bionic (5) cpu.conf.5.gz

Provided by: cpu_1.4.3-12_amd64 bug

NAME

       cpu.conf - cpu configuration file

DESCRIPTION

       This  file  stores  all configurable options for CPU and CPU modules. You can specify the location of the
       configuration file at runtime by specifying the --config or -C command line switches (see  cpu(8)).  Each
       CPU  module  has  its own configuration section, but they are all documented here. It is recommended that
       the config file have strict permissions such as 600. Please note  that  configuration  options  take  the
       following format: option = value and section headers are of the format [HEADER]

GLOBAL OPTIONS

       Global  options  should  be  under the section marked [GLOBAL]. All options under this section impact all
       operations.

       DEFAULT_METHOD = method
              Specifies what the default administration method is. This value should be a string of either  ldap
              or passwd.

       CRACKLIB_DICTIONARY = file
              If CPU was compiled --with-libcrack file should be the location of cracklib_dict.

LDAP OPTIONS

       LDAP  options  should  be  under  the  section  marked  [LDAP].   These  options  are  only  useful  when
       DEFAULT_METHOD is set to ldap or when ldap was specified at the command line with the  -M  switch.  These
       options are only used by the LDAP module.

       LDAP_HOST = hostname
              hostname  should be either the IP address or the hostname of the server running the LDAP directory
              that you wish to administer users on. This can be overridden with the -N command line switch.

       LDAP_PORT = port
              port is the port that the LDAP server specified by LDAP_HOST is listening on. This value  must  be
              non negative. This can be overridden by the -P command line switch.

       BIND_DN = dn
              dn  should  be  the  fully  qualified  DN of an LDAP entity with appropriate rights to perform any
              actions that you wish. This value can be overridden by the -D command line switch.

       BIND_PASS = password
              password is the password of the entity specified by BIND_DN. This value is passed directly to  the
              server,  so  it may be stored encrypted if your server supports this. This value can be overridden
              by the -w command line switch.

       USER_BASE = base_dn
              base_dn is the base dn that users should be added to, search for, deleted from, or modified  from.
              In  general  if you wish to add a user to the following dn: ou=users,o=company,c=us base_dn should
              be set to ou=users,o=company,c=us. If you set this value to o=company,c=us users will be added  to
              that dn, although for searching purposes the scope is more broad.  This value can be overridden at
              the command line with the -U switch.

       GROUP_BASE = base_dn
              base_dn is the base dn that groups should be added to, search for, deleted from, or modified from.
              In  general if you wish to add a group to the following dn: ou=group,o=company,c=us base_dn should
              be set to ou=group,o=company,c=us. If you set this value to o=company,c=us groups will be added to
              that dn, although for searching purposes the scope is more broad.  This value can be overridden at
              the command line with the -B switch.

       USER_OBJECT_CLASS = object_class

       GROUP_OBJECT_CLASS = object_class
              object_class is a comma  separated  list  of  object  classes  that  are  required  by  your  LDAP
              directories schema in order to add or modify users and groups. The default should be fine, consult
              your vendors documentation or contact cpu-users@lists.sourceforge.net if you have problems.

       USER_FILTER = filter

       GROUP_FILTER = filter
              filter is a filter that adhears to the following BNF:
                      <filter> ::= '(' <filtercomp> ')'
                      <filtercomp> ::= <and> | <or> | <not> | <simple>
                      <and> ::= '&' <filterlist>
                      <or> ::= '|' <filterlist>
                      <not> ::= '!' <filter>
                      <filterlist> ::= <filter> | <filter> <filterlist>
                      <simple> ::= <attributetype> <filtertype> <attributevalue>
                      <filtertype> ::= '=' | '~=' | '<=' | '>='
              These filters are utilized to locate users and groups, as well as to aid in finding new uid's  and
              gid's.

       USER_CN_STRING = string
              string  is  used during user creation. It allows you to specify the dn of the user. The dn becomes
              string=login,...

       GROUP_CN_STRING = string
              string is used during group creation. It allows you to specify the dn of the group. The dn becomes
              string=groupname,...

       TIMEOUT = timeout
              timeout  should  be  a value in seconds and greater than 0. If unspecified the default is 60. This
              value determines the duration after which an operation should be aborted.

       The following options are still used by the [LDAP] section, but are  more  user  centric  and  less  ldap
       centric.

       SKEL_DIR = dir
              dir  should  be  the path for a directory that files are to be copied from when -m is given at the
              command line. This value can be overridden by the -k command line switch.

       DEFAULT_SHELL = shell
              The default name of the user's login shell. This value can be overridden by the  -s  command  line
              switch.

       HOME_DIRECTORY = directory
              New  users  will be created using directory prepended to the users login name. If this variable is
              undefined, it must be specified at the command line with the -d  switch.  When  specified  at  the
              command line that value is used for the users home directory.

       MAX_UIDNUMBER = integer

       MIN_UIDNUMBER = integer

       MAX_GIDNUMBER = integer

       MIN_GIDNUMBER = integer

       ID_MAX_PASSES = integer
              These  values control gid and uid generation. When a uid is not specified at the command line (for
              a useradd) these values are used for finding the next unused uid (random or linear).  Similar  for
              groupadd. These are pretty self evident. ID_MAX_PASSES is the number of times that a search should
              be performed before giving up.

       RANDOM = true or false
              If RANDOM is true, then a random number will be generated and searched for (this number, if unused
              in  the directory, will be the users uid or a groups gid). If a user or group with that ID exists,
              the process will continue for ID_MAX_PASSES. If true, a linear  scan  will  be  done  starting  at
              MIN_UIDNUMBER  (or GIDNUMBER) and will not stop until an unused ID is found or the number of scans
              is equal to ID_MAX_PASSES. If random is false, only one query is done on the directory, but it may
              still be a bit slower then setting random to true in some cases.

       USERGROUPS =  yes or no
              The USERGROUPS can be either yes or no. If yes, each created user will be given their own group to
              use as a default. If no, each created user will be placed in the group whose gid is USER_GID.

       USERS_GID =  integer
              If USERGROUPS is no, then USERS_GID should be the GID of the  group  ´users´  (or  the  equivalent
              group) on your system. If this is unspecified, the default is 100.

       GECOS = string
              The default value for a user's gecos field. This can be overridden at the command line with the -c
              switch.

       PASSWORD_FILE = file
              The value should be a Unix style, passwd formatted file. In order to use this value the -F  switch
              must  be  used  at  the  command  line.  This value can be empty if a file is provided with the -F
              switch. In this case, the users attributes are taken from the file (if the user is found) and used
              in the LDAP entry.

       SHADOW_FILE = file
              The  value should be a Unix style, shadow formatted file. In order to use this value the -S switch
              must be used at the command line. This value can be empty if  a  file  is  provided  with  the  -S
              switch. In this case, the users attributes are taken from the file (if the user is found) and used
              in the LDAP entry (including the password).

       HASH = hash
              hash is a hash of either clear, md5crypt, crypt, sha1, ssha1, md5, or smd5 to be used when hashing
              user  passwords. This is largely implementation dependent but all are supported. If you are taking
              passwords from a standard password file, this should be clear (I think, need  to  check...).  This
              can be overridden at the command line with the -H switch.

       SHADOWLASTCHANGE = integer

       SHADOWMAX = integer

       SHADOWWARING = integer

       SHADOWEXPIRE = integer

       SHADOWFLAG = integer

       SHADOWMIN = integer

       SHADOWINACTIVE = integer
              These  values  are  better  documented  in  shadow(3) and in shadow(5).  These are not required by
              RFC2307 but are by some ldap authentication implementations. These values can  only  be  specified
              here, or taken from an existing shadow file for the user.

       ADD_SCRIPT = executable

       DEL_SCRIPT = executable
              ADD_SCRIPT  and  DEL_SCRIPT work the same, however ADD_SCRIPT is used only for a useradd operation
              and DEL_SCRIPT is used only for a userdel operation. These can be overridden via the command  line
              switch  -X.  If specified in the configuration file or at the command line, the script is executed
              after a successful useradd or userdel. The first argument to the  script  is  the  login  name  as
              specified at the command line.

PASSWD OPTIONS

       Password  options  should  be  under  the  section  marked  [PASSWD].  These options are only useful when
       DEFAULT_METHOD is set to passwd or when passwd was specified at the command  line  with  the  -M  switch.
       These  options are only used by the passwd module. This module is not yet functional, so I won't document
       the options.

SEE ALSO

       cpu-ldap(8) cpu(8)

AUTHORS

       Blake Matheny <bmatheny@purdue.edu>

       The current version of this software is always available at http://cpu.sourceforge.net

BUGS

       To report a bug or problem, please e-mail:

       cpu-users@lists.sourceforge.net

TODO

       See TODO file that accompanied software. Please e-mail us with any additional suggestions.

                                                17 February 2003                                     CPU.CONF(5)