index 72868453ef0f6d2e36818f4d12b9bb707737b181..fac7b505394b9c3f2c849ce17159f68fdadfde69 100644 (file)
For every plugin, you can provide at least four additional hooks:
.I postcreate,
-.I postdelete,
+.I postremove,
.I postmodify
and
.I check.
The
.I logging
statement enables event logging on GOsa side. Setting it to
-.I syslog,
-GOsa will log every action a user performs via syslog. Setting it to
-.I mysql,
-GOsa will log every action to a mysql server, defined in the
-GOsa systems plugin. Both values can be combined as a comma seperated
-list.
+.I true,
+GOsa will log every action a user performs via syslog. If you use
+rsyslog and configure it to mysql logging, you can browse all events
+within GOsa.
-GOsa will not log anything, if the logging value is empty.
+GOsa will not log anything, if the logging value is empty or set to
+false.
.PP
.B loginAttribute
.I personalTitleInDN.
.PP
+.B accountRDN
+.I pattern
+.PP
+The
+.I accountRDN
+option tells GOsa to use a placeholder pattern for generating account
+RDNs. A pattern can include attribute names prefaced by a % and normal
+text:
+.nf
+accountRDN="cn=%sn %givenName"
+.fi
+This will generate a RDN consisting of cn=.... filled with surname and
+given name of the edited account. This option disables the use of
+.I accountPrimaryAttribute
+and
+.I personalTitleInDn
+in your config. The latter attributes are maintained for compatibility.
+
+
.B personalTitleInDN
.I bool
.PP
definition below.
.PP
+.B idAllocationMethod
+.I traditional/pool
+.PP
+The
+.I idAllocationMethod
+statement defines how GOsa generates numeric user and group id values. If it is set to
+.I traditional
+GOsa will do create a lock and perform a search for the next free ID. The lock will be
+removed after the procedure completes.
+.I pool
+will use the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe,
+because it does not check for concurrent LDAP access and already used IDs in this range.
+On the other hand it is much faster.
+.PP
+
.B minId
.I integer
.PP
The
.I minId
statement defines the minimum assignable user or group id to avoid security leaks with
-uid 0 accounts.
+uid 0 accounts. This is used for the
+.I traditional
+method
+.PP
+
+.B uidNumberPoolMin/gidNumberPoolMin
+.I integer
+.PP
+The
+.I uidNumberPoolMin/gidNumberPoolMin
+statement defines the minimum assignable user/group id for use with the
+.I pool
+method.
+.PP
+
+.B uidNumberPoolMax/gidNumberPoolMax
+.I integer
+.PP
+The
+.I uidNumberPoolMin/gidNumberPoolMin
+statement defines the highest assignable user/group id for use with the
+.I pool
+method.
.PP
.B nextIdHook
will generate a three digits id with the next free entry appended to
"acct".
+.nf
+ idGenerator="acct{id!1}"
+.fi
+
+ will generate a one digit id with the next free entry appended to
+ "acct" - if needed.
+
.nf
idGenerator="ext{id#3}"
.fi
@@ -999,15 +1061,6 @@ statement defines the base id to add to ordinary sid calculations - if not avail
inside of the LDAP.
.PP
-.B sambaversion
-.I 2/3
-.PP
-The
-.I sambaversion
-statement defines the version of samba you want to write LDAP entries for. Be sure
-to include the correct schema in this case. Valid values are 2 and 3.
-.PP
-
.B sambaHashHook
.I path
.PP
.B Mail options
.PP
.B mailMethod
-.I cyrus/kolab/golab/sendmail
+.I Cyrus/SendmailCyrus/Kolab/Kolab22
.PP
The
.I mailMethod
with a possible mail server. Leave this undefined if your mail method does
not match the predefined ones.
-.I cyrus
+.I Cyrus
maintains accounts and sieve scripts in cyrus servers.
-.I kolab
+.I Kolab/Kolab22
is like cyrus, but lets the kolab daemon maintain the accounts.
-.I golab is like cyrus - just with kolab attributes.
-.I sendmail just disables everything which is IMAP dependent.
+.I SendmailCyrus is based on sendmail LDAP attributes.
.PP
.B cyrusUseSlashes
statement determines if GOsa should use "foo/bar" or "foo.bar" namespaces
in IMAP. Unix style is with slashes.
+.B cyrusDeleteMailbox
+.I bool
+.PP
+The
+.I cyrusDeleteMailbox
+statement determines if GOsa should remove the mailbox from your IMAP
+server or keep it after the account is deleted in LDAP.
+
+.B cyrusAutocreateFolders
+.I string
+.PP
+The
+.I cyrusAutocreateFolders
+statement contains a comma seperated list of personal IMAP folders that
+should be created along initial account creation.
+
.B postfixRestrictionFilters
.I path
.PP
and
.I uid.
+.B imapTimeout
+.I Integer (default 10)
+.PP
+The
+.I imapTimeout
+statement sets the connection timeout for imap actions.
+
+.B mailFolderCreation
+Every mail method has its own way to create mail accounts like
+.I share/development
+or
+.I shared.development@example.com
+which is used to identify the accounts, set quotas or add acls.
+
+To override the methods default account creation syntax, you can set the
+.I mailFolderCreation
+option.
+
+.I Examples
+
+.nf
+ mailFolderCreation="%prefix%%cn%" => "shared.development"
+ mailFolderCreation="my-prefix.%cn%%domain%" => "my-prefix.development@example.com">
+.fi
+
+.I Placeholders
+
+.nf
+ %prefix% The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
+ %cn% The groups/users cn.
+ %uid% The users uid.
+ %mail% The objects mail attribute.
+ %domain% The domain part of the objects mail attribute.
+ %mailpart% The user address part of the mail address.
+ %uattrib% Depends on mailAttribute="uid/mail".
+.fi
+
+
+.B mailUserCreation
+This attribute allows to override the user account creation syntax, see
+the
+.I mailFolderCreation
+description for more details.
+
+.I Examples
+
+.nf
+ mailUserCreation="%prefix%%uid%" => "user.foobar"
+ mailUserCreation=my-prefix.%uid%%domain%" => "my-prefix.foobar@example.com"
+.fi
+
+
.B vacationTemplateDirectory
.I path
.PP
DEBUG_CONFIG = 64
DEBUG_ACL = 128
+
+DEBUG_SI = 256
+
+DEBUG_MAIL = 512
.PP
If you have only one release, or want to define a default release to be shown
by GOsa, define the
-.I defaultFaiRelease
+.I defaultFaiRelease="ou=sarge,ou=fai,ou=configs,ou=syst..."
within the
.I faiManagement
class definition