LISMの設定例

LDAP+XOOPS+SquirrelMail+Group-Offce+CSV 設定

OpenLDAP、XOOPS、SquirrelMail、Group-Office、CSVファイルのアカウント情報を同期、そして一元管理するための設定です。

<config>
  <sync>
    <transaction>off</transaction>
    <data name="CSV">
      <syncop>add</syncop>
      <syncop>modify</syncop>
      <syncop>delete</syncop>
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncattr>
          <name>cn</name>
        </syncattr>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>userPassword</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
        <syncattr>
          <name>businessCategory</name>
        </syncattr>
      </object>
    </data>
    <data name="Xoops">
      <syncop>add</syncop>
      <syncop>modify</syncop>
      <syncop>delete</syncop>
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncattr>
          <name>cn</name>
        </syncattr>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>userPassword</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
        <syncattr>
          <name>businessCategory</name>
        </syncattr>
      </object>
    </data>
    <data name="SquirrelMail">
      <syncop>add</syncop>
      <syncop>modify</syncop>
      <syncop>delete</syncop>
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncattr>
          <name>cn</name>
        </syncattr>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
      </object>
    </data>
    <data name="GroupOffice">
      <syncop>add</syncop>
      <syncop>modify</syncop>
      <syncop>delete</syncop>
      <object name="User">
        <syncdn>ou=People</syncdn>
        <syncattr>
          <name>cn</name>
        </syncattr>
        <syncattr>
          <name>sn</name>
        </syncattr>
        <syncattr>
          <name>userPassword</name>
        </syncattr>
        <syncattr>
          <name>mail</name>
        </syncattr>
        <syncattr>
          <name>businessCategory</name>
        </syncattr>
      </object>
    </data>
    <master>
      <containerdn>ou=Master</containerdn>
      <data>LDAP</data>
  </master>
  </sync>
  <data name="CSV">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=CSV</rdn>
      <attr name="description">CSV File</attr>
    </container>
    <storage name="CSV" hash="SHA:hex">
      <delim>,</delim>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <file>/usr/local/lism/var/csv/user.csv</file>
        <id>
          <column>0</column>
        </id>
        <oc>person</oc>
        <oc>inetOrgPerson</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>0</column>
        </attr>
        <attr name="cn">
          <column>1</column>
        </attr>
        <attr name="sn">
          <column>1</column>
        </attr>
        <attr name="userpassword">
          <column>2</column>
        </attr>
        <attr name="mail">
          <column>3</column>
        </attr>
        <attr name="businesscategory">
	  <oname>Role</oname>
	  <idcolumn>4</idcolumn>
        </attr>
      </object>
      <object name="Role">
        <container>
          <rdn>ou=Role</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <file>/usr/local/lism/var/csv/group.csv</file>
        <id>
          <column>0</column>
        </id>
        <oc>organizationalRole</oc>
        <rdn>cn</rdn>
        <attr name="cn">
          <column>1</column>
        </attr>
      </object>
    </storage>
  </data>
  <data name="Xoops">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=Xoops,dc=lism,dc=com</rdn>
      <attr name="description">Web Portal</attr>
    </container>
    <storage name="SQL" hash="MD5:hex">
      <dsn>DBI:mysql:xoops:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>xoops_users</table>
        <id>
          <column>uid</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>uname</column>
        </attr>
        <attr name="cn">
          <column>name</column>
        </attr>
        <attr name="sn">
          <selexpr>substring(name,position(' ' in name)+1,char_length(name)-position(' ' in name))</selexpr>
        </attr>
        <attr name="userpassword">
          <column>pass</column>
        </attr>
        <attr name="mail">
          <column>email</column>
        </attr>
        <attr name="businesscategory">
          <oname>Role</oname>
	  <fromtbls>xoops_groups,xoops_groups_users_link</fromtbls>
	  <joinwhere>xoops_groups.groupid=xoops_groups_users_link.groupid and xoops_users.uid=xoops_groups_users_link.uid</joinwhere>
	  <addproc>insert into xoops_groups_users_link(uid, groupid) values(%o, %a)</addproc>
	  <delproc>delete from xoops_groups_users_link where uid = %o and groupid = %a</delproc>
        </attr>
      </object>
      <object name="Role">
        <container>
          <rdn>ou=Role</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>xoops_groups</table>
        <id>
          <column>groupid</column>
        </id>
        <oc>organizationalRole</oc>
        <rdn>cn</rdn>
        <attr name="cn">
          <column>group_type</column>
        </attr>
      </object>
    </storage>
  </data>
  <data name="SquirrelMail">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=SquirrelMail</rdn>
      <attr name="description">Web Mail</attr>
    </container>
    <storage name="SQL">
      <dsn>DBI:mysql:squirrelmail:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>userprefs</table>
        <id>
          <column>user</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>user</column>
        </attr>
        <attr name="cn">
          <selexpr>prefval</selexpr>
          <joinwhere>prefkey="full_name"</joinwhere>
          <addproc>insert into userprefs values('%o', 'full_name', '%a')</addproc>
          <delproc>delete from userprefs where user = '%o' and prefkey = 'full_name'</delproc>
        </attr>
        <attr name="sn">
          <selexpr>substring(prefval,position(' ' in prefval)+1,char_length(prefval)-position(' ' in prefval))</selexpr>
          <joinwhere>prefkey="full_name"</joinwhere>
        </attr>
        <attr name="mail">
          <selexpr>prefval</selexpr>
          <joinwhere>prefkey="email_address"</joinwhere>
          <addproc>insert into userprefs values('%o', 'email_address', '%a')</addproc>
          <delproc>delete from userprefs where user = '%o' and prefkey = 'email_address'</delproc>
        </attr>
        <strginfo>
          <addproc>insert into userprefs values('%o', 'hililist', 'a:0:{}')</addproc>
        </strginfo>
        <strginfo>
          <addproc>insert into userprefs values('%o', 'javascript_on', '1')</addproc>
        </strginfo>
        <strginfo>
          <addproc>insert into userprefs values('%o', 'prefix_sig', '0')</addproc>
        </strginfo>
      </object>
    </storage>
  </data>
  <data name="GroupOffice">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=GroupOffice</rdn>
      <attr name="description">GroupWare</attr>
    </container>
    <handler name="Rewrite">
      <rewrite context="request" match="Admin" substitution="Admins"/>
      <rewrite context="request" match="Anonymous" substitution="Everyone"/>
      <rewrite context="searchResult" match="Admins" substitution="Admin"/>
      <rewrite context="searchResult" match="Everyone" substitution="Anonymous"/>
    </handler>
    <handler name="Script">
      <execrule type="post" dn=".*,ou=People,ou=GroupOffice,dc=lism,dc=com">
        <op name="add">
          <script>/usr/local/lism/lib/scripts/mkuserdir.sh add %r</script>
        </op>
        <op name="delete">
          <script>/usr/local/lism/lib/scripts/mkuserdir.sh del %r</script>
        </op>
      </execrule>
    </handler>
    <storage name="SQL" hash="MD5:hex">
      <dsn>DBI:mysql:groupoffice:localhost</dsn>
      <admin>admin</admin>
      <passwd>secret</passwd>
      <object name="User">
        <container>
          <rdn>ou=People</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>users</table>
        <id>
          <column>id</column>
        </id>
        <oc>Person</oc>
        <oc>inetOrgPerson</oc>
        <rdn>uid</rdn>
        <attr name="uid">
          <column>username</column>
        </attr>
        <attr name="cn">
          <selexpr>concat(first_name, ' ', last_name)</selexpr>
          <addproc>update users set last_name = substring('%a',position(' ' in '%a')+1,char_length('%a')-position(' ' in '%a')) where id = %o</addproc>
          <delproc>update users set last_name = '' where id = %o</delproc>
        </attr>
        <attr name="sn">
          <column>first_name</column>
        </attr>
        <attr name="userpassword">
          <column>password</column>
        </attr>
        <attr name="mail">
          <column>email</column>
        </attr>
        <attr name="businesscategory">
          <oname>Role</oname>
          <fromtbls>groups,users_groups</fromtbls>
          <joinwhere>groups.id=users_groups.group_id and users.id=users_groups.user_id</joinwhere>
          <addproc>insert into users_groups(user_id, group_id) values(%o, %a)</addproc>
          <delproc>delete from users_groups where user_id = %o and group_id = %a</delproc>
        </attr>
        <strginfo>
          <column>authcode</column>
          <value type="function">substr(Digest::MD5::md5_base64(time), 0, 8)</value>
        </strginfo>
        <strginfo>
          <column>registration_time</column>
          <value type="function">time</value>
        </strginfo>
        <strginfo>
          <value type="function">($entryStr =~ /mail: (.*)$/mi)[0]</value>
          <addproc>insert into acl_items(user_id, description) values('%o', '%v')</addproc>
          <addproc>insert into acl values((select id from acl_items where user_id = %o), 0, 1)</addproc>
          <addproc>insert into acl values((select id from acl_items where user_id = %o), 0, 2)</addproc>
          <delproc>delete from acl where acl_id in (select id from acl_items where user_id = %o)</delproc>
          <delproc>delete from acl_items where user_id = %o</delproc>
        </strginfo>
      </object>
      <object name="Role">
        <container>
          <rdn>ou=Role</rdn>
          <oc>organizationalUnit</oc>
        </container>
        <table>groups</table>
        <id>
          <column>id</column>
        </id>
        <oc>organizationalRole</oc>
        <rdn>cn</rdn>
        <attr name="cn">
          <column>name</column>
        </attr>
      </object>
    </storage>
  </data>
  <data name="LDAP">
    <container>
      <oc>organizationalUnit</oc>
      <rdn>ou=LDAP</rdn>
      <attr name="description">LDAP Server</attr>
    </container>
    <handler name="Script">
      <execrule type="post" dn=".*,ou=People,ou=LDAP,dc=lism,dc=com">
        <op name="add">
          <script>/usr/local/lism/lib/scripts/mkhomedir.sh add %r %i</script>
        </op>
        <op name="delete">
          <script>/usr/local/lism/lib/scripts/mkhomedir.sh del %r</script>
        </op>
      </execrule>
    </handler>
    <storage name="LDAP" hash="CRYPT">
      <uri>ldap://localhost/dc=example,dc=com</uri>
      <binddn>cn=Manager,dc=example,dc=com</binddn>
      <bindpw>secret</bindpw>
    </storage>
  </data>
</config>

トップ   編集 凍結解除 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS
Last-modified: 2008-01-10 (木) 21:32:29 (1222d)