![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 3a9058b0dfae3934ba9dead7e4aaf1d148fbe78a..61e48653345a096f9c2d87e31dd42a9fc47dd2aa 100644 (file)
<?php
+/*
+ * How to use plugin::plInfo()
+ * ===================
+ *
+ * The function returns a descriptive array of the plugin,
+ * which will then be used by GOsa to populate the plugin, its ACLs,
+ * its properties, its schema requirements aso.
+ *
+ *
+ * The following values can be set:
+ * ================================
+ *
+ * plShortName |-> The name of the plugin in short (e.g. Posix)
+ * | This short-name will be shown for example in the ACL definitions.
+ * |
+ * |
+ * plDescription |-> A descriptive text for the plugin (e.g. User posix account extension)
+ * | This will be shown in the ACL definitions.
+ * |
+ * |
+ * plSelfModify |-> If set to true this plugin allows to set 'self' ACLs.
+ * | For exampe to allow to change the users own password, but not the others.
+ * |
+ * |
+ * plDepends |-> The plugins dependencies to other classes (e.g. sambaAccount requires posixAccount)
+ * |
+ * |
+ * plPriority |-> The priority of the plugin, this influences the ACL listings only.
+ * |
+ * |
+ * plSection |-> The section of this plugin 'administration', 'personal', 'addons'
+ * |
+ * |
+ * plCategory |-> The plugin category this plugins belongs to (e.g. users, groups, departments)
+ * |
+ * |
+ * plRequirements |-> Plugin requirements.
+ * | |
+ * | |-> [activePlugin] The schame checks will only be performed if the given plugin is enabled
+ * | | in the gosa.conf definitions.
+ * | | Defaults to the current class name if empty.
+ * | |
+ * | |-> [ldapSchema] An array of objectClass requirements.
+ * | | Syntax [[objectClass => 'version'], ... ]
+ * | | Version can be emtpy which just checks for the existence of the class.
+ * | |
+ * | |-> [onFailureDisablePlugin] A list of plugins that which will be disabled if the
+ * | requirements couldn't be fillfulled.
+ * |
+ * | ---------------------------------------------
+ * | EXAMPLE:
+ * | ---------------------------------------------
+ * | "plRequirements"=> array(
+ * | 'activePlugin' => 'applicationManagement',
+ * | 'ldapSchema' => array(
+ * | 'gosaObject' => '',
+ * | 'gosaAccount' => '>=2.7',
+ * | 'gosaLockEntry' => '>=2.7',
+ * | 'gosaDepartment' => '>=2.7',
+ * | 'gosaCacheEntry' => '>=2.7',
+ * | 'gosaProperties' => '>=2.7',
+ * | 'gosaConfig' => '>=2.7'
+ * | ),
+ * | 'onFailureDisablePlugin' => array(get_class(), 'someClassName')
+ * | ),
+ * | ---------------------------------------------
+ * |
+ * |
+ * |
+ * plProvidedAcls |-> The ACLs provided by this plugin
+ * |
+ * | ---------------------------------------------
+ * | EXAMPLE:
+ * | ---------------------------------------------
+ * | "plProvidedAcls"=> array(
+ * | 'cn' => _('Name'),
+ * | 'uid' => _('Uid'),
+ * | 'phoneNumber' => _('Phone number')
+ * | ),
+ * | ---------------------------------------------
+ * |
+ * |
+ * |
+ * plProperties |-> Properties used by the plugin.
+ * | Properties which are defined here will be modifyable using the property editor.
+ * | To read properties you can use $config->get_cfg_value(className, propertyName)
+ * |
+ * | ---------------------------------------------
+ * | EXAMPLE:
+ * | ---------------------------------------------
+ * | "plProperties"=> array(
+ * | array(
+ * | "name" => "htaccessAuthentication",
+ * | "type" => "bool",
+ * | "default" => "false",
+ * | "description" => _("A description..."),
+ * | "check" => "gosaProperty::isBool",
+ * | "migrate" => "",
+ * | "group" => "authentification",
+ * | "mandatory" => TRUE
+ * | ),
+ * | ),
+ * | See class_core.inc for a huge amount of examples.
+ */
+
class all extends plugin {
static function plInfo()
{
return (array(
"plShortName" => _("All"),
- "plDescription" => _("All objects in this category"),
+ "plDescription" => _("All objects"),
"plSelfModify" => TRUE,
"plDepends" => array(),
"plPriority" => 0,
"plSection" => array("administration"),
- "plCategory" => array("all" => array("objectClass" => "none", "description" => '* '._("All"))),
+ "plCategory" => array("all" => array("description" => '* '._("All"))),
"plProvidedAcls" => array())
);
}
$list[$method] = $desc;
}
break;
+ case 'theme':
+ $cmd = "cd ../ihtml/themes; find . -name 'img.styles' | sed s/'^[^\/]*\/\([^\/]*\).*'/'\\1'/g";
+ $res = `$cmd` ;
+ $list = array();
+ foreach(preg_split("/\n/",$res) as $entry){
+ if(!empty($entry)){
+ $list[$entry] = $entry;
+ }
+ }
+ break;
case 'accountPrimaryAttribute':
$list = array('uid' => 'uid', 'cn' => 'cn');
break;
break;
case 'timezone':
$tmp = timezone::_get_tz_zones();
- foreach($tmp['TIMEZONES'] as $name => $offset){
+ foreach($tmp['TIMEZONES'] as $tzname => $offset){
if($offset >= 0){
- $list[$name] = $name." ( + ".sprintf("%0.2f",$offset/(60*60))." "._("hours").")";
+ $list[$tzname] = $tzname." ( + ".sprintf("%0.2f",$offset/(60*60))." "._("hours").")";
}else{
$offset = $offset * -1;
- $list[$name] = $name." ( - ".sprintf("%0.2f",($offset/(60*60)))." "._("hours").")";
+ $list[$tzname] = $tzname." ( - ".sprintf("%0.2f",($offset/(60*60)))." "._("hours").")";
}
}
break;
$list = array('mail' => 'mail','uid' => 'uid');
break;
case 'mailMethod':
- $list = mailMethod::get_methods();
+ $tmp = array();
+ if(class_available('mailMethod')){
+ $tmp = mailMethod::get_methods();
+ }
+ $list =array();
+ foreach($tmp as $vName => $vValue){
+ $vName = preg_replace('/^mailMethod/','', $vName);
+ $list[$vName] = $vValue;
+ }
+ $list[''] = _("None");
break;
case 'language':
$tmp = get_languages(TRUE);
"plDepends" => array(),
"plPriority" => 0,
"plSection" => array("administration"),
+
+ "plRequirements"=> array(
+ 'ldapSchema' => array(
+ 'gosaObject' => '>=2.7',
+ 'gosaAccount' => '>=2.7',
+ 'gosaLockEntry' => '>=2.7',
+ 'gosaDepartment' => '>=2.7',
+ 'gosaCacheEntry' => '>=2.7',
+ 'gosaProperties' => '>=2.7',
+ 'gosaConfig' => '>=2.7'
+ ),
+ 'onFailureDisablePlugin' => array(get_class())
+ ),
+
+
+
"plCategory" => array("all"),
"plProperties" => array(
"name" => "htaccessAuthentication",
"type" => "bool",
"default" => "false",
- "description" => _("The 'htaccessAuthentication' variable tells GOsa to use either htaccess authentication or LDAP authentication. This can be used if you want to use i.e. kerberos to authenticate the users."),
+ "description" => _("Enables htaccess instead of LDAP authentication. This can be used to enable other authentication mechanisms like Kerberos for the GOsa login."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "authentification",
"mandatory" => TRUE),
+ array(
+ "name" => "statsDatabaseEnabled",
+ "type" => "bool",
+ "default" => "false",
+ "description" => _("Enables the usage statistics module."),
+ "check" => "gosaProperty::isBool",
+ "migrate" => "",
+ "group" => "core",
+ "mandatory" => TRUE),
+
+ array(
+ "name" => "statsDatabaseDirectory",
+ "type" => "path",
+ "default" => "/var/spool/gosa/stats",
+ "description" => _("Database file to be used by the usage statistics module."),
+ "check" => "gosaProperty::isWriteablePath",
+ "migrate" => "",
+ "group" => "core",
+ "mandatory" => TRUE),
+
array(
"name" => "logging",
"type" => "bool",
"default" => "true",
- "description" => _("The 'logging' statement enables event logging on GOsa side. Setting it to 'true' GOsa will log every action a user performs via syslog. If you use rsyslog and configure it to mysql logging, you can browse all events within GOsa. GOsa will not log anything, if the logging value is empty or set to 'false'."),
+ "description" => _("Enables event logging in GOsa. Setting it to 'On' make GOsa log every action a user performs via syslog. If you use this in combination with rsyslog and configure it to MySQL logging, you can browse all events in GOsa."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"name" => "listSummary",
"type" => "bool",
"default" => "true",
- "description" => _("The 'listSummary' statement determines whether a status bar will be shown on the bottom of GOsa generated lists, displaying a short summary of type and number of elements in the list."),
+ "description" => _("Enables a status bar on the bottom of lists displaying a summary of type and number of elements in the list."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "visual",
"name" => "passwordMinLength",
"type" => "integer",
"default" => "",
- "description" => _("The 'passwordMinLength' statement determines whether a newly entered password has to be of a minimum length."),
+ "description" => _("Specify the minimum length for newly entered passwords."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "password",
"name" => "passwordMinDiffer",
"type" => "integer",
"default" => "",
- "description" => _("The 'passwordMinDiffer' statement determines whether a newly entered password has to be checked to have at least n different characters."),
+ "description" => _("Specify the minimum number of characters that have to differ between old and newly entered passwords."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "password",
"mandatory" => FALSE),
array(
- "name" => "passwordHook",
+ "name" => "passwordProposalHook",
"type" => "command",
"default" => "",
- "description" =>
- _("The 'passwordHook' can specify an external script to handle password settings at some other location besides the LDAP.")." ".sprintf(_("It will be called this way: %s"),"/path/to/your/script \"username\" \"oldpassword\" \"newpassword\""),
- "check" => "gosaProperty::isCommand",
+ "description" => _("Command to generate password proposals. If a command has been specified, the user can decide whether to use an automatic password or a manually specified one.")." "._("Example").": /usr/bin/apg -n1",
+ "check" => "gosaProperty::isCommand",
"migrate" => "",
"group" => "password",
"mandatory" => FALSE),
"name" => "displayErrors",
"type" => "bool",
"default" => "false",
- "description" => "The 'displayErrors' statement tells GOsa to show PHP errors in the upper part of the screen. This should be disabled in productive deployments, because there might be some important passwords arround.",
+ "description" => _("Enable display of PHP errors on the top of the page. Disable this feature in production environments to avoid the exposure of sensitive data.")." ".sprintf(_("Related option").": developmentMode"),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "debug",
"mandatory" => TRUE),
+ array(
+ "name" => "developmentMode",
+ "type" => "bool",
+ "default" => "false",
+ "description" => _("Show messages that may assist plugin development. Be aware that this option may produce some ACL related false error messages!"),
+ "check" => "gosaProperty::isBool",
+ "migrate" => "",
+ "group" => "debug",
+ "mandatory" => TRUE),
+
+
array(
"name" => "schemaCheck",
"type" => "bool",
"default" => "true",
- "description" => "The 'schemaCheck' statement enables or disables schema checking during login. It is recommended to switch this on in order to let GOsa handle object creation more efficient.",
+ "description" => _("Enable LDAP schema verification during login. The recommended setting is 'On' because it enables efficient methods to create missing subtrees in the LDAP."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "debug",
"name" => "copyPaste",
"type" => "bool",
"default" => "false",
- "description" => "The 'copyPaste' statement enables copy and paste for LDAP entries managed with GOsa.",
+ "description" => _("Enable copy and paste for most objects managed by GOsa."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "copyPaste",
array(
"name" => "forceGlobals",
- "type" => "bool",
+ "type" => "noLdap",
"default" => "false",
- "description" => "The 'forceGlobals' statement enables PHP security checks to force register_global settings to be switched off.",
+ "description" => _("Enable PHP security checks for disabled register_global settings."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "security",
array(
"name" => "forceSSL",
- "type" => "bool",
+ "type" => "noLdap",
"default" => "false",
- "description" => "The 'forceSSL' statement enables PHP security checks to force encrypted access to the web interface. GOsa will try to redirect to the same URL - just with https://",
+ "description" => _("Enable automatic redirection to HTTPS based administration."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "security",
"name" => "ldapStats",
"type" => "bool",
"default" => "false",
- "description" => _("Logs information about triggered ldap operations, duration, filter, aso. into syslog."),
+ "description" => _("Enable logging of detailed information of LDAP operations."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "debug",
"name" => "ldapFollowReferrals",
"type" => "bool",
"default" => "false",
- "description" => _("The 'ldapFollowReferrals' statement tells GOsa to follow LDAP referrals."),
+ "description" => _("Enable LDAP referral chasing."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "ldap",
"mandatory" => TRUE),
+ array(
+ "name" => "ldapFilterNestingLimit",
+ "type" => "integer",
+ "default" => 200,
+ "description" => _("Specify LDAP element filter limit. If the limit is not 0, GOsa speeds up group queries by putting several queries into a single query. This is known to produce problems on some LDAP servers (i.e. Sun DS) and needs to be lowered or disabled."),
+ "check" => "gosaProperty::isInteger",
+ "migrate" => "",
+ "group" => "ldap",
+ "mandatory" => TRUE),
+
array(
"name" => "ldapSizelimit",
"type" => "integer",
"default" => 200,
- "description" => _("The ldapSizelimit statement tells GOsa to retrieve the specified maximum number of results. The user will get a warning, that not all entries were shown."),
+ "description" => _("Specify the maximum number of entries GOsa will request from an LDAP server. A warning is displayed if this limit is exceeded."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "core",
"name" => "ldapSizeIgnore",
"type" => "bool",
"default" => "false",
- "description" => _("Disables sizelimit checks, only the configured amount of results will be shown!"),
+ "description" => _("Disable checks for LDAP size limits."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
array(
"name" => "warnSSL",
- "type" => "bool",
+ "type" => "noLdap",
"default" => "true",
- "description" => "The 'warnSSL' statement enables PHP security checks to detect non encrypted access to the web interface. GOsa will display a warning in this case.",
+ "description" => _("Enable warnings for non encrypted connections."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "security",
array(
"name" => "ppdGzip",
"type" => "bool",
- "default" => true,
- "description" => "The 'ppdGzip' variable enables PPD file compression.",
+ "default" => "true",
+ "description" => _("Enable compression for PPD files."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "ppd",
"name" => "ignoreAcl",
"type" => "dn",
"default" => "",
- "description" => "The 'ignoreAcl' value tells GOsa to ignore complete ACL sets for the given DN. Add your DN here and you'll be able to restore accidently dropped ACLs.",
+ "description" => _("DN of user with ACL checks disabled. This should only be used to restore lost administrative ACLs."),
"check" => "gosaProperty::isDN",
"migrate" => "",
"group" => "debug",
"name" => "ppdPath",
"type" => "path",
"default" => "/var/spool/ppd",
- "description" => "The 'ppdPath' variable defines where to store PPD files for the GOto environment plugins.",
+ "description" => _("Storage path for PPD files."),
"check" => "gosaProperty::isPath",
"migrate" => "",
"group" => "ppd",
"name" => "ldapMaxQueryTime",
"type" => "integer",
"default" => "",
- "description" => "The 'ldapMaxQueryTime' statement tells GOsa to stop LDAP actions if there is no answer within the specified number of seconds.",
+ "description" => _("Number of seconds a LDAP query is allowed to take until GOsa aborts the request."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "debug",
"name" => "storeFilterSettings",
"type" => "bool",
"default" => "true",
- "description" => "The 'storeFilterSettings' statement determines whether GOsa should store filter and plugin settings inside of a cookie.",
+ "description" => _("Enables storing of user filters in browser cookies."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
"name" => "sendCompressedOutput",
"type" => "bool",
"default" => "true",
- "description" => "The 'sendCompressedOutput' statement determines whether PHP should send compressed HTML pages to browsers or not. This may increase or decrease the performance, depending on your network.",
+ "description" => _("Enables sending of compressed web page content."),
+ "check" => "gosaProperty::isBool",
+ "migrate" => "",
+ "group" => "core",
+ "mandatory" => FALSE),
+
+ array(
+ "name" => "allowUidProposalModification",
+ "type" => "bool",
+ "default" => "false",
+ "description" => _("Allows to modify uid-proposals when creating a new user from a user-template."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
"type" => "switch",
"default" => "entryCSN",
"defaults" => "core::getPropertyValues",
- "description" => "The 'modificationDetectionAttribute' statement enables GOsa to check if a entry currently being edited has been modified from someone else outside GOsa in the meantime. It will display an informative dialog then. It can be set to 'entryCSN' for OpenLDAP based systems or 'contextCSN' for Sun DS based systems.",
+ "description" => _("LDAP attribute which is used to detect changes."),
"check" => "",
"migrate" => "",
"group" => "core",
"type" => "switch",
"default" => "",
"defaults" => "core::getPropertyValues",
- "description" => "The 'language' statement defines the default language used by GOsa. Normally GOsa autodetects the language from the browser settings. If this is not working or you want to force the language, just add the language code (i.e. de for german) here.",
+ "description" => _("ISO language code which is used to override the automatic language detection."),
"check" => "",
"migrate" => "",
"group" => "core",
array(
"name" => "theme",
- "type" => "string",
+ "type" => "switch",
"default" => "default",
"defaults" => "core::getPropertyValues",
- "description" => "The 'theme' statement defines what theme is used to display GOsa pages. You can install some corporate identity like theme and/or modify certain templates to fit your needs within themes. Take a look at the GOsa FAQ for more information.",
+ "description" => _("CSS and template theme to be used."),
"check" => "",
"migrate" => "",
"group" => "visual",
- "mandatory" => FALSE),
+ "mandatory" => TRUE),
array(
"name" => "sessionLifetime",
"type" => "integer",
- "default" => 7200,
- "description" => "The 'sessionLifetime' value defines when a session will expire in seconds. For Debian systems, this will not work because the sessions will be removed by a cron job instead. Please modify the value inside of your php.ini instead.",
+ "default" => 600,
+ "description" => _("Number of seconds after an inactive session expires. This may be overridden by some systems php.ini/crontab mechanism."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "security",
"name" => "templateCompileDirectory",
"type" => "path",
"default" => "/var/spool/gosa",
- "description" => "The 'templateCompileDirectory' statements defines the path, where the PHP templating engins 'smarty' should store its compiled GOsa templates for improved speed. This path needs to be writeable by the user your webserver is running with.",
+ "description" => _("Template engine compile directory."),
"check" => "gosaProperty::isWriteablePath",
"migrate" => "",
"group" => "core",
"name" => "debugLevel",
"type" => "integer",
"default" => 0,
- "description" => sprintf(_("The 'debugLevel' value tells GOsa to display certain information on each page load. Value is an AND combination of the following byte values: %s"),
+ "description" => sprintf(_("Logical AND of the integer values below that controls the debug output on every page load: %s"),
"
+
DEBUG_TRACE = 1
DEBUG_LDAP = 2
DEBUG_MYSQL = 4
array(
"name" => "sambaHashHook",
"type" => "command",
- "default" => "perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen \\\$ARGV[0]), $/;\"",
- "description" => sprintf(_("The 'sambaHashHook' statement contains an executable to generate samba hash values. This is required for password synchronization, but not required if you apply gosa-si services. If you don't have mkntpasswd from the samba distribution installed, you can use perl to generate the hash: %s"),"perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen \\\$ARGV[0]), $/;\""),
+ "default" => "perl -MCrypt::SmbHash -e \"print join(q[:], ntlmgen %password), $/;\"",
+ "description" => _("Command to create Samba NT/LM hashes. Required for password synchronization if you don't use supplementary services."),
"check" => "gosaProperty::isCommand",
"migrate" => "",
"group" => "samba",
"type" => "switch",
"default" => "crypt/md5",
"defaults" => "core::getPropertyValues",
- "description" => "The 'passwordDefaultHash' statement defines the default password hash to choose for new accounts.",
+ "description" => _("Default hash to be used for newly created user passwords."),
"check" => "",
"migrate" => "",
"group" => "password",
array(
"name" => "strictPasswordRules",
"type" => "bool",
- "default" => TRUE,
- "description" => _("The 'strictPasswordRules' tells GOsa to check for UTF-8 characters in the supplied password. These Characters can lead to non working authentications if UTF-8 and none UTF-8 systems locales get mixed. The default is 'true'."),
+ "default" => "true",
+ "description" => _("Enable checking for the presence of problematic unicode characters in passwords."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "password",
"type" => "switch",
"default" => "cn",
"defaults" => "core::getPropertyValues",
- "description" => "The 'accountPrimaryAttribute' option tells GOsa how to create new accounts. Possible values are 'uid' and 'cn'. In the first case GOsa creates uid style DN entries: 'uid=superuser,ou=staff,dc=example,dc=net'. In the second case, GOsa creates cn style DN entries: 'cn=Foo Bar,ou=staff,dc=example,dc=net'. If you choose \"cn\" to be your 'accountPrimaryAttribute' you can decide whether to include the personal title in your dn by selecting 'personalTitleInDN'.",
+ "description" => _("Specify whether 'cn' or 'uid' style user DNs are generated. For more sophisticated control use the 'accountRDN' setting."),
"check" => "",
"migrate" => "",
"group" => "security",
array(
"name" => "userRDN",
"type" => "rdn",
- "default" => "ou=people",
- "description" => "The 'userRDN' statement defines the location where new accounts will be created inside of defined departments. The default is 'ou=people'.",
+ "default" => "ou=people,",
+ "description" => _("Location component for user storage inside of departments."),
"check" => "gosaProperty::isRdn",
- "migrate" => "",
+ "migrate" => "migrate_userRDN",
"group" => "user",
"mandatory" => FALSE),
array(
"name" => "groupRDN",
"type" => "rdn",
- "default" => "ou=groups",
- "description" => "The 'groupsRDN' statement defines the location where new groups will be created inside of defined departments. The default is 'ou=groups'.",
+ "default" => "ou=groups,",
+ "description" => _("Location component for group storage inside of departments."),
"check" => "gosaProperty::isRdn",
- "migrate" => "",
+ "migrate" => "migrate_groupRDN",
"group" => "group",
"mandatory" => FALSE),
"name" => "gidNumberBase",
"type" => "integer",
"default" => "1000",
- "description" => "The 'gidNumberBase' statement defines where to start looking for a new free group id. This should be synced with your 'adduser.conf' to avoid overlapping gidNumber values between local and LDAP based lookups. The gidNumberBase can even be dynamic. Take a look at the 'nextIdHook' definition.",
+ "description" => _("Count base for group IDs. For dynamic ID assignment use the 'nextIdHook' setting."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
"mandatory" => TRUE),
+
+ array(
+ "name" => "baseIdHook",
+ "type" => "command",
+ "default" => "",
+ "description" => _("Count base for user IDs. For dynamic ID assignment use the 'nextIdHook' setting."),
+ "check" => "gosaProperty::isCommand",
+ "migrate" => "",
+ "group" => "id",
+ "mandatory" => FALSE),
+
array(
"name" => "gidNumberPoolMin",
"type" => "integer",
"default" => 10000,
- "description" => "The 'uidNumberPoolMin/gidNumberPoolMin' statement defines the lowest assignable user/group id for use with the 'idAllocationMethod = pool'.",
+ "description" => _("Lowest assignable group ID for use with the idAllocationMethod set to 'pool'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
array(
"name" => "gidNumberPoolMax",
"type" => "integer",
"default" => 40000,
- "description" => "The 'uidNumberPoolMax/gidNumberPoolMax' statement defines the highest assignable user/group id for use with the 'idAllocationMethod = pool'.",
+ "description" => _("Highest assignable group ID for use with the idAllocationMethod set to 'pool'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
array(
"name" => "uidNumberPoolMin",
"type" => "integer",
"default" => 10000,
- "description" => "The 'uidNumberPoolMin/gidNumberPoolMin' statement defines the lowest assignable user/group id for use with the 'idAllocationMethod = pool'.",
+ "description" => _("Lowest assignable user ID for use with the idAllocationMethod set to 'pool'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
array(
"name" => "uidNumberPoolMax",
"type" => "integer",
"default" => 40000,
- "description" => "The 'uidNumberPoolMax/gidNumberPoolMax' statement defines the highest assignable user/group id for use with the 'idAllocationMethod = pool'.",
+ "description" => _("Highest assignable user ID for use with the idAllocationMethod set to 'pool'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
array(
"name" => "uidNumberBase",
"type" => "integer",
"default" => "1000",
- "description" => "The 'uidNumberBase' statement defines where to start looking for a new free user id. This should be synced with your 'adduser.conf' to avoid overlapping uidNumber values between local and LDAP based lookups. The uidNumberBase can even be dynamic. Take a look at the 'baseIdHook' definition.",
+ "description" => _("Count base for user IDs. For dynamic ID assignment use the 'baseIdHook' setting."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
+
+ array(
+ "name" => "gosaRpcServer",
+ "type" => "string",
+ "default" => "",
+ "description" => _("Connection URL for use with the gosa-ng service."),
+ "check" => "jsonRPC::testConnectionProperties",
+ "migrate" => "",
+ "group" => "rpc",
+ "mandatory" => FALSE),
+
+ array(
+ "name" => "gosaRpcUser",
+ "type" => "string",
+ "default" => "admin",
+ "description" => _("User name used to connect to the 'gosaRpcServer'."),
+ "check" => "",
+ "migrate" => "",
+ "group" => "rpc",
+ "mandatory" => FALSE),
+
+ array(
+ "name" => "gosaRpcPassword",
+ "type" => "string",
+ "default" => "tester",
+ "description" => _("Password used to connect to the 'gosaRpcServer'."),
+ "check" => "",
+ "migrate" => "",
+ "group" => "rpc",
+ "mandatory" => FALSE),
array(
"name" => "gosaSupportURI",
"type" => "string",
"default" => "",
- "description" => "The 'gosaSupportURI' defines the major gosa-si server host and the password for GOsa to connect to it. It can be used if you want to use i.e. kerberos to authenticate the users. The format is: credentials@host:port",
+ "description" => _("Connection URI for use with the gosa-si service (obsolete)."),
"check" => "",
"migrate" => "",
"group" => "gosa-si",
"name" => "gosaSupportTimeout",
"type" => "integer",
"default" => 15,
- "description" => "The 'gosaSupportTimeout' sets a connection timeout for all gosa-si actions. See 'gosaSupportURI' for details.",
+ "description" => _("Number of seconds after a gosa-si connection is considered 'dead'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "gosa-si",
"type" => "switch",
"default" => "uid",
"defaults" => "core::getPropertyValues",
- "description" => "The 'loginAttribute' statement tells GOsa which LDAP attribute is used as the login name during login. It can be set to 'uid', 'mail' or 'both'",
+ "description" => _("User attribute which is used for log in."),
"check" => "",
"migrate" => "",
"group" => "security",
"type" => "switch",
"default" => "",
"defaults" => "core::getPropertyValues",
- "description" => "The 'timezone' statements defines the timezone used inside of GOsa to handle date related tasks, such as password expiery, vacation messages, etc. The 'timezone' value should be a unix conform timezone value like in /etc/timezone.",
+ "description" => _("Local time zone."),
"check" => "",
"migrate" => "",
"group" => "core",
- "mandatory" => TRUE),
+ "mandatory" => FALSE),
array(
"name" => "honourUnitTags",
"type" => "bool",
"default" => "false",
- "description" => "The 'honourUnitTags' statement enables checking of 'unitTag' attributes when using administrative units. If this is set to 'true' GOsa can only see objects inside the administrative unit a user is logged into.",
+ "description" => _("Enable tagging of administrative units. This can be used in conjunction with ACLs (obsolete)."),
"check" => "",
- "migrate" => "gosaProperty::isBool",
+ "migrate" => "",
"group" => "core",
"mandatory" => FALSE),
array(
"name" => "useSaslForKerberos",
"type" => "bool",
- "default" => "false",
- "description" => "The 'useSaslForKerberos' statement defines the way the kerberos realm is stored in the #userPassword' attribute. Set it to 'true' in order to get {sasl}user@REALM.NET, or to 'false' to get {kerberos}user@REALM.NET. The latter is outdated, but may be needed from time to time.",
+ "default" => "true",
+ "description" => _("Enable the use of {sasl} instead of {kerberos} for user realms."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "password",
"name" => "rfc2307bis",
"type" => "bool",
"default" => "false",
- "description" => "The 'rfc2307bis' statement enables rfc2307bis style groups in GOsa. You can use 'member' attributes instead of memberUid in this case. To make it work on unix systems, you've to adjust your NSS configuration to use rfc2307bis style groups, too",
+ "description" => _("Enable RFC 2307bis style groups. This combines the use of 'member' and 'memberUid' attributes."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
"name" => "personalTitleInDN",
"type" => "bool",
"default" => "false",
- "description" => "The 'personalTitleInDN' option tells GOsa to include the personal title in user DNs when #accountPrimaryAttribute' is set to \"cn\".",
+ "description" => _("Adjusts the user DN generation to include the users personal title (only in conjunction with accountPrimaryAttribute)."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "storage location",
"name" => "nextIdHook",
"type" => "command",
"default" => "",
- "description" => "The 'nextIdHook' statement defines a script to be called for finding the next free id for users or groups externaly. It gets called with the current entry \"dn\" and the attribute to be ID'd. It should return an integer value.",
+ "description" => _("Script to be called for finding the next free id for groups or users."),
"check" => "gosaProperty::isCommand",
"migrate" => "",
"group" => "id",
"mandatory" => FALSE),
-
- array(
- "name" => "sambaMachineAccountRDN",
- "type" => "rdn",
- "default" => "ou=winstations",
- "description" => "This statement defines the location where GOsa looks for new samba workstations.",
- "check" => "gosaProperty::isRdn",
- "migrate" => "",
- "group" => "samba",
- "mandatory" => FALSE),
-
array(
"name" => "idGenerator",
"type" => "string",
"default" => "{%sn}-{%givenName[2-4]}",
- "description" => "The 'idGenerator' statement describes an automatic way to generate new user ids. There are two basic functions supported - which can be combined:
-
- a) using attributes
-
- You can specify LDAP attributes (currently only sn and givenName) in
- braces {} and add a percent sign befor it. Optionally you can strip it
- down to a number of characters, specified in []. I.e.
-
- idGenerator=\"{%sn}-{%givenName[2-4]}\"
-
- will generate an ID using the full surename, adding a dash, and adding at
- least the first two characters of givenName. If this ID is used, it'll
- use up to four characters. If no automatic generation is possible, a
- input box is shown.
-
- b) using automatic id's
-
- I.e. specifying
-
- idGenerator=\"acct{id:3}\"
-
- will generate a three digits id with the next free entry appended to \"acct\".
-
- idGenerator=\"acct{id!1}\"
-
- will generate a one digit id with the next free entry appended to \"acct\" - if needed.
-
- idGenerator=\"ext{id#3}\"
-
- will generate a three digits random number appended to \"ext\".
-",
+ "description" => _("Descriptive string for the automatic ID generator. Please read the FAQ file for more information."),
"check" => "",
"migrate" => "",
"group" => "core",
"name" => "strictNamingRules",
"type" => "bool",
"default" => "true",
- "description" => "",
+ "description" => _("Enable strict checking for user IDs and group names."),
"check" => "gosaProperty::isBool",
- "migrate" => "The 'strictNamingRules' statement enables strict checking of uids and group names. If you need characters like . or - inside of your accounts, set this to 'false'",
+ "migrate" => "",
"group" => "core",
"mandatory" => FALSE),
"name" => "minId",
"type" => "integer",
"default" => 40,
- "description" => "The 'minId' statement defines the minimum assignable user or group id to avoid security leaks with uid 0 accounts. This is used for the 'traditional' method.",
+ "description" => _("Lowest assignable user or group ID. Only active if idAllocationMethod is set to 'traditional'."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "id",
"type" => "switch",
"default" => "mail",
"defaults" => "core::getPropertyValues",
- "description" => "The 'mailAttribute' statement determines which attribute GOsa will use to create accounts. Valid values are 'mail' and 'uid'.",
+ "description" => _("Attribute to be used for primary mail addresses."),
"check" => "",
"migrate" => "",
"group" => "mail",
"name" => "gosaSharedPrefix",
"type" => "string",
"default" => "",
- "description" => "This attribute allows to override the prefix used to create shared folders.",
+ "description" => _("Namespace used for shared folders."),
"check" => "",
"migrate" => "",
"group" => "mail",
"name" => "mailUserCreation",
"type" => "string",
"default" => "",
- "description" => "This attribute allows to override the user account creation syntax, see the 'mailFolderCreation' description for more details.
-
-Examples
- mailUserCreation=\"%prefix%%uid%\" => \"user.foobar\"
- mailUserCreation=\"my-prefix.%uid%%domain%\" => \"my-prefix.foobar@example.com\"
-",
+ "description" => _("Namespace rule to create user folders. Please read the FAQ file for more information."),
"check" => "",
"migrate" => "",
"group" => "mail",
"name" => "mailFolderCreation",
"type" => "string",
"default" => "",
- "description" => "Every mail method has its own way to create mail accounts like 'share/development' or 'shared.development@example.com' which is used to identify the accounts, set quotas or add acls.
-
-To override the methods default account creation syntax, you can set the 'mailFolderCreation' option.
-
-Examples
-
- mailFolderCreation=\"%prefix%%cn%\" => \"shared.development\"
- mailFolderCreation=\"my-prefix.%cn%%domain%\" => \"my-prefix.development@example.com\"
-
- %prefix% The methods default prefix. (Depends on cyrusUseSlashes=FALSE/TRUE)
- %cn% The groups/users cn.
- %uid% The users uid.
- %mail% The objects mail attribute.
- %domain% The domain part of the objects mail attribute.
- %mailpart% The user address part of the mail address.
- %uattrib% Depends on mailAttribute=\"uid/mail\".
-",
+ "description" => _("Namespace rule to create folders. Please read the FAQ file for more information."),
"check" => "",
"migrate" => "",
"group" => "mail",
"name" => "imapTimeout",
"type" => "integer",
"default" => 10,
- "description" => "The 'imapTimeout' statement sets the connection timeout for imap actions.",
+ "description" => _("Seconds after an IMAP connection is considered dead."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "mail",
"type" => "switch",
"default" => "",
"defaults" => "core::getPropertyValues",
- "description" => "The 'mailMethod' statement tells GOsa which mail method the setup should use to communicate with a possible mail server. Leave this undefined if your mail method does not match the predefined ones.",
+ "description" => _("Class name of the mail method to be used."),
"check" => "",
"migrate" => "",
"group" => "mail",
"name" => "cyrusUseSlashes",
"type" => "bool",
"default" => "true",
- "description" => "The 'cyrusUseSlashes' statement determines if GOsa should use \"foo/bar\" or \"foo.bar\" namespaces in IMAP. Unix style is with slashes.",
+ "description" => _("Enable slashes instead of dots as a name space separator for Cyrus IMAP."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "mail",
"name" => "vacationTemplateDirectory",
"type" => "path",
"default" => "/etc/gosa/vacation",
- "description" => "The 'vacationTemplateDirectory' statement sets the path where GOsa will look for vacation message templates. Default is /etc/gosa/vacation.
-
-Example template /etc/gosa/vacation/business.txt:
-
- DESC:Away from desk
- Hi, I'm currently away from my desk. You can contact me on
- my cell phone via %mobile.
-
- Greetings,
- %givenName %sn
-
-",
+ "description" => _("Directory to store vacation templates. Please read the FAQ file for more information."),
"check" => "gosaProperty::isWriteablePath",
"migrate" => "",
"group" => "mail",
"name" => "ldapTLS",
"type" => "bool",
"default" => "false",
- "description" => "The 'ldapTLS' statement enables or disables TLS operating on LDAP connections.",
+ "description" => _("Enable TLS for LDAP connections."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "security",
"name" => "honourIvbbAttributes",
"type" => "bool",
"default" => "false",
- "description" => "The 'honourIvbbAttributes' statement enables the IVBB mode inside of GOsa. You need the ivbb.schema file from used by german authorities.",
+ "description" => _("Enable IVBB used by german authorities."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
"name" => "sambaIdMapping",
"type" => "bool",
"default" => "false",
- "description" => "The 'sambaIdMapping' statement tells GOsa to maintain sambaIdmapEntry objects. Depending on your setup this can drastically improve the windows login performance.",
+ "description" => _("Maintain sambaIdmapEntry objects to improve performance on some Samba versions."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "samba",
"name" => "handleExpiredAccounts",
"type" => "bool",
"default" => "true",
- "description" => "The 'handleExpiredAccounts' statement enables shadow attribute tests during the login to the GOsa web interface and forces password renewal or account lockout.",
+ "description" => _("Enable checks to determine whether an account is expired or not."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "core",
"name" => "sambaSID",
"type" => "string",
"default" => "",
- "description" => "The 'sambaSID' statement defines a samba SID if not available inside of the LDAP. You can retrieve the current sid by net getlocalsid.",
+ "description" => _("String containing the SID for Samba setups without the Domain object in LDAP."),
"check" => "",
"migrate" => "",
"group" => "samba",
"name" => "sambaRidBase",
"type" => "integer",
"default" => "",
- "description" => "The 'sambaRidBase' statement defines the base id to add to ordinary sid calculations - if not available inside of the LDAP.",
+ "description" => _("String containing the RID base for Samba setups without the Domain object in LDAP."),
"check" => "gosaProperty::isInteger",
"migrate" => "",
"group" => "samba",
"name" => "enableSnapshots",
"type" => "bool",
"default" => "false",
- "description" => "The 'enableSnapshots' statement enables a snapshot mechaism in GOsa. This enables you to save certain states of entries and restore them later on.",
+ "description" => _("Enable manual object snapshots."),
"check" => "gosaProperty::isBool",
"migrate" => "",
"group" => "snapshot",
"name" => "snapshotBase",
"type" => "dn",
"default" => "ou=snapshots,dc=localhost,dc=de",
- "description" => "The 'snapshotBase' statement defines the base where snapshots should be stored inside of the LDAP.",
+ "description" => _("Base DN for snapshot storage."),
"check" => "gosaProperty::isDn",
"migrate" => "",
"group" => "snapshot",
"name" => "snapshotAdminDn",
"type" => "dn",
"default" => "cn=admin,dc=localhost,dc=de",
- "description" => "The 'snapshotAdminDn' variable defines the user which is used to authenticate when connecting to 'snapshotURI'.",
+ "description" => _("DN of the snapshot administrator."),
"check" => "gosaProperty::isDn",
"migrate" => "",
"group" => "snapshot",
"name" => "snapshotAdminPassword",
"type" => "string",
"default" => "secret",
- "description" => "The 'snapshotAdminPassword' variable defines the credentials which are used in combination with 'snapshotAdminDn' and 'snapshotURI' in order to authenticate.",
+ "description" => _("Password of the snapshot administrator."),
"check" => "",
"migrate" => "",
"group" => "snapshot",
"type" => "switch",
"default" => "traditional",
"defaults" => "core::getPropertyValues",
- "description" => "The 'idAllocationMethod' statement defines how GOsa generates numeric user and group id values. If it is set to 'traditional' GOsa will do create a lock and perform a search for the next free ID. The lock will be removed after the procedure completes. 'pool' will use the sambaUnixIdPool objectclass settings inside your LDAP. This one is unsafe, because it does not check for concurrent LDAP access and already used IDs in this range. On the other hand it is much faster.",
+ "description" => _("Method for user and group ID generation. Note: only the 'traditional' method is safe due to PHP limitations."),
"check" => "",
"migrate" => "",
"group" => "id",
"name" => "snapshotURI",
"type" => "uri",
"default" => "ldap://localhost:389",
- "description" => "The 'snapshotURI' variable defines the LDAP URI for the server which is used to do object snapshots.",
+ "description" => _("URI of server to be used for snapshots."),
"check" => "",
"migrate" => "",
"group" => "snapshot",
- "mandatory" => FALSE)
- ),
-
- "plProvidedAcls" => array(
- "accessTo" => _("System trust"),
- "cn" => _("Name"),
- "description" => _("Description"),
- "sudoUser" => _("Users"),
- "sudoHost" => _("Host"),
- "sudoCommand" => _("Command"),
- "sudoRunAs" => _("Run as user"),
- "trustModel" => _("Access control list"))
- )
- );
+ "mandatory" => FALSE),
+ array(
+ "name" => "forceTranslit",
+ "type" => "bool",
+ "default" => "false",
+ "description" => _("Enable transliteration of cyrillic characters for UID generation."),
+ "check" => "gosaProperty::isBool",
+ "migrate" => "",
+ "group" => "core",
+ "mandatory" => TRUE)
+ )));
}
}
?>