Differences between revisions 24 and 25
Revision 24 as of 2008-03-30 22:41:25
Size: 10304
Editor: KurtGramlich
Comment: typo
Revision 25 as of 2008-03-31 09:48:12
Size: 10084
Editor: ?HaraldMeyer
Comment:
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:

||||<: tablewidth="100%" tablestyle=""rowbgcolor="#dddddd"rowstyle=""style="text-align: left;">'''CipUX'''||
||||<:rowbgcolor="#dddddd"rowstyle=""> Installation of CipUX ||
||<(rowbgcolor="#dddddd"rowstyle=""> [[TableOfContents]] || [[Navigation(children,5)]] ||

||||<tablewidth="100%"rowbgcolor="#dddddd"style="text-align: center;">'''CipUX''' ||
||||<rowbgcolor="#dddddd"style="text-align: center;"> Installation of CipUX ||
||<rowbgcolor="#dddddd"style="text-align: left;"> [[TableOfContents]] || [[Navigation(children,5)]] ||
Line 10: Line 7:

{{{ 
This is under development for now. Do not install on productive systems, 
{{{
This is under development for now. Do not install on productive systems,
Line 15: Line 11:

Choose a fresh installed DebianEdu (Etch/Lenny) 
Choose a fresh installed DebianEdu (Etch/Lenny)
Line 23: Line 18:
Line 27: Line 23:
Line 29: Line 24:
Line 35: Line 31:
Line 37: Line 32:
Line 41: Line 37:
Line 44: Line 41:
Line 46: Line 42:
Line 48: Line 43:
Line 52: Line 48:
Line 55: Line 52:
}}}


nss_base_group ou=CipUX,
}}}
Line 60: Line 55:
Line 62: Line 56:
 * cipux_rpc_test_client 
* cipux_rpc_test_client
Line 67: Line 62:
 * vim /etc/cipux/cipux-object.conf
change
my $cipux_home_directory = "/home/cipux0";
to
my $cipux_home_directory = "/skole/tjener/home0";
Line 69: Line 69:

Line 72: Line 70:

{{{ 
This is under development for now. Do not install on productive systems, 
{{{
This is under development for now. Do not install on productive systems,
Line 77: Line 74:

Choose a fresh installed Debian (Etch) with hostname cipux340 and
domain name example.net (!!!).
Choose a fresh installed Debian (Etch) with hostname cipux340 and  domain name example.net (!!!).
Line 86: Line 81:
Line 89: Line 85:
Line 91: Line 86:
Line 94: Line 90:


Line 98: Line 91:
 
Line 104: Line 97:


{{{ Question 1 (Configuring slapd)
{{{
Question 1 (Configuring slapd)
Line 108: Line 100:
Line 110: Line 101:
Line 112: Line 102:
Line 115: Line 104:
Line 117: Line 105:
Line 120: Line 107:
Line 122: Line 108:
Line 124: Line 109:
Line 126: Line 110:
Line 128: Line 111:
Line 131: Line 113:

Line 135: Line 115:
Line 137: Line 116:
Line 139: Line 117:
Line 141: Line 118:
Line 143: Line 119:

}}}
}}}
Line 148: Line 122:
Line 150: Line 123:
Line 152: Line 124:
Line 154: Line 125:
Line 157: Line 127:

Line 161: Line 129:
Line 163: Line 130:
Line 165: Line 131:
Line 167: Line 132:
Line 169: Line 133:
Line 171: Line 134:
Line 174: Line 136:

Line 178: Line 138:

Bitte geben sie das Passwort ein, das verwendet wird, wenn libnss-ldap sich mit dem LDAP-Zugang fuer root am LDAP-Verzeichnis anmeldet.  
Bitte geben sie das Passwort ein, das verwendet wird, wenn libnss-ldap sich mit dem LDAP-Zugang fuer root am LDAP-Verzeichnis anmeldet.
Line 182: Line 140:
Line 184: Line 141:
Line 186: Line 142:
Line 189: Line 144:

}}}
}}}
Line 194: Line 147:

This option will allow you to make password utilities that use pam, to 
This option will allow you to make password utilities that use pam, to
Line 197: Line 149:

The password will be stored in a sepereate file which will be made 
readable to root only.  
If you are using NFS mounted /etc or any other custom setup, you should 
The password will be stored in a sepereate file which will be made
readable to root only.
If you are using NFS mounted /etc or any other custom setup, you should
Line 203: Line 153:
Line 205: Line 154:
Line 207: Line 155:
Line 210: Line 157:



{{{
 Question 8 (libpam-ldap)  
{{{
 Question 8 (libpam-ldap)
Line 218: Line 161:
Line 220: Line 162:
Line 222: Line 163:
Line 224: Line 164:
Line 227: Line 166:

{{{
{{{
Line 231: Line 168:
Line 233: Line 169:

Note: This account has to be a privileged account.  
Note: This account has to be a privileged account.
Line 237: Line 171:
Line 239: Line 172:
Line 241: Line 173:


}}}

{{{
}}}
{{{
Line 248: Line 176:
Line 250: Line 177:
Line 252: Line 178:
Line 254: Line 179:
Line 256: Line 180:

}}}


}}}
Line 263: Line 183:

Add "ldap" and "files" to the following services in /etc/nsswitch.conf
and comment out "compat"  

{{{
Add "ldap" and "files" to the following services in /etc/nsswitch.conf and comment out "compat"

{{{
Line 277: Line 194:

}}}
}}}
Line 282: Line 197:
 * aptitude install cipux-rpc   * aptitude install cipux-rpc
Line 290: Line 205:

Line 293: Line 206:
Line 294: Line 208:

Line 297: Line 209:

This chapter is intended for integrators or developers who would like to
deploy CipUX on their distribution or LiveCD. So this page contains
several methods to install CipUX.
This chapter is intended for integrators or developers who would like to  deploy CipUX on their distribution or LiveCD. So this page contains  several methods to install CipUX.
Line 303: Line 212:

You can fetch the debian packages of cipux from last svn-revision with the following entry in your sources list.
Every half hour, the packages are build if there was any commit to svn-repository, so here you will get the very latest ones.
This location is also available by browser via http://debiantest.cipux.org
You can fetch the debian packages of cipux from last svn-revision with the following entry in your sources list. Every half hour, the packages are build if there was any commit to svn-repository, so here you will get the very latest ones. This location is also available by browser via http://debiantest.cipux.org
Line 311: Line 217:
Line 313: Line 218:
   * aptitude update

* aptitude update
Line 316: Line 221:

  
* The first setup is done via the package cipux-cibot

  
Within the package cipux-cibot a script can be found to add     * administrator
   * schema
  
* ACL
   * PAM
   * add default CipUX objects
   * add default CipUX values
   * move some object if necessary
   * delete some objects if necessary

  
(it is a good idea to install also cipux-common and cipux-profile for that)
 * The first setup is done via the package cipux-cibot Within the package cipux-cibot a script can be found to add
 * administrator
 * schema
* ACL
 * PAM
 * add default CipUX objects
 * add default CipUX values
 * move some object if necessary
 * delete some objects if necessary (it is a good idea to install also cipux-common and cipux-profile for that)
Line 332: Line 231:
Line 334: Line 232:
Line 336: Line 233:

* (1) add the following files    * mkdir -p /etc/cipux; chmod 700 /etc/cipux; chown root:root /etc/cipux;
   * echo -n "secret" > /etc/cipux/ldappassword.conf (cipuxadm password)
   * chmod 400 /etc/cipux/ldappassword.conf    * chown root:root /etc/cipux/ldappassword.conf       * echo -n "DISTRIBUTION" > /etc/cipux/system.conf (distribution: debian, debian-edu, ...)
   * chmod 400 /etc/cipux/system.conf
   * chown root:root /etc/cipux/system.conf
 * (1) add the following files
* mkdir -p /etc/cipux; chmod 700 /etc/cipux; chown root:root /etc/cipux;
  * echo -n "secret" > /etc/cipux/ldappassword.conf (cipuxadm password)
  * chmod 400 /etc/cipux/ldappassword.conf
* chown root:root /etc/cipux/ldappassword.conf
* echo -n "DISTRIBUTION" > /etc/cipux/system.conf (distribution: debian, debian-edu, ...)
  * chmod 400 /etc/cipux/system.conf
  * chown root:root /etc/cipux/system.conf
Line 348: Line 244:
Line 351: Line 246:
     Profile:
     * install cipux-profile BEFORE running cipux_setup
     * run: /usr/share/cipux/sbin/cipux_setup -sn -p PROFILE       * list of supported profiles can be get with:
       ls /usr/share/cipux/sbin/cipux_profile_*
     * if there is no profile suitable for you, create one.
     * if you have created one, please share that with the community.

    
System:       * supported distributions for now are:
       * debian-edu         * debian
     
* ubuntu (in the future, please ask: christian@skolelinux.de)
       * edubuntu (in the future, please ask: christian@skolelinux.de)
     * example: echo -n "debian" > /etc/cipux/system.conf

 . Profile:
 * install cipux-profile BEFORE running cipux_setup
 * run: /usr/share/cipux/sbin/cipux_setup -sn -p PROFILE
* list of supported profiles can be get with:
  . ls /usr/share/cipux/sbin/cipux_profile_*
 * if there is no profile suitable for you, create one.
 * if you have created one, please share that with the community. System:
* supported distributions for now are:
  * debian-edu
  * debian
* ubuntu (in the future, please ask: christian@skolelinux.de )
  * edubuntu (in the future, please ask: christian@skolelinux.de )
 * example: echo -n "debian" > /etc/cipux/system.conf
Line 369: Line 260:
Line 371: Line 261:
  * christian@skolelinux.de 
  * x.oswald@free.fr
  * christian@skolelinux.de
  * x.oswald@free.fr
Line 374: Line 264:
 * add a customer in /etc/cipux/customer.conf   * add a customer in /etc/cipux/customer.conf
Line 377: Line 267:
 * check all pathes for executables   * check all pathes for executables
Line 380: Line 270:


Line 384: Line 271:

Installation guides for different Debian and Debian-Edu/Skolelinux releases. For Updates
please read the [:DebianEdu/CipUX/Update:update page].
Installation guides for different Debian and Debian-Edu/Skolelinux releases. For Updates please read the [:DebianEdu/CipUX/Update:update page].
Line 389: Line 274:
Line 391: Line 275:
Line 393: Line 276:
Line 396: Line 278:
Line 398: Line 279:

* [:DebianEdu/CipUX/Installation/3.2.0:Installation guide for 3.2.0] 
 * [:DebianEdu/CipUX/Installation/3.2.0:Installation guide for 3.2.0]
Line 401: Line 281:

        
||<tablestyle=""tablewidth="99%"rowbgcolor="#7fa0cf"> [[Navigation(siblings,1)]] ||
||<tablewidth="99%"rowbgcolor="#7fa0cf"> [[Navigation(siblings,1)]] ||

CipUX

Installation of CipUX

?TableOfContents

?Navigation(children,5)

CipUX Installation 3.4.x for DebianEdu

This is under development for now. Do not install on productive systems,
as long this remark is here.

Choose a fresh installed DebianEdu (Etch/Lenny)

(1)

edit /etc/apt/sources.list

add:

 deb http://ftp.debian.org/debian/ etch main contrib
 deb http://debiantest.cipux.org/ sid main

Type this commands:

  • aptitude install cipux-common
  • aptitude install cipux-ldap
  • aptitude install cipux-object
  • aptitude install cipux-task
  • /usr/sbin/cipux_setup -svnD 129
  • vim /etc/pam_ldap.conf

change

base ou=People,dc=skole,dc=skolelinux,dc=no

to

base dc=skole,dc=skolelinux,dc=no
  • vim /etc/libnss-ldap.conf

change

nss_base_passwd ou=People,

to

nss_base_passwd ou=People,
nss_base_passwd ou=CipUX,
nss_base_group ou=CipUX,
  • aptitude install cipux-rpc

Use login cipadmin and known password to test the RPC server:

  • cipux_rpc_test_client
  • cipux_setup -snr
  • aptitude install cipux-cat-web
  • aptitude install cipux-cat-web-userlist
  • cipux_setup -snc
  • vim /etc/cipux/cipux-object.conf

change my $cipux_home_directory = "/home/cipux0"; to my $cipux_home_directory = "/skole/tjener/home0";

CipUX Installation 3.4.x for plain Debian

This is under development for now. Do not install on productive systems,
as long this remark is here.

Choose a fresh installed Debian (Etch) with hostname cipux340 and domain name example.net (!!!).

(1)

edit /etc/apt/sources.list

comment out something like this:

# deb cdrom:[Debian GNU/Linux 4.0 r2 _Etch_ - Offical i386 NETINST Binary-1 20080103-00:44]/ etch contrib main

add:

 deb http://debiantest.cipux.org/ sid main

(2)

Type this commands:

  • unset http_proxy (or set it correctly)
  • aptitude update
  • aptitude install cipux-common

Question 1 (Configuring slapd)
Please enter the password for the admin entry in your LDAP directory.
Admin password:
By default: empty
Correct answer: (choose one and remember it!)
  • aptitude install cipux-ldap

Question 2 (libnss-ldap)
Please enter the URI of the LDAP server used. This is a string in the form ldap://<hostname or IP>:<port>/ . ldaps:// or ldapi:// can also be used. The port number is optional.
Note: It is usually a good idea to use an IP address; this reduces risks of failure in the event name service is unavailable.
LDAP server Uniform Resource Identifier
By default:     ldapi:///
Correct answer: ldap://127.0.0.1

Question 3 (libnss-ldap)
Please enter the distinguished name of the LDAP search base. Many sites use the components of their domain names for this purpose. For example, the domain "example.net" would use "dc=example,dc=net" as the distinguished name of the search base.
distinguished name of the search base
By default:     dc=example.net,dc=net
Correct answer: dc=example.net,dc=net

 Question 4 (libnss-ldap)
Please enter which version of the LDAP protocol ldapns is to use. It is usually a good idea to set this to highest available version number.
LDAP version to use
By default: 2 or 3
Correct answer: 3

Question 5 (libnss-ldap)
This account will be used for nss requests with root privileges.
Note: For this to work the account needs permission to access the attributes in the LDAP directory that are related to the users
shadow entries as well as users' and groups' passwords.
LDAP account for root
By default: cn=manager,dc=example,dc=net
Correct answer: cn=admin,dc=example,dc=net

Question 6 (libnss-ldap)
Bitte geben sie das Passwort ein, das verwendet wird, wenn libnss-ldap sich mit dem LDAP-Zugang fuer root am LDAP-Verzeichnis anmeldet.
Das Passwort wird in einer eigenene Datei /etc/libnss-ldap.secret gespeichert, die nur fuer root lesbar ist.
Beleibt das Passwort leer, wird das alte Passwort wieder benutzt.
Passwort des LDAP-Zugangs fuer Root:
by default: empty
correct answer: (use password from above)

 Question 7 (libpam-ldap)
This option will allow you to make password utilities that use pam, to
behave like you would be changing local passwords.
The password will be stored in a sepereate file which will be made
readable to root only.
If you are using NFS mounted /etc or any other custom setup, you should
disable this.
Make local root Datatbase admin.
By default: YES  (YES or NO)
Correct answer: YES

 Question 8 (libpam-ldap)
Choose this option if you can't retrieve entries from the datatbase
without logging in.
Note: Under normal setup, this not needed.
Does the LDAP database require login?
By default: NO  (YES or NO)
Correct answer: NO

Questin 9 (libpam-ldap)
This account will be used when root changes a password.
Note: This account has to be a privileged account.
LDAP account for root:
By default: cn=manager,dc=example,dc=net
Correct answer: cn=admin,dc=example,dc=net

Question 10 (libpam-ldap)
Please enter the password for the admin entry in your LDAP directory.
Admin password:
By default: empty
Correct answer: (choose one and remember it!)
  • aptitude install cipux-object
  • aptitude install cipux-task

Add "ldap" and "files" to the following services in /etc/nsswitch.conf and comment out "compat"

passwd:         files ldap
group:          files ldap
shadow:         files ldap
netgroup:       files ldap
automount:      files ldap
# passwd:         compat
# group:          compat
# shadow:         compat
  • /etc/init.d/nscd restart
  • /usr/sbin/cipux_setup -svnD 129
  • aptitude install cipux-rpc
  • cipux_rpc_test_client (give cipadmin and password)
  • cipux_setup -snr
  • aptitude install cipux-cat-web
  • aptitude install cipux-cat-web-userlist
  • cipux_setup -snc
  • browse to http://localhost/cipux-cat-web/

  • login as "cipadmin" (password was given during installation)

Remarks:

  • aptitude install ... leads to a warning message as the buildserver does not sign its packages with a gpg key

CipUX Automatic Setup 3.4.x (TODO)

This chapter is intended for integrators or developers who would like to deploy CipUX on their distribution or LiveCD. So this page contains several methods to install CipUX.

apt-getting debs

You can fetch the debian packages of cipux from last svn-revision with the following entry in your sources list. Every half hour, the packages are build if there was any commit to svn-repository, so here you will get the very latest ones. This location is also available by browser via http://debiantest.cipux.org

 deb http://debiantest.cipux.org/ sid main

Get the package list

  • aptitude update

Setup process description

  • The first setup is done via the package cipux-cibot Within the package cipux-cibot a script can be found to add
  • administrator
  • schema
  • ACL
  • PAM
  • add default CipUX objects
  • add default CipUX values
  • move some object if necessary
  • delete some objects if necessary (it is a good idea to install also cipux-common and cipux-profile for that)

Attended installation procedure

  • see CipUX installation above

Unattended installation procedure

  • (1) add the following files
    • mkdir -p /etc/cipux; chmod 700 /etc/cipux; chown root:root /etc/cipux;
    • echo -n "secret" > /etc/cipux/ldappassword.conf (cipuxadm password)

    • chmod 400 /etc/cipux/ldappassword.conf
    • chown root:root /etc/cipux/ldappassword.conf
    • echo -n "DISTRIBUTION" > /etc/cipux/system.conf (distribution: debian, debian-edu, ...)

    • chmod 400 /etc/cipux/system.conf
    • chown root:root /etc/cipux/system.conf
  • (2) aptitude install cipux-common cipux-cibot cipux-profile
  • (3) /usr/share/cipux/sbin/cipux_setup -sn
  • (4) aptitude install cipux-rpc cipux-cat-webim

Remarks:

  • Profile:
  • install cipux-profile BEFORE running cipux_setup
  • run: /usr/share/cipux/sbin/cipux_setup -sn -p PROFILE
  • list of supported profiles can be get with:
    • ls /usr/share/cipux/sbin/cipux_profile_*
  • if there is no profile suitable for you, create one.
  • if you have created one, please share that with the community. System:
  • supported distributions for now are:
  • example: echo -n "debian" > /etc/cipux/system.conf

Customization for (jet) unsupported Distributions

  • get in contact with one of:
  • join #cipux
  • add a customer in /etc/cipux/customer.conf
  • add a customer to cipux.conf
  • probably change LDAP values in cipux.conf
  • check all pathes for executables
  • check LPREF variable in top level Makefile
  • do test it on fresh installed systems

Other CipUX Installation Guides

Installation guides for different Debian and Debian-Edu/Skolelinux releases. For Updates please read the [:DebianEdu/CipUX/Update:update page].

On Debian (Etch) , Debian-Edu/ Skolelinux 3.0

  • This, page: see above

Older installation guides

Debian-Edu/ Skolelinux 1.0 (Venus)

?Navigation(siblings,1)