OSDN -- オープンソース・ソフトウェアの開発とダウンロード
日本語の翻訳状況 translation status for ja
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

grid-chef-repo: コミット

Grid環境構築用のChefリポジトリです。


コミットメタ情報

リビジョン18f518eaa0375ef5e000156286bffe6e37ff1a0c (tree)
日時2017-01-01 22:41:48
作者whitestar <whitestar@gaea...>
コミッターwhitestar

ログメッセージ

adds the samba-grid::smbldap-tools recipe.

変更サマリ

差分

--- a/cookbooks/samba-grid/CHANGELOG.md
+++ b/cookbooks/samba-grid/CHANGELOG.md
@@ -1,5 +1,10 @@
11 # samba-grid CHANGELOG
22
3+0.1.1
4+-----
5+- adds the `samba-grid::smbldap-tools` recipe.
6+- updates documents.
7+
38 0.1.0
49 -----
510 - Initial release of samba-grid
--- a/cookbooks/samba-grid/README.md
+++ b/cookbooks/samba-grid/README.md
@@ -5,6 +5,18 @@ This cookbook sets up a Samba server.
55
66 ## Contents
77
8+- [Requirements](#requirements)
9+ - [platforms](#platforms)
10+ - [packages](#packages)
11+- [Attributes](#attributes)
12+- [Usage](#usage)
13+ - [Recipes](#recipes)
14+ - [samba-grid::default](#samba-griddefault)
15+ - [samba-grid::server](#samba-gridserver)
16+ - [samba-grid::smbldap-tools](#samba-gridsmbldap-tools)
17+ - [Role Examples](#role-examples)
18+ - [Password management by the Chef Vault](#password-management-by-the-chef-vault)
19+- [License and Authors](#license-and-authors)
820
921 ## Requirements
1022
@@ -25,6 +37,17 @@ This cookbook sets up a Samba server.
2537 |`['samba-grid']['smb.conf']['homes']`|Hash|`[homes]` section configurations in the `smb.conf`.|`{}`|
2638 |`['samba-grid']['smb.conf']['printers']`|Hash|`[printers]` section configurations in the `smb.conf`.|`{}`|
2739 |`['samba-grid']['smb.conf']['printD']`|Hash|`[print$]` section configurations in the `smb.conf`.|`{}`|
40+|`['samba-grid']['smbldap-tools']['smbldap.conf']['SID']`|String|Required.|`''`|
41+|`['samba-grid']['smbldap-tools']['smbldap.conf']['sambaDomain']`|String||`'DOMSMB'`|
42+|`['samba-grid']['smbldap-tools']['smbldap.conf']['slaveLDAP']`|String||`'ldap://ldap.example.com/'`|
43+|`['samba-grid']['smbldap-tools']['smbldap.conf']['masterLDAP']`|String||`'ldap://ldap.example.com/'`|
44+|`['samba-grid']['smbldap-tools']['smbldap.conf']['ldapTLS']`|String||`'1'`|
45+|`['samba-grid']['smbldap-tools']['smbldap.conf']['suffix']`|String||`'dc=example,dc=com'`|
46+|`['samba-grid']['smbldap-tools']['smbldap.conf']['mailDomain']`|String||`'example.com'`|
47+|`['samba-grid']['smbldap-tools']['smbldap_bind.conf']['slaveDN']`|String||`'cn=Manager,dc=example,dc=com'`|
48+|`['samba-grid']['smbldap-tools']['smbldap_bind.conf']['slavePw_vault_item']`|String|See the following _Password management by the Chef Vault_|`{}`|
49+|`['samba-grid']['smbldap-tools']['smbldap_bind.conf']['masterDN']`|String||`'cn=Manager,dc=example,dc=com'`|
50+|`['samba-grid']['smbldap-tools']['smbldap_bind.conf']['masterPw_vault_item']`|String|See the following _Password management by the Chef Vault_|`{}`|
2851
2952 ## Usage
3053
@@ -38,6 +61,10 @@ This recipe does nothing.
3861
3962 This recipe installs Samba server.
4063
64+#### samba-grid::smbldap-tools
65+
66+This recipe installs the smbldap-tools.
67+
4168 ### Role Examples
4269
4370 - `roles/samba.rb`
@@ -104,8 +131,51 @@ override_attributes(
104131 )
105132 ```
106133
107-License and Authors
108--------------------
134+### Password management by the Chef Vault
135+
136+- Generate a password JSON file.
137+
138+```bash
139+$ ruby -rjson -e 'puts JSON.generate({"password" => File.read("masterPw.txt")})' \
140+> > ~/tmp/masterPw.txt.json
141+```
142+
143+- Create a Chef Vault item.
144+
145+```bash
146+$ knife vault create smbldap_bind_pws masterPw --json ~/tmp/masterPw.txt.json
147+
148+$ knife vault show smbldap_bind_pws masterPw -F json
149+```
150+
151+- Grant read permission to the server.
152+
153+```bash
154+$ knife vault update smbldap_bind_pws masterPw -S 'name:ldap*.grid.example.com'
155+```
156+
157+- Set attributes.
158+
159+```ruby
160+override_attributes(
161+ 'samba-grid' => {
162+ 'smbldap-tools' => {
163+ 'smbldap_bind.conf' => {
164+ 'masterDN' => 'cn=Manager,dc=example,dc=com',
165+ 'masterPw_vault_item' => {
166+ 'vault' => 'smbldap_bind_pws',
167+ 'name' => 'masterPw',
168+ 'env_context' => false,
169+ 'key' => 'password',
170+ },
171+ },
172+ },
173+ },
174+)
175+```
176+
177+## License and Authors
178+
109179 - Author:: whitestar at osdn.jp
110180
111181 ```text
--- a/cookbooks/samba-grid/attributes/default.rb
+++ b/cookbooks/samba-grid/attributes/default.rb
@@ -35,5 +35,36 @@ default['samba-grid']['smb.conf'] = {
3535 # Share Definitions
3636 # ...
3737 }
38-default['samba-grid']['smbldap.conf'] = {
38+default['samba-grid']['smbldap-tools']['smbldap.conf'] = {
39+ 'SID' => '',
40+ 'sambaDomain' => 'DOMSMB',
41+ 'slaveLDAP' => 'ldap://ldap.example.com/',
42+ 'masterLDAP' => 'ldap://ldap.example.com/',
43+ 'ldapTLS' => '1',
44+ 'suffix' => 'dc=example,dc=com',
45+ 'mailDomain' => 'example.com',
46+}
47+default['samba-grid']['smbldap-tools']['smbldap_bind.conf'] = {
48+ 'slaveDN' => 'cn=Manager,dc=example,dc=com',
49+ 'slavePw_vault_item' => {
50+=begin
51+ 'vault' => 'smbldap_bind_pws',
52+ 'name' => 'slavePw',
53+ # single password or nested hash password path delimited by slash
54+ 'env_context' => false,
55+ 'key' => 'password', # real hash path: "/password"
56+ # or nested hash password path delimited by slash
57+ #'env_context' => true,
58+ #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
59+=end
60+ },
61+ 'masterDN' => 'cn=Manager,dc=example,dc=com',
62+ 'masterPw_vault_item' => {
63+=begin
64+ #'vault' => 'smbldap_bind_pws',
65+ #'name' => 'masterPw',
66+ #'env_context' => false,
67+ #'key' => 'password',
68+=end
69+ },
3970 }
--- a/cookbooks/samba-grid/metadata.rb
+++ b/cookbooks/samba-grid/metadata.rb
@@ -5,10 +5,12 @@ maintainer_email ''
55 license 'Apache 2.0'
66 description 'Installs/Configures Samba'
77 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
8-version '0.1.0'
8+version '0.1.1'
99 source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
1010 issues_url 'https://osdn.jp/projects/metasearch/ticket'
1111
1212 %w( debian ubuntu ).each do |os|
1313 supports os
1414 end
15+
16+depends 'chef_utils', '>= 0.8.0'
--- /dev/null
+++ b/cookbooks/samba-grid/recipes/smbldap-tools.rb
@@ -0,0 +1,71 @@
1+#
2+# Cookbook Name:: samba-grid
3+# Recipe:: smbldap-tools
4+#
5+# Copyright 2016, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+::Chef::Recipe.send(:include, ChefUtils::Helper)
21+
22+chef_gem_package('chef-vault')
23+
24+%w(
25+ smbldap-tools
26+).each {|pkg|
27+ resources(package: pkg) rescue package pkg do
28+ action :install
29+ end
30+}
31+
32+template '/etc/smbldap-tools/smbldap.conf' do
33+ source 'etc/smbldap-tools/smbldap.conf'
34+ owner 'root'
35+ group 'root'
36+ mode '0644'
37+end
38+
39+bind_conf = node['samba-grid']['smbldap-tools']['smbldap_bind.conf']
40+pws = {
41+ 'slave' => 'secret',
42+ 'master' => 'secret',
43+}
44+
45+require 'chef-vault'
46+pws.each_key {|role|
47+ item_conf = bind_conf["#{role}Pw_vault_item"]
48+ next if item_conf.empty?
49+
50+ secret = ChefVault::Item.load(item_conf['vault'], item_conf['name'])
51+ if item_conf.key?('env_context') && item_conf['env_context'] == true
52+ secret = secret[node.chef_environment]
53+ end
54+ if !item_conf['key'].nil? && !item_conf['key'].empty?
55+ item_conf['key'].split('/').each {|elm|
56+ secret = secret[elm]
57+ }
58+ end
59+ pws[role] = secret
60+}
61+
62+template '/etc/smbldap-tools/smbldap_bind.conf' do
63+ source 'etc/smbldap-tools/smbldap_bind.conf'
64+ owner 'root'
65+ group 'root'
66+ mode '0600'
67+ variables(
68+ pws: pws
69+ )
70+ sensitive true
71+end
--- /dev/null
+++ b/cookbooks/samba-grid/templates/debian/etc/smbldap-tools/smbldap.conf
@@ -0,0 +1,224 @@
1+<%
2+conf = node['samba-grid']['smbldap-tools']['smbldap.conf']
3+-%>
4+# $Id: smbldap.conf 139 2012-08-07 11:11:37Z fumiyas $
5+#
6+# smbldap-tools.conf : Q & D configuration file for smbldap-tools
7+
8+# This code was developped by IDEALX (http://IDEALX.org/) and
9+# contributors (their names can be found in the CONTRIBUTORS file).
10+#
11+# Copyright (C) 2001-2002 IDEALX
12+#
13+# This program is free software; you can redistribute it and/or
14+# modify it under the terms of the GNU General Public License
15+# as published by the Free Software Foundation; either version 2
16+# of the License, or (at your option) any later version.
17+#
18+# This program is distributed in the hope that it will be useful,
19+# but WITHOUT ANY WARRANTY; without even the implied warranty of
20+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21+# GNU General Public License for more details.
22+#
23+# You should have received a copy of the GNU General Public License
24+# along with this program; if not, write to the Free Software
25+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
26+# USA.
27+
28+# Purpose :
29+# . be the configuration file for all smbldap-tools scripts
30+
31+##############################################################################
32+#
33+# General Configuration
34+#
35+##############################################################################
36+
37+# Put your own SID. To obtain this number do: "net getlocalsid".
38+# If not defined, parameter is taking from "net getlocalsid" return
39+SID="<%= conf['SID'] %>"
40+
41+# Domain name the Samba server is in charged.
42+# If not defined, parameter is taking from smb.conf configuration file
43+# Ex: sambaDomain="IDEALX-NT"
44+sambaDomain="<%= conf['sambaDomain'] %>"
45+
46+##############################################################################
47+#
48+# LDAP Configuration
49+#
50+##############################################################################
51+
52+# Notes: to use to dual ldap servers backend for Samba, you must patch
53+# Samba with the dual-head patch from IDEALX. If not using this patch
54+# just use the same server for slaveLDAP and masterLDAP.
55+# Those two servers declarations can also be used when you have
56+# . one master LDAP server where all writing operations must be done
57+# . one slave LDAP server where all reading operations must be done
58+# (typically a replication directory)
59+
60+# Slave LDAP server URI
61+# Ex: slaveLDAP=ldap://slave.ldap.example.com/
62+# If not defined, parameter is set to "ldap://127.0.0.1/"
63+slaveLDAP="<%= conf['slaveLDAP'] %>"
64+
65+# Master LDAP server URI: needed for write operations
66+# Ex: masterLDAP=ldap://master.ldap.example.com/
67+# If not defined, parameter is set to "ldap://127.0.0.1/"
68+masterLDAP="<%= conf['masterLDAP'] %>"
69+
70+# Use TLS for LDAP
71+# If set to 1, this option will use start_tls for connection
72+# (you must also used the LDAP URI "ldap://...", not "ldaps://...")
73+# If not defined, parameter is set to "0"
74+ldapTLS="<%= conf['ldapTLS'] %>"
75+
76+# How to verify the server's certificate (none, optional or require)
77+# see "man Net::LDAP" in start_tls section for more details
78+verify="require"
79+
80+# CA certificate
81+# see "man Net::LDAP" in start_tls section for more details
82+cafile="/etc/smbldap-tools/ca.pem"
83+
84+# certificate to use to connect to the ldap server
85+# see "man Net::LDAP" in start_tls section for more details
86+clientcert="/etc/smbldap-tools/smbldap-tools.example.com.pem"
87+
88+# key certificate to use to connect to the ldap server
89+# see "man Net::LDAP" in start_tls section for more details
90+clientkey="/etc/smbldap-tools/smbldap-tools.example.com.key"
91+
92+# LDAP Suffix
93+# Ex: suffix=dc=IDEALX,dc=ORG
94+suffix="<%= conf['suffix'] %>"
95+
96+# Where are stored Users
97+# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
98+# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
99+usersdn="ou=Users,${suffix}"
100+
101+# Where are stored Computers
102+# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
103+# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
104+computersdn="ou=Computers,${suffix}"
105+
106+# Where are stored Groups
107+# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
108+# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
109+groupsdn="ou=Groups,${suffix}"
110+
111+# Where are stored Idmap entries (used if samba is a domain member server)
112+# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
113+# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
114+idmapdn="ou=Idmap,${suffix}"
115+
116+# Where to store next uidNumber and gidNumber available for new users and groups
117+# If not defined, entries are stored in sambaDomainName object.
118+# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
119+# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
120+sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
121+
122+# Default scope Used
123+scope="sub"
124+
125+# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
126+# If set to "exop", use LDAPv3 Password Modify (RFC 3062) extended operation.
127+password_hash="SSHA"
128+
129+# if password_hash is set to CRYPT, you may set a salt format.
130+# default is "%s", but many systems will generate MD5 hashed
131+# passwords if you use "$1$%.8s". This parameter is optional!
132+password_crypt_salt_format="%s"
133+
134+##############################################################################
135+#
136+# Unix Accounts Configuration
137+#
138+##############################################################################
139+
140+# Login defs
141+# Default Login Shell
142+# Ex: userLoginShell="/bin/bash"
143+userLoginShell="/bin/bash"
144+
145+# Home directory
146+# Ex: userHome="/home/%U"
147+userHome="/home/%U"
148+
149+# Default mode used for user homeDirectory
150+userHomeDirectoryMode="700"
151+
152+# Gecos
153+userGecos="System User"
154+
155+# Default User (POSIX and Samba) GID
156+defaultUserGid="513"
157+
158+# Default Computer (Samba) GID
159+defaultComputerGid="515"
160+
161+# Skel dir
162+skeletonDir="/etc/skel"
163+
164+# Treat shadowAccount object or not
165+shadowAccount="1"
166+
167+# Default password validation time (time in days) Comment the next line if
168+# you don't want password to be enable for defaultMaxPasswordAge days (be
169+# careful to the sambaPwdMustChange attribute's value)
170+defaultMaxPasswordAge="45"
171+
172+##############################################################################
173+#
174+# SAMBA Configuration
175+#
176+##############################################################################
177+
178+# The UNC path to home drives location (%U username substitution)
179+# Just set it to a null string if you want to use the smb.conf 'logon home'
180+# directive and/or disable roaming profiles
181+# Ex: userSmbHome="\\PDC-SMB3\%U"
182+userSmbHome="\\PDC-SRV\%U"
183+
184+# The UNC path to profiles locations (%U username substitution)
185+# Just set it to a null string if you want to use the smb.conf 'logon path'
186+# directive and/or disable roaming profiles
187+# Ex: userProfile="\\PDC-SMB3\profiles\%U"
188+userProfile="\\PDC-SRV\profiles\%U"
189+
190+# The default Home Drive Letter mapping
191+# (will be automatically mapped at logon time if home directory exist)
192+# Ex: userHomeDrive="H:"
193+userHomeDrive="H:"
194+
195+# The default user netlogon script name (%U username substitution)
196+# if not used, will be automatically username.cmd
197+# make sure script file is edited under dos
198+# Ex: userScript="startup.cmd" # make sure script file is edited under dos
199+userScript="logon.bat"
200+
201+# Domain appended to the users "mail"-attribute
202+# when smbldap-useradd -M is used
203+# Ex: mailDomain="idealx.com"
204+mailDomain="<%= conf['mailDomain'] %>"
205+
206+##############################################################################
207+#
208+# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
209+#
210+##############################################################################
211+
212+# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
213+# prefer Crypt::SmbHash library
214+with_smbpasswd="0"
215+smbpasswd="/usr/bin/smbpasswd"
216+
217+# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
218+# but prefer Crypt:: libraries
219+with_slappasswd="0"
220+slappasswd="/usr/sbin/slappasswd"
221+
222+# comment out the following line to get rid of the default banner
223+# no_banner="1"
224+
--- /dev/null
+++ b/cookbooks/samba-grid/templates/debian/etc/smbldap-tools/smbldap_bind.conf
@@ -0,0 +1,16 @@
1+<%
2+conf = node['samba-grid']['smbldap-tools']['smbldap_bind.conf']
3+-%>
4+# $Id: smbldap_bind.conf 35 2011-02-23 09:07:36Z fumiyas $
5+#
6+############################
7+# Credential Configuration #
8+############################
9+# Notes: you can specify two differents configuration if you use a
10+# master ldap for writing access and a slave ldap server for reading access
11+# By default, we will use the same DN (so it will work for standard Samba
12+# release)
13+slaveDN="<%= conf['slaveDN'] %>"
14+slavePw="<%= @pws['slave'] %>"
15+masterDN="<%= conf['masterDN'] %>"
16+masterPw="<%= @pws['master'] %>"
--- /dev/null
+++ b/cookbooks/samba-grid/templates/default/etc/smbldap-tools/smbldap.conf
@@ -0,0 +1,224 @@
1+<%
2+conf = node['samba-grid']['smbldap-tools']['smbldap.conf']
3+-%>
4+# $Id: smbldap.conf 139 2012-08-07 11:11:37Z fumiyas $
5+#
6+# smbldap-tools.conf : Q & D configuration file for smbldap-tools
7+
8+# This code was developped by IDEALX (http://IDEALX.org/) and
9+# contributors (their names can be found in the CONTRIBUTORS file).
10+#
11+# Copyright (C) 2001-2002 IDEALX
12+#
13+# This program is free software; you can redistribute it and/or
14+# modify it under the terms of the GNU General Public License
15+# as published by the Free Software Foundation; either version 2
16+# of the License, or (at your option) any later version.
17+#
18+# This program is distributed in the hope that it will be useful,
19+# but WITHOUT ANY WARRANTY; without even the implied warranty of
20+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21+# GNU General Public License for more details.
22+#
23+# You should have received a copy of the GNU General Public License
24+# along with this program; if not, write to the Free Software
25+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
26+# USA.
27+
28+# Purpose :
29+# . be the configuration file for all smbldap-tools scripts
30+
31+##############################################################################
32+#
33+# General Configuration
34+#
35+##############################################################################
36+
37+# Put your own SID. To obtain this number do: "net getlocalsid".
38+# If not defined, parameter is taking from "net getlocalsid" return
39+SID="<%= conf['SID'] %>"
40+
41+# Domain name the Samba server is in charged.
42+# If not defined, parameter is taking from smb.conf configuration file
43+# Ex: sambaDomain="IDEALX-NT"
44+sambaDomain="<%= conf['sambaDomain'] %>"
45+
46+##############################################################################
47+#
48+# LDAP Configuration
49+#
50+##############################################################################
51+
52+# Notes: to use to dual ldap servers backend for Samba, you must patch
53+# Samba with the dual-head patch from IDEALX. If not using this patch
54+# just use the same server for slaveLDAP and masterLDAP.
55+# Those two servers declarations can also be used when you have
56+# . one master LDAP server where all writing operations must be done
57+# . one slave LDAP server where all reading operations must be done
58+# (typically a replication directory)
59+
60+# Slave LDAP server URI
61+# Ex: slaveLDAP=ldap://slave.ldap.example.com/
62+# If not defined, parameter is set to "ldap://127.0.0.1/"
63+slaveLDAP="<%= conf['slaveLDAP'] %>"
64+
65+# Master LDAP server URI: needed for write operations
66+# Ex: masterLDAP=ldap://master.ldap.example.com/
67+# If not defined, parameter is set to "ldap://127.0.0.1/"
68+masterLDAP="<%= conf['masterLDAP'] %>"
69+
70+# Use TLS for LDAP
71+# If set to 1, this option will use start_tls for connection
72+# (you must also used the LDAP URI "ldap://...", not "ldaps://...")
73+# If not defined, parameter is set to "0"
74+ldapTLS="<%= conf['ldapTLS'] %>"
75+
76+# How to verify the server's certificate (none, optional or require)
77+# see "man Net::LDAP" in start_tls section for more details
78+verify="require"
79+
80+# CA certificate
81+# see "man Net::LDAP" in start_tls section for more details
82+cafile="/etc/smbldap-tools/ca.pem"
83+
84+# certificate to use to connect to the ldap server
85+# see "man Net::LDAP" in start_tls section for more details
86+clientcert="/etc/smbldap-tools/smbldap-tools.example.com.pem"
87+
88+# key certificate to use to connect to the ldap server
89+# see "man Net::LDAP" in start_tls section for more details
90+clientkey="/etc/smbldap-tools/smbldap-tools.example.com.key"
91+
92+# LDAP Suffix
93+# Ex: suffix=dc=IDEALX,dc=ORG
94+suffix="<%= conf['suffix'] %>"
95+
96+# Where are stored Users
97+# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
98+# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
99+usersdn="ou=Users,${suffix}"
100+
101+# Where are stored Computers
102+# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
103+# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
104+computersdn="ou=Computers,${suffix}"
105+
106+# Where are stored Groups
107+# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
108+# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
109+groupsdn="ou=Groups,${suffix}"
110+
111+# Where are stored Idmap entries (used if samba is a domain member server)
112+# Ex: idmapdn="ou=Idmap,dc=IDEALX,dc=ORG"
113+# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
114+idmapdn="ou=Idmap,${suffix}"
115+
116+# Where to store next uidNumber and gidNumber available for new users and groups
117+# If not defined, entries are stored in sambaDomainName object.
118+# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
119+# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
120+sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
121+
122+# Default scope Used
123+scope="sub"
124+
125+# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
126+# If set to "exop", use LDAPv3 Password Modify (RFC 3062) extended operation.
127+password_hash="SSHA"
128+
129+# if password_hash is set to CRYPT, you may set a salt format.
130+# default is "%s", but many systems will generate MD5 hashed
131+# passwords if you use "$1$%.8s". This parameter is optional!
132+password_crypt_salt_format="%s"
133+
134+##############################################################################
135+#
136+# Unix Accounts Configuration
137+#
138+##############################################################################
139+
140+# Login defs
141+# Default Login Shell
142+# Ex: userLoginShell="/bin/bash"
143+userLoginShell="/bin/bash"
144+
145+# Home directory
146+# Ex: userHome="/home/%U"
147+userHome="/home/%U"
148+
149+# Default mode used for user homeDirectory
150+userHomeDirectoryMode="700"
151+
152+# Gecos
153+userGecos="System User"
154+
155+# Default User (POSIX and Samba) GID
156+defaultUserGid="513"
157+
158+# Default Computer (Samba) GID
159+defaultComputerGid="515"
160+
161+# Skel dir
162+skeletonDir="/etc/skel"
163+
164+# Treat shadowAccount object or not
165+shadowAccount="1"
166+
167+# Default password validation time (time in days) Comment the next line if
168+# you don't want password to be enable for defaultMaxPasswordAge days (be
169+# careful to the sambaPwdMustChange attribute's value)
170+defaultMaxPasswordAge="45"
171+
172+##############################################################################
173+#
174+# SAMBA Configuration
175+#
176+##############################################################################
177+
178+# The UNC path to home drives location (%U username substitution)
179+# Just set it to a null string if you want to use the smb.conf 'logon home'
180+# directive and/or disable roaming profiles
181+# Ex: userSmbHome="\\PDC-SMB3\%U"
182+userSmbHome="\\PDC-SRV\%U"
183+
184+# The UNC path to profiles locations (%U username substitution)
185+# Just set it to a null string if you want to use the smb.conf 'logon path'
186+# directive and/or disable roaming profiles
187+# Ex: userProfile="\\PDC-SMB3\profiles\%U"
188+userProfile="\\PDC-SRV\profiles\%U"
189+
190+# The default Home Drive Letter mapping
191+# (will be automatically mapped at logon time if home directory exist)
192+# Ex: userHomeDrive="H:"
193+userHomeDrive="H:"
194+
195+# The default user netlogon script name (%U username substitution)
196+# if not used, will be automatically username.cmd
197+# make sure script file is edited under dos
198+# Ex: userScript="startup.cmd" # make sure script file is edited under dos
199+userScript="logon.bat"
200+
201+# Domain appended to the users "mail"-attribute
202+# when smbldap-useradd -M is used
203+# Ex: mailDomain="idealx.com"
204+mailDomain="<%= conf['mailDomain'] %>"
205+
206+##############################################################################
207+#
208+# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
209+#
210+##############################################################################
211+
212+# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
213+# prefer Crypt::SmbHash library
214+with_smbpasswd="0"
215+smbpasswd="/usr/bin/smbpasswd"
216+
217+# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
218+# but prefer Crypt:: libraries
219+with_slappasswd="0"
220+slappasswd="/usr/sbin/slappasswd"
221+
222+# comment out the following line to get rid of the default banner
223+# no_banner="1"
224+
--- /dev/null
+++ b/cookbooks/samba-grid/templates/default/etc/smbldap-tools/smbldap_bind.conf
@@ -0,0 +1,16 @@
1+<%
2+conf = node['samba-grid']['smbldap-tools']['smbldap_bind.conf']
3+-%>
4+# $Id: smbldap_bind.conf 35 2011-02-23 09:07:36Z fumiyas $
5+#
6+############################
7+# Credential Configuration #
8+############################
9+# Notes: you can specify two differents configuration if you use a
10+# master ldap for writing access and a slave ldap server for reading access
11+# By default, we will use the same DN (so it will work for standard Samba
12+# release)
13+slaveDN="<%= conf['slaveDN'] %>"
14+slavePw="<%= @pws['slave'] %>"
15+masterDN="<%= conf['masterDN'] %>"
16+masterPw="<%= @pws['master'] %>"
旧リポジトリブラウザで表示