summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-04-01 12:59:53 (GMT)
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-04-01 12:59:53 (GMT)
commit4bf342479f954c32d39d30de2284077c86761360 (patch)
treedf57cfaf7271655c05b2d4042c55b61e45455c6a
parentadd52305fc8cb050fd740d92a618fa5396eff383 (diff)
downloadkolab-docs-4bf342479f954c32d39d30de2284077c86761360.tar.gz
Update chapter on configuration management
-rw-r--r--Architecture_and_Design/en-US/Configuration_Management.xml92
1 files changed, 63 insertions, 29 deletions
diff --git a/Architecture_and_Design/en-US/Configuration_Management.xml b/Architecture_and_Design/en-US/Configuration_Management.xml
index af17bf2..d24f454 100644
--- a/Architecture_and_Design/en-US/Configuration_Management.xml
+++ b/Architecture_and_Design/en-US/Configuration_Management.xml
@@ -151,7 +151,7 @@ admins: cyrus-admin
<section id="sect-Architecture_and_Design-Configuration_Management-Kolab_Configuration_File">
<title>Kolab Configuration File</title>
<para>
- The Kolab configuration file is <filename>/etc/kolab/kolab.conf</filename>.
+ The main Kolab configuration file is <filename>/etc/kolab/kolab.conf</filename>.
</para>
<note>
<title>TODO</title>
@@ -179,7 +179,7 @@ key2 = value
<section id="sect-Architecture_and_Design-Kolab_Configuration_File-kolab">
<title>[kolab]</title>
<para>
- The following is an overview of settings in the <literal>[kolab]</literal> section:
+ The following is an overview of settings available in the <literal>[kolab]</literal> section:
</para>
<para>
<itemizedlist>
@@ -187,15 +187,18 @@ key2 = value
<formalpara id="form-Architecture_and_Design-kolab-auth_mechanism_ldap">
<title><literal>auth_mechanism</literal> (<emphasis>ldap</emphasis>)</title>
<para>
- The authentication and authorization database technology to use for the primary domain name space in this Kolab deployment. If not set, defaults to a value of 'ldap'. Possible options include: 'ldap'.
+ The authentication and authorization database technology to use for the primary domain name space in this Kolab deployment. If not set, defaults to a value of 'ldap'.
</para>
</formalpara>
+ <para>
+ Possible options currently include: 'ldap'.
+ </para>
</listitem>
<listitem>
<formalpara id="form-Architecture_and_Design-kolab-primary_domain_pykolab.constants.domainname">
- <title><literal>primary_domain</literal> (<emphasis>pykolab.constants.domainname</emphasis>)</title>
+ <title><literal>primary_domain</literal> (<emphasis>constants.domainname</emphasis>)</title>
<para>
The primary domain name space for this Kolab deployment. If not set, defaults to the value of the PyKolab constant <literal>domainname</literal>, which is derived from the system fully qualified domain name.
</para>
@@ -211,6 +214,9 @@ key2 = value
</para>
</formalpara>
+ <para>
+ Valid options currently include: <emphasis>cyrus-imap</emphasis>
+ </para>
</listitem>
<listitem>
@@ -261,12 +267,12 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-base_dn_None">
<title><literal>base_dn</literal> (<emphasis>None</emphasis>)</title>
<para>
- This setting contains the absolute top-level that Kolab is allowed to use. While most commonly the same value as the root distinguished name (root dn) for the tree, for example <emphasis>dc=example,dc=org</emphasis> this just is not always the case.
+ This setting contains the absolute top-level that Kolab is allowed to use. While most commonly the same value as the root distinguished name (root dn) for the tree, <emphasis>dc=example,dc=org</emphasis> for example, this is not always the case.
</para>
</formalpara>
<para>
- Despite the fact that we can generate a domain-component oriented naming scheme base dn from the domain name space configured as or believed to be the primary domain, we require configuration of the overall base distinguished name (base dn) as LDAP trees may use a non-domain component oriented naming scheme, such as <emphasis>o=organization,c=nl</emphasis>, or use a different level of depth.
+ Despite the fact that Kolab can generate a domain-component oriented naming scheme base dn from the domain name space configured as or believed to be the primary domain, Kolab often requires the configuration of the overall base distinguished name (base dn) as LDAP trees may use a non-domain component oriented naming scheme, such as <emphasis>o=organization,c=nl</emphasis>, or use a different level of depth.
</para>
</listitem>
@@ -274,7 +280,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-bind_dn_None">
<title><literal>bind_dn</literal> (<emphasis>None</emphasis>)</title>
<para>
- The distinguished name of the account to use for bind operations. This is (or should be) part of a set of bind credentials used as a last resort only.
+ The distinguished name of the account to use for bind operations. This is part of a set of bind credentials used as a last resort only.
</para>
</formalpara>
@@ -300,20 +306,26 @@ key2 = value
</listitem>
<listitem>
- <formalpara id="form-Architecture_and_Design-ldap-auth_attrs_mail">
- <title><literal>auth_attrs</literal> (<emphasis>mail</emphasis>)</title>
+ <formalpara id="form-Architecture_and_Design-ldap-auth_attributes_mail">
+ <title><literal>auth_attributes</literal> (<emphasis>mail</emphasis>)</title>
<para>
- para
+ A comma- or comma-space separated list of entry attribute names of which the value is to be allowed as the login name during authentication.
</para>
</formalpara>
+ <para>
+ This enables an administrator to allow users to login with their entry's <literal>uid</literal> attribute value, in addition to their entry's <literal>mail</literal> attribute value.
+ </para>
+ <para>
+ Common attribute names in this list include: <literal>alias</literal>, <literal>mail</literal>, <literal>mailAlternateAddress</literal>, <literal>uid</literal>.
+ </para>
</listitem>
<listitem>
<formalpara id="form-Architecture_and_Design-ldap-quota_attribute_mailquota">
<title><literal>quota_attribute</literal> (<emphasis>mailquota</emphasis>)</title>
<para>
- para
+ The attribute to use for a user's mail quota.
</para>
</formalpara>
@@ -323,7 +335,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-mailserver_attribute_mailhost">
<title><literal>mailserver_attribute</literal> (<emphasis>mailhost</emphasis>)</title>
<para>
- para
+ The attribute to use for a user's mail server.
</para>
</formalpara>
@@ -333,27 +345,38 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-user_base_dn_base_dns">
<title><literal>user_base_dn</literal> (<emphasis>%(base_dn)s</emphasis>)</title>
<para>
- para
+ The base dn to use when searching for users.
</para>
</formalpara>
+ <para>
+ If not specified, the value of <xref linkend="form-Architecture_and_Design-ldap-base_dn_None" /> is used.
+ </para>
</listitem>
<listitem>
<formalpara id="form-Architecture_and_Design-ldap-user_filter_objectClass">
<title><literal>user_filter</literal> (<emphasis>(objectClass=*)</emphasis>)</title>
<para>
- para
+ The filter to use when searching for users.
</para>
</formalpara>
</listitem>
<listitem>
+ <formalpara>
+ <title><literal>user_name_attribute</literal> (<emphasis>uid</emphasis>)</title>
+ <para>
+ The RDN attribute name (and value) to use. The value for this configuration setting should use a globally unique attribute.
+ </para>
+ </formalpara>
+ </listitem>
+ <listitem>
<formalpara id="form-Architecture_and_Design-ldap-user_scope_sub">
<title><literal>user_scope</literal> (<emphasis>sub</emphasis>)</title>
<para>
- para
+ The scope to use when searching for users.
</para>
</formalpara>
@@ -363,17 +386,20 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-kolab_user_base_dn_base_dns">
<title><literal>kolab_user_base_dn</literal> (<emphasis>%(base_dn)s</emphasis>)</title>
<para>
- para
+ The base dn to use when searching for users of type 'kolab'.
</para>
</formalpara>
+ <para>
+ If not specified, the value of <xref linkend="form-Architecture_and_Design-ldap-user_base_dn_base_dns" /> is used.
+ </para>
</listitem>
<listitem>
<formalpara id="form-Architecture_and_Design-ldap-kolab_user_filter_objectClass">
<title><literal>kolab_user_filter</literal> (<emphasis>(objectClass=*)</emphasis>)</title>
<para>
- para
+ The filter to use when searching for users of type 'kolab'.
</para>
</formalpara>
@@ -383,7 +409,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-kolab_user_scope_sub">
<title><literal>kolab_user_scope</literal> (<emphasis>sub</emphasis>)</title>
<para>
- para
+ The scope to use when searching for users of type 'kolab'.
</para>
</formalpara>
@@ -393,7 +419,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-special_user_base_dn_base_dns">
<title><literal>special_user_base_dn</literal> (<emphasis>%(base_dn)s</emphasis>)</title>
<para>
- para
+ The base dn to use when searching for users of type 'special'.
</para>
</formalpara>
@@ -403,7 +429,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-special_user_filter_objectClass">
<title><literal>special_user_filter</literal> (<emphasis>(objectClass=*)</emphasis>)</title>
<para>
- para
+ The filter to use when searching for users of type 'special'.
</para>
</formalpara>
@@ -413,7 +439,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-special_user_scope_sub">
<title><literal>special_user_scope</literal> (<emphasis>sub</emphasis>)</title>
<para>
- para
+ The scope to use when searching for users of type 'special'.
</para>
</formalpara>
@@ -423,7 +449,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-group_base_dn_base_dns">
<title><literal>group_base_dn</literal> (<emphasis>%(base_dn)s</emphasis>)</title>
<para>
- para
+ The base dn to use when searching for groups.
</para>
</formalpara>
@@ -433,17 +459,25 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-group_filter_objectClass">
<title><literal>group_filter</literal> (<emphasis>(objectClass=*)</emphasis>)</title>
<para>
- para
+ The filter to use when searching for groups.
</para>
</formalpara>
</listitem>
<listitem>
+ <formalpara>
+ <title><literal>group_name_attribute</literal> (<emphasis>cn</emphasis>)</title>
+ <para>
+ The RDN attribute to use for groups. This should use a globally unique attribute.
+ </para>
+ </formalpara>
+ </listitem>
+ <listitem>
<formalpara id="form-Architecture_and_Design-ldap-group_scope_sub">
<title><literal>group_scope</literal> (<emphasis>sub</emphasis>)</title>
<para>
- para
+ The scope to use when searching for groups.
</para>
</formalpara>
@@ -453,7 +487,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-domain_base_dn_base_dns">
<title><literal>domain_base_dn</literal> (<emphasis>%(base_dn)s</emphasis>)</title>
<para>
- para
+ The base dn to use when searching for domains.
</para>
</formalpara>
@@ -463,7 +497,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-domain_filter_objectClass">
<title><literal>domain_filter</literal> (<emphasis>(objectClass=*)</emphasis>)</title>
<para>
- para
+ The filter to use when searching for domains.
</para>
</formalpara>
@@ -473,7 +507,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-domain_scope_sub">
<title><literal>domain_scope</literal> (<emphasis>sub</emphasis>)</title>
<para>
- para
+ The scope to use when searching for domains.
</para>
</formalpara>
@@ -483,7 +517,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-domain_name_attribute_associateddomain">
<title><literal>domain_name_attribute</literal> (<emphasis>associateddomain</emphasis>)</title>
<para>
- para
+ The naming attribute for domains. Results in the first value of the list of values contained within the attribute values for a single entry to be used as the Relative Distinguished Name (RDN).
</para>
</formalpara>
@@ -493,7 +527,7 @@ key2 = value
<formalpara id="form-Architecture_and_Design-ldap-domain_rootdn_attribute_inetdomainbasedn">
<title><literal>domain_rootdn_attribute</literal> (<emphasis>inetdomainbasedn</emphasis>)</title>
<para>
- para
+ The attribute that contains a reference to the root dn to use for the domain.
</para>
</formalpara>