Mandriva




General purpose

KDE LDAP backend is aimed to provide a ldap storage of all KDE environment parameters for users or groups of users. It should be able to provide some GPO like policy for KDE users.

For this to work, a patched kdelibs package is needed. The current patch is http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/corporate/cd4/devel/kdelibs/current/SOURCES/kdelibs-3.5.5-ldap-kconfig.patch?view=markup here, and it's included in Corporate Desktop 4.

Technical description

The LDAP server can host a tree at ou=KDEConfig,dc=example,dc=com with the following structure:

ou=KDEConfig ou=default ou=devela ou=marketing

… more profiles

Each user can be assigned to a specific profile via the seeAlso attribute. For example, if an user has this attribute in his/her entry (part of the kdeUser auxiliary object class):

kdeConfigEntry: ou=devel,ou=KDEConfig,dc=example,dc=com

then the devel profile is selected for that user. If the user has no specific profile assigned to him/her, then the default one is taken (ou=default).

Schema

The current schema for storing KDE configuration in LDAP is located here: http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/corporate/cs4/devel/openldap-mandriva-dit/current/kde.schema kde.schema

Activating the support

In order to enable this LDAP support, two things are needed:

  • a properly configured /etc/ldap.conf file, with at least host and base defined
  • environment variable KDELDAP exported with some value ("1")

Profiles

Each profile can have one or more entries, where each entry is for a specific KDE application/program. For example, the Proxy configuration is done in the kioslaverc entry, shown here as part of a profile called default:
dn: cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
objectClass: appConfig
cn: kioslaverc

dn: cn=Proxy Settings,cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
appname: kioslaverc
cn: Proxy Settings
immutable: TRUE
objectClass: appConfigSection
appconfigentry: ProxyType=1
appconfigentry: ftpProxy=
appconfigentry: httpProxy=http://proxy.conectiva.com.br:3128
appconfigentry: httpsProxy=
appconfigentry: NoProxyFor=.conectiva,localhost
appconfigentry: Proxy Config Script=
appconfigentry: ReversedException=false
In this situation:

  • an user with no profile would get the default settings
  • an user with a profile which DOES NOT have the kioslaverc entry would get the settings from the default profile
  • an user with a profile which DOES have the kioslaverc entry would get whatever that entry determines
If the immutable attribute is absent, or set to FALSE, then the configuration stored in local files is used instead of the LDAP one. If there is no ~/.kde, the default from the installed profile in /var/lib/mandriva/kde-profiles is used.

Creating configurations

There are two ways to create a configuration entry in LDAP:

  • converting an existing configuration
  • creating one with kconfigldap
An existing configuration in ~/.kde/share/config can be converted into LDIF format and then imported into LDAP. The configuration script is called http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/corporate/cs4/devel/openldap-mandriva-dit/current/SOURCES/kderc2ldif.sh?view=markup kderc2ldif.sh and is part of the http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/corporate/cs4/devel/openldap-mandriva-dit/current openldap-mandriva-dit package in Corporate Server 4.

Here is an example. Let's say we want to convert the kioslaverc file: '''~/.kde/share/config/kioslaverc:'''

Proxy Settings
NoProxyFor=localhost,.conectiva
Proxy Config Script=
ProxyType=1
ReversedException=false
ftpProxy=http://proxy.conectiva.com.br:3128
httpProxy=http://proxy.conectiva.com.br:3128
httpsProxy=http://proxy.conectiva.com.br:3128
The convert script will take the filename as its argument and send to stdout the corresponding ldif file

$ ~/kderc2ldif.sh ~/.kde/share/config/kioslaverc
dn: cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: kioslaverc
objectClass: appConfig
description: KDE configuration for kioslaverc

dn: cn=Proxy Settings,cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: Proxy Settings
objectClass: appConfigSection
appName: kioslaverc
appConfigEntry: NoProxyFor=localhost,.conectiva
appConfigEntry: Proxy Config Script=
appConfigEntry: ProxyType=1
appConfigEntry: ReversedException=false
appConfigEntry: ftpProxy=http://proxy.conectiva.com.br:3128
appConfigEntry: httpProxy=http://proxy.conectiva.com.br:3128
appConfigEntry: httpsProxy=http://proxy.conectiva.com.br:3128
This ldif data can then be imported into LDAP via ldapadd or some other means.

The second way of getting an ldif file is to run the http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/corporate/cd4/devel/cd4-kde-config/ kconfigldap application, part of Corporate Desktop 4. It will dump all possible configuration options from a KDE application into an ldif file which can be later imported into LDAP.

It is also possible to dump a XML file containing all configuration properties of a KDE application. The syntax is: DUMPCONFIG=1 KCONFIGXMLDIR= kde-application
Without KCONFIGXMLDIR, /tmp is assumed.

Real world scenarios

Fill this in with some examples of real world scenarios. This configuration is very low level, so it helps having templates for common cases which can just be loaded into LDAP and fine tuned by the administrator.

Some possible examples:

  • bookmarks
  • certificate handling (ksslpolicies)
  • etc

KMail

It is possible to store kmail's configuration in LDAP, but with a caveat: there is no sense in storing personal information there. For example, one should not store the username of an account, or else all users would attempt to use that same username.

A workaround is to store a blank username. This has the effect that the user will get a dialog box prompting for username and password when starting the application for the first time. If the immutable attribute is set, this will always happen. If it is not set, then the LDAP configuration will be taken as a first default only.

Below is an example setting up IMAP and SMTP accounts. This configuration is not mandatory, but will be presented to the user as a first default. As a result, upon fist login after account creation, kmail will be already configured, but not locked, to the company email servers

dn: cn=kmailrc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: kmailrc
description: KDE configuration for kmailrc
objectClass: appConfig

dn: cn=General,cn=kmailrc,ou=default,ou=KDEConfig,dc=example,dc=com
appconfigentry: accounts=1
appconfigentry: transports=1
appconfigentry: first-start=false
appname: kmailrc
cn: General
objectClass: appConfigSection

dn: cn=Transport 1,cn=kmailrc,ou=default,ou=KDEConfig,dc=example,dc=com
appconfigentry: auth=false
appconfigentry: authtype=PLAIN
appconfigentry: encryption=NONE
appconfigentry: host=fox.conectiva
appconfigentry: id=25615026
appconfigentry: localHostname=
appconfigentry: name=cnc-smtp
appconfigentry: port=25
appconfigentry: precommand=
appconfigentry: specifyHostname=false
appconfigentry: storepass=false
appconfigentry: type=smtp
appconfigentry: user=
appname: kmailrc
cn: Transport 1
objectClass: appConfigSection

dn: cn=Account 1,cn=kmailrc,ou=default,ou=KDEConfig,dc=example,dc=com
appconfigentry: Folder=
appconfigentry: Id=1719353373
appconfigentry: Name=cnc
appconfigentry: Type=imap
appconfigentry: auth=*
appconfigentry: auto-expunge=true
appconfigentry: check-exclude=false
appconfigentry: check-interval=0
appconfigentry: hidden-folders=false
appconfigentry: host=fox.conectiva
appconfigentry: listOnlyOpenFolders=false
appconfigentry: loadondemand=true
appconfigentry: login=
appconfigentry: port=143
appconfigentry: precommand=
appconfigentry: sieve-alternate-url=
appconfigentry: sieve-port=2000
appconfigentry: sieve-reuse-config=true
appconfigentry: sieve-support=true
appconfigentry: sieve-vacation-filename=
appconfigentry: store-passwd=false
appconfigentry: subscribed-folders=false
appconfigentry: trash=trash
appconfigentry: use-ssl=false
appconfigentry: use-tls=true
appname: kmailrc
cn: Account 1
objectClass: appConfigSection

Wallpaper

dn: cn=kdesktoprc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: kdesktoprc
objectClass: appConfig
description: KDE configuration for kdesktoprc

dn: cn=Desktop0,cn=kdesktoprc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: Desktop0
objectClass: appConfigSection
appName: kdesktoprc
appConfigEntry: Wallpaper=/usr/share/wallpapers/soft-green.jpg
appConfigEntry: WallpaperMode=Centred
immutable: TRUE

Screensaver

dn: cn=kdesktoprc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: kdesktoprc
objectClass: appConfig
description: KDE configuration for kdesktoprc

dn: cn=ScreenSaver,cn=kdesktoprc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: ScreenSaver
objectClass: appConfigSection
appName: kdesktoprc
appConfigEntry: LockGrace=60000
appConfigEntry: Saver=fiberlamp.desktop
immutable: TRUE

Proxy

dn: cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: kioslaverc
objectClass: appConfig
description: KDE configuration for kioslaverc

dn: cn=Proxy Settings,cn=kioslaverc,ou=default,ou=KDEConfig,dc=example,dc=com
cn: Proxy Settings
objectClass: appConfigSection
appName: kioslaverc
appConfigEntry: NoProxyFor=localhost,.conectiva
appConfigEntry: Proxy Config Script=
appConfigEntry: ProxyType=1
appConfigEntry: ReversedException=false
appConfigEntry: ftpProxy=http://proxy.conectiva.com.br:3128
appConfigEntry: httpProxy=http://proxy.conectiva.com.br:3128
appConfigEntry: httpsProxy=http://proxy.conectiva.com.br:3128

CD4 - General purpose
Version 1.3 last modified by Anne_0 on 08/05/2007 at 15:32

Corporate Desktop 4 Beta



Lost account?

Multilingualism

fr

 
Creator: Anne_0 on 08/05/2007 at 15:13
(c) Mandriva
1.1-SNAPSHOT.1715