# $Id$ =head1 DESCRIPTION =head1 SPECIFIC SETUP PARAMTERS =head2 db_conn The C connection parameters, eg a semin colon separated paramaters containing the server, the database name, user and password, etc... =head2 no_pg_utf8 If set disable utf8 flags from postgresql. You can try this parameter if you have issue with non ascii value from database =head2 remove_old_dpmt By default when the department is changed on a user account it remains in the department group as a secondary department. Setting C to true in the config will force user removal from the group when department is changed. The user can still be added back later. =head1 FEATURES =head2 Object Aliases It is possible to create object being simple alias to another, like symbolic on UNIX filesystem or mail alias. Thoses aliases objects are always resolved when propagating into other base. The referenced object can be easilly change and all the data related will be propagated. Only alias for object type C are supported at time. =head3 Usage Example: The typical exemple is for attribute C or attribute C. Instead setting them to C you can create an alias C and when C leave just change alias reference to C. =head2 Network managment Link::Accounts can build automatically some part of your DNS or DHCP configuration. To do this you have to create a C object. Such object need a type: =over 4 =item dns: to build a DNS zone for classic domain =item reverse: for reverse IP address (168.192.in-addr.arpa) =item dhcp: ISC dscpd configuration for fixed address =item puppet: puppet configuration =back The way it works is quite simple, each zone will make the code to write a file you can include in your server configuration. The match is done by looking the zone IP address masks and the host IPs. For example someone having a zone named C having masks C<192.168.5.0/24>, and having an host named C with IP C<192.168.5.3> and another host C with IP C<192.168.13.78>. The zone built will look likes: foo IN A 192.168.5.3 As you can see this DNS zone is not valid: the goal of such feature is to make the repetive work for us, not to manage the full zone (even such feature could be possible). The repetitive work is declaring the hundred computers our users have. The output will be happend to a template have the name of the zone suffixed by C<.in>. You can put in this template evering about the zone declaration (SOA, NS, TXT...). =head2 User endcircuit The C attribute contain the deadline for people to make admnistrative task when starting to work. If set this attribute take precedence to C attribute for computed attributes (C for Active Directory). =head2 User Employment The employment object allow you to set time when you're user have a status. This allow through 'Employment' module for la-sync-manager to automate changes. The synchronized attributes are: =over 4 =item C =item C =item C =item C =item C =item C =item C =back To avoid error when modifying user direclty when you're using employment those attribute become on user's side become read-only once an employment exists. You can change this beaviour using C parameter: By default it is impossible to modify or create past employment. This behavior can be changed by settings C parameter in base configuration. =over 4 =item any (default) Any existing employment lock those attribute, you must create another employment to change user status or delete all employements for this user. =item always The user's attribute are always locked =item never The user's attribute are always locked =item active Thoses attributes are locked is any employment are still active (ie unfinished or coming later). =item attribute=value Thoses attributes are read-only if the C given contains C, C<*> allow to match any value. =back When active users become out of any employment all managed attribute are unset (except the expire attribute). A default value for each of this attribute can be set in configuration using parameter in form C. For example C will set any C to C when no employment apply to user anymore. Only active accounts are modified in this way. =head3 User endEmployment This attribute compute the next day the user will leave the company according the employment object registered. The parameter C give the number of days to ignore when a hole exists between two employment. If no employment are found, if set the date given in C database parameter is returned. =head3 User endStrictEmployment This attribute compute the next day the user will leave the company according the employment object registered. It does not take C parameter into account. If no employment are found, if set the date given in C database parameter is returned. =head3 User endLastEmployment This attribute return the very last end of all registered employment fr this user. =head3 User endCurrentEmployment The end of the employment matching current date. =head3 Account Expiration When using employment, account expiration are set to match employment. By default the expiration is set to C value. This behaviour can be changed by setting C parameter into base definition: =over 4 =item any of endCurrentEmployment, endEmployment, endStrictEmployment, endLastEmployment =item never The expire date is left unchanged and must managed manually. =back =head2 Group AutoMemberFilter Group objects contains users members by setting either C or C attributes. Sometimes it can be usefull to have group automatically populated by arbitrary rules. This is possible by setting a filter in the C attribute, The filter format is the same the one used by L, the attribute is multivaluable. So for example one can create an account automatically a group containing people having "Olivier" as first name: autoMemberFilter: givenBame=Olivier A probably more usefull example is a group containing people from two others groups: autoMemberFilter: memberOf=group1 autoMemberFilter: memberOf=group2 The C or C attribute becomes read-only attribute once C attribute is set. =head2 Aliases AutoMemberFilter This attribute allow to create automatics dynamics aliases according filter rules exactly like L works. The C attributes is automatically set with email address of selected user, user w/o email address are ignored. =head2 Group AutoFromSutype Group object can be tagged with the C attribute. When C is set the group member will be computed from member of all groups having C set this value. The goal of this attribute is to setup magic group like with the C but working even a new group is created. =head2 Aliases AutoFromSutype This attribute allow to create automatics dynamics aliases according filter rules exactly like L works. The C attributes is automatically set with email address of selected user, user w/o email address are ignored.