GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  CPU.CONF (5)

NAME

cpu.conf - cpu configuration file

CONTENTS

Description
Global Options
Ldap Options
Passwd Options
See Also
Authors
Bugs
Todo

DESCRIPTION

This file stores all configurable options for CPU and CPU modules. You can specify the location of the configuration file at runtime by specifying the --config or -C command line switches (see cpu(8)). Each CPU module has its own configuration section, but they are all documented here. It is recommended that the config file have strict permissions such as 600. Please note that configuration options take the following format: option = value and section headers are of the format [HEADER]

GLOBAL OPTIONS

Global options should be under the section marked [GLOBAL]. All options under this section impact all operations.
DEFAULT_METHOD = method Specifies what the default administration method is. This value should be a string of either ldap or passwd.
CRACKLIB_DICTIONARY = file If CPU was compiled --with-libcrack file should be the location of cracklib_dict.

LDAP OPTIONS

LDAP options should be under the section marked [LDAP]. These options are only useful when DEFAULT_METHOD is set to ldap or when ldap was specified at the command line with the -M switch. These options are only used by the LDAP module.
LDAP_HOST = hostname hostname should be either the IP address or the hostname of the server running the LDAP directory that you wish to administer users on. This can be overridden with the -N command line switch.
LDAP_PORT = port port is the port that the LDAP server specified by LDAP_HOST is listening on. This value must be non negative. This can be overridden by the -P command line switch.
BIND_DN = dn dn should be the fully qualified DN of an LDAP entity with appropriate rights to perform any actions that you wish. This value can be overridden by the -D command line switch.
BIND_PASS = password password is the password of the entity specified by BIND_DN. This value is passed directly to the server, so it may be stored encrypted if your server supports this. This value can be overridden by the -w command line switch.
USER_BASE = base_dn base_dn is the base dn that users should be added to, search for, deleted from, or modified from. In general if you wish to add a user to the following dn: ou=users,o=company,c=us base_dn should be set to ou=users,o=company,c=us. If you set this value to o=company,c=us users will be added to that dn, although for searching purposes the scope is more broad. This value can be overridden at the command line with the -U switch.
GROUP_BASE = base_dn base_dn is the base dn that groups should be added to, search for, deleted from, or modified from. In general if you wish to add a group to the following dn: ou=group,o=company,c=us base_dn should be set to ou=group,o=company,c=us. If you set this value to o=company,c=us groups will be added to that dn, although for searching purposes the scope is more broad. This value can be overridden at the command line with the -B switch.
USER_OBJECT_CLASS = object_class
GROUP_OBJECT_CLASS = object_class object_class is a comma separated list of object classes that are required by your LDAP directories schema in order to add or modify users and groups. The default should be fine, consult your vendors documentation or contact cpu-users@lists.sourceforge.net if you have problems.
USER_FILTER = filter
GROUP_FILTER = filter filter is a filter that adhears to the following BNF:
        <filter> ::= ’(’ <filtercomp> ’)’
        <filtercomp> ::= <and> | <or> | <not> | <simple>
        <and> ::= ’&’ <filterlist>
        <or> ::= ’|’ <filterlist>
        <not> ::= ’!’ <filter>
        <filterlist> ::= <filter> | <filter> <filterlist>
        <simple> ::= <attributetype> <filtertype> <attributevalue>
        <filtertype> ::= ’=’ | ’~=’ | ’<=’ | ’>=’

These filters are utilized to locate users and groups, as well as to aid in finding new uid’s and gid’s.
USER_CN_STRING = string string is used during user creation. It allows you to specify the dn of the user. The dn becomes string=login,...
GROUP_CN_STRING = string string is used during group creation. It allows you to specify the dn of the group. The dn becomes string=groupname,...
TIMEOUT = timeout timeout should be a value in seconds and greater than 0. If unspecified the default is 60. This value determines the duration after which an operation should be aborted.

The following options are still used by the [LDAP] section, but are more user centric and less ldap centric.
SKEL_DIR = dir dir should be the path for a directory that files are to be copied from when -m is given at the command line. This value can be overridden by the -k command line switch.
DEFAULT_SHELL = shell The default name of the user’s login shell. This value can be overridden by the -s command line switch.
HOME_DIRECTORY = directory New users will be created using directory prepended to the users login name. If this variable is undefined, it must be specified at the command line with the -d switch. When specified at the command line that value is used for the users home directory.
MAX_UIDNUMBER = integer
MIN_UIDNUMBER = integer
MAX_GIDNUMBER = integer
MIN_GIDNUMBER = integer
ID_MAX_PASSES = integer These values control gid and uid generation. When a uid is not specified at the command line (for a useradd) these values are used for finding the next unused uid (random or linear). Similar for groupadd. These are pretty self evident. ID_MAX_PASSES is the number of times that a search should be performed before giving up.
RANDOM = true or false If RANDOM is true, then a random number will be generated and searched for (this number, if unused in the directory, will be the users uid or a groups gid). If a user or group with that ID exists, the process will continue for ID_MAX_PASSES. If true, a linear scan will be done starting at MIN_UIDNUMBER (or GIDNUMBER) and will not stop until an unused ID is found or the number of scans is equal to ID_MAX_PASSES. If random is false, only one query is done on the directory, but it may still be a bit slower then setting random to true in some cases.
USERGROUPS = yes or no The USERGROUPS can be either yes or no. If yes, each created user will be given their own group to use as a default. If no, each created user will be placed in the group whose gid is USER_GID.
USERS_GID = integer If USERGROUPS is no, then USERS_GID should be the GID of the group default is 100.
GECOS = string The default value for a user’s gecos field. This can be overridden at the command line with the -c switch.
PASSWORD_FILE = file The value should be a Unix style, passwd formatted file. In order to use this value the -F switch must be used at the command line. This value can be empty if a file is provided with the -F switch. In this case, the users attributes are taken from the file (if the user is found) and used in the LDAP entry.
SHADOW_FILE = file The value should be a Unix style, shadow formatted file. In order to use this value the -S switch must be used at the command line. This value can be empty if a file is provided with the -S switch. In this case, the users attributes are taken from the file (if the user is found) and used in the LDAP entry (including the password).
HASH = hash hash is a hash of either clear, crypt, sha1, ssha1, md5, or smd5 to be used when hashing user passwords. This is largely implementation dependent but all are supported. If you are taking passwords from a standard password file, this should be clear (I think, need to check...). This can be overridden at the command line with the -H switch.
SHADOWLASTCHANGE = integer
SHADOWMAX = integer
SHADOWWARING = integer
SHADOWEXPIRE = integer
SHADOWFLAG = integer
SHADOWMIN = integer
SHADOWINACTIVE = integer These values are better documented in shadow(3) and in shadow(5). These are not required by RFC2307 but are by some ldap authentication implementations. These values can only be specified here, or taken from an existing shadow file for the user.
ADD_SCRIPT = executable
DEL_SCRIPT = executable ADD_SCRIPT and DEL_SCRIPT work the same, however ADD_SCRIPT is used only for a useradd operation and DEL_SCRIPT is used only for a userdel operation. These can be overridden via the command line switch -X. If specified in the configuration file or at the command line, the script is executed after a successful useradd or userdel. The first argument to the script is the login name as specified at the command line.

PASSWD OPTIONS

Password options should be under the section marked [PASSWD]. These options are only useful when DEFAULT_METHOD is set to passwd or when passwd was specified at the command line with the -M switch. These options are only used by the passwd module. This module is not yet functional, so I won’t document the options.

SEE ALSO

cpu-ldap(8) cpu(8)

AUTHORS

Blake Matheny <bmatheny@purdue.edu>

The current version of this software is always availabe at http://cpu.sourceforge.net

BUGS

To report a bug or problem, please e-mail:

cpu-users@lists.sourceforge.net

TODO

See TODO file that accompanied software. Please e-mail us with any additional suggestions.
Search for    or go to Top of page |  Section 5 |  Main Index


--> CPU.CONF (5) 17 February 2003

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.