ a look at the gosa.conf(5) manual page.
+ -->
+ <menu>
+
+ <!-- Section to enable administrative services -->
+ <section name="Administration">
+ <plugin acl="department" class="departmentManagement" />
+
+ <!-- This long ACL list is required to exclude the users menu entry when only
+ 'viewFaxEntries' permissions are set -->
+ <plugin acl="users/netatalk,users/environment,users/posixAccount,users/kolabAccount,users/phpscheduleitAccount,users/oxchangeAccount,users/proxyAccount,users/connectivity,users/pureftpdAccount,users/phpgwAccount,users/opengwAccount,users/pptpAccount,users/intranetAccount,users/webdavAccount,users/nagiosAccount,users/sambaAccount,users/groupware,users/mailAccount,users/user,users/scalixAccount,users/password,users/gofaxAccount,users/phoneAccount,users/Groupware"
+ class="userManagement" />
+ <plugin acl="groups" class="groupManagement" />
+ <plugin acl="roles" class="roleManagement" />
+ <plugin acl="acl" class="aclManagement" />
+ <plugin acl="ogroups" class="ogroupManagement" />
+ <plugin acl="sudo" class="sudoManagement" />
+ <plugin acl="netgroup" class="netgroupManagement" />
+ <plugin acl="terminal/termgeneric,workstation/workgeneric,server/servgeneric,phone/phoneGeneric,printer/printgeneric,component/componentGeneric,winworkstation/wingeneric,opsi/opsiGeneric" class="systemManagement" />
+ <!-- Use 'lockDn' for dn
+ 'lockName' for name
+ 'lockType' for branch/freeze -->
+ <plugin acl="fai/faiScript,fai/faiHook,fai/faiTemplate,fai/faiVariable,fai/faiPartitionTable,fai/faiPackage,fai/faiProfile,fai/faiManagement,opsi/opsiProperties" class="faiManagement" />
+ <plugin acl="opsi" class="opsiLicenses"/>
+ <plugin acl="gofaxlist" class="blocklist" />
+ <plugin acl="gofonmacro" class="goFonMacro" />
+ <plugin acl="gofonconference" class="phoneConferenceManagment" />
+ </section>
+
+ <!-- Section to enable addon plugins -->
+ <section name="Addons">
+ <plugin acl="all/all" class="propertyEditor" />
+ <plugin acl="server/rSyslogServer" class="rsyslog" />
+<!-- <plugin acl="mailqueue" class="mailqueue" />-->
+ <plugin acl="users/viewFaxEntries:self,users/viewFaxEntries" class="faxreport" />
+ <plugin acl="users/viewFonEntries:self,users/viewFonEntries" class="fonreport" />
+ <plugin acl="ldapmanager" class="ldif" />
+ <plugin acl="schoolmanager" class="schoolmgr" />
+ <plugin acl="pwreset" class="pwreset"/>
+ </section>
+ </menu>
+
+ <!-- These entries will be rendered on the short-cut menu -->
+ <shortCutMenu>
+ <plugin acl="none" class="welcome" />
+ </shortCutMenu>
+
+ <!-- These entries will be rendered on the path navigator -->
+ <pathMenu>
+ <plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/sambaAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccoun [...]
+ <plugin acl="users/password:self" class="password"
+ postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'"
+ postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'"
+ postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
+ </pathMenu>
+
+
+ <!-- Tab definitions *******************************************************
+
+ Tab definitions define the sub plugins which get included for certain
+ tabbed dialogs. If you change something here, never (!) remove the
+ primary (the first) "tab" tag which is defined. Most tabbed dialogs
+ need a primary plugin.
+
+ "*tab" should be looked for by a defined plugin. This one will take
+ every "tab" defined "class" and will show it inside of a tabbed dialog
+ with the header defined in "name".
+ -->
+
+ <!-- ACL dialog -->
+ <acltab>
+ <tab class="acl" name="ACL" />
+ </acltab>
+
+ <aclroletab>
+ <tab class="aclrole" name="ACL Role" />
+ </aclroletab>
+
+ <!-- User dialog -->
+ <usertabs>
+ <tab class="user" name="Generic" />
+ <tab class="posixAccount" name="POSIX"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-create %uid"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-remove %uid %homeDirectory" />
+ <tab class="sambaAccount" name="Samba" />
+ <tab class="netatalk" name="Netatalk" />
+ <tab class="mailAccount" name="Mail" />
+<!-- <tab class="Groupware" name="Groupware" />-->
+ <tab class="scalixAccount" name="Scalix" />
+ <tab class="connectivity" name="Connectivity" />
+ <tab class="gofaxAccount" name="Fax" />
+ <tab class="phoneAccount" name="Phone" />
+ <tab class="nagiosAccount" name="Nagios" />
+ </usertabs>
+
+ <!-- User dialog -->
+ <MyAccountTabs>
+ <tab class="user" name="Generic" />
+ <tab class="posixAccount" name="POSIX" />
+ </MyAccountTabs>
+
+ <opsiLicenseTabs>
+ <tab class="licensePoolGeneric" name="Generic" />
+ <tab class="licenseUsage" name="Usage" />
+ </opsiLicenseTabs>
+
+ <!-- Group dialog -->
+ <grouptabs>
+ <tab class="group" name="Generic" />
+ <tab class="appgroup" name="Startmenu" />
+ <tab class="mailgroup" name="Mail" />
+<!-- <tab class="GroupwareSharedFolder" name="Groupware" />-->
+ </grouptabs>
+
+ <!-- Sudo dialog -->
+ <sudotabs>
+ <tab class="sudo" name="Generic" />
+ <tab class="sudoOption" name="Options" />
+ </sudotabs>
+
+ <!-- GOfax plugins -->
+ <faxblocktabs>
+ <tab class="blocklistGeneric" name="Generic" />
+ </faxblocktabs>
+
+ <!-- GOfon plugins -->
+ <conferencetabs>
+ <tab class="conference" name="Generic" />
+ </conferencetabs>
+
+ <macrotabs>
+ <tab class="macro" name="Generic" />
+ <tab class="macroParameter" name="Parameter" />
+ </macrotabs>
+
+ <phonetabs>
+ <tab class="phoneGeneric" name="Generic" />
+ </phonetabs>
+
+ <!-- GOto plugins -->
+ <appstabs>
+ <tab class="application" name="Generic" />
+ <tab class="applicationParameters" name="Parameter" />
+ </appstabs>
+
+ <mimetabs>
+ <tab class="mimetype" name="Generic" />
+ </mimetabs>
+
+ <devicetabs>
+ <tab class="deviceGeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ </devicetabs>
+
+ <arpnewdevicetabs>
+ <tab class="ArpNewDevice" name="Generic" />
+ </arpnewdevicetabs>
+
+ <termtabs>
+ <tab class="termgeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ <tab class="netgroupSystem" name="NIS Netgroup" />
+ </termtabs>
+
+ <servtabs>
+ <tab class="servgeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ <tab class="ServerService" name="Services" />
+ <tab class="netgroupSystem" name="NIS Netgroup" />
+ <!-- <tab class="glpiAccount" name="Inventory" /> -->
+ </servtabs>
+
+ <worktabs>
+ <tab class="workgeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ <tab class="netgroupSystem" name="NIS Netgroup" />
+ </worktabs>
+
+ <printtabs>
+ <tab class="printgeneric" name="Generic" />
+ </printtabs>
+
+ <componenttabs>
+ <tab class="componentGeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ <tab class="netgroupSystem" name="NIS Netgroup" />
+ </componenttabs>
+
+ <wintabs>
+ <tab class="wingeneric" name="Generic"
+ postcreate="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postremove="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs"
+ postmodify="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs" />
+ <tab class="netgroupSystem" name="NIS Netgroup" />
+ </wintabs>
+
+ <serverservice>
+ <tab class="goMailServer" />
+ <tab class="servkolab" />
+ <tab class="goNtpServer" />
+ <tab class="servrepository" />
+ <tab class="goImapServer" />
+ <tab class="goKrbServer" />
+ <tab class="goFaxServer" />
+ <tab class="goFonServer" />
+ <tab class="goCupsServer" />
+ <tab class="goKioskService" />
+ <tab class="goTerminalServer" />
+ <tab class="goLdapServer" />
+ <tab class="goShareServer" />
+ <tab class="gospamserver" />
+ <tab class="govirusserver" />
+ <tab class="servdhcp" />
+ <tab class="servdns" />
+ <tab class="rSyslogServer" />
+ </serverservice>
+
+ <!-- Department plugin -->
+ <deptabs>
+ <tab class="department" name="Generic" />
+ </deptabs>
+
+ <organization_tabs>
+ <tab class="organization" name="Generic" />
+ </organization_tabs>
+
+ <locality_tabs>
+ <tab class="locality" name="Generic" />
+ </locality_tabs>
+
+ <country_tabs>
+ <tab class="country" name="Generic" />
+ </country_tabs>
+
+ <dcobject_tabs>
+ <tab class="dcObject" name="Generic" />
+ </dcobject_tabs>
+
+ <domain_tabs>
+ <tab class="domain" name="Generic" />
+ </domain_tabs>
+
+ <!-- Role tabs -->
+ <roletabs>
+ <tab class="roleGeneric" name="Generic" />
+ </roletabs>
+
+ <ogrouptabs>
+ <tab class="ogroup" name="Generic" />
+ </ogrouptabs>
+
+ <!-- Connectivity plugins -->
+ <connectivity>
+ <tab class='kolabAccount' />
+ <tab class="proxyAccount" />
+ <tab class="pureftpdAccount" />
+ <tab class="webdavAccount" />
+ <tab class="phpgwAccount" />
+ <tab class="intranetAccount" />
+ <tab class="pptpAccount" />
+ <tab class="phpscheduleitAccount" />
+ <tab class="oxchangeAccount" />
+ <tab class="opengwAccount" />
+ </connectivity>
+
+ <ldiftab>
+ <tab class="ldifexport" name="Export" />
+ <tab class="xlsexport" name="Excel Export" />
+ <tab class="ldifimport" name="Import" />
+ <tab class="csvimport" name="CSV Import" />
+ </ldiftab>
+
+ <schoolmanagertab>
+ <tab class="schoolmanagerintro" name="Introduction" />
+ <tab class="importteachers" name="Import Teachers" />
+ <tab class="importstudentsandparents" name="Import Students and Parents" />
+ <tab class="importstudentsonly" name="Import Students (only)" />
+ <tab class="archiveaccounts" name="Archive Accounts" />
+ </schoolmanagertab>
+
+ <pwresettab>
+ <tab class="managepws" name="Reset Passwords" />
+ </pwresettab>
+
+ <faipartitiontabs>
+ <tab class="faiPartitionTable" name="Partitions" />
+ </faipartitiontabs>
+
+ <faiscripttabs>
+ <tab class="faiScript" name="Scripts" />
+ </faiscripttabs>
+
+ <faihooktabs>
+ <tab class="faiHook" name="Hooks" />
+ </faihooktabs>
+
+ <faivariabletabs>
+ <tab class="faiVariable" name="Variables" />
+ </faivariabletabs>
+
+ <faitemplatetabs>
+ <tab class="faiTemplate" name="Templates" />
+ </faitemplatetabs>
+
+ <faiprofiletabs>
+ <tab class="faiProfile" name="Profiles" />
+ <tab class="faiSummaryTab" name="Summary" />
+ </faiprofiletabs>
+
+ <faipackagetabs>
+ <tab class="faiPackage" name="Packages" />
+ </faipackagetabs>
+
+ <opsitabs>
+ <tab class="opsiGeneric" name="Generic" />
+ <tab class="opsiSoftware" name="Hardware" />
+ <tab class="opsiHardware" name="Software" />
+ <tab class="licenseUsageByHost" name="License usage" />
+ </opsitabs>
+
+ <opsiprodconfig>
+ <tab class="opsiProperties" name="Properties" />
+ <tab class="licenseByProduct" name="License usage" />
+ </opsiprodconfig>
+
+ <!-- rSyslog plugin -->
+ <rsyslogtabs>
+ <tab class="rsyslog" name="System logs" />
+ </rsyslogtabs>
+
+ <!-- Netgroup dialog -->
+ <netgrouptabs>
+ <tab class="netgroup" name="Generic" />
+ </netgrouptabs>
+
+ <!-- Main section **********************************************************
+
+ The main section defines global settings, which might be overridden by
+ each location definition inside.
+
+ For more information about the configuration parameters, take a look at
+ the gosa.conf(5) manual page.
+
+ -->
+ <!-- If you broke your setup using the propertyEditor, then set 'ignoreLdapProperties' to true. -->
+ <main default="default"
+ logging="true"
+ listSummary="true"
+ displayErrors="false"
+ schemaCheck="true"
+ copyPaste="false"
+ forceGlobals="true"
+ forceSSL="true"
+ ldapStats="false"
+ warnSSL="true"
+ primaryGroupFilter="true"
+ storeFilterSettings="true"
+ sendCompressedOutput="true"
+ modificationDetectionAttribute="entryCSN"
+ language=""
+ theme="default"
+ sessionLifetime="7200"
+ templateCompileDirectory="/var/spool/gosa"
+ debugLevel="0"
+ passwordMinLength="5"
+ passwordMinDiffer="2"
+ passwordHook="">
+
+ <!-- Location definition -->
+ <location name="Debian Edu"
+ passwordDefaultHash="ssha"
+ accountPrimaryAttribute="uid"
+ userRDN="ou=people"
+ groupRDN="ou=group"
+ netgroupRDN="ou=netgroup"
+ gidNumberBase="1000"
+ uidNumberBase="1000"
+ loginAttribute="uid"
+ timezone="Etc/UTC"
+ honourUnitTags="false"
+ useSaslForKerberos="false"
+ rfc2307bis="false"
+ personalTitleInDN="false"
+ idGenerator="{%givenName[1-3]}{%sn[1-3]}"
+ strictNamingRules="true"
+ mailAttribute="mail"
+ gosaSharedPrefix=""
+ mailUserCreation=""
+ mailFolderCreation=""
+ imapTimeout="10"
+ ldapTLS="true"
+ honourIvbbAttributes="false"
+ enableSnapshots="false"
+ snapshotBase="ou=snapshots,dc=skole,dc=skolelinux,dc=no"
+ snapshotAdminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" snapshotAdminPassword="$GOSAPWD"
+ snapshotURI="ldaps://ldap.intern/"
+ config="ou=gosa,ou=configs,ou=systems,dc=skole,dc=skolelinux,dc=no">
+ <referral URI="ldap://ldap.intern/dc=skole,dc=skolelinux,dc=no"
+ adminDn="cn=gosa-admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no" adminPassword="$GOSAPWD" />
+ </location>
+ </main>
+</conf>
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list