# $Id$ =head1 DESCRIPTION =head1 SPECIFIC SETUP PARAMTERS =head2 db_conn The C connection parameters, eg a semin colon separated paramaters containing the server, the database name, user and password, etc... =head2 no_pg_utf8 If set disable utf8 flags from postgresql. You can try this parameter if you have issue with non ascii value from database =head2 remove_old_dpmt By default when the department is changed on a user account it remains in the department group as a secondary department. Setting C to true in the config will force user removal from the group when department is changed. The user can still be added back later. =head2 ASyncDynData Don't compute dynamic attribute at commit but let syncManager do it asynchronously. =head2 monitored Allow to specify monitored attributes. Monitored attributes will have their value logued when changed. Can be specified multiple times: monitored=user.loginShell monitored=nethost.ip =head1 FEATURES =head2 Object Aliases It is possible to create object being simple alias to another, like symbolic on UNIX filesystem or mail alias. Thoses aliases objects are always resolved when propagating into other base. The referenced object can be easilly change and all the data related will be propagated. Only alias for object type C are supported at time. =head3 Usage Example: The typical exemple is for attribute C or attribute C. Instead setting them to C you can create an alias C and when C leave just change alias reference to C. =head2 Network managment Link::Accounts can build automatically some part of your DNS or DHCP configuration. To do this you have to create a C object. Such object need a type: =over 4 =item dns: to build a DNS zone for classic domain =item reverse: for reverse IP address (168.192.in-addr.arpa) =item dhcp: ISC dscpd configuration for fixed address =item puppet: puppet configuration =back The way it works is quite simple, each zone will make the code to write a file you can include in your server configuration. The match is done by looking the zone IP address masks and the host IPs. For example someone having a zone named C having masks C<192.168.5.0/24>, and having an host named C with IP C<192.168.5.3> and another host C with IP C<192.168.13.78>. The zone built will look likes: foo IN A 192.168.5.3 As you can see this DNS zone is not valid: the goal of such feature is to make the repetive work for us, not to manage the full zone (even such feature could be possible). The repetitive work is declaring the hundred computers our users have. The output will be happend to a template have the name of the zone suffixed by C<.in>. You can put in this template evering about the zone declaration (SOA, NS, TXT...). =head2 User endcircuit The C attribute contain the deadline for people to make admnistrative task when starting to work. If set this attribute take precedence to C attribute for computed attributes (C for Active Directory). Setting C option to the database disable this behavior and C attribute become informationnal only. =head2 User Employment The employment object allow you to set time when you're user have a status. This allow through 'Employment' module for la-sync-manager to automate changes. The synchronized attributes are: =over 4 =item C =item C =item C =item C =item C =item C =item C =back To avoid error when modifying user direclty when you're using employment those attribute become on user's side become read-only once an employment exists. You can change this beaviour using C parameter: By default it is impossible to modify or create past employment. This behavior can be changed by settings C parameter in base configuration. =over 4 =item any (default) Any existing employment lock those attribute, you must create another employment to change user status or delete all employements for this user. =item always The user's attribute are always locked =item never The user's attribute are always locked =item active Thoses attributes are locked is any employment are still active (ie unfinished or coming later). =item attribute=value Thoses attributes are read-only if the C given contains C, C<*> allow to match any value. =back When active users become out of any employment all managed attribute are unset (except the expire attribute). A default value for each of this attribute can be set in configuration using parameter in form C. For example C will set any C to C when no employment apply to user anymore. Only active accounts are modified in this way. =head3 User endEmployment This attribute compute the next day the user will leave the company according the employment object registered. The parameter C give the number of days to ignore when a hole exists between two employment. If no employment are found, if set the date given in C database parameter is returned. =head3 User endStrictEmployment This attribute compute the next day the user will leave the company according the employment object registered. It does not take C parameter into account. If no employment are found, if set the date given in C database parameter is returned. =head3 User endLastEmployment This attribute return the very last end of all registered employment fr this user. =head3 User endCurrentEmployment The end of the employment matching current date. =head3 Account Expiration When using employment, account expiration are set to match employment. By default the expiration is set to C value. This behaviour can be changed by setting C parameter into base definition: =over 4 =item any of endCurrentEmployment, endEmployment, endStrictEmployment, endLastEmployment =item never The expire date is left unchanged and must managed manually. =back =head2 Group AutoMemberFilter Group objects contains users members by setting either C or C attributes. Sometimes it can be usefull to have group automatically populated by arbitrary rules. This is possible by setting a filter in the C attribute, The filter format is the same the one used by L, the attribute is multivaluable. So for example one can create an account automatically a group containing people having "Olivier" as first name: autoMemberFilter: givenBame=Olivier A probably more usefull example is a group containing people from two others groups: autoMemberFilter: memberOf=group1 autoMemberFilter: memberOf=group2 The C or C attribute becomes read-only attribute once C attribute is set. =head2 Aliases AutoMemberFilter This attribute allow to create automatics dynamics aliases according filter rules exactly like L works. The C attributes is automatically set with email address of selected user, user w/o email address are ignored. =head2 Group AutoFromSutype Group object can be tagged with the C attribute. When C is set the group member will be computed from member of all groups having C set this value. The goal of this attribute is to setup magic group like with the C but working even a new group is created. =head2 Aliases AutoFromSutype This attribute allow to create automatics dynamics aliases according filter rules exactly like L works. The C attributes is automatically set with email address of selected user, user w/o email address are ignored. =head2 Statistics The application provide some statitics tools but they are only based on the current data inside the database and are unable to track delete data. To keep some mesurement you must use C objects to describe the data you want to track, and enable in L the C module. Each attribute of C object describe how data must but compute before being stored. =head3 Stat object Attributes =head4 description A label about this statistics object =head4 display IF set the statistic appear in the menu of the web interface =head4 otype The object type this stat is tracking, must be a supported object type =head4 filter One or multiple filter to limit the objects taking into account =head4 attribute The attribute fetch to compute data =head4 refFilter When the attribute reference another type of object this setting allow to filter to the matching referenced object. =head4 refAll When the attribute reference another type of object non exiting objects in the results appear as 0, otherwise they are ignored. =head4 aggregateFunction An optionnal operation to do on the data: =over 4 =item sum Make the sum of the result per item =item avg Make the average of the result per item =item count Count the number of item return =back =head4 delay The number of day between two run =head4 retention If set, the duration in days after which stats value must deleted