[1073] | 1 | # $Id$ |
---|
| 2 | |
---|
| 3 | =head1 DESCRIPTION |
---|
| 4 | |
---|
| 5 | =head1 SPECIFIC SETUP PARAMTERS |
---|
| 6 | |
---|
| 7 | =head2 db_conn |
---|
| 8 | |
---|
| 9 | The C<libpq> connection parameters, eg a semin colon separated paramaters |
---|
| 10 | containing the server, the database name, user and password, etc... |
---|
| 11 | |
---|
[1835] | 12 | =head2 no_pg_utf8 |
---|
| 13 | |
---|
| 14 | If set disable utf8 flags from postgresql. You can try this parameter if you |
---|
| 15 | have issue with non ascii value from database |
---|
| 16 | |
---|
[1628] | 17 | =head2 remove_old_dpmt |
---|
| 18 | |
---|
| 19 | By default when the department is changed on a user account it remains in the |
---|
| 20 | department group as a secondary department. |
---|
| 21 | |
---|
| 22 | Setting C<remove_old_dpmt> to true in the config will force user removal from |
---|
| 23 | the group when department is changed. |
---|
| 24 | The user can still be added back later. |
---|
| 25 | |
---|
[2189] | 26 | =head2 ASyncDynData |
---|
| 27 | |
---|
| 28 | Don't compute dynamic attribute at commit but let syncManager do it |
---|
| 29 | asynchronously. |
---|
| 30 | |
---|
[2260] | 31 | =head2 monitored |
---|
| 32 | |
---|
| 33 | Allow to specify monitored attributes. Monitored attributes will have their |
---|
| 34 | value logued when changed. |
---|
| 35 | |
---|
| 36 | Can be specified multiple times: |
---|
| 37 | |
---|
| 38 | monitored=user.loginShell |
---|
| 39 | monitored=nethost.ip |
---|
| 40 | |
---|
[1135] | 41 | =head1 FEATURES |
---|
| 42 | |
---|
[1884] | 43 | =head2 Object Aliases |
---|
| 44 | |
---|
| 45 | It is possible to create object being simple alias to another, like symbolic on |
---|
| 46 | UNIX filesystem or mail alias. |
---|
| 47 | |
---|
| 48 | Thoses aliases objects are always resolved when propagating into other base. |
---|
| 49 | The referenced object can be easilly change and all the data related will be |
---|
| 50 | propagated. |
---|
| 51 | |
---|
| 52 | Only alias for object type C<User> are supported at time. |
---|
| 53 | |
---|
| 54 | =head3 Usage Example: |
---|
| 55 | |
---|
| 56 | The typical exemple is for attribute C<manager> or attribute C<managedBy>. |
---|
| 57 | Instead setting them to C<John> you can create an alias C<Director> and when |
---|
| 58 | C<John> leave just change alias reference to C<Bill>. |
---|
| 59 | |
---|
[1323] | 60 | =head2 Network managment |
---|
| 61 | |
---|
| 62 | Link::Accounts can build automatically some part of your DNS or DHCP |
---|
| 63 | configuration. |
---|
| 64 | |
---|
| 65 | To do this you have to create a C<netzone> object. Such object need a type: |
---|
| 66 | |
---|
| 67 | =over 4 |
---|
| 68 | |
---|
| 69 | =item dns: to build a DNS zone for classic domain |
---|
| 70 | |
---|
| 71 | =item reverse: for reverse IP address (168.192.in-addr.arpa) |
---|
| 72 | |
---|
| 73 | =item dhcp: ISC dscpd configuration for fixed address |
---|
| 74 | |
---|
| 75 | =item puppet: puppet configuration |
---|
| 76 | |
---|
[1356] | 77 | =back |
---|
[1323] | 78 | |
---|
| 79 | The way it works is quite simple, each zone will make the code to write a file |
---|
| 80 | you can include in your server configuration. The match is done by looking the |
---|
| 81 | zone IP address masks and the host IPs. |
---|
| 82 | |
---|
| 83 | For example someone having a zone named C<private.mydomain.com> having masks |
---|
| 84 | C<192.168.5.0/24>, and having an host named C<foo> with IP C<192.168.5.3> and |
---|
| 85 | another host C<bar> with IP C<192.168.13.78>. The zone built will look likes: |
---|
| 86 | |
---|
| 87 | foo IN A 192.168.5.3 |
---|
| 88 | |
---|
| 89 | As you can see this DNS zone is not valid: the goal of such feature is to make |
---|
| 90 | the repetive work for us, not to manage the full zone (even such feature could |
---|
| 91 | be possible). The repetitive work is declaring the hundred computers our users |
---|
| 92 | have. |
---|
| 93 | |
---|
| 94 | The output will be happend to a template have the name of the zone suffixed by |
---|
| 95 | C<.in>. You can put in this template evering about the zone declaration (SOA, |
---|
| 96 | NS, TXT...). |
---|
| 97 | |
---|
[1348] | 98 | =head2 User endcircuit |
---|
| 99 | |
---|
| 100 | The C<endcircuit> attribute contain the deadline for people to make |
---|
| 101 | admnistrative task when starting to work. |
---|
| 102 | If set this attribute take precedence to C<expire> attribute for computed |
---|
| 103 | attributes (C<accountExpires> for Active Directory). |
---|
| 104 | |
---|
[2156] | 105 | Setting C<endCircuitdontExpire> option to the database disable this behavior and |
---|
| 106 | C<endcircuit> attribute become informationnal only. |
---|
| 107 | |
---|
[1524] | 108 | =head2 User Employment |
---|
[1508] | 109 | |
---|
[1524] | 110 | The employment object allow you to set time when you're user have a status. This |
---|
| 111 | allow through 'Employment' module for la-sync-manager to automate changes. |
---|
| 112 | |
---|
| 113 | The synchronized attributes are: |
---|
| 114 | |
---|
| 115 | =over 4 |
---|
| 116 | |
---|
| 117 | =item C<company> |
---|
| 118 | |
---|
[1864] | 119 | =item C<employer> |
---|
| 120 | |
---|
[1524] | 121 | =item C<department> |
---|
| 122 | |
---|
| 123 | =item C<contratType> |
---|
| 124 | |
---|
| 125 | =item C<managerContact> |
---|
| 126 | |
---|
| 127 | =item C<expire> |
---|
| 128 | |
---|
| 129 | =item C<endcircuit> |
---|
| 130 | |
---|
| 131 | =back |
---|
| 132 | |
---|
| 133 | To avoid error when modifying user direclty when you're using employment those |
---|
| 134 | attribute become on user's side become read-only once an employment exists. |
---|
| 135 | |
---|
| 136 | You can change this beaviour using C<employment_lock_user> parameter: |
---|
| 137 | |
---|
[1834] | 138 | By default it is impossible to modify or create past employment. This behavior |
---|
| 139 | can be changed by settings C<allow_pasted_employment> parameter in base |
---|
| 140 | configuration. |
---|
| 141 | |
---|
[1524] | 142 | =over 4 |
---|
| 143 | |
---|
| 144 | =item any (default) |
---|
| 145 | |
---|
| 146 | Any existing employment lock those attribute, you must |
---|
| 147 | create another employment to change user status or delete all employements for |
---|
| 148 | this user. |
---|
| 149 | |
---|
| 150 | =item always |
---|
| 151 | |
---|
| 152 | The user's attribute are always locked |
---|
| 153 | |
---|
| 154 | =item never |
---|
| 155 | |
---|
| 156 | The user's attribute are always locked |
---|
| 157 | |
---|
| 158 | =item active |
---|
| 159 | |
---|
| 160 | Thoses attributes are locked is any employment are still active (ie unfinished |
---|
| 161 | or coming later). |
---|
| 162 | |
---|
| 163 | =item attribute=value |
---|
| 164 | |
---|
| 165 | Thoses attributes are read-only if the C<attribute> given contains C<value>, |
---|
| 166 | C<*> allow to match any value. |
---|
| 167 | |
---|
[1528] | 168 | =back |
---|
| 169 | |
---|
[1576] | 170 | When active users become out of any employment all managed attribute are unset |
---|
| 171 | (except the expire attribute). |
---|
| 172 | |
---|
| 173 | A default value for each of this attribute can be set in configuration using |
---|
| 174 | parameter in form C<unemployment.ATTRIBUTE>. For example |
---|
| 175 | C<unemployment.contratType=external> will set any C<contratType> to C<external> |
---|
| 176 | when no employment apply to user anymore. |
---|
| 177 | |
---|
| 178 | Only active accounts are modified in this way. |
---|
| 179 | |
---|
[1524] | 180 | =head3 User endEmployment |
---|
| 181 | |
---|
[1514] | 182 | This attribute compute the next day the user will leave the company according |
---|
[1508] | 183 | the employment object registered. |
---|
| 184 | |
---|
| 185 | The parameter C<employment_delay> give the number of days to ignore when a hole |
---|
[1514] | 186 | exists between two employment. |
---|
[1508] | 187 | |
---|
[1590] | 188 | If no employment are found, if set the date given in C<unemployed_expire> |
---|
| 189 | database parameter is returned. |
---|
| 190 | |
---|
[1524] | 191 | =head3 User endStrictEmployment |
---|
[1514] | 192 | |
---|
| 193 | This attribute compute the next day the user will leave the company according |
---|
| 194 | the employment object registered. |
---|
| 195 | |
---|
| 196 | It does not take C<employment_delay> parameter into account. |
---|
| 197 | |
---|
[1522] | 198 | If no employment are found, if set the date given in C<unemployed_expire> |
---|
| 199 | database parameter is returned. |
---|
| 200 | |
---|
[1524] | 201 | =head3 User endLastEmployment |
---|
[1514] | 202 | |
---|
| 203 | This attribute return the very last end of all registered employment fr this |
---|
| 204 | user. |
---|
| 205 | |
---|
[1524] | 206 | =head3 User endCurrentEmployment |
---|
[1522] | 207 | |
---|
| 208 | The end of the employment matching current date. |
---|
| 209 | |
---|
[1577] | 210 | =head3 Account Expiration |
---|
| 211 | |
---|
| 212 | When using employment, account expiration are set to match employment. By |
---|
| 213 | default the expiration is set to C<endEmployment> value. |
---|
| 214 | |
---|
| 215 | This behaviour can be changed by setting C<expireOn> parameter into base |
---|
| 216 | definition: |
---|
| 217 | |
---|
| 218 | =over 4 |
---|
| 219 | |
---|
| 220 | =item any of endCurrentEmployment, endEmployment, endStrictEmployment, endLastEmployment |
---|
| 221 | |
---|
| 222 | =item never |
---|
| 223 | |
---|
| 224 | The expire date is left unchanged and must managed manually. |
---|
| 225 | |
---|
| 226 | =back |
---|
| 227 | |
---|
[1135] | 228 | =head2 Group AutoMemberFilter |
---|
| 229 | |
---|
| 230 | Group objects contains users members by setting either C<members> or |
---|
| 231 | C<memberUID> attributes. |
---|
| 232 | |
---|
| 233 | Sometimes it can be usefull to have group automatically populated by arbitrary |
---|
| 234 | rules. |
---|
| 235 | |
---|
| 236 | This is possible by setting a filter in the C<autoMemberFilter> attribute, |
---|
| 237 | The filter format is the same the one used by L<la-search>, the attribute is |
---|
| 238 | multivaluable. |
---|
| 239 | |
---|
| 240 | So for example one can create an account automatically a group containing people |
---|
| 241 | having "Olivier" as first name: |
---|
| 242 | |
---|
| 243 | autoMemberFilter: givenBame=Olivier |
---|
| 244 | |
---|
| 245 | A probably more usefull example is a group containing people from two others |
---|
| 246 | groups: |
---|
| 247 | |
---|
| 248 | autoMemberFilter: memberOf=group1 |
---|
| 249 | autoMemberFilter: memberOf=group2 |
---|
| 250 | |
---|
| 251 | The C<members> or C<memberUID> attribute becomes read-only attribute once |
---|
| 252 | C<autoMemberFilter> attribute is set. |
---|
[1490] | 253 | |
---|
| 254 | =head2 Aliases AutoMemberFilter |
---|
| 255 | |
---|
| 256 | This attribute allow to create automatics dynamics aliases according filter |
---|
| 257 | rules exactly like L<Group AutoMemberFilter> works. |
---|
| 258 | |
---|
| 259 | The C<forward> attributes is automatically set with email address of selected |
---|
| 260 | user, user w/o email address are ignored. |
---|
[1782] | 261 | |
---|
| 262 | =head2 Group AutoFromSutype |
---|
| 263 | |
---|
| 264 | Group object can be tagged with the C<sutype> attribute. |
---|
| 265 | |
---|
| 266 | When C<autoFromSutype> is set the group member will be computed from member of |
---|
| 267 | all groups having C<sutype> set this value. |
---|
| 268 | |
---|
| 269 | The goal of this attribute is to setup magic group like with the |
---|
| 270 | C<autoMemberFilter> but working even a new group is created. |
---|
| 271 | |
---|
| 272 | =head2 Aliases AutoFromSutype |
---|
| 273 | |
---|
| 274 | This attribute allow to create automatics dynamics aliases according filter |
---|
[1784] | 275 | rules exactly like L<Group AutoFromSutype> works. |
---|
[1782] | 276 | |
---|
| 277 | The C<forward> attributes is automatically set with email address of selected |
---|
| 278 | user, user w/o email address are ignored. |
---|
[1933] | 279 | |
---|
| 280 | =head2 Statistics |
---|
| 281 | |
---|
| 282 | The application provide some statitics tools but they are only based on the |
---|
| 283 | current data inside the database and are unable to track delete data. |
---|
| 284 | |
---|
| 285 | To keep some mesurement you must use C<stat> objects to describe the data you |
---|
| 286 | want to track, and enable in L<la-sync-manager.ini> the C<Stats> module. |
---|
| 287 | |
---|
| 288 | Each attribute of C<Stat> object describe how data must but compute before being |
---|
| 289 | stored. |
---|
| 290 | |
---|
| 291 | =head3 Stat object Attributes |
---|
| 292 | |
---|
| 293 | =head4 description |
---|
| 294 | |
---|
| 295 | A label about this statistics object |
---|
| 296 | |
---|
| 297 | =head4 display |
---|
| 298 | |
---|
| 299 | IF set the statistic appear in the menu of the web interface |
---|
| 300 | |
---|
| 301 | =head4 otype |
---|
| 302 | |
---|
| 303 | The object type this stat is tracking, must be a supported object type |
---|
| 304 | |
---|
| 305 | =head4 filter |
---|
| 306 | |
---|
| 307 | One or multiple filter to limit the objects taking into account |
---|
| 308 | |
---|
| 309 | =head4 attribute |
---|
| 310 | |
---|
| 311 | The attribute fetch to compute data |
---|
| 312 | |
---|
| 313 | =head4 refFilter |
---|
| 314 | |
---|
| 315 | When the attribute reference another type of object this setting allow to |
---|
| 316 | filter to the matching referenced object. |
---|
| 317 | |
---|
| 318 | =head4 refAll |
---|
| 319 | |
---|
| 320 | When the attribute reference another type of object non exiting objects in |
---|
| 321 | the results appear as 0, otherwise they are ignored. |
---|
| 322 | |
---|
| 323 | =head4 aggregateFunction |
---|
| 324 | |
---|
| 325 | An optionnal operation to do on the data: |
---|
| 326 | |
---|
| 327 | =over 4 |
---|
| 328 | |
---|
| 329 | =item sum |
---|
| 330 | |
---|
| 331 | Make the sum of the result per item |
---|
| 332 | |
---|
| 333 | =item avg |
---|
| 334 | |
---|
| 335 | Make the average of the result per item |
---|
| 336 | |
---|
| 337 | =item count |
---|
| 338 | |
---|
| 339 | Count the number of item return |
---|
| 340 | |
---|
| 341 | =back |
---|
| 342 | |
---|
| 343 | =head4 delay |
---|
| 344 | |
---|
| 345 | The number of day between two run |
---|
| 346 | |
---|
[1937] | 347 | =head4 retention |
---|
| 348 | |
---|
| 349 | If set, the duration in days after which stats value must deleted |
---|