ActiveSambaLdap 0.0.7

data/NEWS.en

@@ -0,0 +1,40 @@
+= NEWS.en
+
+$Id: NEWS.en 163 2009-07-12 03:10:44Z kou $
+
+== 0.0.7: 2009-07-18
+
+* Supported ActiveLdap 1.1.0.
+
+== 0.0.6: 2008-06-18
+
+* Supported ActiveLdap 1.0.1.
+* Supported ActiveSupport 2.1.0.
+
+== 0.0.5: 2007-11-19
+
+* Supported Ruby/ActiveLdap 0.9.0.
+
+== 0.0.4: 2007-09-16
+
+* Supported Ruby/ActiveLdap 0.8.3.1.
+* Supported Ruby-GetText-Package.
+* scaffold_asl -> scaffold_active_samba_ldap
+* Improved Rails support.
+
+== 0.0.3: 2007-05-26
+
+* Fixed a typo of Ruby/ActiveLDAP's RubyGems name.
+* Supported Ruby/AtiveLDAP 0.8.2.
+* Integrated ActiveLdap::User, ActiveLdap::Computer and ActiveLdap::Group
+  with ActiveLdap::SambaUser, ActiveLdap::SambaComputer and
+  ActiveLdap::SambaGroup.
+
+== 0.0.2: 2007-01-29
+
+* Supported ActiveSupport 1.4.0.
+* Fixed a typo of Ruby/ActiveLDAP's RubyGems name.
+
+== 0.0.1: 2006-11-17
+
+* Initial release.

data/NEWS.ja

@@ -0,0 +1,44 @@
+= NEWS.ja
+
+$Id: NEWS.ja 163 2009-07-12 03:10:44Z kou $
+
+== 0.0.7: 2009-07-18
+
+* ActiveLdap 1.1.0対応。
+
+== 0.0.6: 2008-06-18
+
+* ActiveLdap 1.0.1対応。
+* ActiveSupport 2.1.0対応。
+
+== 0.0.5: 2007-11-19
+
+* Ruby/ActiveLdap 0.9.0対応。
+
+== 0.0.4: 2007-09-16
+
+* Ruby/ActiveLdap 0.8.3.1対応。
+* Ruby-GetText-Package対応。
+* scaffold_asl -> scaffold_active_samba_ldap
+* Rails対応を強化。
+
+== 0.0.3: 2007-05-26
+
+* Ruby/ActiveLDAPのRubyGems名を修正．
+* Ruby/ActiveLDAP 0.8.2対応。
+* ActiveSambaLdap::SambaUser,
+  ActiveSambaLdap::SambaComputer,
+  ActiveSambaLdap::SambaGroupを廃止し、
+  ActiveSambaLdap::User,
+  ActiveSambaLdap::Computer,
+  ActiveSambaLdap::Groupへ一本化。
+
+== 0.0.2: 2007-01-29
+
+* ActiveSupport 1.4.0のサポート．
+* Ruby/ActiveLDAPのRubyGems名を修正．
+
+== 0.0.1: 2006-11-17
+
+* 最初のリリース．
+

data/README.en

@@ -0,0 +1,366 @@
+= README.en
+
+$Id: README.en 160 2009-07-11 00:43:32Z kou $
+
+== Name
+
+ActiveSambaLdap
+
+== Description
+
+ActiveSambaLdap is a library and a management tool for Samba +
+LDAP environment.
+
+ActiveSambaLdap provides object-oriented API to manipulate
+LDAP entry for Samba. ActiveSambaLdap also provides
+command-line tools to replace smbldap-tools written by Perl.
+
+== Author
+
+Kouhei Sutou <tt><kou@clear-code.com></tt>
+
+== Licence
+
+Ruby's.
+
+== Dependency libraries
+
+* ActiveLdap >= 1.1.0
+
+== Install
+
+  % sudo gem install activesambaldap
+
+== Mailing list
+
+asl-devel@rubyforge.org
+
+http://rubyforge.org/mailman/listinfo/asl-devel/
+
+== Reference manual
+
+http://asl.rubyforge.org/activesambaldap/
+
+== Usage
+
+=== Use with Rails
+
+First, install ActiveSambaLdap plugin for Rails. And modify
+the following URL because the URL is for trunk.
+
+  % script/plugin install svn://rubyforge.org/var/svn/asl/trunk/rails/plugin/active_samba_ldap
+
+Next, scaffold the environment of ActiveSambaLdap for Rails.
+
+  % script/generate scaffold_active_samba_ldap
+
+Modify config/ldap.yml generated by
+scaffold_active_samba_ldap to adapt to your environment. See
+"Options in configuration file" section to find available
+options.
+
+==== Populate
+
+First, need to populate your Samba + LDAP environment.
+Access http://localhost:3000/samba after invoking Rails by
+script/server and so on. And populate your Samba + LDAP
+environment by following "Populate Samba + LDAP environment"
+link.
+
+And you can development your applications with
+User/Computer/Group classes. You can develop like with
+ActiveRecord.
+
+=== Use from command line
+
+Use asl-* commands. You'll don't use asl-samba-* commands
+from command line because they are for smb.conf.
+
+==== Configuration
+
+First, modify configuration file to adapt to your
+environment. You can confirm default configuration files by
+invoking asl-* commands with --help option. For example, you
+can use asl-populate.
+
+  % asl-populate --help
+  ...
+        --config=CONFIG              Specify configuration file
+                                     Default configuration files:
+                                       /etc/activesambaldap/config.yaml
+                                       /etc/activesambaldap/bind.yaml
+                                       /home/kou/.activesambaldap.conf
+                                       /home/kou/.activesambaldap.bind
+  ...
+
+Configuration files are read from the above files to the
+below files. Configurations are overridden by latter
+configuration files. In the above example, configuration
+files are read by the following order:
+
+* /etc/activesambaldap/config.yaml
+* /etc/activesambaldap/bind.yaml
+* /home/kou/.activesambaldap.conf
+* /home/kou/.activesambaldap.bind
+
+The reason why bind.yaml and *.bind are read after
+config.yaml and *.conf is for security. You should write
+opened configurations (host name, port number and so on)
+into config.yaml and *.conf, closed configurations (user
+name, password and so on) into bind.yaml and *.bind. And you
+should set suitable permission to bind.yaml and *.bind.
+
+==== Format of configuration file
+
+Use YAML format. There are three sections:
+
+  update:
+    # configurations for updating LDAP entries
+    ...
+
+  reference:
+    # configurations for referring LDAP entries
+    ...
+
+  common:
+    # configurations to share for updating/referring
+    ...
+
+For example:
+
+  common:
+    sid: S-1-5-21-915876905-2926214379-2876160357
+    base: dc=samba,dc=local,dc=net
+    host: localhost
+    method: :tls
+
+  update:
+    bind_dn: cn=admin,dc=local,dc=net
+    password: admin
+
+  reference:
+    allow_anonymous: true
+
+It's best that you write 'password' configuration into
+bind.yaml *.bind.
+
+You must configure 'base'. And you should configure
+'sid'. You can find your SID by the following command:
+
+  % sudo net getlocalsid
+
+It's inefficiency that sid isn't configured because 'net
+getlocalsid' is invoked each time.
+
+==== Options in configuration file
+
+The following options are available:
+
+[_base_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_host_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_port_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_scope_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_bind_dn_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_password_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_method_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+[_allow_anonymous_]
+   Same as the option of ActiveLdap::Base.setup_connection.
+
+[_sid_]
+   SID(Security Identifier) of your Samba server.
+[_smb_conf_]
+   The path of smb.conf for your Samba server.
+[_samba_domain_]
+   Domain name of your Samba server.
+[_samba_netbios_name_]
+   NetBIOS name of your Samba server.
+
+[_password_hash_type_]
+   Algorithm for hashing password in LDAP. Available
+   algorithms are +:crypt+, +:md5+, +:smd5+, +:sha+ and
+   +:ssha+.
+
+   Password in LDAP is used for recognition in UNIX not Samba.
+
+   Default algorithm: +:ssha+
+
+[_users_suffix_]
+   Tree for user entries in LDAP. Specify relative path for
+   base.
+
+   For example: <tt>"ou=Users"</tt>
+
+[_groups_suffix_]
+   Tree for group entries in LDAP. Specify relative path for
+   base.
+
+   For example: <tt>"ou=Groups"</tt>
+
+[_computers_suffix_]
+   Tree for computer entries in LDAP. Specify relative path for
+   base.
+
+   For example: <tt>"ou=Computers"</tt>
+
+[_idmap_suffix_]
+   Tree for idmap entries in LDAP. Specify relative path for
+   base.
+
+   For example: <tt>"ou=Idmap"</tt>
+
+[_start_uid_]
+   UID (User Identifier) for making new user. Next new
+   user's default UID is incremented after making new
+   user.
+
+   Default: <tt>10000</tt>
+
+[_start_gid_]
+   GID (Group Identifier) for making new group. Next new
+   group's default GID is incremented after making new
+   group.
+
+   Default: <tt>10000</tt>
+
+[_user_login_shell_]
+   Default login shell for new user.
+
+   Default: <tt>"/bin/false"</tt>
+
+[_user_home_directory_]
+   Default home directory for new user. %U is substituted
+   with the user name.
+
+   Default: <tt>"/home/%U"<tt>
+[_user_home_directory_mode_]
+   Default permission of user's home directory.
+
+   Default: <tt>0755</tt> (octal notation)
+
+[_user_gecos_]
+   Default GECOS field value for new user. %U is substituted
+   with user name.
+
+[_user_home_unc_]
+   Default path for user's home in Windows. The path should
+   be specified by UNC (Universal Naming Convention). %U is
+   substituted with user name.
+
+   Default: <tt>"\\\\NetBIOS name of your Samba server\\%U"</tt>.
+
+[_user_profile_]
+   Default path of user profile specified by
+   UNC (Universal Naming Convention). %U is substituted by
+   the user name.
+
+   Default: <tt>"\\\\NetBIOS name Samba server\\profiles\\%U"</tt>
+
+[_user_home_drive_]
+   Default drive name of user's home.
+
+   Default: <tt>"H:"<tt>
+
+[_user_logon_script_]
+   Default script name that is invoked when user
+   logon.
+
+   Default: <tt>"logon.bat"</tt>
+
+[_skeleton_directory_]
+   Default skeleton directory for making user's home
+   directory.
+
+   Default: <tt>"/etc/skel"</tt>
+
+[_default_user_gid_]
+   Default GID of group to which user belongs.
+
+   Default: <tt>"Domain Users"</tt> group
+
+[_default_computer_gid_]
+   Default GID of group to which computer belongs.
+
+   Default: <tt>"Domain Computers"</tt> group
+
+==== Populate
+
+You need to populate your Samba + LDAP environment by
+invoking asl-populate before administrate your Samba + LDAP
+with asl-*.
+
+  % sudo asl-populate
+
+You can use the following command if you don't need to root
+authorization. (root authorization check may be needed...)
+
+  % fakeroot asl-populate
+
+==== Administrate
+
+Use asl-user*, asl-group*, asl-populate,
+asl-purge and asl-password. Use --help options for more detail.
+
+==== Configuration of smb.conf
+
+You need to configure you smb.conf like the following if you
+want to administrate with
+Srvtools[http://support.microsoft.com/kb/173673/]
+from Windows or make Samba server domain controller.
+Use asl-samba-* for those propose.
+
+  passdb backend = ldapsam:ldap://127.0.0.0
+  ldap admin dn = cn=admin,dc=local,dc=net
+  ldap suffix = dc=samba,dc=local,dc=net
+  ldap user suffix = ou=Users
+  ldap group suffix = ou=Groups
+  ldap machine suffix = ou=Computers
+  ldap idmap suffix = ou=Idmap
+  ldap passwd sync = yes
+
+  admin users = "@Domain Admins"
+  add user script = /.../asl-samba-useradd "%u"
+  delete user script = /.../asl-samba-userdel "%u"
+  add group script = /.../asl-samba-groupadd "%g"
+  delete group script = /.../asl-samba-groupdel "%g"
+  add user to group script = /.../asl-samba-groupmod "%g" --add-members "%u"
+  delete user from group script = /.../asl-samba-groupmod "%g" --delete-members "%u"
+  set primary group script = /.../asl-samba-usermod "%u" --gid "%g"
+  add machine script = /.../asl-samba-computeradd "%u"
+
+You need to set LDAP administrator password by the following
+command before invoke your Samba server.
+
+  % sudo /usr/bin/smbpasswd -W
+
+== Trouble shootings
+
+=== Groups aren't listed
+
+You can list groups by the following command:
+
+  % net rpc group list --user=USER_NAME
+
+If no groups listed by the above command after you execute
+asl-populate, please confirm the following:
+
+* Is your samba.schema old?
+
+  If your sambaSID entry in your samba.schema doesn't have
+  the following configuration, your samba.schema may be old.
+  Please update your samba.schema.
+
+    SUBSTR caseExactIA5SubstringsMatch
+
+== Thanks
+
+* Henrik Krög: He reported some bugs.
+* Olivier DIRRENBERGER: He reported a bug.
+* Francesco Malvezzi: He reported some bugs.
+* Kazuhiro NISHIYAMA: He reported some bugs.