deb http://security.debian.org lenny/updates main
deb file:///data/apt-repository/public/ stderr main
+
+deb http://ftp.nl.debian.org/debian/ squeeze main
--- /dev/null
+#!/bin/sh
+
+# Call update-stats to update the awstats config and run awstats on all access
+# logs.
+
+/usr/local/bin/update-stats > /dev/null
--- /dev/null
+# path to git projects (<project>.git)
+$projectroot = "/data/vcs/git";
+
+# directory to use for temp files
+$git_temp = "/tmp";
+
+# target of the home link on top of all pages
+#$home_link = $my_uri || "/";
+
+# html text to include at home page
+$home_text = "indextext.html";
+
+# file with project list; by default, simply scan the projectroot dir.
+$projects_list = $projectroot;
+
+# Make the description a bit wider (now most descriptions fit. This does look
+# less pretty on 1024 pixels wide screens, but well.)
+$projects_list_description_width = 50;
+
+# stylesheet to use
+$stylesheet = "/gitweb.css";
+
+# logo to use
+$logo = "/git-logo.png";
+
+# the 'favicon'
+$favicon = "/git-favicon.png";
+
+@git_base_url_list = (
+ "http://git.stderr.nl",
+ "ssh://git.stderr.nl"
+)
--- /dev/null
+[collections]
+/data/vcs/hg = /data/vcs/hg
+
+[web]
+style=gitweb
--- /dev/null
+www.drsnuggles.stderr.nl
--- /dev/null
+#!/usr/bin/python
+import os
+import re
+import pwd
+import grp
+import shutil
+import stat
+
+ROOT_DIR="/data/www"
+
+# SITES = [(sitename, application_list)]
+# application_list = [application_name, (application_name, command, ...)]
+# Here, sitename is the name of the site. This folder name should exist below ROOT_DIR and
+# is also used below SOCKET_DIR. The site name is also translated to a user and
+# group name by replacing dots by dashes and prepending USER_PREFIX and
+# GROUP_PREFIX.
+#
+# application_list specifies the applications to start for this site. These can
+# be generic (when only application_name is given), in which case the command
+# is looked up in APPLICATIONS using the application_name. For a site-specific
+# application, command is the command that should be run. It will be prefixed
+# with the site's root dir, if is not an absolute path.
+
+
+SITES=[
+ ('stderr.nl', ['php', ('trac', 'applications/trac/trac.fcgi')]),
+ ('stdin.nl', ['php']),
+ ('stdout.nl', ['php']),
+ ('ninniach.nl', ['php']),
+ ('blues-brothers.eu', ['php']),
+ ('evolution-events.nl', ['php', ('wipi', 'applications/wipi/wipi.fcgi'), ('hunternet', 'applications/lexnet/manage.py runfcgi'), ('xerxes', 'applications/xerxes/manage.py runfcgi')]),
+# ('stdio.flexvps.nl', ['php']),
+# ('foresightsecurity.nl', ['php']),
+]
+
+# Generic applications that can be run for any site
+# Maps application_name to application_command. application_command will be
+# prefixed with the site's root dir, if it is not an absolute path.
+APPLICATIONS={"php": "/usr/bin/php-cgi"}
+
+# Kill these procs before starting new ones. Only processes of these names that
+# are run by the sites in SITES are killed. This is a bit hackish, we should
+# really be using pidfiles...
+KILL_PROCS=['php-cgi', 'manage.py', 'trac.fcgi', 'wipi.fcgi']
+
+## ABSOLUTE path to the spawn-fcgi binary
+SPAWNFCGI="/usr/bin/spawn-fcgi"
+
+## Dir in which to create the UNIX sockets to listen on
+SOCKET_DIR="%s/var/fcgi" % (ROOT_DIR)
+
+## number of PHP children to spawn
+PHP_FCGI_CHILDREN=2
+
+## maximum number of requests a single PHP process can serve before it is restarted
+PHP_FCGI_MAX_REQUESTS=1000
+
+# The user to run as, will be prefixed to the sitename
+USER_PREFIX="httpd-"
+# The group to run as.
+SCRIPT_GROUP="httpd-users"
+# The group that should be able to use the sockets created
+HTTPD_GROUP="www-data"
+
+# Will be postfixed to the site's root and exported in the PHPRC variable.
+PHPRC_DIR="conf"
+
+#### END OF CONFIG ####
+
+for (site, apps) in SITES:
+ site_name = re.sub('\.', '-', site)
+
+ ## switch to the following user / group
+ user_id = "%s%s" % (USER_PREFIX, site_name)
+
+ # Find the site dir
+ site_dir = os.path.join(ROOT_DIR, site)
+ socket_dir = os.path.join(SOCKET_DIR, site_name)
+
+ # Pass the site dir to all fastcgi processes
+ os.environ['SITE_DIR'] = site_dir
+
+ if not site_dir:
+ raise Exception("Site dir does not exist: %s" % (site_dir))
+
+
+ # Kill existing processes first
+ for procname in KILL_PROCS:
+ os.system('killall --user %s %s' % (user_id, procname))
+
+ # Remove old sockets
+ if os.path.exists(socket_dir):
+ shutil.rmtree(socket_dir)
+
+ # Create dir for sockets. Make owning group root and set group write
+ # permissions, so the mask field in the acl will not block out anything.
+ os.makedirs(socket_dir)
+ os.chown(socket_dir, pwd.getpwnam(user_id)[2], grp.getgrnam(HTTPD_GROUP)[2])
+ #os.chmod(socket_dir, stat.S_IRWXU)
+
+ for app in apps:
+ # Unpack app tuple or lookup app command in APPLICATIONS
+ if isinstance(app, tuple):
+ if len(app) == 2:
+ (app_name, app_command) = app
+ else:
+ raise Exception("Wrong number of elements in site tuple: %s", app)
+ else:
+ app_name = app
+ app_command = APPLICATIONS[app_name]
+
+ # Prefix with site dir if not an absolute path
+ if not os.path.isabs(app_command):
+ app_command = os.path.join(site_dir, app_command)
+
+ # Create socket filename
+ socket = os.path.join(socket_dir, app_name)
+
+ # Build the command
+ # TODO: Wrap this in env to clear up the environment
+ spawnfcgi = '%s -s "%s" -u "%s" -g "%s"' % (SPAWNFCGI, socket, user_id, SCRIPT_GROUP)
+ fcgiapp = ' -- %s' % (app_command)
+
+ if app_name == 'php':
+ os.environ['PHP_FCGI_MAX_REQUESTS'] = str(PHP_FCGI_MAX_REQUESTS)
+ phprc = os.path.join(site_dir, PHPRC_DIR, 'php.ini')
+ if os.path.exists(phprc):
+ #os.environ['PHPRC'] = phprc
+ fcgiapp += ' -c %s' % (phprc)
+ spawnfcgi += ' -C %s' % (PHP_FCGI_CHILDREN)
+
+
+ print spawnfcgi + fcgiapp
+ os.system(spawnfcgi + fcgiapp)
+
+ # Ensure www-data can write to the socket :-S
+ # Spawn-fcgi explicitely chmods the socket after creation, very
+ # annoying
+ os.chmod(socket, stat.S_IRWXU | stat.S_IRWXG)
--- /dev/null
+# Debian lighttpd configuration file
+#
+
+# Chroot into our root-dir
+#server.chroot = "/data/www"
+
+#var.root-dir = ""
+var.root-dir = "/data/www"
+var.conf-dir = "/etc/lighttpd"
+var.fcgi-dir = var.root-dir + "/var/fcgi"
+
+## modules to load
+server.modules = (
+ "mod_auth",
+ "mod_access",
+ "mod_alias",
+ "mod_accesslog",
+ "mod_rewrite",
+ "mod_redirect",
+ "mod_evhost",
+ "mod_cgi",
+ "mod_fastcgi",
+ "mod_setenv",
+)
+
+# Set a default catch-all document root, which should never be used.
+server.document-root = var.root-dir + "/default/htdocs"
+
+## where to upload files to, purged daily.
+server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
+
+## where to send error-messages to
+server.errorlog = var.root-dir + "/default/logs/error.log"
+
+## files to check for if .../ is requested
+index-file.names = ( "index.php", "index.html" )
+
+#### accesslog module
+accesslog.filename = var.root-dir + "/default/logs/access.log"
+
+## deny access the file-extensions
+#
+# ~ is for backupfiles from vi, emacs, joe, ...
+# .inc is often used for code includes which should in general not be part
+# of the document-root
+url.access-deny = ( "~", ".inc" )
+
+##
+# which extensions should not be handle via static-file transfer
+#
+# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+## Use ipv6 only if available.
+server.use-ipv6 = "disable"
+
+## to help the rc.scripts
+server.pid-file = "/var/run/lighttpd.pid"
+
+## virtual directory listings
+dir-listing.encoding = "utf-8"
+# Disable dir-listing by default
+server.dir-listing = "disable"
+
+# Don't run as root
+server.username = "www-data"
+server.groupname = "www-data"
+
+# Make mysqll frontend available in all domains
+alias.url += ("/mysql" => "/usr/share/phpmyadmin")
+
+
+# Make stats frontend available in all domains. We do a trick with
+# redirecting to awstats.pl and aliasing that, since modalias strips the
+# trailing / from urls before matching (so we can't alias /stats/
+# without also redirecting /statsfoo). We don't want to put this in
+# a conditional either, since that will be mutually exclusive with any
+# alias.urls in conditionals for specific vhosts.
+url.redirect += ("^/stats$" => "/stats/awstats.pl")
+url.redirect += ("^/stats/$" => "/stats/awstats.pl")
+cgi.assign += ( "/usr/lib/cgi-bin/awstats.pl" => "" )
+alias.url += ( "/stats/icon" => "/usr/share/awstats/icon" )
+alias.url += ( "/stats/awstats.pl" => "/usr/lib/cgi-bin/awstats.pl" )
+
+$SERVER["socket"] == ":443" {
+ ssl.engine = "enable"
+ # The CA certificates (in particular, this contains the intermediate
+ # certificate used by startcom). It seems that even without this
+ # option, it already works, probably because openssl ships some
+ # certificates. But, let's put it here to be safe anyway.
+ ssl.ca-file = "/etc/lighttpd/ssl/ca/startssl-all-ca.pem"
+ # Use the mail.stdin.nl certificate as the default certificate (for
+ # non-SNI browsers and domains without their own certificate), since
+ # it is currently the only one we have anyway.
+ ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem"
+}
+
+#### external configuration files
+## mimetype mapping
+include_shell var.conf-dir + "/scripts/create-mime.assign.pl"
+
+## load vhosts
+include_shell var.conf-dir + "/scripts/include-vhosts.pl"
+
+# Include autogenerated logging configuration to have a separate access log
+# file for every subdomain.
+include var.conf-dir + "/logging.conf"
--- /dev/null
+#!/usr/bin/perl -w
+
+# This script is based on /usr/share/lighttpd/create-mime-assign.pl. This
+# script is changed to include a charset for text types. It is also changed to
+# serve some file types as text/plain, since browsers still don't have an
+# option to just view text/* in the browser, but need external programs for
+# anything but text/plain.
+
+use strict;
+open MIMETYPES, "/etc/mime.types" or exit;
+print "mimetype.assign = (\n";
+my %extensions;
+my %translate_types = (
+ "text/x-diff" => "text/plain",
+);
+
+while(<MIMETYPES>) {
+ chomp;
+ s/\#.*//;
+ next if /^\w*$/;
+ if(/^([a-z0-9\/+-.]+)\s+((?:[a-z0-9.+-]+[ ]?)+)$/) {
+ my $mime = $1; my $exts = $2;
+ # Translate the mime type if needed
+ $mime = $translate_types{$mime} if exists $translate_types{$mime};
+ # Append encoding for text formats
+ if ($mime =~ /^text\//) {
+ $mime .= "; charset=utf-8";
+ }
+ foreach(split / /, $exts) {
+ # mime.types can have same extension for different
+ # mime types
+ next if $extensions{$_};
+ $extensions{$_} = 1;
+
+ print "\".$_\" => \"$mime\",\n";
+ }
+ }
+}
+print ")\n";
--- /dev/null
+#!/usr/bin/perl -wl
+
+# This script is based on /usr/share/lighttpd/include-conf-enabled.pl but
+# changed to read the vhosts directory instead of the conf-enabled directory.
+
+use strict;
+use File::Glob ':glob';
+
+my $confdir = "/etc/lighttpd/";
+my $enabled = "vhosts/*";
+
+chdir($confdir);
+my @files = bsd_glob($enabled);
+
+for my $file (@files)
+{
+ print "include \"$file\"";
+}
--- /dev/null
+# Generate key 2048 bit rsa key with out passphrase:
+
+DOMAIN=mail.stdout.nl.key
+sudo touch $DOMAIN.key
+sudo chmod 400 $DOMAIN.key
+sudo openssl genrsa -out $DOMAIN.key 2048
+
+# Generate CSR with:
+sudo openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
+
+# After receiving the .crt file from the issuer, make sure you cat the .key
+# and .crt file together into a .pem file, which lighttpd's ssl.pemfile points
+# to.
+
+# Optionally, you can use a config file to set attributes of the CSR (so you
+# can leave out stuff like "Location" and "State"). However, when using
+# StartSSL, al the details from the CSR will be ignored anyway, so don't
+# bother. Anyway, the file to pass to -config should like this:
+
+[ req ]
+distinguished_name = req_distinguished_name
+prompt=no
+
+[ req_distinguished_name ]
+C = NL
+CN = mail.stdout.nl
--- /dev/null
+$HTTP["host"] =~ ".blues-brothers.eu$" {
+ var.site-dir = var.root-dir + "/blues-brothers.eu"
+ var.site-fcgi-dir = var.fcgi-dir + "/blues-brothers-eu"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ fastcgi.server = (
+ ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ ))
+ )
+
+ cgi.assign = ( "cgi" => "" )
+}
--- /dev/null
+$HTTP["host"] =~ "^(evolution-events.nl)$" {
+ url.redirect = (".*" => "http://www.%1/")
+}
+
+$HTTP["host"] =~ ".evolution-events.nl$" {
+ var.site-dir = var.root-dir + "/evolution-events.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/evolution-events-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ # Configure a simple plaintext password file
+ auth.backend = "plain"
+ auth.backend.plain.userfile = var.site-dir + "/conf/simple.user"
+
+
+ fastcgi.server += (
+ ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ )),
+ "/wipi" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/wipi",
+ "check-local" => "disable",
+ )),
+ )
+ alias.url += (
+ # Don't name this /wipistatic, since that will be caught by fastcgi above
+ "/staticwipi" => var.site-dir + "/applications/wipi/static/",
+ )
+
+ url.rewrite-once += (
+ "^/wipi/static/(.*)$" => "/staticwipi/$1",
+ "^/Site(/.*|\?.*|)$" => "/wipi/Site/$1",
+ )
+
+ $HTTP["host"] =~ "^orga.evolution-events.nl$" {
+
+ auth.require += ( "/private" =>
+ (
+ "method" => "digest",
+ "realm" => "Evolution Events",
+ "require" => "user=admin"
+ )
+ )
+
+
+ url.rewrite-once += (
+ "^/forum/(.+)$" => "/forum/",
+ )
+ }
+
+ $HTTP["host"] =~ "^hunter-net.evolution-events.nl$" {
+ fastcgi.server += (
+ "/blaa" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/hunternet",
+ "check-local" => "disable",
+ )),
+ )
+
+ alias.url += (
+ "/media/" => "/usr/share/python-support/python-django/django/contrib/admin/media/",
+ "/static/" => var.site-dir + "/applications/xerxes/media/",
+ )
+
+ url.rewrite-once += (
+# "^(/.*)$" => "/",
+ "^(/media.*)$" => "$1",
+ "^(/static.*)$" => "$1",
+ "^/favicon\.ico$" => "/media/favicon.ico",
+ "^(/.*)$" => "/blaa$1",
+ )
+ }
+
+ $HTTP["host"] =~ "^xerxes.evolution-events.nl$" {
+ fastcgi.server += (
+ "/blaa" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/xerxes",
+ "check-local" => "disable",
+ )),
+ )
+
+ alias.url += (
+ "/admin/media/" => "/usr/share/python-support/python-django/django/contrib/admin/media/",
+ "/media/" => var.site-dir + "/applications/xerxes/media/",
+ )
+
+ url.rewrite-once += (
+ "^(/media.*)$" => "$1",
+ "^(/admin/media.*)$" => "$1",
+ #"^/favicon\.ico$" => "/admin/media/favicon.ico",
+ "^(/.*)$" => "/blaa$1",
+ )
+ }
+
+ # Redirect some deprecated urls.
+ $HTTP["host"] =~ "^lextalionis2.evolution-events.nl$" {
+ url.redirect = ( "^(.*)$" => "http://lextalionis.evolution-events.nl$1" )
+ }
+ $HTTP["host"] =~ "^raganorck2.evolution-events.nl$" {
+ url.redirect = ( "^(.*)$" => "http://raganorck.evolution-events.nl$1" )
+ }
+ $HTTP["host"] =~ "^exodus2.evolution-events.nl$" {
+ url.redirect = ( "^(.*)$" => "http://exodus.evolution-events.nl$1" )
+ }
+ $HTTP["host"] =~ "^www2.evolution-events.nl$" {
+ url.redirect = ( "^(.*)$" => "http://www.evolution-events.nl$1" )
+ }
+}
--- /dev/null
+$HTTP["host"] =~ ".foresightsecurity.nl$" {
+ var.site-dir = var.root-dir + "/foresightsecurity.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/evolution-events-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ fastcgi.server = (
+ ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ ))
+ )
+
+ cgi.assign = ( "cgi" => "" )
+}
--- /dev/null
+$HTTP["host"] == "hekjelarp.nl" {
+ url.redirect = ( "(.*)" => "http://www.hekjelarp.nl$1" )
+}
+
+$HTTP["host"] =~ ".hekjelarp.nl$" {
+ var.site-dir = var.root-dir + "/hekjelarp.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/hekjelarp-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+}
--- /dev/null
+$HTTP["host"] =~ ".ninniach.nl$" {
+ var.site-dir = var.root-dir + "/ninniach.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/ninniach-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ fastcgi.server = (
+ ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ ))
+ )
+
+ $HTTP["host"] == "weblog.ninniach.nl" {
+ $HTTP["url"] !~ "^/images" {
+ cgi.assign += ( "blosxom.cgi" => "/usr/local/bin/aclperl" )
+ alias.url += ( "" => var.site-dir + "/applications/blosxom/blosxom.cgi" )
+ setenv.add-environment += (
+ "BLOSXOM_CONFIG_FILE" => var.site-dir + "/conf/blosxom.conf",
+ "BLOSXOM_DATA_BASE" => var.site-dir + "/data/blosxom",
+ "BLOSXOM_CODE_BASE" => var.site-dir + "/applications/blosxom",
+ "BLOSXOM_LOGS_BASE" => var.site-dir + "/logs",
+ "BLOSXOM_HTDOCS_URL" => "",
+ )
+ }
+ }
+}
--- /dev/null
+$HTTP["host"] =~ ".stderr.nl$" {
+ var.site-dir = var.root-dir + "/stderr.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/stderr-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ $HTTP["host"] =~ "git.stderr.nl$" {
+ cgi.assign += ( "gitweb.cgi" => "" )
+ # Put this alias in a url conditional, so urls like /gitweb.css won't get alias'd
+ $HTTP["url"] =~ "^/gitweb(/.*)?$" {
+ alias.url += ( "/gitweb" => "/usr/lib/cgi-bin/gitweb.cgi" )
+ }
+ $HTTP["url"] =~ ".git/" {
+ alias.url += ( "/" => "/data/vcs/git/" )
+ }
+ # Redirect this url, which was published in my Master's
+ # thesis. Use .* instead of λ, since mod_redirect doesn't like
+ # the λ for some reason.
+ url.redirect += ("^/gitweb\?p=matthijs/projects/c.*ash\.git" => "/gitweb?p=matthijs/master-project/cλash.git")
+ # Redirect / to gitweb
+ url.redirect += ("^/$" => "/gitweb")
+ }
+
+ $HTTP["host"] =~ "hg.stderr.nl$" {
+ # Let all of hg.stderr.nl be handled by hgweb, since it also
+ # takes care of clone / pull requests.
+ cgi.assign += ( "hgwebdir.cgi" => "" )
+ alias.url += ( "" => "/usr/local/lib/cgi-bin/hgwebdir.cgi" )
+ }
+
+ $HTTP["host"] =~ "blues.stderr.nl$" {
+ auth.backend = "htpasswd"
+ auth.backend.htpasswd.userfile = var.site-dir + "/conf/pandora2009.user"
+ dir-listing.activate = "enable"
+
+ auth.require = (
+ "/" => (
+ "method" => "basic",
+ "realm" => "Blues Brothers",
+ "require" => "valid-user"
+ )
+ )
+ # Only publish the pandora trac repos here
+ url.redirect += ("^/trac/?$" => "/trac/pandora")
+ $HTTP["url"] =~ "^/trac/.*" {
+ fastcgi.server += (
+ "/trac" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/trac",
+ "check-local" => "disable",
+ ))
+ )
+ }
+ }
+
+ $HTTP["host"] =~ "^drsnuggles.stderr.nl$" {
+ alias.url += ("/ldap" => "/usr/share/phpldapadmin/htdocs")
+ }
+
+ $HTTP["host"] =~ "^www.stderr.nl$" {
+ url.redirect += ("^/$" => "/Blog/")
+ # Category got renamed
+ url.redirect += ("^/Blog/personal(.*)" => "/Blog/Personal$1")
+ $HTTP["url"] !~ "^/(Old blog|static|stats)" {
+ cgi.assign += ( "blosxom.cgi" => "/usr/local/bin/aclperl" )
+ alias.url += ( "" => var.site-dir + "/applications/blosxom/blosxom.cgi" )
+ setenv.add-environment += (
+ "BLOSXOM_CONFIG_FILE" => var.site-dir + "/conf/blosxom.conf",
+ "BLOSXOM_DATA_BASE" => var.site-dir + "/data/blosxom",
+ "BLOSXOM_CODE_BASE" => var.site-dir + "/applications/blosxom",
+ "BLOSXOM_LOGS_BASE" => var.site-dir + "/logs",
+ "BLOSXOM_HTDOCS_URL" => "/static/",
+ )
+ }
+ # Disabled for now, since the only working trac is the pandora trac
+ #fastcgi.server += (
+ # "/trac" =>
+ # ((
+ # "socket" => var.site-fcgi-dir + "/trac",
+ # "check-local" => "disable",
+ # ))
+ #)
+ }
+
+ # Put the php fastcgi server last, so it won't trigger on any urls that
+ # should be handled by other fastcgi servers (for example, viewing a
+ # .php file in trac results in an url /trac/.../foo.php).
+ fastcgi.server += (
+ ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ ))
+ )
+
+ $HTTP["url"] =~ "^/static/tmp/" {
+ # Enable dirlistings for /tmp
+ server.dir-listing = "enable"
+ }
+}
--- /dev/null
+$HTTP["host"] =~ ".stdin.nl$" {
+ var.site-dir = var.root-dir + "/stdin.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/stdin-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ fastcgi.server = ( ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ "broken-scriptfilename" => "enable",
+ ))
+ )
+
+ $HTTP["host"] == "mail.stdin.nl" {
+ alias.url += ( "/squirrel" => "/usr/share/squirrelmail" )
+
+ # Only expose parts of the hastymail directory
+ $HTTP["url"] =~ "^/hastymail(|/index.php|/templates|/js|/plugins|/images)(|/.*)$" {
+ alias.url += ( "/hastymail" => var.site-dir + "/applications/hastymail2" )
+ }
+ }
+
+ # Enable SSL
+ $HTTP["host"] == "mail.stdin.nl" {
+ # Specify the certificate for this domain (uses SNI)
+ ssl.pemfile = "/etc/lighttpd/ssl/mail.stdin.nl.pem"
+ # Redirect HTTP to HTTPS
+ $HTTP["scheme"] == "http" {
+ url.redirect = ( "^(.*)" => "https://mail.stdin.nl$1" )
+ }
+ }
+}
--- /dev/null
+$HTTP["host"] =~ ".stdout.nl$" {
+ var.site-dir = var.root-dir + "/stdout.nl"
+ var.site-fcgi-dir = var.fcgi-dir + "/stdout-nl"
+
+ evhost.path-pattern = var.site-dir + "/htdocs/%3/"
+
+ fastcgi.server = ( ".php" =>
+ ((
+ "socket" => var.site-fcgi-dir + "/php",
+ ))
+ )
+
+ $HTTP["host"] == "mail.stdout.nl" {
+ # Specify the certificate for this domain (uses SNI)
+ ssl.pemfile = "/etc/lighttpd/ssl/mail.stdout.nl.pem"
+ }
+
+ $HTTP["url"] =~ "^/static/tmp/" {
+ # Enable dirlistings for /tmp
+ server.dir-listing = "enable"
+ }
+}
--- /dev/null
+/data/www/*/logs/*/*.log {
+ # Rotate daily
+ daily
+ # Keep them all
+ rotate 9999
+ # Compress files after rotation
+ compress
+ # But only a day after actually rotating them for the first
+ # time. See http://bugs.gentoo.org/106651
+ delaycompress
+ notifempty
+ # Use the current date as the extension for rotating
+ dateext
+ # lighttpd will create new files itself
+ nocreate
+ # Call this script once after rotating all files
+ sharedscripts
+ postrotate
+ # Let lighttpd reopen its config files (HUP might be better,
+ # but we'd have to look in pidfiles etc.)
+ invoke-rc.d lighttpd reload > /dev/null;
+ # Do stats analysis on the rotated files
+ /usr/local/bin/update-stats --after-logrotate; > /dev/null;
+ endscript
+}
+
+# vim: set ts=8 sw=8 noexpandtab autoindent:
--- /dev/null
+www.drsnuggles.stderr.nl
--- /dev/null
+# This file contains local changes, so we can leave php5.ini to the Debian
+# default. It is not directly used by PHP, but the update-php.ini script
+# ensures it is put into the php.ini for each different domain.
+
+# Put errors in the logfile
+log_errors = On
+
+# Don't display errors to the client
+display_errors = Off
+
+# Add E_USER_NOTICE, so trigger_error calls without a level actually get
+# logged.
+error_reporting = E_ALL & ~E_NOTICE | E_USER_NOTICE
+
+# Disable some features for increased security and reduced surprise.
+allow_call_time_pass_reference = Off
+register_long_arrays = Off
+register_argc_argv = Off
+magic_quotes_gpc = Off
+enable_dl = Off
+allow_url_fopen = Off
+
+
+# Use conforming headers (not sure how useful this is, though)
+cgi.rfc2616_headers = 1
+
+# Conform to CGI spec
+# Needed for lighttpd (http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)
+cgi.fix_pathinfo = 1
+
+# Include some global php libraries
+include_path = "/var/www/php5-libs"
+
+# vim: set filetype=dosini:
--- /dev/null
+# Define /phpldapadmin alias, this is the default
+<IfModule mod_alias.c>
+ Alias /phpldapadmin /usr/share/phpldapadmin/htdocs
+</IfModule>
+
+# You can also use phpLDAPadmin as a VirtualHost
+# <VirtualHost *:*>
+# ServerName ldap.example.com
+# ServerAdmin root@example.com
+# DocumentRoot /usr/share/phpldapadmin
+# ErrorLog logs/ldap.example.com-error.log
+# CustomLog logs/ldap.example.com-access.log common
+# </VirtualHost>
+
+<Directory /usr/share/phpldapadmin/htdocs/>
+
+ DirectoryIndex index.php
+ Options +FollowSymLinks
+ AllowOverride None
+
+ Order allow,deny
+ Allow from all
+
+ <IfModule mod_mime.c>
+
+ <IfModule mod_php5.c>
+ AddType application/x-httpd-php .php
+
+ php_flag magic_quotes_gpc Off
+ php_flag track_vars On
+ php_flag register_globals On
+ php_value include_path .
+ </IfModule>
+
+ <IfModule !mod_php5.c>
+ <IfModule mod_actions.c>
+ <IfModule mod_cgi.c>
+ AddType application/x-httpd-php .php
+ Action application/x-httpd-php /cgi-bin/php5
+ </IfModule>
+ <IfModule mod_cgid.c>
+ AddType application/x-httpd-php .php
+ Action application/x-httpd-php /cgi-bin/php5
+ </IfModule>
+ </IfModule>
+ </IfModule>
+
+ </IfModule>
+
+</Directory>
+
--- /dev/null
+<?php
+/** NOTE **
+ ** Make sure that <?php is the FIRST line of this file!
+ ** IE: There should NOT be any blank lines or spaces BEFORE <?php
+ **/
+
+/**
+ * The phpLDAPadmin config file
+ * See: http://phpldapadmin.sourceforge.net/wiki/index.php/Config.php
+ *
+ * This is where you can customise some of the phpLDAPadmin defaults
+ * that are defined in config_default.php.
+ *
+ * To override a default, use the $config->custom variable to do so.
+ * For example, the default for defining the language in config_default.php
+ *
+ * $this->default->appearance['language'] = array(
+ * 'desc'=>'Language',
+ * 'default'=>'auto');
+ *
+ * to override this, use $config->custom->appearance['language'] = 'en_EN';
+ *
+ * This file is also used to configure your LDAP server connections.
+ *
+ * You must specify at least one LDAP server there. You may add
+ * as many as you like. You can also specify your language, and
+ * many other options.
+ *
+ * NOTE: Commented out values in this file prefixed by //, represent the
+ * defaults that have been defined in config_default.php.
+ * Commented out values prefixed by #, dont reflect their default value, you can
+ * check config_default.php if you want to see what the default is.
+ *
+ * DONT change config_default.php, you changes will be lost by the next release
+ * of PLA. Instead change this file - as it will NOT be replaced by a new
+ * version of phpLDAPadmin.
+ */
+
+/*********************************************/
+/* Useful important configuration overrides */
+/*********************************************/
+
+/* If you are asked to put PLA in debug mode, this is how you do it: */
+# $config->custom->debug['level'] = 255;
+# $config->custom->debug['syslog'] = true;
+# $config->custom->debug['file'] = '/tmp/pla_debug.log';
+
+/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
+ to a big random string. */
+// $config->custom->session['blowfish'] = null;
+
+/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt
+ to determine your language automatically. Otherwise, available lanaguages
+ are: 'ct', 'de', 'en', 'es', 'fr', 'it', 'nl', and 'ru'
+ Localization is not complete yet, but most strings have been translated.
+ Please help by writing language files. See lang/en.php for an example. */
+// $config->custom->appearance['language'] = 'auto';
+
+/* The temporary storage directory where we will put jpegPhoto data
+ This directory must be readable and writable by your web server. */
+// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems
+# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems
+
+/* Set this to (bool)true if you do NOT want a random salt used when
+ calling crypt(). Instead, use the first two letters of the user's
+ password. This is insecure but unfortunately needed for some older
+ environments. */
+# $config->custom->password['no_random_crypt_salt'] = true;
+
+/* PHP script timeout control. If php runs longer than this many seconds then
+ PHP will stop with an Maximum Execution time error. Increase this value from
+ the default if queries to your LDAP server are slow. The default is either
+ 30 seconds or the setting of max_exection_time if this is null. */
+// $config->custom->session['timelimit'] = 30;
+
+/* Our local timezone
+ This is to make sure that when we ask the system for the current time, we
+ get the right local time. If this is not set, all time() calculations will
+ assume UTC if you have not set PHP date.timezone. */
+// $config->custom->appearance['timezone'] = null;
+# $config->custom->appearance['timezone'] = 'Australia/Melbourne';
+
+/*********************************************/
+/* Commands */
+/*********************************************/
+
+/* Command availability ; if you don't authorize a command the command
+ links will not be shown and the command action will not be permitted.
+ For better security, set also ACL in your ldap directory. */
+/*
+$config->custom->commands['cmd'] = array(
+ 'entry_internal_attributes_show' => true,
+ 'entry_refresh' => true,
+ 'oslinks' => true,
+ 'switch_template' => true
+);
+
+$config->custom->commands['script'] = array(
+ 'add_attr_form' => true,
+ 'add_oclass_form' => true,
+ 'add_value_form' => true,
+ 'collapse' => true,
+ 'compare' => true,
+ 'compare_form' => true,
+ 'copy' => true,
+ 'copy_form' => true,
+ 'create' => true,
+ 'create_confirm' => true,
+ 'delete' => true,
+ 'delete_attr' => true,
+ 'delete_form' => true,
+ 'draw_tree_node' => true,
+ 'expand' => true,
+ 'export' => true,
+ 'export_form' => true,
+ 'import' => true,
+ 'import_form' => true,
+ 'login' => true,
+ 'logout' => true,
+ 'login_form' => true,
+ 'mass_delete' => true,
+ 'mass_edit' => true,
+ 'mass_update' => true,
+ 'modify_member_form' => true,
+ 'monitor' => true,
+ 'purge_cache' => true,
+ 'query_engine' => true,
+ 'rename' => true,
+ 'rename_form' => true,
+ 'rdelete' => true,
+ 'refresh' => true,
+ 'schema' => true,
+ 'server_info' => true,
+ 'show_cache' => true,
+ 'template_engine' => true,
+ 'update_confirm' => true,
+ 'update' => true
+);
+*/
+
+/*********************************************/
+/* Appearance */
+/*********************************************/
+
+// Use the displayName in the tree view, when available.
+$config->custom->appearance['tree_display_format'] = array("%displayName", "%rdnValue");
+
+/* If you want to choose the appearance of the tree, specify a class name which
+ inherits from the Tree class. */
+// $config->custom->appearance['tree'] = 'AJAXTree';
+# $config->custom->appearance['tree'] = 'HTMLTree';
+
+/* Just show your custom templates. */
+$config->custom->appearance['custom_templates_only'] = true;
+
+/* Disable the default template. */
+// $config->custom->appearance['disable_default_template'] = false;
+
+/* Hide the warnings for invalid objectClasses/attributes in templates. */
+// $config->custom->appearance['hide_template_warning'] = false;
+
+/* Configure what objects are shown in left hand tree */
+// $config->custom->appearance['tree_filter'] = '(objectclass=*)';
+
+/* The height and width of the tree. If these values are not set, then
+ no tree scroll bars are provided. */
+// $config->custom->appearance['tree_height'] = null;
+# $config->custom->appearance['tree_height'] = 600;
+// $config->custom->appearance['tree_width'] = null;
+# $config->custom->appearance['tree_width'] = 250;
+
+/*********************************************/
+/* User-friendly attribute translation */
+/*********************************************/
+
+/* Use this array to map attribute names to user friendly names. For example, if
+ you don't want to see "facsimileTelephoneNumber" but rather "Fax". */
+// $config->custom->appearance['friendly_attrs'] = array();
+$config->custom->appearance['friendly_attrs'] = array(
+ 'facsimileTelephoneNumber' => 'Fax',
+ 'gid' => 'Group',
+ 'mail' => 'Email',
+ 'telephoneNumber' => 'Telephone',
+ 'uid' => 'User Name',
+ 'userPassword' => 'Password'
+);
+
+/*********************************************/
+/* Hidden attributes */
+/*********************************************/
+
+/* You may want to hide certain attributes from being edited. If you want to
+ hide attributes from the user, you should use your LDAP servers ACLs.
+ NOTE: The user must be able to read the hide_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['hide_attrs'] = array();
+# $config->custom->appearance['hide_attrs'] = array('objectClass');
+
+/* Members of this list will be exempt from the hidden attributes.*/
+// $config->custom->appearance['hide_attrs_exempt'] = null;
+# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU';
+
+/*********************************************/
+/* Read-only attributes */
+/*********************************************/
+
+/* You may want to phpLDAPadmin to display certain attributes as read only,
+ meaning that users will not be presented a form for modifying those
+ attributes, and they will not be allowed to be modified on the "back-end"
+ either. You may configure this list here:
+ NOTE: The user must be able to read the readonly_attrs_exempt entry to be
+ excluded. */
+// $config->custom->appearance['readonly_attrs'] = array();
+
+/* Members of this list will be exempt from the readonly attributes.*/
+// $config->custom->appearance['readonly_attrs_exempt'] = null;
+# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU';
+
+/*********************************************/
+/* Group attributes */
+/*********************************************/
+
+/* Add "modify group members" link to the attribute. */
+// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid');
+
+/* Configure filter for member search. This only applies to "modify group members" feature */
+$config->custom->modify_member['filter'] = '(objectclass=simplePerson)';
+
+/* Attribute that is added to the group member attribute. */
+// $config->custom->modify_member['attr'] = 'dn';
+
+/* For Posix attributes */
+// $config->custom->modify_member['posixattr'] = 'uid';
+// $config->custom->modify_member['posixfilter'] = '(uid=*)';
+// $config->custom->modify_member['posixgroupattr'] = 'memberUid';
+
+/*********************************************/
+/* Support for attrs display order */
+/*********************************************/
+
+/* Use this array if you want to have your attributes displayed in a specific
+ order. You can use default attribute names or their fridenly names.
+ For example, "sn" will be displayed right after "givenName". All the other
+ attributes that are not specified in this array will be displayed after in
+ alphabetical order. */
+// $config->custom->appearance['attr_display_order'] = array();
+# $config->custom->appearance['attr_display_order'] = array(
+# 'givenName',
+# 'sn',
+# 'cn',
+# 'displayName',
+# 'uid',
+# 'uidNumber',
+# 'gidNumber',
+# 'homeDirectory',
+# 'mail',
+# 'userPassword'
+# );
+
+/*********************************************/
+/* Define your LDAP servers in this section */
+/*********************************************/
+
+$servers = new Datastore();
+
+/* $servers->NewServer('ldap_pla') must be called before each new LDAP server
+ declaration. */
+$servers->newServer('ldap_pla');
+
+/* A convenient name that will appear in the tree viewer and throughout
+ phpLDAPadmin to identify this LDAP server to users. */
+$servers->setValue('server','name','My LDAP Server');
+
+/* Examples:
+ 'ldap.example.com',
+ 'ldaps://ldap.example.com/',
+ 'ldapi://%2fusr%local%2fvar%2frun%2fldapi'
+ (Unix socket at /usr/local/var/run/ldap) */
+$servers->setValue('server','host','ldap.drsnuggles.stderr.nl');
+
+/* The port your LDAP server listens on (no quotes). 389 is standard. */
+// $servers->setValue('server','port',389);
+
+/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin
+ auto-detect it for you. */
+$servers->setValue('server','base',array('dc=drsnuggles,dc=stderr,dc=nl'));
+
+/* Four options for auth_type:
+ 1. 'cookie': you will login via a web form, and a client-side cookie will
+ store your login dn and password.
+ 2. 'session': same as cookie but your login dn and password are stored on the
+ web server in a persistent session variable.
+ 3. 'http': same as session but your login dn and password are retrieved via
+ HTTP authentication.
+ 4. 'config': specify your login dn and password here in this config file. No
+ login will be required to use phpLDAPadmin for this server.
+
+ Choose wisely to protect your authentication information appropriately for
+ your situation. If you choose 'cookie', your cookie contents will be
+ encrypted using blowfish and the secret your specify above as
+ session['blowfish']. */
+$servers->setValue('login','auth_type','session');
+
+/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or
+ 'cookie' or 'session' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS BLANK. If
+ you specify a login_attr in conjunction with a cookie or session auth_type,
+ then you can also specify the bind_id/bind_pass here for searching the
+ directory for users (ie, if your LDAP server does not allow anonymous binds. */
+$servers->setValue('login','bind_id','cn=admin,dc=drsnuggles,dc=stderr,dc=nl');
+# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com');
+
+/* Your LDAP password. If you specified an empty bind_id above, this MUST also
+ be blank. */
+// $servers->setValue('login','bind_pass','');
+# $servers->setValue('login','bind_pass','secret');
+
+/* Use TLS (Transport Layer Security) to connect to the LDAP server. */
+// $servers->setValue('server','tls',false);
+
+/************************************
+ * SASL Authentication *
+ ************************************/
+
+/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x
+ configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to
+ false), then all other sasl options are ignored. */
+// $servers->setValue('server','sasl_auth',false);
+
+/* SASL auth mechanism */
+// $servers->setValue('server','sasl_mech','PLAIN');
+
+/* SASL authentication realm name */
+// $servers->setValue('server','sasl_realm','');
+# $servers->setValue('server','sasl_realm','example.com');
+
+/* SASL authorization ID name
+ If this option is undefined, authorization id will be computed from bind DN,
+ using sasl_authz_id_regex and sasl_authz_id_replacement. */
+// $servers->setValue('server','sasl_authz_id', null);
+
+/* SASL authorization id regex and replacement
+ When sasl_authz_id property is not set (default), phpLDAPAdmin will try to
+ figure out authorization id by itself from bind distinguished name (DN).
+
+ This procedure is done by calling preg_replace() php function in the
+ following way:
+
+ $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement,
+ $bind_dn);
+
+ For info about pcre regexes, see:
+ - pcre(3), perlre(3)
+ - http://www.php.net/preg_replace */
+// $servers->setValue('server','sasl_authz_id_regex',null);
+// $servers->setValue('server','sasl_authz_id_replacement',null);
+# $servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
+# $servers->setValue('server','sasl_authz_id_replacement','$1');
+
+/* SASL auth security props.
+ See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */
+// $servers->setValue('server','sasl_props',null);
+
+/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
+ blowfish, crypt or leave blank for now default algorithm. */
+// $servers->setValue('appearance','password_hash','md5');
+
+/* If you specified 'cookie' or 'session' as the auth_type above, you can
+ optionally specify here an attribute to use when logging in. If you enter
+ 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith)
+ and log in as that user.
+ Leave blank or specify 'dn' to use full DN for logging in. Note also that if
+ your LDAP server requires you to login to perform searches, you can enter the
+ DN to use when searching in 'bind_id' and 'bind_pass' above.
+// $servers->setValue('login','attr','dn');
+
+/* Base DNs to used for logins. If this value is not set, then the LDAP server
+ Base DNs are used. */
+// $servers->setValue('login','base',array());
+
+/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN
+ at login, you may restrict the search to a specific objectClasses. EG, set this
+ to array('posixAccount') or array('inetOrgPerson',..), depending upon your
+ setup. */
+// $servers->setValue('login','class',array());
+
+/* If you specified something different from 'dn', for example 'uid', as the
+ login_attr above, you can optionally specify here to fall back to
+ authentication with dn.
+ This is useful, when users should be able to log in with their uid, but
+ the ldap administrator wants to log in with his root-dn, that does not
+ necessarily have the uid attribute.
+ When using this feature, login_class is ignored. */
+// $servers->setValue('login','fallback_dn',false);
+
+/* Specify true If you want phpLDAPadmin to not display or permit any
+ modification to the LDAP server. */
+// $servers->setValue('server','read_only',false);
+
+/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links
+ in the tree viewer. */
+// $servers->setValue('appearance','show_create',true);
+
+/* This feature allows phpLDAPadmin to automatically determine the next
+ available uidNumber for a new entry. */
+// $servers->setValue('auto_number','enable',true);
+
+/* The mechanism to use when finding the next available uidNumber. Two possible
+ values: 'uidpool' or 'search'.
+ The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to
+ blindly lookup the next available uidNumber. The 'search' mechanism searches
+ for entries with a uidNumber value and finds the first available uidNumber
+ (slower). */
+// $servers->setValue('auto_number','mechanism','search');
+
+/* The DN of the search base when the 'search' mechanism is used above. */
+# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com');
+
+/* The minimum number to use when searching for the next available number
+ (only when 'search' is used for auto_number */
+$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500,'uniqueIdentifier'=>0));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for the uidnumber. The idea is, this user id would have full
+ (readonly) access to uidnumber in your ldap directory (the logged in user
+ may not), so that you can be guaranteed to get a unique uidnumber for your
+ directory. */
+// $servers->setValue('auto_number','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('auto_number','pass',null);
+
+/* Enable anonymous bind login. */
+// $servers->setValue('login','anon_bind',true);
+
+/* Use customized page with prefix when available. */
+# $servers->setValue('custom','pages_prefix','custom_');
+
+/* If you set this, then only these DNs are allowed to log in. This array can
+ contain individual users, groups or ldap search filter(s). Keep in mind that
+ the user has not authenticated yet, so this will be an anonymous search to
+ the LDAP server, so make your ACLs allow these searches to return results! */
+# $servers->setValue('login','allowed_dns',array(
+# 'uid=stran,ou=People,dc=example,dc=com',
+# '(&(gidNumber=811)(objectClass=groupOfNames))',
+# '(|(uidNumber=200)(uidNumber=201))',
+# 'cn=callcenter,ou=Group,dc=example,dc=com'));
+
+/* Set this if you dont want this LDAP server to show in the tree */
+// $servers->setValue('server','visible',true);
+
+/* This is the time out value in minutes for the server. After as many minutes
+ of inactivity you will be automatically logged out. If not set, the default
+ value will be ( session_cache_expire()-1 ) */
+# $servers->setValue('login','timeout',30);
+
+/* Set this if you want phpldapadmin to perform rename operation on entry which
+ has children. Certain servers are known to allow it, certain are not */
+// $servers->setValue('server','branch_rename',false);
+
+/* If you set this, then phpldapadmin will show these attributes as
+ internal attributes, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_sys_attrs',array(''));
+# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+
+/* If you set this, then phpldapadmin will show these attributes on
+ objects, even if they are not defined in your schema. */
+// $servers->setValue('server','custom_attrs',array(''));
+# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+
+/* These attributes will be forced to MAY attributes and become option in the
+ templates. If they are not defined in the templates, then they wont appear
+ as per normal template processing. You may want to do this becuase your LDAP
+ server may automatically calculate a default value.
+ In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
+ gidNumber and sambaSID. */
+// $servers->setValue('force_may','attrs',array(''));
+# $servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID'));
+
+/*********************************************/
+/* Unique attributes */
+/*********************************************/
+
+/* You may want phpLDAPadmin to enforce some attributes to have unique values
+ (ie: not belong to other entries in your tree. This (together with
+ 'unique','dn' and 'unique','pass' option will not let updates to
+ occur with other attributes have the same value. */
+# $servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+
+/* If you set this, then phpldapadmin will bind to LDAP with this user ID when
+ searching for attribute uniqueness. The idea is, this user id would have full
+ (readonly) access to your ldap directory (the logged in user may not), so
+ that you can be guaranteed to get a unique uidnumber for your directory. */
+// $servers->setValue('unique','dn',null);
+
+/* The password for the dn above. */
+// $servers->setValue('unique','pass',null);
+
+/**************************************************************************
+ * If you want to configure additional LDAP servers, do so below. *
+ * Remove the commented lines and use this section as a template for all *
+ * your other LDAP servers. *
+ **************************************************************************/
+
+/*
+$servers->newServer('ldap_pla');
+$servers->setValue('server','name','LDAP Server');
+$servers->setValue('server','host','127.0.0.1');
+$servers->setValue('server','port',389);
+$servers->setValue('server','base',array(''));
+$servers->setValue('login','auth_type','cookie');
+$servers->setValue('login','bind_id','');
+$servers->setValue('login','bind_pass','');
+$servers->setValue('server','tls',false);
+
+# SASL auth
+$servers->setValue('server','sasl_auth',true);
+$servers->setValue('server','sasl_mech','PLAIN');
+$servers->setValue('server','sasl_realm','EXAMPLE.COM');
+$servers->setValue('server','sasl_authz_id',null);
+$servers->setValue('server','sasl_authz_id_regex','/^uid=([^,]+)(.+)/i');
+$servers->setValue('server','sasl_authz_id_replacement','$1');
+$servers->setValue('server','sasl_props',null);
+
+$servers->setValue('appearance','password_hash','md5');
+$servers->setValue('login','attr','dn');
+$servers->setValue('login','fallback_dn',false);
+$servers->setValue('login','class',null);
+$servers->setValue('server','read_only',false);
+$servers->setValue('appearance','show_create',true);
+
+$servers->setValue('auto_number','enable',true);
+$servers->setValue('auto_number','mechanism','search');
+$servers->setValue('auto_number','search_base',null);
+$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500));
+$servers->setValue('auto_number','dn',null);
+$servers->setValue('auto_number','pass',null);
+
+$servers->setValue('login','anon_bind',true);
+$servers->setValue('custom','pages_prefix','custom_');
+$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));
+$servers->setValue('unique','dn',null);
+$servers->setValue('unique','pass',null);
+
+$servers->setValue('server','visible',true);
+$servers->setValue('login','timeout',30);
+$servers->setValue('server','branch_rename',false);
+$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime'));
+$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock'));
+$servers->setValue('force_may','attrs',array('uidNumber','gidNumber','sambaSID'));
+*/
+?>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+<template>
+<title>Posix Group - SUSE</title>
+<!-- <regexp>^ou=.*,</regexp> -->
+<icon>images/ou.png</icon>
+<description>Posix Group - SUSE</description>
+<askcontainer>1</askcontainer>
+<rdn>cn</rdn>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="posixGroup"></objectClass>
+<objectClass id="namedObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Group</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <hint>Automatically determined</hint>
+ <value>=php.GetNextNumber(/,gid)</value>
+ <readonly>1</readonly>
+ <order>2</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="memberUid">
+ <maxvalnb>10</maxvalnb>
+ <display>Users</display>
+ <type>Dn</type>
+ <hidden>0</hidden>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+</attributes>
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+<template>
+<title>Samba3 Group Mapping - SUSE</title>
+<!-- <regexp>^ou=.*,</regexp> -->
+<icon>images/ou.png</icon>
+<description>New Samba3 Group Mapping</description>
+<askcontainer>1</askcontainer>
+<rdn>cn</rdn>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="posixGroup"></objectClass>
+<objectClass id="namedObject"></objectClass>
+<objectClass id="sambaGroupMapping"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Group</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="displayName">
+ <display>Windows Name</display>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <hint>Automatically determined</hint>
+ <value>=php.GetNextNumber(/,gid)</value>
+ <readonly>1</readonly>
+ <order>3</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="sambaSID">
+ <display>Samba SID</display>
+ <option>=php.PickList(/,(objectClass=sambaDomain),sambaSID,%sambaSID% (%sambaDomainName%))</option>
+ <helper>
+ <id>sidsuffix</id>
+ <value></value>
+ </helper>
+ <post>=php.Join(-,(%sambaSID%,%sidsuffix%))</post>
+ <order>4</order>
+ <page>1</page>
+</attribute>
+<attribute id="sambaGroupType">
+ <display>Samba Group Type</display>
+ <option id="2">Domain Group</option>
+ <option id="4">Local Group</option>
+ <option id="5">Well-known Group</option>
+ <value>2</value>
+ <order>5</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="memberUid">
+ <maxvalnb>10</maxvalnb>
+ <display>Users</display>
+ <type>Dn</type>
+ <hidden>0</hidden>
+ <order>10</order>
+ <page>1</page>
+</attribute>
+</attributes>
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+<!--This template doesnt work needs modification to the Engine.-->
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New LDAP Alias</description>
+<icon>ldap-alias.png</icon>
+<invalid>0</invalid>
+<rdn>uid</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: LDAP Alias</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="alias"></objectClass>
+<objectClass id="extensibleObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="aliasedObjectName">
+ <display>Alias To</display>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="uid">
+ <display>User ID</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Courier Mail Account</description>
+<icon>mail_account.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Courier Mail: Account</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="courierMailAccount"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>Given Name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <onchange>=autoFill(uid;%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%)</onchange>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <onchange>=autoFill(uid;%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%)</onchange>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="uid">
+ <display>User ID</display>
+ <icon>ldap-uid.png</icon>
+ <!--<onchange>=autoFill(homeDirectory;/home/users/%uid%)</onchange>-->
+ <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange>
+ <order>4</order>
+ <page>1</page>
+</attribute>
+<attribute id="uidNumber">
+ <display>UID Number</display>
+ <icon>terminal.png</icon>
+ <order>6</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <value>=php.GetNextNumber(/;uidNumber)</value>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <onchange>=autoFill(uid;%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%)</onchange>
+ <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange>
+ <order>7</order>
+ <page>1</page>
+ <spacer>1</spacer>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=posixGroup));gidNumber;%cn%;;;;cn)]]></value>
+</attribute>
+<attribute id="homeDirectory">
+ <display>Home Directory</display>
+ <order>8</order>
+ <page>1</page>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <icon>mail.png</icon>
+ <order>9</order>
+ <page>1</page>
+</attribute>
+<attribute id="mailbox">
+ <display>Mailbox</display>
+ <order>10</order>
+ <page>1</page>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <icon>lock.png</icon>
+ <order>11</order>
+ <page>1</page>
+ <post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
+ <verify>1</verify>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Courier Mail Alias</description>
+<icon>mail_alias.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Courier Mail: Alias</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="courierMailAlias"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="maildrop">
+ <display>Maildrop</display>
+ <order>4</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New DNS Entry</description>
+<icon>ldap-dc.png</icon>
+<invalid>0</invalid>
+<rdn>dc</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: DNS Entry</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="dnsDomain"></objectClass>
+<objectClass id="domainRelatedObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="dc">
+ <display>Domain Component</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="associatedDomain">
+ <display>Associated Domain</display>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>This is the description</description>
+<icon>star.png</icon>
+<invalid>1</invalid>
+<rdn>o</rdn>
+<regexp>^$</regexp>
+<title>Example entry</title>
+<visible>0</visible>
+
+<objectClasses>
+<objectClass id="organization"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="attribute1">
+ <display>Attribute 1</display>
+ <hint>This is an example</hint>
+ <icon>ldap-uid.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="attribute2">
+ <display>Attribute 2</display>
+ <order>2</order>
+ <page>2</page>
+</attribute>
+<attribute id="attribute3">
+ <display>Attribute 3</display>
+ <order>1</order>
+ <page>2</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Address Book Entry</description>
+<icon>address-book.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: Address Book Entry</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First name</display>
+ <icon>ldap-uid.png</icon>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="jpegPhoto">
+ <display>Photo</display>
+ <order>3</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="o">
+ <display>Organisation</display>
+ <order>4</order>
+ <page>1</page>
+</attribute>
+<attribute id="street">
+ <cols>50</cols>
+ <display>Street</display>
+ <icon>mail.png</icon>
+ <order>4</order>
+ <page>1</page>
+ <rows>4</rows>
+ <type>textarea</type>
+</attribute>
+<attribute id="l">
+ <display>City</display>
+ <order>5</order>
+ <page>1</page>
+</attribute>
+<attribute id="st">
+ <display>State</display>
+ <order>6</order>
+ <page>1</page>
+</attribute>
+<attribute id="postalCode">
+ <display>Postal code</display>
+ <order>7</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="telephoneNumber">
+ <display>Work phone</display>
+ <icon>phone.png</icon>
+ <order>8</order>
+ <page>1</page>
+</attribute>
+<attribute id="facsimileTelephoneNumber">
+ <display>Fax</display>
+ <order>9</order>
+ <page>1</page>
+</attribute>
+<attribute id="mobile">
+ <display>Mobile</display>
+ <order>9</order>
+ <page>1</page>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <order>10</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Address Book Entry</description>
+<icon>address-book.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Kolab: User Entry</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First name</display>
+ <icon>ldap-uid.png</icon>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>1</order>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>2</order>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <order>4</order>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <icon>lock.png</icon>
+ <order>5</order>
+ <post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
+ <spacer>1</spacer>
+ <verify>1</verify>
+</attribute>
+<attribute id="title">
+ <display>Title</display>
+ <icon>ldap-ou.png</icon>
+ <order>6</order>
+</attribute>
+<attribute id="alias">
+ <display>Alias</display>
+ <order>7</order>
+</attribute>
+<attribute id="o">
+ <display>Organisation</display>
+ <order>8</order>
+</attribute>
+<attribute id="ou">
+ <display>Organisational unit</display>
+ <order>9</order>
+</attribute>
+<attribute id="roomNumber">
+ <display>Room Number</display>
+ <order>10</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="street">
+ <display>Address</display>
+ <icon>mail.png</icon>
+ <order>11</order>
+</attribute>
+<attribute id="postOfficeBox">
+ <display>Post box</display>
+ <order>12</order>
+</attribute>
+<attribute id="l">
+ <display>City</display>
+ <order>13</order>
+</attribute>
+<attribute id="st">
+ <display>State</display>
+ <order>14</order>
+</attribute>
+<attribute id="postalCode">
+ <display>Postal code</display>
+ <order>15</order>
+</attribute>
+<!-- <attribute id="c">
+ <display>Country</display>
+ <order>16</order>
+ <spacer>1</spacer>
+</attribute> -->
+<attribute id="telephoneNumber">
+ <display>Work phone</display>
+ <icon>phone.png</icon>
+ <order>17</order>
+</attribute>
+<attribute id="facsimileTelephoneNumber">
+ <display>Fax</display>
+ <order>18</order>
+</attribute>
+<attribute id="mobile">
+ <display>Mobile</display>
+ <order>19</order>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Thunderbird Address Book Entry</description>
+<icon>address-book.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Thunderbird: Address Book Entry</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="mozillaOrgPerson"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First Name</display>
+ <onchange>=autoFill(cn;%sn% %givenName%)</onchange>
+ <order>1</order>
+</attribute>
+<attribute id="sn">
+ <display>Last Name</display>
+ <onchange>=autoFill(cn;%sn% %givenName%)</onchange>
+ <order>2</order>
+</attribute>
+<attribute id="cn">
+ <display>Display Name</display>
+ <order>3</order>
+</attribute>
+<attribute id="mozillaNickName">
+ <display>NickName</display>
+ <order>4</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <order>5</order>
+</attribute>
+<attribute id="mozillaSecondEmail">
+ <display>Alternative Email</display>
+ <order>6</order>
+</attribute>
+<attribute id="nsAIMid">
+ <display>AIM Nick</display>
+ <order>7</order>
+</attribute>
+<attribute id="mozillaUseHtmlMail">
+ <display>HTML Email Format</display>
+ <order>8</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="telephoneNumber">
+ <display>Work Phone Number</display>
+ <order>9</order>
+</attribute>
+<attribute id="homePhone">
+ <display>Home Phone Number</display>
+ <order>10</order>
+</attribute>
+<attribute id="facsimileTelephoneNumber">
+ <display>Fax Number</display>
+ <order>11</order>
+</attribute>
+<attribute id="pager">
+ <display>Pager</display>
+ <order>12</order>
+</attribute>
+<attribute id="mobile">
+ <display>Mobile</display>
+ <order>13</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="mozillaHomeStreet">
+ <display>Address (personal)</display>
+ <order>14</order>
+</attribute>
+<attribute id="mozillaHomeLocalityName">
+ <display>City (personal)</display>
+ <order>15</order>
+</attribute>
+<attribute id="mozillaHomeState">
+ <display>State (personal)</display>
+ <order>16</order>
+</attribute>
+<attribute id="mozillaHomePostalCode">
+ <display>Zip (personal)</display>
+ <order>17</order>
+</attribute>
+<attribute id="mozillaHomeCountryName">
+ <display>Country (personal)</display>
+ <order>18</order>
+</attribute>
+<attribute id="mozillaHomeUrl">
+ <display>Web page (personal)</display>
+ <order>19</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="title">
+ <display>Title (professional)</display>
+ <order>20</order>
+</attribute>
+<attribute id="ou">
+ <display>Department (professional)</display>
+ <order>21</order>
+</attribute>
+<attribute id="o">
+ <display>Organization (professional)</display>
+ <order>22</order>
+</attribute>
+<attribute id="street">
+ <display>Address (professional)</display>
+ <order>23</order>
+</attribute>
+<attribute id="l">
+ <display>City (professional)</display>
+ <order>24</order>
+</attribute>
+<attribute id="st">
+ <display>State (professional)</display>
+ <order>25</order>
+</attribute>
+<attribute id="postalCode">
+ <display>Zip (professional)</display>
+ <order>26</order>
+</attribute>
+<attribute id="c">
+ <display>Country (professional)</display>
+ <order>27</order>
+</attribute>
+<attribute id="mozillaWorkUrl">
+ <display>Web Page (professional)</display>
+ <order>28</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="mozillaCustom1">
+ <display>Custom 1</display>
+ <order>29</order>
+</attribute>
+<attribute id="mozillaCustom2">
+ <display>Custom 2</display>
+ <order>30</order>
+</attribute>
+<attribute id="mozillaCustom3">
+ <display>Custom 3</display>
+ <order>31</order>
+</attribute>
+<attribute id="mozillaCustom4">
+ <display>Custom 4</display>
+ <order>32</order>
+</attribute>
+<attribute id="description">
+ <display>Description</display>
+ <order>33</order>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Organisational Role</description>
+<icon>ldap-o.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: Organisational Role</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="organizationalRole"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Role CN</display>
+ <order>1</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="telephoneNumber">
+ <display>Work phone</display>
+ <icon>phone.png</icon>
+ <order>2</order>
+</attribute>
+<attribute id="facsimileTelephoneNumber">
+ <display>Fax</display>
+ <order>3</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="description">
+ <display>Comments</display>
+ <icon>light.png</icon>
+ <order>4</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="roleOccupant">
+ <display>Occupant</display>
+ <icon>ldap-default.png</icon>
+ <order>5</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="street">
+ <display>Street Address</display>
+ <icon>mail.png</icon>
+ <order>6</order>
+</attribute>
+<attribute id="l">
+ <display>City</display>
+ <order>7</order>
+</attribute>
+<attribute id="st">
+ <display>State</display>
+ <order>8</order>
+</attribute>
+<attribute id="postalCode">
+ <display>Postal code</display>
+ <order>9</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="postalAddress">
+ <display>Postal Address</display>
+ <icon>mail.png</icon>
+ <order>10</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="registeredAddress">
+ <display>Registered Address</display>
+ <icon>mail.png</icon>
+ <order>11</order>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Organisational Unit</description>
+<icon>ldap-ou.png</icon>
+<invalid>0</invalid>
+<rdn>ou</rdn>
+<!-- <regexp>^o=.*,</regexp> -->
+<title>Generic: Organisational Unit</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="organizationalUnit"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="ou">
+ <display>Organisational Unit</display>
+ <hint>don't include "ou="</hint>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New User Account</description>
+<icon>ldap-user.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: User Account</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="posixAccount"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First name</display>
+ <icon>ldap-uid.png</icon>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <onchange>=autoFill(uid;%givenName|0-1/l%%sn/l%)</onchange>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <onchange>=autoFill(uid;%givenName|0-1/l%%sn/l%)</onchange>
+ <!-- <onchange>=autoFill(homeDirectory;/home/users/%uid|0-1/l%/%uid%)</onchange> -->
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="uid">
+ <display>User ID</display>
+ <onchange>=autoFill(homeDirectory;/home/users/%uid%)</onchange>
+ <order>4</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="homeDirectory">
+ <display>Home directory</display>
+ <!-- <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange> -->
+ <order>8</order>
+ <page>1</page>
+</attribute>
+<attribute id="uidNumber">
+ <display>UID Number</display>
+ <icon>terminal.png</icon>
+ <order>6</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <value>=php.GetNextNumber(/;uidNumber)</value>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <!-- <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange> -->
+ <order>7</order>
+ <page>1</page>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=posixGroup));gidNumber;%cn%;;;;cn)]]></value>
+</attribute>
+<attribute id="loginShell">
+ <display>Login shell</display>
+ <order>9</order>
+ <page>1</page>
+ <!-- <value><![CDATA[=php.PickList(/;(&(objectClass=posixAccount));loginShell;%loginShell%;;;;loginShell)]]></value> -->
+ <type>select</type>
+ <value id="/bin/sh">/bin/sh</value>
+ <value id="/bin/csh">/bin/csh</value>
+ <value id="/bin/tsh">/bin/tsh</value>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <!-- <helper>
+ <display>Encryption</display>
+ <id>enc</id>
+ <value>=php.PasswordEncryptionTypes()</value>
+ </helper> -->
+ <icon>lock.png</icon>
+ <order>5</order>
+ <page>1</page>
+ <post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
+ <spacer>1</spacer>
+ <verify>1</verify>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Posix Group</description>
+<icon>ldap-ou.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!-- <regexp>^ou=.*,</regexp> -->
+<title>Generic: Posix Group</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="posixGroup"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Group</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <order>2</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <spacer>1</spacer>
+ <value>=php.GetNextNumber(/;gidNumber)</value>
+ <!-- <value><![CDATA[=php.GetNextNumber(/;gidNumber;false;(&(objectClass=posixGroup));*2,+1000)]]></value> -->
+</attribute>
+<attribute id="memberUid">
+ <display>Users</display>
+ <hidden>0</hidden>
+ <order>3</order>
+ <page>1</page>
+ <value><![CDATA[=php.MultiList(/;(&(objectClass=posixAccount));cn;%cn% (%uid|-4%))]]></value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Samba Domain</description>
+<icon>ldap-dc.png</icon>
+<invalid>0</invalid>
+<rdn>sambaDomainName</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Samba: Domain</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sambaDomain"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sambaDomainName">
+ <display>Samba Domain Name</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sambaSID">
+ <display>Samba SID</display>
+ <hint>Samba SID is in the format S-1-5-21-x-y-z</hint>
+ <order>2</order>
+ <page>1</page>
+ <value>S-1-5-21-</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Samba3 Group Mapping</description>
+<icon>ldap-ou.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!-- <regexp>^ou=.*,</regexp> -->
+<title>Samba: Group Mapping</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="posixGroup"></objectClass>
+<objectClass id="sambaGroupMapping"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="cn">
+ <display>Group</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="displayName">
+ <display>Windows Name</display>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <order>3</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <spacer>1</spacer>
+ <value><![CDATA[=php.GetNextNumber(/;gidNumber;true;(&(objectClass=sambaDomain)(sambaDomainName=mysambadomain))]]></value>
+</attribute>
+<attribute id="sambaSID">
+ <display>Samba SID</display>
+ <helper>
+ <id>sidsuffix</id>
+ <value><![CDATA[=php.GetNextNumber(/;gidNumber;false;(&(objectClass=sambaDomain)(sambaDomainName=mysambadomain));*2,+1000)]]></value>
+ </helper>
+ <order>4</order>
+ <post>=php.Join(-;%sambaSID%,%sidsuffix%)</post>
+ <page>1</page>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=sambaDomain));sambaSID;%sambaSID% (%sambaDomainName%));;;;sambaDomainName]]></value>
+</attribute>
+<attribute id="sambaGroupType">
+ <display>Samba Group Type</display>
+ <order>5</order>
+ <page>1</page>
+ <spacer>1</spacer>
+ <type>select</type>
+ <value id="2">Domain Group</value>
+ <value id="4">Local Group</value>
+ <value id="5">Well-known Group</value>
+</attribute>
+<attribute id="memberUid">
+ <display>Users</display>
+ <hidden>0</hidden>
+ <order>10</order>
+ <page>1</page>
+ <size>10</size>
+ <value><![CDATA[=php.MultiList(/;(&(objectClass=posixAccount));uid)]]></value>
+ <!-- <value><![CDATA[=php.MultiList(/;(&(objectClass=posixAccount));uid;%cn% %uid|-4/U%;memberUid;dmdName=users,dc=localdomain;root => cn=root, nobody => cn=nobody;cn;;;)]]></value> -->
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Samba3 Machine</description>
+<icon>server.png</icon>
+<invalid>0</invalid>
+<rdn>uid</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Samba: Machine</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sambaSAMAccount"></objectClass>
+<objectClass id="posixAccount"></objectClass>
+<objectClass id="account"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="uid">
+ <display>Machine Name</display>
+ <hint>The machine name should end with a $</hint>
+ <icon>terminal.png</icon>
+ <onchange>=autoFill(cn;%uid%)</onchange>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="uidNumber">
+ <display>UID Number</display>
+ <order>2</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <value>=php.GetNextNumber(/;uidNumber)</value>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <order>3</order>
+ <page>1</page>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=posixGroup));gidNumber;%cn%;;;;cn)]]></value>
+</attribute>
+<attribute id="sambaSID">
+ <display>Samba SID</display>
+ <helper>
+ <id>sidsuffix</id>
+ <value></value>
+ </helper>
+ <order>2</order>
+ <page>1</page>
+ <post>=php.Join(-;%sambaSID%,%sidsuffix%)</post>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=sambaDomain));sambaSID;%sambaSID% (%sambaDomainName%);;;;sambaDomainName)]]></value>
+</attribute>
+<attribute id="sambaAcctFlags">
+ <hidden>1</hidden>
+ <value>[W]</value>
+</attribute>
+<attribute id="homeDirectory">
+ <hidden>1</hidden>
+ <value>/dev/null</value>
+</attribute>
+<attribute id="cn">
+ <hidden>1</hidden>
+ <value></value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Samba3 Account</description>
+<icon>ldap-user.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Samba: Account</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+<objectClass id="sambaSAMAccount"></objectClass>
+<objectClass id="posixAccount"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First name</display>
+ <icon>ldap-uid.png</icon>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="gidNumber">
+ <display>GID Number</display>
+ <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange>
+ <onchange>=autoFill(uid;%gidNumber|0-0/T%-%givenName|0-1/l%%sn/l%)</onchange>
+ <order>4</order>
+ <page>1</page>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=posixGroup));gidNumber;%cn%;;;;cn)]]></value>
+</attribute>
+<attribute id="uid">
+ <display>User ID</display>
+ <onchange>=autoFill(homeDirectory;/home/users/%gidNumber|0-0/T%/%uid|3-%)</onchange>
+ <order>5</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="uidNumber">
+ <display>UID Number</display>
+ <order>6</order>
+ <page>1</page>
+ <readonly>1</readonly>
+ <value>=php.GetNextNumber(/;uidNumber)</value>
+</attribute>
+<attribute id="sambaSID">
+ <display>Samba SID</display>
+ <helper>
+ <id>sidsuffix</id>
+ <value>=php.GetNextNumber(/;uidNumber;false;;*2,+1000)</value>
+ </helper>
+ <order>7</order>
+ <page>1</page>
+ <post>=php.Join(-;%sambaSID%,%sidsuffix%)</post>
+ <spacer>1</spacer>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=sambaDomain));sambaSID;%sambaSID% (%sambaDomainName%);;;;sambaDomainName)]]></value>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <icon>lock.png</icon>
+ <onchange>=autoFill(sambaLMPassword;%userPassword%)</onchange>
+ <onchange>=autoFill(sambaNTPassword;%userPassword%)</onchange>
+ <order>8</order>
+ <post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
+ <page>1</page>
+ <verify>1</verify>
+</attribute>
+<attribute id="sambaLMPassword">
+ <display>LM Password</display>
+ <order>9</order>
+ <page>1</page>
+ <post>=php.PasswordEncrypt(LM;%sambaLMPassword%)</post>
+ <type>password</type>
+</attribute>
+<attribute id="sambaNTPassword">
+ <display>NT Password</display>
+ <order>10</order>
+ <page>1</page>
+ <post>=php.PasswordEncrypt(NT;%sambaNTPassword%)</post>
+ <spacer>1</spacer>
+ <type>password</type>
+</attribute>
+<attribute id="loginShell">
+ <display>Login shell</display>
+ <icon>terminal.png</icon>
+ <order>11</order>
+ <page>1</page>
+ <type>select</type>
+ <!-- <value><![CDATA[=php.PickList(/;(&(objectClass=posixAccount));loginShell;%loginShell%)]]></value> -->
+ <value id="/bin/sh">/bin/sh</value>
+ <value id="/bin/csh">/bin/csh</value>
+ <value id="/bin/tsh">/bin/tsh</value>
+</attribute>
+<attribute id="sambaPrimaryGroupSID">
+ <display>Primary Group ID</display>
+ <helper>
+ <id>sidpgsuffix</id>
+ <value></value>
+ </helper>
+ <order>13</order>
+ <page>1</page>
+ <post>=php.Join(-;%sambaPrimaryGroupSID%,%sidpgsuffix%)</post>
+ <spacer>1</spacer>
+ <value><![CDATA[=php.PickList(/;(&(objectClass=sambaGroupMapping));sambaSID;%sambaSID% (%cn%);sambaPrimaryGroupSID;;;;cn)]]></value>
+</attribute>
+<attribute id="homeDirectory">
+ <display>Home directory</display>
+ <order>14</order>
+ <page>1</page>
+</attribute>
+<attribute id="sambaAcctFlags">
+ <hidden>1</hidden>
+ <value>[U]</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Alias</description>
+<icon>mail.png</icon>
+<invalid>0</invalid>
+<rdn>sendmailMTACluster</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Alias</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTAAliasObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Sendmail Cluster Name</display>
+ <icon>ldap-default.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAHost">
+ <display>Sendmail Hostname</display>
+ <hint>Leave Blank</hint>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAKey">
+ <display>Email alias</display>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAAliasValue">
+ <display>Recipient Addresses</display>
+ <order>4</order>
+ <page>1</page>
+ <type>textarea</type>
+</attribute>
+<attribute id="sendmailMTAAliasGrouping">
+ <hidden>1</hidden>
+ <value>aliases</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Domain</description>
+<icon>mail.png</icon>
+<invalid>0</invalid>
+<rdn>sendmailMTACluster</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Domain</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTAClass"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Sendmail Cluster Name</display>
+ <icon>ldap-default.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAHost">
+ <display>Sendmail Hostname</display>
+ <hint>Leave Blank</hint>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAClassValue">
+ <display>Email domain</display>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAClassName">
+ <hidden>1</hidden>
+ <value>w</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Cluster</description>
+<icon>mail.png</icon>
+<invalid>0</invalid>
+<rdn>sendmailMTACluster</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Cluster</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTA"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Alias To</display>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<!--This template doesnt does not appear to be correct. If it is correct, or if
+ you have modifications to make it correct, then let us know, and we'll
+ update and enable it.-->
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Relays</description>
+<icon>mail.png</icon>
+<invalid>1</invalid>
+<rdn>sendmailMTACluster</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Relays</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTAMapObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Sendmail Cluster Name</display>
+ <icon>ldap-default.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAHost">
+ <display>Sendmail Hostname</display>
+ <hint>Leave Blank</hint>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAKey">
+ <display>Host/Network/Address</display>
+ <order>3</order>
+ <page>1</page>
+ <type>select</type>
+ <value id="RELAY">RELAY: Allow host/network/address to relay</value>
+ <value id="OK">OK: Accept local mail but disallow relay</value>
+ <value id="REJECT">REJECT: Reject messages</value>
+ <value id="DISCARD">DISCARD: Discard messages</value>
+ <value id="SKIP">SKIP: Apply default action to messages</value>
+ <value id="ERROR">ERROR: Reject message with custom error</value>
+</attribute>
+<attribute id="sendmailMTAMapName">
+ <hidden>1</hidden>
+ <value>access</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Domain</description>
+<icon>mail.png</icon>
+<invalid>0</invalid>
+<rdn>sendmailMTACluster</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Virtual Domain</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTAClass"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Sendmail Cluster Name</display>
+ <icon>ldap-default.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAHost">
+ <display>Sendmail Hostname</display>
+ <hint>Leave Blank</hint>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAClassValue">
+ <display>Email domain</display>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAClassName">
+ <hidden>1</hidden>
+ <value>VirtHost</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<!--This template doesnt does not appear to be correct. If it is correct, or if
+ you have modifications to make it correct, then let us know, and we'll
+ update and enable it.-->
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Sendmail Virtual User</description>
+<icon>mail.png</icon>
+<invalid>1</invalid>
+<rdn>sendmailMTAMapObject</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Sendmail: Virtual Users</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="sendmailMTAMapObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="sendmailMTACluster">
+ <display>Sendmail Cluster Name</display>
+ <icon>ldap-default.png</icon>
+ <order>1</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAHost">
+ <display>Sendmail Hostname</display>
+ <hint>Leave Blank</hint>
+ <order>2</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAKey">
+ <display>Email alias</display>
+ <hint>use @example.com to map entire domain</hint>
+ <order>3</order>
+ <page>1</page>
+</attribute>
+<attribute id="sendmailMTAMapValue">
+ <display>Recipient Addresses</display>
+ <hint>use %1 to map user name port of address</hint>
+ <order>4</order>
+ <page>1</page>
+ <type>textarea</type>
+</attribute>
+<attribute id="sendmailMTAMapName">
+ <hidden>1</hidden>
+ <value>virtuser</value>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<askcontainer>1</askcontainer>
+<description>New Simple Security Object</description>
+<icon>ldap-user.png</icon>
+<invalid>0</invalid>
+<rdn>userid</rdn>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: Simple Security Object</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="account"></objectClass>
+<objectClass id="simpleSecurityObject"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="userid">
+ <display>User Name</display>
+ <icon>ldap-uid.png</icon>
+ <order>1</order>
+ <page>1</page>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="userPassword">
+ <display>Password</display>
+ <icon>lock.png</icon>
+ <order>5</order>
+ <page>1</page>
+ <post>=php.PasswordEncrypt(%enc%;%userPassword%)</post>
+ <verify>1</verify>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE template SYSTEM "template.dtd">
+
+<template>
+<description>Address Book Entry</description>
+<icon>address-book.png</icon>
+<invalid>0</invalid>
+<rdn>cn</rdn>
+<noleaf>1</noleaf>
+<!--<regexp>^ou=People,o=.*,</regexp>-->
+<title>Generic: Address Book Entry</title>
+<visible>1</visible>
+
+<objectClasses>
+<objectClass id="inetOrgPerson"></objectClass>
+</objectClasses>
+
+<attributes>
+<attribute id="givenName">
+ <display>First name</display>
+ <icon>ldap-uid.png</icon>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>1</order>
+</attribute>
+<attribute id="sn">
+ <display>Last name</display>
+ <onchange>=autoFill(cn;%givenName% %sn%)</onchange>
+ <order>2</order>
+</attribute>
+<attribute id="cn">
+ <display>Common Name</display>
+ <order>3</order>
+ <readonly>1</readonly>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="jpegPhoto">
+ <display>Photo</display>
+ <order>3</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="o">
+ <display>Organisation</display>
+ <order>4</order>
+</attribute>
+<attribute id="street">
+ <cols>50</cols>
+ <display>Street</display>
+ <icon>mail.png</icon>
+ <order>5</order>
+ <rows>4</rows>
+ <type>textarea</type>
+</attribute>
+<attribute id="l">
+ <display>City</display>
+ <order>6</order>
+</attribute>
+<attribute id="st">
+ <display>State</display>
+ <order>7</order>
+</attribute>
+<attribute id="postalCode">
+ <display>Postal code</display>
+ <order>8</order>
+ <spacer>1</spacer>
+</attribute>
+<attribute id="telephoneNumber">
+ <display>Work phone</display>
+ <icon>phone.png</icon>
+ <order>9</order>
+</attribute>
+<attribute id="facsimileTelephoneNumber">
+ <display>Fax</display>
+ <order>10</order>
+</attribute>
+<attribute id="mobile">
+ <display>Mobile</display>
+ <order>11</order>
+</attribute>
+<attribute id="mail">
+ <display>Email</display>
+ <order>12</order>
+</attribute>
+</attributes>
+
+</template>
--- /dev/null
+<!--
+==========================================================================
+ This is the DTD for phpLDAPAdmin Templates.
+
+ Copyright (c) 2009
+
+ Temporary URI for the DTD: http://phpldapadmin.sf.net/release/templates/template.dtd
+ Validate your templates here: http://www.xmlvalidation.com
+==========================================================================
+-->
+
+<!-- Unused -->
+<!ENTITY % Boolean "(0 | 1)">
+
+<!-- ================================================================ -->
+
+<!-- Template Definition -->
+<!ELEMENT template (askcontainer?,description?,icon?,invalid?,rdn?,regexp?,
+ title,visible?,objectClasses,attributes)>
+
+<!-- ObjectClasses Definition -->
+<!ELEMENT objectClasses (objectClass+)>
+<!ELEMENT objectClass EMPTY>
+<!ATTLIST objectClass id CDATA #REQUIRED>
+
+<!-- Attributes Definition -->
+<!ELEMENT attributes (attribute*)>
+<!ELEMENT attribute (cols?,default?,display?,helper?,hidden?,hint?,icon?,
+ maxlength?,onchange*,order?,page?,post?,presubmit?,readonly?,rows?,size?,
+ spacer?,type?,value*,verify?)?>
+<!ATTLIST attribute id CDATA #REQUIRED>
+
+<!-- helper -->
+<!ELEMENT helper (default?,display?,id?,value*)>
+
+<!-- ================================================================ -->
+
+<!-- Common Parameters -->
+<!ELEMENT icon (#PCDATA)>
+<!ELEMENT default (#PCDATA)>
+<!ELEMENT display (#PCDATA)>
+<!ELEMENT value (#PCDATA)>
+
+<!-- Header Parameters -->
+<!ELEMENT askcontainer (#PCDATA)>
+<!ELEMENT description (#PCDATA)>
+<!ELEMENT invalid (#PCDATA)>
+<!ELEMENT rdn (#PCDATA)>
+<!ELEMENT regexp (#PCDATA)>
+<!ELEMENT title (#PCDATA)>
+<!ELEMENT visible (#PCDATA)>
+
+<!-- Attribute Parameters -->
+<!ELEMENT cols (#PCDATA)>
+<!ELEMENT hidden (#PCDATA)>
+<!ELEMENT hint (#PCDATA)>
+<!ELEMENT maxlength (#PCDATA)>
+<!ELEMENT onchange (#PCDATA)>
+<!ELEMENT order (#PCDATA)>
+<!ELEMENT page (#PCDATA)>
+<!ELEMENT post (#PCDATA)>
+<!ELEMENT presubmit (#PCDATA)>
+<!ELEMENT readonly (#PCDATA)>
+<!ELEMENT rows (#PCDATA)>
+<!ELEMENT size (#PCDATA)>
+<!ELEMENT spacer (#PCDATA)>
+<!ELEMENT type (#PCDATA)>
+<!ELEMENT verify (#PCDATA)>
+
+<!-- Helper Parameters -->
+<!ELEMENT id (#PCDATA)>
--- /dev/null
+<?php
+
+/**
+ * Default SquirrelMail configuration file
+ *
+ * BEFORE EDITING THIS FILE!
+ *
+ * Don't edit this file directly. Copy it to config.php before you
+ * edit it. However, it is best to use the configuration script
+ * conf.pl if at all possible. That is the easiest and cleanest way
+ * to configure.
+ *
+ * Note on SECURITY: some options require putting a password in this file.
+ * Please make sure that you adapt its permissions appropriately to avoid
+ * passwords being leaked to e.g. other system users. Take extra care when
+ * the webserver is shared with untrusted users.
+ *
+ * @copyright © 2000-2007 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id: config_default.php 12522 2007-07-10 14:52:53Z kink $
+ * @package squirrelmail
+ * @subpackage config
+ */
+
+/* Do not change this value. */
+global $version;
+global $config_version;
+$config_version = '1.4.0';
+
+/*** Organization preferences ***/
+/**
+ * Organization's name
+ * @global string $org_name
+ */
+$org_name = "SquirrelMail";
+
+/**
+ * Organization's logo picture (blank if none)
+ * @global string $org_logo
+ */
+$org_logo = SM_PATH . 'images/sm_logo.png';
+
+/**
+ * The width of the logo (0 for default)
+ * @global string $org_logo_width
+ */
+$org_logo_width = '308';
+
+/**
+ * The height of the logo (0 for default)
+ * @global string $org_logo_height
+ */
+$org_logo_height = '111';
+
+/**
+ * Webmail Title
+ *
+ * This is the web page title that appears at the top of the browser window.
+ * @global string $org_title
+ */
+$org_title = "SquirrelMail $version";
+
+/**
+ * Signout page
+ *
+ * Rather than going to the signout.php page (which only allows you
+ * to sign back in), setting signout_page allows you to sign the user
+ * out and then redirect to whatever page you want. For instance,
+ * the following would return the user to your home page:
+ * $signout_page = '/';
+ * Set to the empty string to continue to use the default signout page.
+ * @global string $signout_page
+ */
+$signout_page = '';
+
+/**
+ * Top frame
+ *
+ * By default SquirrelMail takes up the whole browser window,
+ * this allows you to embed it within sites using frames. Set
+ * this to the frame you want it to stay in.
+ * @global string $frame_top
+ */
+$frame_top = '_top';
+
+/**
+ * Provider name
+ *
+ * Here you can set name of the link displayed on the right side of main page.
+ *
+ * Link will be displayed only if you have $hide_sm_attributions
+ * option set to true.
+ * @global string $provider_name
+ */
+$provider_name = 'SquirrelMail';
+
+/**
+ * Provider URI
+ *
+ * Here you can set URL of the link displayed on the right side of main page.
+ *
+ * Link will be displayed only if you have $hide_sm_attributions
+ * option set to true.
+ * @global string $provider_uri
+ */
+$provider_uri = 'http://www.squirrelmail.org/';
+
+/*** Server Settings ***/
+/**
+ * Default Domain
+ *
+ * The domain part of local email addresses.
+ * This is for all messages sent out from this server.
+ * Reply address is generated by $username@$domain
+ * Example: In bob@example.com, example.com is the domain.
+ * @global string $domain
+ */
+$domain = trim(implode('', file('/etc/'.(file_exists('/etc/mailname')?'mail':'host').'name')));
+
+/**
+ * Time offset inversion
+ *
+ * If you are running on a machine that doesn't have the tm_gmtoff
+ * value in your time structure and if you are in a time zone that
+ * has a negative offset, you need to set this value to 1. This is
+ * typically people in the US that are running Solaris 7.
+ * @global bool $invert_time
+ */
+$invert_time = false;
+
+/**
+ * Default send transport
+ *
+ * What should be used when sending email.
+ * If it is set to false, SquirrelMail will use SMTP server settings.
+ * If it is set to true, SquirrelMail will use program defined in
+ * $sendmail_path
+ * @global bool $useSendmail
+ */
+$useSendmail = false;
+
+/**
+ * Your SMTP server (usually the same as the IMAP server).
+ * @global string $smtpServerAddress
+ */
+$smtpServerAddress = 'localhost';
+/**
+ * Your SMTP port number (usually 25).
+ * @global integer $smtpPort
+ */
+$smtpPort = 25;
+
+/**
+ * SquirrelMail header encryption
+ *
+ * Encryption key allows to hide SquirrelMail Received: headers
+ * in outbound messages. Interface uses encryption key to encode
+ * username, remote address and proxied address, then stores encoded
+ * information in X-Squirrel-* headers.
+ *
+ * Warning: used encryption function is not bulletproof. When used
+ * with static encryption keys, it provides only minimal security
+ * measures and information can be decoded quickly.
+ *
+ * Encoded information can be decoded with decrypt_headers.php script
+ * from SquirrelMail contrib/ directory.
+ * @global string $encode_header_key
+ * @since 1.5.1 and 1.4.5
+ */
+$encode_header_key = '';
+
+/**
+ * Path to Sendmail
+ *
+ * Program that should be used when sending email. SquirrelMail expects that
+ * this program will follow options used by original sendmail
+ * (http://www.sendmail.org).
+ * @global string $sendmail_path
+ */
+$sendmail_path = '/usr/sbin/sendmail';
+
+/**
+ * Extra sendmail command arguments.
+ *
+ * Sets additional sendmail command arguments. Make sure that arguments are
+ * supported by your sendmail program. -f argument is added automatically by
+ * SquirrelMail scripts. Variable defaults to standard /usr/sbin/sendmail
+ * arguments. If you use qmail-inject, nbsmtp or any other sendmail wrapper,
+ * which does not support -t and -i arguments, set variable to empty string
+ * or use arguments suitable for your mailer.
+ * @global string $sendmail_args
+ * @since 1.5.1 and 1.4.8
+ */
+$sendmail_args = '-i -t';
+
+/**
+ * IMAP server address
+ *
+ * The dns name (or IP address) for your imap server.
+ * @global string $imapServerAddress
+ */
+$imapServerAddress = 'mail.drsnuggles.stderr.nl';
+
+/**
+ * IMAP server port
+ *
+ * Port used by your imap server. (Usually 143)
+ * @global integer $imapPort
+ */
+$imapPort = 143;
+
+/**
+ * IMAP server type
+ *
+ * The type of IMAP server you are running.
+ * Valid type are the following (case is important):
+ * courier
+ * cyrus
+ * exchange
+ * uw
+ * macosx
+ * hmailserver
+ * other
+ *
+ * Please note that this changes only some of server settings.
+ *
+ * In order to set everything correctly, you need to adjust several
+ * squirrelmail options. These options are listed in doc/presets.txt
+ * @global string $imap_server_type
+ */
+$imap_server_type = 'other';
+
+/**
+ * Advanced IMAP authentication options control
+ *
+ * CRAM-MD5, DIGEST-MD5, Plain, and TLS
+ * Set reasonable defaults - you'd never know this was there unless you ask for it
+ * @global bool $use_imap_tls
+ */
+$use_imap_tls = false;
+
+/**
+ * Advanced SMTP authentication options control
+ *
+ * CRAM-MD5, DIGEST-MD5, Plain, and TLS
+ * Set reasonable defaults - you'd never know this was there unless you ask for it
+ * @global bool $use_smtp_tls
+ */
+$use_smtp_tls = false;
+
+/**
+ * SMTP authentication mechanism
+ *
+ * auth_mech can be either 'none', 'login','plain', 'cram-md5', or 'digest-md5'
+ * @global string $smtp_auth_mech
+ */
+$smtp_auth_mech = 'none';
+
+/**
+ * Custom SMTP Authentication Username
+ *
+ * IMAP username is used if variable is set to an empty string. Variable is included in
+ * the main configuration file only in 1.4.11+ and 1.5.2+.
+ * @global string $smtp_sitewide_user
+ * @since 1.4.11
+ */
+$smtp_sitewide_user = '';
+
+/**
+ * Custom SMTP Authentication Password
+ *
+ * IMAP password is used if variable is set to an empty string. Variable is included in
+ * the main configuration file in 1.4.11+ and 1.5.2+
+ * @global string $smtp_sitewide_pass
+ * @since 1.4.11
+ */
+$smtp_sitewide_pass = '';
+
+/**
+ * IMAP authentication mechanism
+ *
+ * auth_mech can be either 'login','plain', 'cram-md5', or 'digest-md5'
+ * @global string $imap_auth_mech
+ */
+$imap_auth_mech = 'login';
+
+/**
+ * IMAP folder delimiter
+ *
+ * This is the delimiter that your IMAP server uses to distinguish between
+ * folders. For example, Cyrus uses '.' as the delimiter and a complete
+ * folder would look like 'INBOX.Friends.Bob', while UW uses '/' and would
+ * look like 'INBOX/Friends/Bob'. Normally this should be left at 'detect'
+ * but if you are sure you know what delimiter your server uses, you can
+ * specify it here.
+ *
+ * To have it autodetect the delimiter, set it to 'detect'.
+ * @global string $optional_delimiter
+ */
+$optional_delimiter = 'detect';
+
+/**
+ * POP before SMTP setting
+ *
+ * Do you wish to use POP3 before SMTP? Your server must
+ * support this in order for SquirrelMail to work with it.
+ * @global bool $pop_before_smtp
+ */
+$pop_before_smtp = false;
+
+
+/*** Folder Settings ***/
+/**
+ * Default IMAP folder prefix
+ *
+ * Many servers store mail in your home directory. With this, they
+ * store them in a subdirectory: mail/ or Mail/, etc. If your server
+ * does this, please set this to what the default mail folder should
+ * be. This is still a user preference, so they can change it if it
+ * is different for each user.
+ *
+ * Example:
+ * $default_folder_prefix = 'mail/';
+ * -- or --
+ * $default_folder_prefix = 'Mail/folders/';
+ *
+ * If you do not use this, set it to the empty string.
+ * @global string $default_folder_prefix
+ */
+$default_folder_prefix = '';
+
+/**
+ * User level prefix control
+ *
+ * If you do not wish to give them the option to change this, set it
+ * to false. Otherwise, if it is true, they can change the folder prefix
+ * to be anything.
+ * @global bool $show_prefix_option
+ */
+$show_prefix_option = false;
+
+/**
+ * The following are related to deleting messages.
+ * $default_move_to_trash
+ * If this is set to 'true', when 'delete' is pressed, it
+ * will attempt to move the selected messages to the folder
+ * named $trash_folder. If it's set to 'false', we won't even
+ * attempt to move the messages, just delete them.
+ * $default_move_to_sent
+ * If this is set to 'true', sent messages will be stored in
+ * $sent_folder by default.
+ * $default_save_as_draft
+ * If this is set to 'true', users are able to use $draft_folder
+ * to store their unfinished messages.
+ * $trash_folder
+ * This is the path to the default trash folder. For Cyrus
+ * IMAP, it would be 'INBOX.Trash', but for UW it would be
+ * 'Trash'. We need the full path name here.
+ * $draft_folder
+ * This is the patch to where Draft messages will be stored.
+ * $auto_expunge
+ * If this is true, when a message is moved or copied, the
+ * source mailbox will get expunged, removing all messages
+ * marked 'Deleted'.
+ * $sent_folder
+ * This is the path to where Sent messages will be stored.
+ * $delete_folder
+ * If this is true, when a folder is deleted then it will
+ * not get moved into the Trash folder.
+ * @global bool $default_move_to_trash
+ * @global bool $default_move_to_sent
+ * @global bool $default_save_as_draft
+ * @global string $trash_folder
+ * @global string $sent_folder
+ * @global string $draft_folder
+ * @global bool $auto_expunge
+ * @global bool $delete_folder
+ */
+$default_move_to_trash = true;
+$default_move_to_sent = true;
+$default_save_as_draft = true;
+$trash_folder = 'Trash';
+$sent_folder = 'Sent';
+$draft_folder = 'Drafts';
+$auto_expunge = true;
+$delete_folder = false;
+
+/**
+ * Special Folder Color Control
+ *
+ * Whether or not to use a special color for special folders. If not,
+ * special folders will be the same color as the other folders.
+ * @global bool $use_special_folder_color
+ */
+$use_special_folder_color = true;
+
+/**
+ * Create Special Folders Control
+ *
+ * Should I create the Sent and Trash folders automatically for
+ * a new user that doesn't already have them created?
+ * @global bool $auto_create_special
+ */
+$auto_create_special = true;
+
+/**
+ * List Special Folders First Control
+ *
+ * Whether or not to list the special folders first (true/false).
+ * @global bool $list_special_folders_first
+ */
+$list_special_folders_first = true;
+
+/**
+ * Subfolder Layout Control
+ *
+ * Are all your folders subfolders of INBOX (i.e. cyrus IMAP server).
+ * If you are unsure, set it to false.
+ * @global bool $default_sub_of_inbox
+ */
+$default_sub_of_inbox = true;
+
+/**
+ * Subfolder Format Control
+ *
+ * Some IMAP daemons (UW) handle folders weird. They only allow a
+ * folder to contain either messages or other folders, not both at
+ * the same time. This option controls whether or not to display an
+ * option during folder creation. The option toggles which type of
+ * folder it should be.
+ *
+ * If this option confuses you, just set it to 'true'. You can not hurt
+ * anything if it's true, but some servers will respond weird if it's
+ * false. (Cyrus works fine whether it's true OR false).
+ * @global bool $show_contain_subfolders_option
+ */
+$show_contain_subfolders_option = false;
+
+/**
+ * These next two options set the defaults for the way that the
+ * users see their folder list.
+ * $default_unseen_notify
+ * Specifies whether or not the users will see the number of
+ * unseen in each folder by default and also which folders to
+ * do this to. Valid values are: 1=none, 2=inbox, 3=all.
+ * $default_unseen_type
+ * Specifies the type of notification to give the users by
+ * default. Valid choice are: 1=(4), 2=(4,25).
+ * @global integer $default_unseen_notify
+ * @global integer $default_unseen_type
+ */
+$default_unseen_notify = 2;
+$default_unseen_type = 1;
+
+/**
+ * NoSelect Fix Control
+ *
+ * This enables the no select fix for Cyrus when subfolders
+ * exist but parent folders do not
+ * @global bool $noselect_fix_enable
+ */
+$noselect_fix_enable = false;
+
+/*** General options ***/
+/**
+ * Path to the data/ directory
+ *
+ * It is a possible security hole to have a writable directory
+ * under the web server's root directory (ex: /home/httpd/html).
+ * It is possible to put the data directory anywhere you would like;
+ * it is strongly advised that it is NOT directly web-accessible.
+ *
+ * The path name can be absolute or relative (to the config directory).
+ * If it is relative, it must use the SM_PATH constant.
+ * Here are two examples:
+ *
+ * Absolute:
+ * $data_dir = '/var/lib/squirrelmail/data/';
+ *
+ * Relative (to main SM directory):
+ * $data_dir = SM_PATH . 'data/';
+ * (NOT recommended: you need to secure apache to make sure these
+ * files are not world readable)
+ *
+ * @global string $data_dir
+ */
+$data_dir = $_ENV['SITE_DIR'] . '/data/squirrelmail/data/';
+
+/**
+ * Attachments directory
+ *
+ * Path to directory used for storing attachments while a mail is
+ * being sent. There are a few security considerations regarding
+ * this directory:
+ * + It should have the permission 733 (rwx-wx-wx) to make it
+ * impossible for a random person with access to the webserver to
+ * list files in this directory. Confidential data might be laying
+ * around there.
+ * + Since the webserver is not able to list the files in the content
+ * is also impossible for the webserver to delete files lying around
+ * there for too long.
+ * + It should probably be another directory than data_dir.
+ * @global string $attachment_dir
+ */
+$attachment_dir = $_ENV['SITE_DIR'] . '/data/squirrelmail/attach/';
+
+/**
+ * Hash level used for data directory.
+ *
+ * This option allows spliting file based squirrelmail user
+ * data storage directory into several subfolders. Number from
+ * 0 to 4 allows allows having up to four subfolder levels.
+ *
+ * Hashing should speed up directory access if you have big number
+ * of users (500 and more).
+ * @global integer $dir_hash_level
+ */
+$dir_hash_level = 0;
+
+/**
+ * Default Size of Folder List
+ *
+ * This is the default size of the folder list. Default
+ * is 150, but you can set it to whatever you wish.
+ * @global string $default_left_size
+ */
+$default_left_size = '150';
+
+/**
+ * Username Case Control
+ *
+ * Some IMAP servers allow a username (like 'bob') to log in if they use
+ * uppercase in their name (like 'Bob' or 'BOB'). This creates extra
+ * preference files. Toggling this option to true will transparently
+ * change all usernames to lowercase.
+ * @global bool $force_username_lowercase
+ */
+$force_username_lowercase = false;
+
+/**
+ * Email Priority Control
+ *
+ * This option enables use of email priority flags by end users.
+ * @global bool $default_use_priority
+ */
+$default_use_priority = true;
+
+/**
+ * SquirrelMail Attributions Control
+ *
+ * This option disables display of "created by squirrelmail developers"
+ * strings and provider link
+ * @global bool $hide_sm_attributions
+ */
+$hide_sm_attributions = false;
+
+/**
+ * Delivery Receipts Control
+ *
+ * This option enables use of read/delivery receipts by end users.
+ * @global bool $default_use_mdn
+ */
+$default_use_mdn = true;
+
+/**
+ * Identity Controls
+ *
+ * If you don't want to allow users to change their email address
+ * then you can set $edit_identity to false, if you want them to
+ * not be able to change their full name too then set $edit_name
+ * to false as well. $edit_name has no effect unless $edit_identity
+ * is false;
+ * @global bool $edit_identity
+ * @global bool $edit_name
+ */
+$edit_identity = true;
+$edit_name = true;
+
+/**
+ * SquirrelMail adds username information to every sent email.
+ * It is done in order to prevent possible sender forging when
+ * end users are allowed to change their email and name
+ * information.
+ *
+ * You can disable this header, if you think that it violates
+ * user's privacy or security. Please note, that setting will
+ * work only when users are not allowed to change their identity.
+ *
+ * See SquirrelMail bug tracker #847107 for more details about it.
+ * @global bool $hide_auth_header
+ * @since 1.5.1 and 1.4.5
+ */
+$hide_auth_header = false;
+
+/**
+ * Server Side Threading Control
+ *
+ * If you want to enable server side thread sorting options
+ * Your IMAP server must support the THREAD extension for
+ * this to work.
+ * @global bool $allow_thread_sort
+ */
+$allow_thread_sort = false;
+
+/**
+ * Server Side Sorting Control
+ *
+ * to use server-side sorting instead of SM client side.
+ * Your IMAP server must support the SORT extension for this
+ * to work.
+ * @global bool $allow_server_sort
+ */
+$allow_server_sort = false;
+
+/**
+ * IMAP Charset Use Control
+ *
+ * This option allows you to choose if SM uses charset search
+ * Your imap server should support SEARCH CHARSET command for
+ * this to work.
+ * @global bool $allow_charset_search
+ */
+$allow_charset_search = true;
+
+/**
+ * IMAP UID control
+ *
+ * This option allows you to enable unique identifier (UID) support.
+ * @global bool $uid_support
+ */
+$uid_support = true;
+
+/**
+ * PHP session name.
+ *
+ * Leave this alone unless you know what you are doing.
+ * @global string $session_name
+ */
+$session_name = 'SQMSESSID';
+
+
+/**
+ * Location base
+ *
+ * This is used to build the URL to the SquirrelMail location.
+ * It should contain only the protocol and hostname/port parts
+ * of the URL; the full path will be appended automatically.
+ *
+ * If not specified or empty, it will be autodetected.
+ *
+ * Examples:
+ * http://webmail.example.org
+ * http://webmail.example.com:8080
+ * https://webmail.example.com:6691
+ *
+ * To be clear: do not include any of the path elements, so if
+ * SquirrelMail is at http://www.example.net/web/mail/src/login.php, you
+ * write: http://www.example.net
+ *
+ * @global string $config_location_base
+ * @since 1.4.8
+ */
+$config_location_base = '';
+
+
+
+/**
+ * Themes
+ * You can define your own theme and put it in this directory.
+ * You must call it as the example below. You can name the theme
+ * whatever you want. For an example of a theme, see the ones
+ * included in the config directory.
+ *
+ * To add a new theme to the options that users can choose from, just
+ * add a new number to the array at the bottom, and follow the pattern.
+ *
+ * $theme_default sets theme that will be used by default
+ * $theme_css sets stylesheet (from theme/css directory) that will be
+ * used by default.
+ * @global integer $theme_default
+ * @global string $theme_css
+ */
+$theme_default = 0;
+$theme_css = '';
+
+/**
+ * Listing of installed themes
+ * @global array $theme
+ */
+$theme[0]['PATH'] = SM_PATH . 'themes/default_theme.php';
+$theme[0]['NAME'] = 'Default';
+
+$theme[1]['PATH'] = SM_PATH . 'themes/plain_blue_theme.php';
+$theme[1]['NAME'] = 'Plain Blue';
+
+$theme[2]['PATH'] = SM_PATH . 'themes/sandstorm_theme.php';
+$theme[2]['NAME'] = 'Sand Storm';
+
+$theme[3]['PATH'] = SM_PATH . 'themes/deepocean_theme.php';
+$theme[3]['NAME'] = 'Deep Ocean';
+
+$theme[4]['PATH'] = SM_PATH . 'themes/slashdot_theme.php';
+$theme[4]['NAME'] = 'Slashdot';
+
+$theme[5]['PATH'] = SM_PATH . 'themes/purple_theme.php';
+$theme[5]['NAME'] = 'Purple';
+
+$theme[6]['PATH'] = SM_PATH . 'themes/forest_theme.php';
+$theme[6]['NAME'] = 'Forest';
+
+$theme[7]['PATH'] = SM_PATH . 'themes/ice_theme.php';
+$theme[7]['NAME'] = 'Ice';
+
+$theme[8]['PATH'] = SM_PATH . 'themes/seaspray_theme.php';
+$theme[8]['NAME'] = 'Sea Spray';
+
+$theme[9]['PATH'] = SM_PATH . 'themes/bluesteel_theme.php';
+$theme[9]['NAME'] = 'Blue Steel';
+
+$theme[10]['PATH'] = SM_PATH . 'themes/dark_grey_theme.php';
+$theme[10]['NAME'] = 'Dark Grey';
+
+$theme[11]['PATH'] = SM_PATH . 'themes/high_contrast_theme.php';
+$theme[11]['NAME'] = 'High Contrast';
+
+$theme[12]['PATH'] = SM_PATH . 'themes/black_bean_burrito_theme.php';
+$theme[12]['NAME'] = 'Black Bean Burrito';
+
+$theme[13]['PATH'] = SM_PATH . 'themes/servery_theme.php';
+$theme[13]['NAME'] = 'Servery';
+
+$theme[14]['PATH'] = SM_PATH . 'themes/maize_theme.php';
+$theme[14]['NAME'] = 'Maize';
+
+$theme[15]['PATH'] = SM_PATH . 'themes/bluesnews_theme.php';
+$theme[15]['NAME'] = 'BluesNews';
+
+$theme[16]['PATH'] = SM_PATH . 'themes/deepocean2_theme.php';
+$theme[16]['NAME'] = 'Deep Ocean 2';
+
+$theme[17]['PATH'] = SM_PATH . 'themes/blue_grey_theme.php';
+$theme[17]['NAME'] = 'Blue Grey';
+
+$theme[18]['PATH'] = SM_PATH . 'themes/dompie_theme.php';
+$theme[18]['NAME'] = 'Dompie';
+
+$theme[19]['PATH'] = SM_PATH . 'themes/methodical_theme.php';
+$theme[19]['NAME'] = 'Methodical';
+
+$theme[20]['PATH'] = SM_PATH . 'themes/greenhouse_effect.php';
+$theme[20]['NAME'] = 'Greenhouse Effect (Changes)';
+
+$theme[21]['PATH'] = SM_PATH . 'themes/in_the_pink.php';
+$theme[21]['NAME'] = 'In The Pink (Changes)';
+
+$theme[22]['PATH'] = SM_PATH . 'themes/kind_of_blue.php';
+$theme[22]['NAME'] = 'Kind of Blue (Changes)';
+
+$theme[23]['PATH'] = SM_PATH . 'themes/monostochastic.php';
+$theme[23]['NAME'] = 'Monostochastic (Changes)';
+
+$theme[24]['PATH'] = SM_PATH . 'themes/shades_of_grey.php';
+$theme[24]['NAME'] = 'Shades of Grey (Changes)';
+
+$theme[25]['PATH'] = SM_PATH . 'themes/spice_of_life.php';
+$theme[25]['NAME'] = 'Spice of Life (Changes)';
+
+$theme[26]['PATH'] = SM_PATH . 'themes/spice_of_life_lite.php';
+$theme[26]['NAME'] = 'Spice of Life - Lite (Changes)';
+
+$theme[27]['PATH'] = SM_PATH . 'themes/spice_of_life_dark.php';
+$theme[27]['NAME'] = 'Spice of Life - Dark (Changes)';
+
+$theme[28]['PATH'] = SM_PATH . 'themes/christmas.php';
+$theme[28]['NAME'] = 'Holiday - Christmas';
+
+$theme[29]['PATH'] = SM_PATH . 'themes/darkness.php';
+$theme[29]['NAME'] = 'Darkness (Changes)';
+
+$theme[30]['PATH'] = SM_PATH . 'themes/random.php';
+$theme[30]['NAME'] = 'Random (Changes every login)';
+
+$theme[31]['PATH'] = SM_PATH . 'themes/midnight.php';
+$theme[31]['NAME'] = 'Midnight';
+
+$theme[32]['PATH'] = SM_PATH . 'themes/alien_glow.php';
+$theme[32]['NAME'] = 'Alien Glow';
+
+$theme[33]['PATH'] = SM_PATH . 'themes/dark_green.php';
+$theme[33]['NAME'] = 'Dark Green';
+
+$theme[34]['PATH'] = SM_PATH . 'themes/penguin.php';
+$theme[34]['NAME'] = 'Penguin';
+
+$theme[35]['PATH'] = SM_PATH . 'themes/minimal_bw.php';
+$theme[35]['NAME'] = 'Minimal BW';
+
+$theme[36]['PATH'] = SM_PATH . 'themes/redmond.php';
+$theme[36]['NAME'] = 'Redmond';
+
+$theme[37]['PATH'] = SM_PATH . 'themes/netstyle_theme.php';
+$theme[37]['NAME'] = 'Net Style';
+
+$theme[38]['PATH'] = SM_PATH . 'themes/silver_steel_theme.php';
+$theme[38]['NAME'] = 'Silver Steel';
+
+$theme[39]['PATH'] = SM_PATH . 'themes/simple_green_theme.php';
+$theme[39]['NAME'] = 'Simple Green';
+
+$theme[40]['PATH'] = SM_PATH . 'themes/wood_theme.php';
+$theme[40]['NAME'] = 'Wood';
+
+$theme[41]['PATH'] = SM_PATH . 'themes/bluesome.php';
+$theme[41]['NAME'] = 'Bluesome';
+
+$theme[42]['PATH'] = SM_PATH . 'themes/simple_green2.php';
+$theme[42]['NAME'] = 'Simple Green 2';
+
+$theme[43]['PATH'] = SM_PATH . 'themes/simple_purple.php';
+$theme[43]['NAME'] = 'Simple Purple';
+
+$theme[44]['PATH'] = SM_PATH . 'themes/autumn.php';
+$theme[44]['NAME'] = 'Autumn';
+
+$theme[45]['PATH'] = SM_PATH . 'themes/autumn2.php';
+$theme[45]['NAME'] = 'Autumn 2';
+
+$theme[46]['PATH'] = SM_PATH . 'themes/blue_on_blue.php';
+$theme[46]['NAME'] = 'Blue on Blue';
+
+$theme[47]['PATH'] = SM_PATH . 'themes/classic_blue.php';
+$theme[47]['NAME'] = 'Classic Blue';
+
+$theme[48]['PATH'] = SM_PATH . 'themes/classic_blue2.php';
+$theme[48]['NAME'] = 'Classic Blue 2';
+
+$theme[49]['PATH'] = SM_PATH . 'themes/powder_blue.php';
+$theme[49]['NAME'] = 'Powder Blue';
+
+$theme[50]['PATH'] = SM_PATH . 'themes/techno_blue.php';
+$theme[50]['NAME'] = 'Techno Blue';
+
+$theme[51]['PATH'] = SM_PATH . 'themes/turquoise.php';
+$theme[51]['NAME'] = 'Turquoise';
+
+/**
+ * LDAP server(s)
+ * Array of arrays with LDAP server parameters. See
+ * functions/abook_ldap_server.php for a list of possible
+ * parameters
+ *
+ * EXAMPLE:
+ * $ldap_server[0] = Array(
+ * 'host' => 'memberdir.netscape.com',
+ * 'name' => 'Netcenter Member Directory',
+ * 'base' => 'ou=member_directory,o=netcenter.com'
+ * );
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
+ */
+// Add your ldap server options here
+
+/**
+ * Javascript in Addressbook Control
+ *
+ * Users may search their addressbook via either a plain HTML or Javascript
+ * enhanced user interface. This option allows you to set the default choice.
+ * Set this default choice as either:
+ * true = javascript
+ * false = html
+ * @global bool $default_use_javascript_addr_book
+ */
+$default_use_javascript_addr_book = false;
+
+/**
+ * Shared filebased address book
+ * @global string $abook_global_file
+ * @since 1.5.1 and 1.4.4
+ */
+$abook_global_file = '';
+
+/**
+ * Writing into shared address book control
+ * @global bool $abook_global_file_writeable
+ * @since 1.5.1 and 1.4.4
+ */
+$abook_global_file_writeable = false;
+
+/**
+ * Listing of shared address book control
+ * @global bool $abook_global_file_listing
+ * @since 1.5.1 and 1.4.9
+ */
+$abook_global_file_listing = true;
+
+/**
+ * Controls file based address book entry size
+ *
+ * This setting controls space allocated to file based address book records.
+ * End users will be unable to save address book entry, if total entry size
+ * (quoted address book fields + 4 delimiters + linefeed) exceeds allowed
+ * address book length size.
+ *
+ * Same setting is applied to personal and global file based address books.
+ *
+ * It is strongly recommended to keep default setting value. Change it only
+ * if you really want to store address book entries that are bigger than two
+ * kilobytes (2048).
+ * @global integer $abook_file_line_length
+ * @since 1.5.2 and 1.4.9
+ */
+$abook_file_line_length = 2048;
+
+/**
+ * MOTD
+ *
+ * This is a message that is displayed immediately after a user logs in.
+ * @global string $motd
+ */
+$motd = "";
+
+
+/**
+ * To install plugins, just add elements to this array that have
+ * the plugin directory name relative to the /plugins/ directory.
+ * For instance, for the 'squirrelspell' plugin, you'd put a line like
+ * the following.
+ * $plugins[0] = 'squirrelspell';
+ * $plugins[1] = 'listcommands';
+ */
+// Add list of enabled plugins here
+
+
+/*** Database ***/
+/**
+ * Read the administrator's manual in order to get more information
+ * about these settings.
+ */
+/**
+ * Database-driven private addressbooks
+ * DSN (Data Source Name) for a database where the private
+ * addressbooks are stored. See the administrator's manual for more info.
+ * If it is not set, the addressbooks are stored in files
+ * in the data dir.
+ * The DSN is in the format: mysql://user:pass@hostname/dbname
+ * The table is the name of the table to use within the
+ * specified database.
+ *
+ * NOTE: please see security note at the top of this file when
+ * entering a password.
+ */
+$addrbook_dsn = '';
+$addrbook_table = 'address';
+/**
+ * Database used to store user data
+ */
+$prefs_dsn = '';
+$prefs_table = 'userprefs';
+$prefs_key_field = 'prefkey';
+$prefs_user_field = 'user';
+$prefs_val_field = 'prefval';
+
+/*** Global sql database options ***/
+/**
+ * DSN of global address book database
+ * @global string $addrbook_global_dsn
+ * @since 1.5.1 and 1.4.4
+ */
+$addrbook_global_dsn = '';
+/**
+ * Table used for global database address book
+ * @global string $addrbook_global_table
+ * @since 1.5.1 and 1.4.4
+ */
+$addrbook_global_table = 'global_abook';
+/**
+ * Control writing into global database address book
+ * @global boolean $addrbook_global_writeable
+ * @since 1.5.1 and 1.4.4
+ */
+$addrbook_global_writeable = false;
+/**
+ * Control listing of global database address book
+ * @global boolean $addrbook_global_listing
+ * @since 1.5.1 and 1.4.4
+ */
+$addrbook_global_listing = false;
+
+/*** Language settings ***/
+/**
+ * Default language
+ *
+ * This is the default language. It is used as a last resort
+ * if SquirrelMail can't figure out which language to display.
+ * Language names usually consist of language code, undercore
+ * symbol and country code
+ * @global string $squirrelmail_default_language
+ */
+$squirrelmail_default_language = 'en_US';
+
+/**
+ * Default Charset
+ *
+ * This option controls what character set is used when sending mail
+ * and when sending HTML to the browser. Do not set this to US-ASCII,
+ * use ISO-8859-1 instead.
+ *
+ * This option is active only when default language is en_US. In other
+ * cases SquirrelMail uses charset that depends on default language.
+ * See $squirrelmail_default_language
+ *
+ * @global string $default_charset
+ */
+$default_charset = 'iso-8859-1';
+
+/**
+ * Lossy Encoding Control
+ *
+ * This option allows charset conversions when output charset does not support
+ * all symbols used in original charset. Symbols unsupported by output charset
+ * will be replaced with question marks.
+ * @global bool $lossy_encoding
+ * @since 1.4.4 and 1.5.1
+ */
+$lossy_encoding = false;
+
+/**
+ * Subscribe Listing Control
+ *
+ * this disables listing all of the folders on the IMAP Server to
+ * generate the folder subscribe listbox (this can take a long time
+ * when you have a lot of folders). Instead, a textbox will be
+ * displayed allowing users to enter a specific folder name to subscribe to
+ *
+ * This option can't be changed by conf.pl
+ * @global bool $no_list_for_subscribe
+ */
+$no_list_for_subscribe = false;
+
+/**
+ * Color in config control
+ *
+ * This option is used only by conf.pl script to generate configuration
+ * menu with some colors and is provided here only as reference.
+ * @global integer $config_use_color
+ */
+$config_use_color = 2;
+
+/**
+ * This option includes special configuration options
+ */
+@include SM_PATH . 'config/config_local.php';
+
--- /dev/null
+#!/bin/sh
+exec perl -mfiletest=access $@
--- /dev/null
+#!/bin/sh
+
+if [ "$UID" -eq 0 ]; then
+ echo "No need to run as root."
+ exit 1
+fi
+
+if [ "$1" = "-h" -o "$1" = "--help" -o $# -ne 1 ]; then
+ echo "Usage $0 <dirname>"
+ echo "<dirname> is the full path to the site, such as /var/www/example.nl"
+ echo "which is created if it does not exist yet. If it exists, it's"
+ echo "permissions are reset".
+ exit 0
+fi
+
+HTTPD_USER=www-data
+# The primary group of the created user
+HTTPD_USERS_GID=1002
+# The template to copy
+TEMPLATE_DIR=/data/www/template
+# The bases to create users under
+USERBASE="uniqueIdentifier=7,uniqueIdentifier=6,dc=drsnuggles,dc=stderr,dc=nl"
+GROUPBASE="uniqueIdentifier=4,uniqueIdentifier=8,dc=drsnuggles,dc=stderr,dc=nl"
+# PHP config to change the error_log setting in
+PHP_CONFIG=conf/php.ini.override
+# PHP error logfile to set error_log to
+PHP_ERRORLOG=logs/php.log
+
+# Get dir
+DIR="$1"
+
+if [ -e "$DIR" ]; then
+ if [ ! -d "$DIR" ]; then
+ echo "$DIR" must be a directory, or not exist yet.
+ exit 1;
+ fi
+ echo "Skipping creation of $DIR, it already exists";
+else
+ # Create $DIR from $TEMPLATE_DIR, if it does not exist yet
+ echo "Creating $DIR from $TEMPLATE_DIR"
+ cp -R "$TEMPLATE_DIR" "$DIR"
+fi
+
+# Make $DIR absolute
+cd "$DIR"
+DIR=`pwd`
+
+# Strip prefix
+SITE=`basename $DIR`
+
+# replace . with -
+GROUP=`echo $SITE | sed s/\\\\./-/g`
+SCRIPT_USER="httpd-$GROUP"
+
+if getent passwd | grep $SCRIPT_USER &> /dev/null && getent group | grep $GROUP &> /dev/null; then
+ echo "$SCRIPT_USER and/or $GROUP already exists, skipping account creation"
+else
+ # find a uid
+ ID=2000
+ while getent passwd | cut -f 3 -d: | grep "^$ID\$" &>/dev/null && getent group | cut -f 3 -d: | grep "^$ID\$" &> /dev/null; do
+ ((ID++))
+ done;
+
+ echo Found uid/gid $ID for $SCRIPT_USER/$GROUP
+
+ # Create a user for scripts to run as, and a group to give write permissions to
+ # files.
+ ldapvi --profile bind --add --in --ldapvi <<EOF || exit
+add cn=$GROUP,$GROUPBASE
+cn: $GROUP
+displayName: $SITE
+gidNumber: $ID
+objectClass: simplePosixGroup
+objectClass: simpleGroup
+objectClass: top
+
+add cn=$SCRIPT_USER,$USERBASE
+cn: $SCRIPT_USER
+displayName: $SITE
+uidNumber: $ID
+gidNumber: $HTTPD_USERS_GID
+homeDirectory: $DIR
+objectClass: posixAccount
+objectClass: simpleObject
+objectClass: top
+uid: $SCRIPT_USER
+EOF
+fi
+
+if getent passwd | grep $SCRIPT_USER &> /dev/null && getent group | grep $GROUP &> /dev/null; then
+ echo "$SCRIPT_USER and $GROUP created succesfully"
+else
+ echo "User or group creation failed"
+ exit 1
+fi
+
+echo "Setting up permissions"
+# Set up permissions
+sudo chown -R 0:$GROUP "$DIR"
+
+# By default, let the owner have write access, the group have read access
+sudo setfacl -R --set d:u::rwX,d:g::rX,d:o::-,u::rwX,g::rX,o::- "$DIR"
+
+# Give the group write access to htdocs, applications, conf and data
+sudo setfacl -R -m g::rwX,d:g::rwX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" "$DIR/data"
+
+# Give lighttpd read access to the dir itself
+sudo setfacl -m u:$HTTPD_USER:rx "$DIR"
+
+# Allow lighttpd to read anything in htdocs, applications, conf and data
+sudo setfacl -R -m d:u:$HTTPD_USER:rX,u:$HTTPD_USER:rX "$DIR/htdocs" "$DIR/applications" "$DIR/conf" "$DIR/data"
+
+# Allow lighttpd to write new files in logs
+sudo setfacl -m d:u:$HTTPD_USER:rwX,u:$HTTPD_USER:rwX "$DIR/logs"
+
+# Give scripts read access to the dir itself
+sudo setfacl -m u:$SCRIPT_USER:rx "$DIR"
+
+# Allow scripts to read anything in applications, htdocs and conf
+sudo setfacl -R -m d:u:$SCRIPT_USER:rX,u:$SCRIPT_USER:rX "$DIR/applications" "$DIR/htdocs" "$DIR/conf"
+
+# Allow scripts to create new files in logs and data (but not touch existing or those created by lighttpd)
+sudo setfacl -m u:$SCRIPT_USER:rwX "$DIR/logs" "$DIR/data"
+
+# Temp, chown existing log files
+sudo sh -c "chown -R $SCRIPT_USER \"$DIR\"/logs/php.log* \"$DIR\"/logs/wipi.log*"
+sudo sh -c "chown -R $HTTPD_USER \"$DIR\"/logs/access.log*"
+
+# Now, set the error_log setting in php.ini. This ensures each domein will have
+# a separate logfile for errors, since lighttpd only supports a single error
+# log (When error_log is not set, error messages will go to lighttpd's log
+# automatically).
+
+echo Updating `basename $PHP_CONFIG`
+sudo sed -i "s#^error_log *=.*#error_log = $DIR/$PHP_ERRORLOG#" "$DIR/$PHP_CONFIG"
+sudo update-php.ini
+
+
+# Done!
+echo "Done!"
+echo "Now add human users to $GROUP."
+echo "Also add this site to /usr/local/sbin/spawn-fcgi.sh and enable"
+echo "fcgi in lighttpd if dynamic content is required."
--- /dev/null
+#!/bin/sh
+
+# This script will merge the main php.ini with local and site specific
+# additions into a site specific php.ini.
+
+BASE=/etc/php5/cgi/php.ini
+LOCAL=/etc/php5/cgi/php.ini.local
+SITES=/data/www/*
+CONFIN=conf/php.ini.override
+CONFOUT=conf/php.ini
+
+for SITE in $SITES; do
+ IN=$SITE/$CONFIN
+ OUT=$SITE/$CONFOUT
+ if [ \! -r $IN ]; then
+ continue;
+ fi
+ echo "Updating $OUT"
+
+ cat > $OUT <<EOF
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;
+; This file is autogenerated by $0
+;
+; Do NOT edit this file directly.
+;
+; You should instead edit $IN (for site-specific config) or $LOCAL (for global
+; config) and run $0 afterwards.
+;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+
+;;; Begin included $BASE (this is the default config from php) ;;;
+
+EOF
+
+ cat $BASE >> $OUT
+ echo -e "\n;;; End included $BASE ;;;\n" >> $OUT
+ echo -e "\n;;; Begin included $LOCAL (these are global config changes) ;;;\n" >> $OUT
+ cat $LOCAL >> $OUT
+ echo -e "\n;;; End included $LOCAL ;;;\n" >> $OUT
+ echo -e "\n;;; Begin included $IN (these are config changes specific to this site) ;;;\n" >> $OUT
+ cat $IN >> $OUT
+ echo -e "\n;;; End included $IN ;;;\n" >> $OUT
+done
--- /dev/null
+#!/usr/bin/python
+# This script takes care of two things:
+# * Generate lighttpd configuration that puts access logs for each subdomain
+# into a separate file.
+# * Generate awstats configuration files to parse each of these.
+# * Run awstats to process all current logfiles or
+# * When --after-logrotate is given, run awstats to process the just rotated
+# logfiles.
+# For the last part, it is assumed that logrotate is configured with dateext,
+# without olddir and, until http://bugs.gentoo.org/106651 is fixed, with
+# delaycompress.
+
+import os, sys, datetime, subprocess
+
+root_dir = '/data/www'
+htdocs_dir = 'htdocs'
+logs_dir = 'logs'
+lighttpd_conf_file = '/etc/lighttpd/logging.conf'
+# The directory with awstats configuration files
+awstats_dir = '/etc/awstats'
+# The template for each awstats configuration file. %s is replaced with the
+# full domain name the configuration is for
+awstats_config_file = 'awstats.%s.conf'
+# Let each awstats config file include this file
+awstats_common_file = os.path.join(awstats_dir, 'common.conf')
+# Filename for the log files
+log_file = 'access.log'
+# Directory for domains we didn't find
+other_dir = 'other'
+awstats = '/usr/lib/cgi-bin/awstats.pl'
+# Use sudo to run awstats as this user
+awstats_user = 'www-data'
+# The dateformat option as used by logrotate. This is the default.
+dateformat = '-%Y%m%d'
+# Lighttpd restart command
+reload_lighttpd = 'invoke-rc.d lighttpd reload'
+
+header = """
+# This config file was autogenerated by the %s script. Do not change it
+# directly, since it will be periodically regenerated.
+
+""" % sys.argv[0]
+
+lighttpd_conf = header
+domains = {}
+
+for d in os.listdir(root_dir):
+ domain_htdocs_dir = os.path.join(root_dir, d, htdocs_dir)
+ # Require a dot in the domain name to filter out stuff like "template" or
+ # "php5-libs" and require the htdocs directory to exist.
+ if not '.' in d or not os.path.isdir(domain_htdocs_dir):
+ continue
+
+ print "%s" % d
+
+ # Make a dictionary of subdomains, containing a list of all aliases.
+ # Iterate all subdomains by looking into the htdocs directory.
+ subdomains = {}
+ def add_subdomain(sub, alias=None):
+ if (not sub in subdomains): subdomains[sub] = []
+ if alias: subdomains[sub].append(alias)
+
+ for dir in os.listdir(domain_htdocs_dir):
+ subdomain_htdocs_dir = os.path.join(domain_htdocs_dir, dir)
+ # Skip non-directories
+ if not os.path.isdir(subdomain_htdocs_dir):
+ continue
+
+ # If the htdocs dir is a link, resolve it (only once!)
+ if os.path.islink(subdomain_htdocs_dir):
+ # Resolve the link to a full path
+ target = os.readlink(subdomain_htdocs_dir)
+ target = os.path.join(domain_htdocs_dir, target)
+ # Only resolve links that point within the same domain
+ if os.path.dirname(target) == domain_htdocs_dir:
+ target = os.path.basename(target)
+ print "\t\%s -> %s" % (dir, target)
+
+ add_subdomain(target, dir)
+ continue
+ # If we get here, there was no resolvable link
+ add_subdomain(dir, dir)
+
+ domains[d] = subdomains
+
+ # Generate the lighttpd config file part for this domain
+ other_logfile = os.path.join(root_dir, d, logs_dir, other_dir, log_file)
+ lighttpd_conf += '$HTTP["host"] =~ ".%s$" {\n' % d
+ lighttpd_conf += '\t# Fallback logfile, in case none if the below conditionals match.\n'
+ lighttpd_conf += '\t# This can happen when a domain was added, but the %s script\n' % sys.argv[0]
+ lighttpd_conf += '\t# has not run yet\n'
+ lighttpd_conf += '\taccesslog.filename = "%s"\n' % other_logfile
+
+ # Make sure the directory exists
+ if not os.path.isdir(os.path.dirname(other_logfile)):
+ os.makedirs(os.path.dirname(other_logfile))
+
+ for (s, aliases) in subdomains.items():
+ print "\t%s" % s
+
+ full_domain = "%s.%s" % (s, d)
+ subdomain_logfile = os.path.join(root_dir, d, logs_dir, s, log_file)
+
+ # Generate the lighttpd config file part for this subdomain
+ print "\t\tGenerating lighttpd configuration"
+ if aliases != [s]:
+ # Don't use a regex if we don't need to. I think this should slightly
+ # speed up lighttpd.
+ aliases_regex = '|'.join(aliases)
+ lighttpd_conf += '\t$HTTP["host"] =~ "^(%s).%s$" {\n' % (aliases_regex, d)
+ else:
+ lighttpd_conf += '\t$HTTP["host"] == "%s.%s" {\n' % (s, d)
+ lighttpd_conf += '\t\taccesslog.filename = "%s"\n' % subdomain_logfile
+ lighttpd_conf += '\t}\n'
+
+ # Only generate awstats configuration for real paths, not symlinks
+ awstats_conf = header
+ awstats_conf += 'LogFile="%s"\n' % subdomain_logfile
+ awstats_conf += 'SiteDomain="%s.%s"\n' % (s, d)
+ awstats_conf += 'HostAliases="%s"\n' % ' '.join(["%s.%s" % (s, d) for s in aliases])
+ awstats_conf += 'Include "%s"\n' % awstats_common_file
+
+ # Write out the awstats config file
+ subdomain_awstats_file = os.path.join(awstats_dir, awstats_config_file % full_domain)
+ print "\t\tWriting %s" % subdomain_awstats_file
+ f = open(subdomain_awstats_file , 'w')
+ f.write(awstats_conf)
+
+ # Make sure the directory exists
+ if not os.path.isdir(os.path.dirname(subdomain_logfile)):
+ os.makedirs(os.path.dirname(subdomain_logfile))
+
+ lighttpd_conf += '}\n'
+
+# Write out the lighttpd configuration. Check if it has changed first, to
+# prevent useless lighttpd reloads.
+f = open(lighttpd_conf_file, 'r+')
+if lighttpd_conf != f.read():
+ print "Writing %s" % lighttpd_conf_file
+ f.seek(0)
+ f.truncate()
+ f.write(lighttpd_conf)
+ f.close()
+
+ # Reload lighttpd configuration
+ print "Reloading lighttpd: %s" % reload_lighttpd
+ ret = subprocess.call(reload_lighttpd, shell=True)
+
+ if ret != 0:
+ print >> sys.stderr, "Reloading lighttpd failed. Logging.conf was:"
+ print >> sys.stderr, lighttpd_conf
+else:
+ f.close()
+
+# Now, run awstats to parse log files.
+
+if len(sys.argv) > 1 and sys.argv[1] == '--after-logrotate':
+ # Logs have just been rotated, so update "todays" log. We make a guess at
+ # logrotate's date extension (which shouldn't be a guess, unless logrotate's
+ # dateformat was modified).
+ dateext = datetime.date.today().strftime(dateformat)
+else:
+ dateext = ''
+
+for (d, subdomains) in domains.items():
+ for (s, aliases) in subdomains.items():
+ subdomain_logfile = os.path.join(root_dir, d, logs_dir, s, log_file + dateext)
+
+ # Call awstats. We explicitly pass in a LogFile, in case --after-logrotate
+ # is given. The config parameter points to the middle part of the
+ # configuration file name, awstats adds the root dir and awstats.%s.conf
+ # part. We check if the file exists, since rotation might not have been
+ # happened (when the file was empty, for example)
+ if os.path.exists(subdomain_logfile):
+ subprocess.call([ 'sudo'
+ , '-u', awstats_user
+ , awstats
+ , '-config=%s.%s' % (s, d)
+ , '-update'
+ , '-LogFile=%s' % subdomain_logfile
+ ])
+
+# vim: set sw=2 sts=2 expandtab autoindent:
--- /dev/null
+#!/usr/bin/env python
+#
+# An example CGI script to export multiple hgweb repos, edit as necessary
+
+# adjust python path if not a system-wide install:
+#import sys
+#sys.path.insert(0, "/path/to/python/lib")
+
+# enable importing on demand to reduce startup time
+from mercurial import demandimport; demandimport.enable()
+
+# Uncomment to send python tracebacks to the browser if an error occurs:
+#import cgitb
+#cgitb.enable()
+
+# If you'd like to serve pages with UTF-8 instead of your default
+# locale charset, you can do so by uncommenting the following lines.
+# Note that this will cause your .hgrc files to be interpreted in
+# UTF-8 and all your repo files to be displayed using UTF-8.
+#
+#import os
+#os.environ["HGENCODING"] = "UTF-8"
+
+from mercurial.hgweb.hgwebdir_mod import hgwebdir
+import mercurial.hgweb.wsgicgi as wsgicgi
+
+# The config file looks like this. You can have paths to individual
+# repos, collections of repos in a directory tree, or both.
+#
+# [paths]
+# virtual/path = /real/path
+# virtual/path = /real/path
+#
+# [collections]
+# /prefix/to/strip/off = /root/of/tree/full/of/repos
+#
+# collections example: say directory tree /foo contains repos /foo/bar,
+# /foo/quux/baz. Give this config section:
+# [collections]
+# /foo = /foo
+# Then repos will list as bar and quux/baz.
+#
+# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples
+# or use a dictionary with entries like 'virtual/path': '/real/path'
+
+application = hgwebdir('/etc/hgweb.conf')
+wsgicgi.launch(application)
projects / matthijs / servers / drsnuggles.git / commitdiff