diff --git a/.gitattributesdb b/.gitattributesdb index 36c3582..5d38a61 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -5,12 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - -LmdpdGlnbm9yZQ== 1758124916 1757593248 root:root 0644 - - +LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - -ZXRjLy5naXRpZ25vcmU= 1758218823 1757611781 root:root 0644 - - +ZXRjLy5naXRpZ25vcmU= 1758642133 1757611781 root:root 0644 - - ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - -ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - - -ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758837649 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758817141 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -18,9 +18,10 @@ ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - - ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - - ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - - ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - +ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243 1758552192 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - - -ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - - +ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714 1757873275 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465 1757862077 root:root 0644 - - @@ -28,9 +29,13 @@ ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - - ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - - +ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1760207207 1760207207 root:root 0644 - - ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - +ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1758555849 1758555812 root:root 0644 - - +ZXRjL2luaXQuZC9zYW1iYQ== 1758645132 1748355660 root:root 0755 - - +ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757772166 1757770736 root:root 0755 - - ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - - ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - - ZXRjL2tyYjUuY29uZg== 1758214709 1583171707 root:root 0644 - - @@ -39,17 +44,76 @@ ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RhcnQ= 1758225142 1758225089 root:root 075 ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RvcA== 1758225254 1758225155 root:root 0755 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL21zbXRwLmFsaWFzZXM= 1758035451 1758035451 root:root 0644 - - -ZXRjL21zbXRwcmMuZ3Bn 1758049424 1758049424 root:root 0644 - - +ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - -ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - - -ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - - +ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - - +ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLWNvbmYuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLnNjaGVtYQ== 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9sZGFwbnMuc2NoZW1h 1759848180 1759848180 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS9yZmMyMzA3YmlzLnNjaGVtYQ== 1759835660 1759835660 root:root 0644 - - +ZXRjL29wZW5sZGFwL3NjaGVtYS90ZW1wbGF0ZS1mZC5zY2hlbWE= 1759848180 1759848180 root:root 0644 - - +ZXRjL3Bhc3N3ZA== 1761056398 1761056398 root:root 0644 - - ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - - ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - - -ZXRjL3BrZ2xpc3Q= 1758211839 1757609913 root:root 0644 - - +ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9iejIuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nZC5pbmk= 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9nbXAuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479 1758756479 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF94bWwuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMF96aXAuaW5p 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591 1754432591 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9iY21hdGguaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9jdXJsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9kYmEuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9leGlmLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9mZmkuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9nZC5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pY29udi5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pbWFwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9pbnRsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9sZGFwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9tYnN0cmluZw== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbGkuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbG5kLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vZGJjLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vcGNhY2hlLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9vcGVuc3NsLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZG8uaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165 1758566165 root:root 0644 - - +ZXRjL3BocDgzL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904 1755096904 root:root 0644 - - +ZXRjL3BocDgzL3BocC1mcG0uY29uZg== 1758566251 1758566184 root:root 0644 - - +ZXRjL3BocDgzL3BocC1mcG0uZC93d3cuY29uZg== 1758566277 1758566199 root:root 0644 - - +ZXRjL3BocDgzL3BocC5pbmk= 1759845481 1758566175 root:root 0644 - - +ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - - +ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - - ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - - ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - - +ZXRjL3JzeXNsb2cuY29uZg== 1757785113 1757785113 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - - ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - - @@ -58,26 +122,28 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwNnRhYmxlcw== 1757770233 1757770233 root:root 077 ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwdGFibGVz 1757770222 1757770222 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - - -ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - - +ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1758837930 1758837930 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - - ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 1757772274 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - - ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - - -ZXRjL3NhbWJhL3NtYi5jb25m 1758215678 1758208516 root:root 0644 - - +ZXRjL3NhbWJhL3NtYi5jb25m 1758656295 1758208516 root:root 0644 - - ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - - -ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - - +ZXRjL3NoYWRvdy5ncGc= 1761052608 1757599010 root:root 0644 - - ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - - ZXRjL3NzaC9zc2hfY29uZmln 1757606630 1757606630 root:root 0644 - - ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229 1757606896 root:root 0644 - - ZXRjL3NzaGd1YXJkLmNvbmY= 1758050700 1758050700 root:root 0644 - - ZXRjL3NzaGd1YXJkLndoaXRlbGlzdA== 1758050235 1758050235 root:root 0644 - - +ZXRjL3NzbC9jZXJ0cy9jYS5jZXJ0 1758642260 1758642260 root:root 0777 - - +ZXRjL3NzbC9jZXJ0cy9mZC5jZXJ0 1758642260 1758642260 root:root 0777 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225 1757584711 sysadmin:users 0644 - - -aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757861322 1757586493 sysadmin:users 0644 - - +aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1758887092 1757586493 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - - @@ -85,7 +151,7 @@ aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756 1757585756 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 sysadmin:users 0644 - - aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178 1757587611 sysadmin:users 0644 - - b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093 1757531685 root:root 0755 - - -b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758224324 1758224324 root:root 0755 - - +b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302 1758224324 root:root 0755 - - b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121 1757531121 root:root 0755 - - b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607 1757591137 root:root 0755 - - b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557 1757531557 root:root 0755 - - @@ -93,19 +159,21 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526 1758224526 root:root 0755 - - b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543 1757590543 root:root 0755 - - cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - - cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - - -cm9vdC8uYmFzaHJj 1757861289 1757586493 root:root 0644 - - +cm9vdC8uYmFzaHJj 1758887027 1757586493 root:root 0644 - - cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - - -cm9vdC8uZ2l0aWdub3Jl 1757600312 1757600312 root:root 0644 - - +cm9vdC8uZ2l0aWdub3Jl 1761758092 1757600312 root:root 0644 - - cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - -c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - - +cm9vdC9jbGVhbi1mZA== 1758994151 1758992264 root:root 0755 - - +dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - - +dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - -ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - - -ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - - +ZXRjL3NoYWRvdw== 1761056398 1761056398 root:shadow 0640 - - +ZXRjL3NoYWRvdy0= 1761056356 1761056356 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1757861322 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1758887092 1757761412 sysadmin:users 0711 - - diff --git a/.gitignore b/.gitignore index e4b9028..0324337 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,3 @@ /sys/ /tmp/ /usr/ -/var/ diff --git a/etc/.gitignore b/etc/.gitignore index 9927d65..6eaf268 100644 --- a/etc/.gitignore +++ b/etc/.gitignore @@ -10,7 +10,6 @@ /ethertypes /fstab /group- -/init.d/ /inittab /inputrc /issue @@ -43,7 +42,6 @@ /shadow /shadow- /shells -/ssl/ /ssl1.1/ /sudo.conf /sudo_logsrvd.conf diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf index 86d9c6f..ed7bf31 100644 --- a/etc/apache2/httpd.conf +++ b/etc/apache2/httpd.conf @@ -38,6 +38,9 @@ LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so +# Custom headers. +LoadModule headers_module /usr/lib/apache2/mod_headers.so + # Proxying. # # LoadModule proxy_module /usr/lib/apache2/mod_proxy.so @@ -66,7 +69,7 @@ ServerSignature Email ServerTokens Major User apache Group apache -DefaultRuntimeDir /run/apache2 +DefaultRuntimeDir /run Mutex pthread ScriptSock cgid.sock @@ -119,6 +122,16 @@ BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0 +# PHP. + + DirectoryIndex index.php index.phtml + + + SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ + + + + # Filters and Handlers. AddOutputFilter INCLUDES .shtml .html @@ -177,7 +190,7 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ Require all granted - + Options Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Indexes Limit @@ -195,18 +208,10 @@ Alias /.well-known/acme-challenge/ /srv/dehydrated/ SSLOptions +StdEnvVars - - - DirectoryIndex index.php index.phtml - - - SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ - - - + Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Limit diff --git a/etc/apache2/sites.d/core.slackware.uk.net.conf b/etc/apache2/sites.d/core.slackware.uk.net.conf index 7c46493..2b9c4a0 100644 --- a/etc/apache2/sites.d/core.slackware.uk.net.conf +++ b/etc/apache2/sites.d/core.slackware.uk.net.conf @@ -1,3 +1,17 @@ + + Options FollowSymlinks + AllowOverride None + Require all granted + + + + # include /etc/fusiondirectory/fusiondirectory.secrets + + AllowOverride None + Require all granted + AddType application/wasm .wasm + + ServerName core.slackware.uk.net @@ -9,9 +23,10 @@ - + ServerName core.slackware.uk.net + SSLEngine On SSLCertificateFile /etc/certificates/core.slackware.uk.net_cert.pem SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net_key.pem SSLCertificateChainFile /etc/certificates/core.slackware.uk.net_chain.pem @@ -22,5 +37,8 @@ ScriptAlias /cgi-bin/ /data/sites/core.slackware.uk.net/cgi-bin/ DocumentRoot /data/sites/core.slackware.uk.net/html + + Alias /fd /srv/fusiondirectory/html + Alias /pla /srv/pla diff --git a/etc/default/rotate-logs-symlinks b/etc/default/rotate-logs-symlinks new file mode 100644 index 0000000..2312951 --- /dev/null +++ b/etc/default/rotate-logs-symlinks @@ -0,0 +1 @@ +CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba" diff --git a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg index 5baf3d9..983eedd 100644 Binary files a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg and b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg differ diff --git a/etc/fusiondirectory/fusiondirectory.conf b/etc/fusiondirectory/fusiondirectory.conf new file mode 100644 index 0000000..ca86517 --- /dev/null +++ b/etc/fusiondirectory/fusiondirectory.conf @@ -0,0 +1,8 @@ + + +
+ + + +
+ diff --git a/etc/init.d/.gitignore b/etc/init.d/.gitignore new file mode 100644 index 0000000..f3bc12c --- /dev/null +++ b/etc/init.d/.gitignore @@ -0,0 +1,4 @@ +/* +!/.gitignore +!/samba +!/terraform-http-backend diff --git a/etc/init.d/samba b/etc/init.d/samba new file mode 100755 index 0000000..8c701f2 --- /dev/null +++ b/etc/init.d/samba @@ -0,0 +1,90 @@ +#!/sbin/openrc-run + +extra_started_commands="reload" +piddir=${piddir:-"/run/samba"} + +DAEMON=${RC_SVCNAME#samba.} +if [ "$DAEMON" != "$RC_SVCNAME" ]; then + daemon_list=$DAEMON +fi + +depend() { + need net + after firewall +} + +start_pre() { + checkpath --directory "$piddir" +} + +start_samba() { + start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \ + ${samba_options:-"-D"} +} + +stop_samba() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/samba.pid +} + +start_smbd() { + start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \ + ${smbd_options:-"-D"} +} + +stop_smbd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/smbd.pid +} + +start_nmbd() { + start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \ + ${nmbd_options:-"-D"} +} + +stop_nmbd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/nmbd.pid +} + +start_winbindd() { + start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \ + ${winbindd_options:-"-D"} +} + +stop_winbindd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/winbindd.pid +} + + +start_bgqd() { + start-stop-daemon --start --quiet --exec /usr/lib/samba/samba-bgqd -- \ + ${bgqd_options:-"-D"} +} + +stop_bgqd() { + start-stop-daemon --stop --quiet --pidfile "$piddir"/samba-bgqd.pid +} + +start() { + for i in $daemon_list; do + ebegin "Starting $i" + start_$i + eend $? + done +} + +stop() { + for i in $daemon_list; do + ebegin "Stopping $i" + stop_$i + eend $? + done +} + +reload() { + for i in $daemon_list; do + ebegin "Reloading $i" + # bgqd binary is called samba-bgqd + busybox killall -HUP ${i/bgqd/samba-bgqd} + eend $? + done +} + diff --git a/etc/init.d/terraform-http-backend b/etc/init.d/terraform-http-backend new file mode 100755 index 0000000..c43d8a2 --- /dev/null +++ b/etc/init.d/terraform-http-backend @@ -0,0 +1,19 @@ +#!/sbin/openrc-run + +depend() { + need net + after firewall +} + +start() { + ebegin "Starting terraform-http-backend" + source /etc/conf.d/terraform-http-backend || eend 1 + su "$TF_USER" -c "/opt/sbin/terraform-http-backend &" || eend 1 + eend $? +} + +stop() { + ebegin "Stopping terraform-http-backend" + busybox killall -TERM terraform-http-backend + eend $? +} diff --git a/etc/msmtprc.gpg b/etc/msmtprc.gpg index e2100ee..8f86af5 100644 Binary files a/etc/msmtprc.gpg and b/etc/msmtprc.gpg differ diff --git a/etc/network/interfaces b/etc/network/interfaces index e6c1cfb..454ff20 100644 --- a/etc/network/interfaces +++ b/etc/network/interfaces @@ -2,13 +2,13 @@ auto eth0 iface eth0 inet static address 5.101.171.215/28 gateway 5.101.171.209 - mtu 9000 + mtu 1500 iface eth0 inet6 static address 2a01:a500:2981:1::d7/64 gateway 2a01:a500:2981:1:ff:ff:ff:ff - mtu 9000 + mtu 1500 auto eth1 iface eth1 inet static address 10.254.0.215/24 - mtu 9000 + mtu 1500 diff --git a/etc/openldap/ldap.conf b/etc/openldap/ldap.conf new file mode 100644 index 0000000..b46f0f5 --- /dev/null +++ b/etc/openldap/ldap.conf @@ -0,0 +1,10 @@ +# LDAP Defaults + +URI ldap://core.slackware.uk.net +BASE dc=slackware,dc=uk,dc=net +VERSION 3 + +TLS_CACERT /etc/certificates/LetsEncrypt-CompleteCertificateStore.pem +TLS_CERT /etc/certificates/core.slackware.uk.net_cert.pem +TLS_KEY /etc/certificates/core.slackware.uk.net_key.pem +TLS_PROTOCOL_MIN 3.3 diff --git a/etc/openldap/schema/core-fd-conf.schema b/etc/openldap/schema/core-fd-conf.schema new file mode 100644 index 0000000..6ef5dbd --- /dev/null +++ b/etc/openldap/schema/core-fd-conf.schema @@ -0,0 +1,732 @@ +## +## fusiondirectory-conf.schema - Needed by FusionDirectory for its configuration +## + +#~ ldapTLS="true" + +# Attributes + +# Schema setup + +attributetype ( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck' + DESC 'FusionDirectory - Schema check' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Look n feel + +attributetype ( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage' + DESC 'FusionDirectory - language' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme' + DESC 'FusionDirectory - theme' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone' + DESC 'FusionDirectory - timezone' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# People and group storage + +attributetype ( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttribute' + DESC 'FusionDirectory - attribute that should be used in user dn' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook' + DESC 'FusionDirectory - A script to be called for finding the next free id for users or groups' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules' + DESC 'FusionDirectory - Strict naming rules' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId' + DESC 'FusionDirectory - minimum user id' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase' + DESC 'FusionDirectory - uid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase' + DESC 'FusionDirectory - gid number base' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN' + DESC 'FusionDirectory - User RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN' + DESC 'FusionDirectory - Group RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMethod' + DESC 'FusionDirectory - id allocation method traditional/pool' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin' + DESC 'FusionDirectory - pool gid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin' + DESC 'FusionDirectory - pool uid number min' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax' + DESC 'FusionDirectory - pool gid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax' + DESC 'FusionDirectory - pool uid number max' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN' + DESC 'FusionDirectory - ACL role RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern' + DESC 'FusionDirectory - Common Name pattern' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.19 NAME 'fdRestrictRoleMembers' + DESC 'FusionDirectory - Restrict role members to users from the same LDAP branch' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.20 NAME 'fdSplitPostalAddress' + DESC 'FusionDirectory - Expose street, postOfficeBox and postalCode fields instead of postalAddress' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.12.21 NAME 'fdPostalAddressPattern' + DESC 'FusionDirectory - When using separate address fields, you can use a pattern to fill postalAddress field' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.22 NAME 'fdMaxAvatarSize' + DESC 'FusionDirectory - Maximum user picture width and height in pixels' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.12.23 NAME 'fdGivenNameRequired' + DESC 'FusionDirectory - Whether givenName field is required on users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Password + +attributetype ( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHash' + DESC 'FusionDirectory - Password default hash' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength' + DESC 'FusionDirectory - Password min length' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer' + DESC 'FusionDirectory - password min differ' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccounts' + DESC 'FusionDirectory - Handle expired accounts' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm' + DESC 'FusionDirectory - SASL Realm' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop' + DESC 'FusionDirectory - SASL Exop' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash' + DESC 'FusionDirectory - Force password default hash' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.13.9 NAME 'fdPasswordAllowedHashes' + DESC 'FusionDirectory - Allowed password hashes' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# Core settings + +attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary' + DESC 'FusionDirectory - Show list summary' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetectionAttribute' + DESC 'FusionDirectory - Modification detection attribute' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging' + DESC 'FusionDirectory - Logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit' + DESC 'FusionDirectory - LDAP size limit' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.14.8 NAME 'fdWildcardForeignKeys' + DESC 'FusionDirectory - Weither or not to enable wildcard searches for foreign keys on dn' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Login and session + +attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute' + DESC 'FusionDirectory attribute that will be used for login' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL' + DESC 'FusionDirectory - Force SSL' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL' + DESC 'FusionDirectory - Warn user when SSL is not used' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSettings' + DESC 'FusionDirectory - Store filter settings' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime' + DESC 'FusionDirectory - Session life time in seconds' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated' + DESC 'FusionDirectory - HTTP Basic Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated' + DESC 'FusionDirectory - HTTP Header Auth activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName' + DESC 'FusionDirectory - HTTP Header Auth - Header name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.15.9 NAME 'fdLoginMethod' + DESC 'FusionDirectory - Active login method' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +# Debugging + +attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors' + DESC 'FusionDirectory - Weither or not to display errors' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime' + DESC 'FusionDirectory - Maximum LDAP query time' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats' + DESC 'FusionDirectory - Weither or not to activate ldap stats' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel' + DESC 'FusionDirectory - Debug level' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.16.5 NAME 'fdDebugLogging' + DESC 'FusionDirectory - Debug logging' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# Snapshots + +attributetype ( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase' + DESC 'FusionDirectory - Snaphost base' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdEnableAutomaticSnapshots' + DESC 'FusionDirectory - Weither or not to enable snapshots' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotMinRetention' + DESC 'Minimum number of snapshots to be kept in store' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotRetentionDays' + DESC 'Number of days a snapshot should be kept' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.17.6 NAME 'fdSnapshotSourceData' + DESC 'Possible Origin / Source of data received ' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + SINGLE-VALUE) + +# Miscellaneous + +attributetype ( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook' + DESC 'FusionDirectory - tab hook' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells' + DESC 'FusionDirectory - available shells' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5' + DESC 'FusionDirectory - md5sum of class.cache' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput' + DESC 'FusionDirectory - display hook execution output to the user' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects' + DESC 'FusionDirectory - Should acl tabs be shown on all objects' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.7 NAME 'fdDepartmentCategories' + DESC 'FusionDirectory - available categories for departments' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell' + DESC 'FusionDirectory - default shell' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist' + DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.10 NAME 'fdManagementConfig' + DESC 'FusionDirectory - Configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig' + DESC 'FusionDirectory - Per user configuration for management classes' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit' + DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.18.13 NAME 'fdIncrementalModifierStates' + DESC 'FusionDirectory - States of the incremental modifier intances, with keys value and date, encoded as JSON' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +# Plugins + +attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN' + DESC 'FusionDirectory - OGroup RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordAsk' + DESC 'FusionDirectory - Force password ask for SASL users' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.19.3 NAME 'fdOGroupDefaultUser' + DESC 'FusionDirectory - Create a default user in ou=restricted for object groups' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +# SSL + +attributetype ( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath' + DESC 'FusionDirectory - CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath' + DESC 'FusionDirectory - SSL key path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath' + DESC 'FusionDirectory - SSL certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# CAS + +attributetype ( 1.3.6.1.4.1.38414.8.21.1 NAME 'fdCasActivated' + DESC 'FusionDirectory - CAS activation' + OBSOLETE + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.2 NAME 'fdCasServerCaCertPath' + DESC 'FusionDirectory - CAS server CA certificate path' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.3 NAME 'fdCasHost' + DESC 'FusionDirectory - CAS host' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.4 NAME 'fdCasPort' + DESC 'FusionDirectory - CAS port' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext' + DESC 'FusionDirectory - CAS context' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose' + DESC 'FusionDirectory - CAS verbose flag' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.7 NAME 'fdCasLibraryBool' + DESC 'FusionDirectory - CAS boolean to activate CAS library >= 1.6' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.21.8 NAME 'fdCasClientServiceName' + DESC 'FusionDirectory - CAS client service name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# FusionDirectory Tokens + +attributetype ( 1.3.6.1.4.1.38414.8.22.1 NAME 'fdTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.2 NAME 'fdOrchestratorTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Orchestrator Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.8.22.3 NAME 'fdRecoveryTokenRDN' + DESC 'FusionDirectory - Branch where FusionDirectory Recovery Tokens are stored' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options + +attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix' + DESC 'FusionDirectory - Dashboard computer name prefix' + OBSOLETE + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit' + DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays' + DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab' + OBSOLETE + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +# merged from recovery-fd.schema - Needed by Fusion Directory for password recovery options + +attributetype ( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryActivated' + DESC 'Fusion Directory - Password recovery enabled/disabled' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryEmail' + DESC 'Fusion Directory - Password recovery sender email' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryMailSubject' + DESC 'Fusion Directory - Password recovery first email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryMailBody' + DESC 'Fusion Directory - Password recovery first email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryMail2Subject' + DESC 'Fusion Directory - Password recovery second email subject' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryMail2Body' + DESC 'Fusion Directory - Password recovery second email body' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryValidity' + DESC 'Fusion Directory - Password recovery link validity in minutes' + EQUALITY integerMatch + ORDERING integerOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoverySalt' + DESC 'Fusion Directory - Password recovery token salt' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryUseAlternate' + DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.8.110.10 NAME 'fdPasswordRecoveryLoginAttribute' + DESC 'Fusion Directory - Password recovery login attribute (usually uid)' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + + +# Object Class +objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf' + DESC 'FusionDirectory configuration' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( + fusionConfigMd5 $ + fdSchemaCheck $ + fdLanguage $ fdTheme $ fdTimezone $ + fdAccountPrimaryAttribute $ fdNextIdHook $ + fdStrictNamingRules $ fdMinId $ fdUidNumberBase $ + fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAllocationMethod $ + fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolMax $ fdUidNumberPoolMax $ + fdAclRoleRDN $ fdCnPattern $ fdRestrictRoleMembers $ + fdSplitPostalAddress $ fdPostalAddressPattern $ fdMaxAvatarSize $ fdGivenNameRequired $ + fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $ + fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $ + fdForcePasswordDefaultHash $ fdPasswordAllowedHashes $ + fdListSummary $ + fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $ + fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $ + fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $ + fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $ fdDebugLogging $ + fdEnableSnapshots $ fdSnapshotBase $ + fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $ + fdPluginsMenuBlacklist $ fdManagementConfig $ fdManagementUserConfig $ + fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $ + fdIncrementalModifierStates $ + fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $ fdSnapshotRetentionDays $ fdSnapshotSourceData $ + fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $ + fdLoginMethod $ fdCasLibraryBool $ fdCasClientServiceName $ fdEnableAutomaticSnapshots $ fdSnapshotMinRetention $ + fdTokenRDN $ fdOrchestratorTokenRDN $ fdRecoveryTokenRDN + ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf' + DESC 'FusionDirectory plugins configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk $ fdOGroupDefaultUser ) ) + +objectclass ( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf' + DESC 'FusionDirectory password recovery configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( + fdPasswordRecoveryActivated $ fdPasswordRecoveryEmail $ + fdPasswordRecoveryMailSubject $ fdPasswordRecoveryMailBody $ + fdPasswordRecoveryMail2Subject $ fdPasswordRecoveryMail2Body $ + fdPasswordRecoveryValidity $ fdPasswordRecoverySalt $ + fdPasswordRecoveryUseAlternate $ fdPasswordRecoveryLoginAttribute + ) ) + +# Dashboard Object Class +objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf' + DESC 'FusionDirectory dashboard plugin configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) ) diff --git a/etc/openldap/schema/core-fd.schema b/etc/openldap/schema/core-fd.schema new file mode 100644 index 0000000..b73b535 --- /dev/null +++ b/etc/openldap/schema/core-fd.schema @@ -0,0 +1,580 @@ +## +## core-fd.schema - Needed by FusionDirectory for its basic functionalities +## + +# Last OID used for attributes : 1.3.6.1.4.1.38414.62.1.77 04/08/25 # +# Last OID used for objectClass : 1.3.6.1.4.1.38414.62.2.11 29/01/24 # + +##### Attributes from gosa ###### + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects' + DESC 'GOsa - List of all object types that are in a gosaGroupOfNames' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate' + DESC 'GOsa - ACL entries for ACL roles' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry' + DESC 'GOsa - ACL entries' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp' + DESC 'GOsa - Unix timestamp of snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN' + DESC 'GOsa - Original DN of saved object in snapshot' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData' + DESC 'GOsa - Original data of saved object in snapshot' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE) + +##### Attributes from FusionDirectory ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.1 NAME 'fdUserDn' + DESC 'FusionDirectory - DN of a user' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.2 NAME 'fdObjectDn' + DESC 'FusionDirectory - DN of an object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.3 NAME 'fdLockTimestamp' + DESC 'FusionDirectory - Lock token timestamp' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.4 NAME 'fdSnapshotObjectType' + DESC 'FusionDirectory - object type of the snapshotted object' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.51 NAME 'fdSnapshotDataSource' + DESC 'FusionDirectory - snapshot data origin / source' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.68 NAME 'fdSnapshotHash' + DESC 'FusionDirectory - hash of the current snapShot allowing diff verification with MD5' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +##### Subscriptions Attributes ###### + +attributetype ( 1.3.6.1.4.1.38414.62.11.1 NAME 'fdSubscriptionStartDate' + DESC 'FusionDirectory - Subscription Starting Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.2 NAME 'fdSubscriptionEndDate' + DESC 'FusionDirectory - Subscription End Date' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.3 NAME 'fdSubscriptionType' + DESC 'FusionDirectory - Subscription type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.4 NAME 'fdSubscriptionContractId' + DESC 'FusionDirectory - Subscription contract ID' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.11.5 NAME 'fdSubscriptionName' + DESC 'FusionDirectory - Subscription client name' + SUP name ) + +### Mail Template Attributes ### + +attributetype ( 1.3.6.1.4.1.38414.62.1.5 NAME 'fdMailTemplateBody' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.6 NAME 'fdMailTemplateRDN' + DESC 'FusionDirectory - template Mail RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.7 NAME 'fdMailTemplateSignature' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.8 NAME 'fdMailAttachmentsContent' + DESC 'FusionDirectory - attachment data in bin format' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.9 NAME 'fdMailTemplateReadReceipt' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +attributetype ( 1.3.6.1.4.1.38414.62.1.10 NAME 'fdMailTemplateSubject' + DESC 'FusionDirectory - template mail field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +##### Tasks Attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.11 NAME 'fdTasksMailObject' + DESC 'Fusion Directory - Tasks for mail template objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.12 NAME 'fdTasksScheduleDate' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.13 NAME 'fdTasksMailUsers' + DESC 'Fusion Directory - Tasks Mail Users Recipient' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.14 NAME 'fdTasksStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.15 NAME 'fdTasksEndDate' + DESC 'Fusion Directory - Task End Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.57 NAME 'fdTasksLastExec' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.77 NAME 'fdTasksNextExec' + DESC 'Fusion Directory - Time when tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.58 NAME 'fdTasksLastActivation' + DESC 'Fusion Directory - Time when tasks was last activated' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.16 NAME 'fdTasksCreationDate' + DESC 'Fusion Directory - Task Start Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.17 NAME 'fdTasksEmailsFromDN' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.18 NAME 'fdTasksEmailSender' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.55 NAME 'fdTasksEmailBCC' + DESC 'Fusion Directory - Emails derived from DN' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.19 NAME 'fdTasksMailType' + DESC 'Fusion Directory - Type of Mail attribute required' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +##### Tasks Granular ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.20 NAME 'fdTasksGranularStatus' + DESC 'Fusion Directory - Task Status' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.21 NAME 'fdTasksGranularSchedule' + DESC 'Scheduling of the Task - required processed date' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.22 NAME 'fdTasksGranularMaster' + DESC 'Fusion Directory - Tasks Master objects' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.23 NAME 'fdTasksGranularType' + DESC 'Fusion Directory - Tasks Type' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.24 NAME 'fdTasksGranularMail' + DESC 'Fusion Directory - Emails recipients if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.25 NAME 'fdTasksGranularMailFrom' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.56 NAME 'fdTasksGranularMailBCC' + DESC 'Fusion Directory - Emails sender if object mail' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.26 NAME 'fdTasksGranularRef' + DESC 'Fusion Directory - Reference towards a CN (E.g Mail Template)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.69 NAME 'fdTasksGranularHelper' + DESC 'Fusion Directory - Reference towards a potential helper value from main task (case of reminder)' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.74 NAME 'fdTasksGranularCreationDate' + DESC 'Fusion Directory - Task Granular Creation Date' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.75 NAME 'fdTasksGranularLastExec' + DESC 'Fusion Directory - Time when granular tasks was last executed' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.76 NAME 'fdTasksGranularNextExec' + DESC 'Fusion Directory - Time when granular tasks will be executed next' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +## Any tasks requiring to store DN (Such as lifeCycle). ## + +attributetype ( 1.3.6.1.4.1.38414.62.1.67 NAME 'fdTasksGranularDN' + DESC 'Fusion Directory - DN of the targeted user' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +##### Tasks Conf ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.27 NAME 'fdTasksRDN' + DESC 'FusionDirectory - Tasks RDN' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.38414.62.1.28 NAME 'fdTasksConfLastExecTime' + DESC 'Store time of last mail tasks success - secure spam interval' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.29 NAME 'fdTasksConfMaxEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.30 NAME 'fdTasksConfIntervalEmails' + DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +##### Plugin Manager ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.31 NAME 'fdPluginManagerInfoAuthors' + DESC 'FusionDirectory - Plugin authors attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.32 NAME 'fdPluginManagerInfoVersion' + DESC 'FusionDirectory - Plugin Version attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.33 NAME 'fdPluginManagerSupportHomeUrl' + DESC 'FusionDirectory - Plugin Support page url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.34 NAME 'fdPluginManagerSupportTicketUrl' + DESC 'FusionDirectory - Plugin Suuport ticket url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.35 NAME 'fdPluginManagerSupportDiscussionUrl' + DESC 'FusionDirectory - Pluging discussion url attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.36 NAME 'fdPluginManagerSupportSchemaUrl' + DESC 'FusionDirectory - Plugin schema url attribute needed if necessary' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.37 NAME 'fdPluginManagerReqFdVersion' + DESC 'FusionDirectory - Plugin Fusiondirectory Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.38 NAME 'fdPluginManagerReqPhpVersion' + DESC 'FusionDirectory - Plugin PHP Version requirement attribute' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.39 NAME 'fdPluginManagerContentPhpClass' + DESC 'FusionDirectory - Plugin Manager : list on php class provided' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.40 NAME 'fdPluginManagerContentLdapObject' + DESC 'FusionDirectory - Plugin Manager : list on Ldap Object needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.41 NAME 'fdPluginManagerContentLdapAttributes' + DESC 'FusionDirectory - Plugin Manager : list on Ldap attributes needed' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.42 NAME 'fdPluginManagerInfoStatus' + DESC 'FusionDirectory - Plugin Manager : status of plugin : Dev / stable / dontuse ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.43 NAME 'fdPluginManagerSupportDownloadUrl' + DESC 'FusionDirectory - Plugin direct download url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.44 NAME 'fdPluginManagerInfoTags' + DESC 'FusionDirectory - Plugin Tag for identity plugins goals' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.45 NAME 'fdPluginManagerInfoLogoUrl' + DESC 'FusionDirectory - Plugin Logo url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.46 NAME 'fdPluginManagerInfoScreenshotUrl' + DESC 'FusionDirectory - Plugin Screenshot Url ' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.47 NAME 'fdPluginManagerInfoLicence' + DESC 'FusionDirectory - Plugin Licence' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.48 NAME 'fdPluginManagerInfoOrigin' + DESC 'FusionDirectory - Plugin Origin' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.49 NAME 'fdPluginManagerSupportProvider' + DESC 'FusionDirectory - Plugin Support Provider' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.38414.62.1.50 NAME 'fdPluginManagerSupportContractUrl' + DESC 'FusionDirectory - Plugin Support Contract url' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +##### Tasks Granular Part 2 ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.52 NAME 'fdTasksRepeatable' + DESC 'Allow a given task to be repeatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.53 NAME 'fdTasksUpdatable' + DESC 'Allow a given task to be updatable' + EQUALITY booleanMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.7') + +attributetype ( 1.3.6.1.4.1.38414.62.1.54 NAME 'fdTasksRepeatableSchedule' + DESC 'Set the repetition of the tasks via a set attribute' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.15') + +##### Token management attributes ##### + +attributetype ( 1.3.6.1.4.1.38414.62.1.70 NAME 'fdTokenUserDN' + DESC 'The DN user linked to the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.71 NAME 'fdTokenType' + DESC 'The token type eg reminder, recovery' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.72 NAME 'fdToken' + DESC 'The token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +attributetype ( 1.3.6.1.4.1.38414.62.1.73 NAME 'fdTokenTimestamp' + DESC 'Timestamp for the validation of the token' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) + +##### Classes ##### + +### old gosa ObjectClass ### + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY + DESC 'GOsa - Class to mark Departments for GOsa' + MUST ( ou $ description ) + MAY ( manager $ co $ labeledURI ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames' + DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames' + SUP top AUXILIARY + MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole' + DESC 'GOsa - ACL container to define ACL roles' + SUP top STRUCTURAL + MUST ( gosaAclTemplate $ cn ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl' + DESC 'GOsa - ACL container to define single ACLs' + SUP top AUXILIARY + MUST ( gosaAclEntry )) + +objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject' + DESC 'GOsa - Container object for undo and snapshot data' + SUP top STRUCTURAL + MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData $ fdSnapshotDataSource ) + MAY ( fdSnapshotObjectType $ description $ fdSnapshotHash) ) + +### New FusionDirectory Objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.1 NAME 'fdLockEntry' SUP top STRUCTURAL + DESC 'FusionDirectory - Class for FD locking' + MUST ( fdUserDn $ fdObjectDn $ cn $ fdLockTimestamp )) + +### Subscription Related Object Class ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.2 NAME 'fdSubscriptionInformation' SUP top STRUCTURAL + DESC 'FusionDirectory - Information about current subscription' + MUST ( cn ) + MAY ( uid $ fdSubscriptionStartDate $ fdSubscriptionEndDate $ fdSubscriptionType $ fdSubscriptionContractId $ fdSubscriptionName )) + +### Plugin manager Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.3 NAME 'fdPluginManager' + DESC 'FusionDirectory - Plugins Manager ObjectClass' + MUST ( cn $ description $ fdPluginManagerInfoAuthors $ fdPluginManagerInfoVersion $ fdPluginManagerInfoStatus $ fdPluginManagerInfoLicence $ fdPluginManagerInfoOrigin $ fdPluginManagerSupportHomeUrl $ fdPluginManagerReqFdVersion $ fdPluginManagerReqPhpVersion $ fdPluginManagerSupportProvider ) + MAY ( fdPluginManagerInfoScreenshotUrl $ fdPluginManagerInfoLogoUrl $ fdPluginManagerInfoTags $ fdPluginManagerSupportTicketUrl $ fdPluginManagerSupportDiscussionUrl $ fdPluginManagerSupportSchemaUrl $ fdPluginManagerSupportDownloadUrl $ fdPluginManagerContentPhpClass $ fdPluginManagerContentLdapObject $ fdPluginManagerContentLdapAttributes $ fdPluginManagerSupportContractUrl )) + +### Mail Template Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.4 NAME 'fdMailTemplate' + DESC 'FusionDirectory - template mail object' + SUP top STRUCTURAL + MUST ( cn $ fdMailTemplateBody $ fdMailTemplateSubject ) + MAY ( fdMailTemplateSignature $ fdMailTemplateReadReceipt)) + +objectclass (1.3.6.1.4.1.38414.62.2.10 NAME 'fdMailAttachments' + DESC 'FusionDirectory - mail template attachments' + MUST ( cn $ fdMailAttachmentsContent )) + +objectclass ( 1.3.6.1.4.1.38414.62.2.5 NAME 'fdMailTemplateConf' + DESC 'FusionDirectory Mail Template Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdMailTemplateRDN ) ) + +### Tasks Related Object Class ### + +objectclass (1.3.6.1.4.1.38414.62.2.6 NAME 'fdTasks' + DESC 'FusionDirectory - Tasks objects' + MUST ( cn $ fdTasksStatus $ fdTasksCreationDate ) + MAY ( fdTasksScheduleDate $ fdTasksEndDate $ fdTasksRepeatableSchedule $ fdTasksUpdatable $ fdTasksRepeatable + $ fdTasksLastActivation $ fdTasksLastExec $ fdTasksNextExec $ description)) + +objectclass (1.3.6.1.4.1.38414.62.2.7 NAME 'fdTasksMail' + DESC 'FusionDirectory - Tasks objects Mail' + SUP top AUXILIARY + MUST ( fdTasksMailObject $ fdTasksEmailSender ) + MAY ( fdTasksMailUsers $ fdTasksEmailsFromDN $ fdTasksMailType $ fdTasksEmailBCC ) ) + +objectclass (1.3.6.1.4.1.38414.62.2.8 NAME 'fdTasksGranular' + DESC 'FusionDirectory - Tasks granular objects' + MUST ( fdTasksGranularMaster $ cn $ fdTasksGranularType $ fdTasksGranularSchedule $ fdTasksGranularStatus $ fdTasksGranularCreationDate ) + MAY (fdTasksGranularMailBCC $ fdTasksGranularDN $ fdTasksGranularRef $ fdTasksGranularMail $ fdTasksGranularMailFrom $ fdTasksGranularHelper $ fdTasksGranularLastExec $ fdTasksGranularNextExec)) + +objectclass (1.3.6.1.4.1.38414.62.2.9 NAME 'fdTasksConf' + DESC 'FusionDirectory - Tasks objects Configuration' + SUP top AUXILIARY + MUST ( cn ) + MAY ( fdTasksRDN $ fdTasksConfLastExecTime $ fdTasksConfMaxEmails $ fdTasksConfIntervalEmails)) + +### token objectclass ### + +objectclass ( 1.3.6.1.4.1.38414.62.2.11 NAME 'fdTokenEntry' + SUP top STRUCTURAL + DESC 'FusionDirectory - Class for token storage' + MUST ( cn $ fdTokenUserDN $ fdTokenType $ fdToken $ fdTokenTimestamp )) diff --git a/etc/openldap/schema/ldapns.schema b/etc/openldap/schema/ldapns.schema new file mode 100644 index 0000000..21ae00c --- /dev/null +++ b/etc/openldap/schema/ldapns.schema @@ -0,0 +1,23 @@ +# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $ + +# LDAP Name Service Additional Schema + +# http://www.iana.org/assignments/gssapi-service-names + +attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' + DESC 'IANA GSS-API authorized service name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' + DESC 'Auxiliary object class for adding authorizedService attribute' + SUP top + AUXILIARY + MAY authorizedService ) + +objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' + DESC 'Auxiliary object class for adding host attribute' + SUP top + AUXILIARY + MAY host ) + diff --git a/etc/openldap/schema/rfc2307bis.schema b/etc/openldap/schema/rfc2307bis.schema new file mode 100644 index 0000000..db34365 --- /dev/null +++ b/etc/openldap/schema/rfc2307bis.schema @@ -0,0 +1,288 @@ +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +# builtin +# +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an +# administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 +# SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + DESC 'Service port number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + DESC 'Service protocol name' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + DESC 'IP protocol number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + DESC 'ONC RPC number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IPv4 addresses as a dotted decimal omitting leading + zeros or IPv6 addresses as defined in RFC2373' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network as a dotted decimal, eg. 192.168, + omitting leading zeros' + SUP name + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, + omitting leading zeros' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address in maximal, colon separated hex + notation, eg. 00:00:92:90:ee:e2' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + DESC 'Name of a A generic NIS map' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + DESC 'A generic NIS entry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' + DESC 'NIS public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' + DESC 'NIS secret key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' + DESC 'NIS domain' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' + DESC 'automount Map Name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' + DESC 'Automount Key value' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' + DESC 'Automount information' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY + DESC 'Abstraction of an account with POSIX attributes' + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY + DESC 'Additional attributes for shadow passwords' + MUST uid + MAY ( userPassword $ description $ + shadowLastChange $ shadowMin $ shadowMax $ + shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY + DESC 'Abstraction of a group of accounts' + MUST gidNumber + MAY ( userPassword $ memberUid $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL + DESC 'Abstraction an Internet Protocol service. + Maps an IP port and protocol (such as tcp or udp) + to one or more names; the distinguished value of + the cn attribute denotes the services canonical + name' + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL + DESC 'Abstraction of an IP protocol. Maps a protocol number + to one or more names. The distinguished value of the cn + attribute denotes the protocols canonical name' + MUST ( cn $ ipProtocolNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL + DESC 'Abstraction of an Open Network Computing (ONC) + [RFC1057] Remote Procedure Call (RPC) binding. + This class maps an ONC RPC number to a name. + The distinguished value of the cn attribute denotes + the RPC services canonical name' + MUST ( cn $ oncRpcNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY + DESC 'Abstraction of a host, an IP device. The distinguished + value of the cn attribute denotes the hosts canonical + name. Device SHOULD be used as a structural class' + MUST ( cn $ ipHostNumber ) + MAY ( userPassword $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL + DESC 'Abstraction of a network. The distinguished value of + the cn attribute denotes the networks canonical name' + MUST ipNetworkNumber + MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL + DESC 'Abstraction of a netgroup. May refer to other netgroups' + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL + DESC 'A generic abstraction of a NIS map' + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL + DESC 'An entry in a NIS map' + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY + DESC 'A device with a MAC address; device SHOULD be + used as a structural class' + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY + DESC 'A device with boot parameters; device SHOULD be + used as a structural class' + MAY ( bootFile $ bootParameter ) ) + +objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY + DESC 'An object with a public and secret key' + MUST ( cn $ nisPublicKey $ nisSecretKey ) + MAY ( uidNumber $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY + DESC 'Associates a NIS domain with a naming context' + MUST nisDomain ) + +objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL + MUST ( automountMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL + DESC 'Automount information' + MUST ( automountKey $ automountInformation ) + MAY description ) +## namedObject is needed for groups without members +objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top + STRUCTURAL MAY cn ) + diff --git a/etc/openldap/schema/template-fd.schema b/etc/openldap/schema/template-fd.schema new file mode 100644 index 0000000..a90ca87 --- /dev/null +++ b/etc/openldap/schema/template-fd.schema @@ -0,0 +1,16 @@ +## +## template-fd.schema - Needed by Fusion Directory for managing templates +## + +# Attributes +attributetype ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField' + DESC 'FusionDirectory - template field' + EQUALITY octetStringMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) + +# Objectclasses +objectclass (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate' + DESC 'FusionDirectory - template object' + MUST ( cn ) + MAY ( fdTemplateField ) ) diff --git a/etc/periodic/weekly/9-clean-php b/etc/periodic/weekly/9-clean-php new file mode 100755 index 0000000..dd0cd5d --- /dev/null +++ b/etc/periodic/weekly/9-clean-php @@ -0,0 +1,4 @@ +#!/bin/bash + +find /var/lib/php/sessions -mmin +1440 -type f -print0 | xargs -0 rm -f +find /var/lib/php/uploads -mmin +1440 -type f -print0 | xargs -0 rm -f diff --git a/etc/php83/conf.d/00_bcmath.ini b/etc/php83/conf.d/00_bcmath.ini new file mode 100644 index 0000000..6813a0b --- /dev/null +++ b/etc/php83/conf.d/00_bcmath.ini @@ -0,0 +1 @@ +extension=bcmath diff --git a/etc/php83/conf.d/00_bz2.ini b/etc/php83/conf.d/00_bz2.ini new file mode 100644 index 0000000..d0b5b0f --- /dev/null +++ b/etc/php83/conf.d/00_bz2.ini @@ -0,0 +1 @@ +extension=bz2 diff --git a/etc/php83/conf.d/00_curl.ini b/etc/php83/conf.d/00_curl.ini new file mode 100644 index 0000000..89fa13d --- /dev/null +++ b/etc/php83/conf.d/00_curl.ini @@ -0,0 +1 @@ +extension=curl diff --git a/etc/php83/conf.d/00_gd.ini b/etc/php83/conf.d/00_gd.ini new file mode 100644 index 0000000..bb35ed0 --- /dev/null +++ b/etc/php83/conf.d/00_gd.ini @@ -0,0 +1 @@ +extension=gd diff --git a/etc/php83/conf.d/00_gettext.ini b/etc/php83/conf.d/00_gettext.ini new file mode 100644 index 0000000..549944c --- /dev/null +++ b/etc/php83/conf.d/00_gettext.ini @@ -0,0 +1 @@ +extension=gettext diff --git a/etc/php83/conf.d/00_gmp.ini b/etc/php83/conf.d/00_gmp.ini new file mode 100644 index 0000000..1b2be41 --- /dev/null +++ b/etc/php83/conf.d/00_gmp.ini @@ -0,0 +1 @@ +extension=gmp diff --git a/etc/php83/conf.d/00_iconv.ini b/etc/php83/conf.d/00_iconv.ini new file mode 100644 index 0000000..4711441 --- /dev/null +++ b/etc/php83/conf.d/00_iconv.ini @@ -0,0 +1 @@ +extension=iconv diff --git a/etc/php83/conf.d/00_imap.ini b/etc/php83/conf.d/00_imap.ini new file mode 100644 index 0000000..d026b09 --- /dev/null +++ b/etc/php83/conf.d/00_imap.ini @@ -0,0 +1 @@ +extension=imap diff --git a/etc/php83/conf.d/00_intl.ini b/etc/php83/conf.d/00_intl.ini new file mode 100644 index 0000000..63f20e8 --- /dev/null +++ b/etc/php83/conf.d/00_intl.ini @@ -0,0 +1 @@ +extension=intl diff --git a/etc/php83/conf.d/00_ldap.ini b/etc/php83/conf.d/00_ldap.ini new file mode 100644 index 0000000..5d67d7d --- /dev/null +++ b/etc/php83/conf.d/00_ldap.ini @@ -0,0 +1 @@ +extension=ldap diff --git a/etc/php83/conf.d/00_mbstring.ini b/etc/php83/conf.d/00_mbstring.ini new file mode 100644 index 0000000..0e3a392 --- /dev/null +++ b/etc/php83/conf.d/00_mbstring.ini @@ -0,0 +1 @@ +extension=mbstring diff --git a/etc/php83/conf.d/00_opcache.ini b/etc/php83/conf.d/00_opcache.ini new file mode 100644 index 0000000..592cb59 --- /dev/null +++ b/etc/php83/conf.d/00_opcache.ini @@ -0,0 +1 @@ +zend_extension=opcache diff --git a/etc/php83/conf.d/00_openssl.ini b/etc/php83/conf.d/00_openssl.ini new file mode 100644 index 0000000..355624b --- /dev/null +++ b/etc/php83/conf.d/00_openssl.ini @@ -0,0 +1 @@ +extension=openssl diff --git a/etc/php83/conf.d/00_posix.ini b/etc/php83/conf.d/00_posix.ini new file mode 100644 index 0000000..e58281c --- /dev/null +++ b/etc/php83/conf.d/00_posix.ini @@ -0,0 +1 @@ +extension=posix diff --git a/etc/php83/conf.d/00_session.ini b/etc/php83/conf.d/00_session.ini new file mode 100644 index 0000000..7482518 --- /dev/null +++ b/etc/php83/conf.d/00_session.ini @@ -0,0 +1 @@ +extension=session diff --git a/etc/php83/conf.d/00_simplexml.ini b/etc/php83/conf.d/00_simplexml.ini new file mode 100644 index 0000000..c88c0ae --- /dev/null +++ b/etc/php83/conf.d/00_simplexml.ini @@ -0,0 +1 @@ +extension=simplexml diff --git a/etc/php83/conf.d/00_sodium.ini b/etc/php83/conf.d/00_sodium.ini new file mode 100644 index 0000000..2932bf4 --- /dev/null +++ b/etc/php83/conf.d/00_sodium.ini @@ -0,0 +1 @@ +extension=sodium diff --git a/etc/php83/conf.d/00_sqlite3.ini b/etc/php83/conf.d/00_sqlite3.ini new file mode 100644 index 0000000..7ee602b --- /dev/null +++ b/etc/php83/conf.d/00_sqlite3.ini @@ -0,0 +1 @@ +extension=sqlite3 diff --git a/etc/php83/conf.d/00_xml.ini b/etc/php83/conf.d/00_xml.ini new file mode 100644 index 0000000..971783d --- /dev/null +++ b/etc/php83/conf.d/00_xml.ini @@ -0,0 +1 @@ +extension=xml diff --git a/etc/php83/conf.d/00_zip.ini b/etc/php83/conf.d/00_zip.ini new file mode 100644 index 0000000..08a7894 --- /dev/null +++ b/etc/php83/conf.d/00_zip.ini @@ -0,0 +1 @@ +extension=zip diff --git a/etc/php83/conf.d/01_phar.ini b/etc/php83/conf.d/01_phar.ini new file mode 100644 index 0000000..c535cef --- /dev/null +++ b/etc/php83/conf.d/01_phar.ini @@ -0,0 +1 @@ +extension=phar diff --git a/etc/php83/conf.d/99_bcmath.ini b/etc/php83/conf.d/99_bcmath.ini new file mode 100644 index 0000000..0e9b8b5 --- /dev/null +++ b/etc/php83/conf.d/99_bcmath.ini @@ -0,0 +1,4 @@ +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 diff --git a/etc/php83/conf.d/99_curl.ini b/etc/php83/conf.d/99_curl.ini new file mode 100644 index 0000000..16b978e --- /dev/null +++ b/etc/php83/conf.d/99_curl.ini @@ -0,0 +1,4 @@ +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = diff --git a/etc/php83/conf.d/99_dba.ini b/etc/php83/conf.d/99_dba.ini new file mode 100644 index 0000000..e5bc8bf --- /dev/null +++ b/etc/php83/conf.d/99_dba.ini @@ -0,0 +1,2 @@ +[dba] +;dba.default_handler= diff --git a/etc/php83/conf.d/99_exif.ini b/etc/php83/conf.d/99_exif.ini new file mode 100644 index 0000000..b31c0ce --- /dev/null +++ b/etc/php83/conf.d/99_exif.ini @@ -0,0 +1,23 @@ +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS diff --git a/etc/php83/conf.d/99_ffi.ini b/etc/php83/conf.d/99_ffi.ini new file mode 100644 index 0000000..2066c5d --- /dev/null +++ b/etc/php83/conf.d/99_ffi.ini @@ -0,0 +1,9 @@ +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= diff --git a/etc/php83/conf.d/99_gd.ini b/etc/php83/conf.d/99_gd.ini new file mode 100644 index 0000000..9da3c78 --- /dev/null +++ b/etc/php83/conf.d/99_gd.ini @@ -0,0 +1,6 @@ +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 diff --git a/etc/php83/conf.d/99_iconv.ini b/etc/php83/conf.d/99_iconv.ini new file mode 100644 index 0000000..14bcfd5 --- /dev/null +++ b/etc/php83/conf.d/99_iconv.ini @@ -0,0 +1,17 @@ +[iconv] +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = diff --git a/etc/php83/conf.d/99_imap.ini b/etc/php83/conf.d/99_imap.ini new file mode 100644 index 0000000..060b23c --- /dev/null +++ b/etc/php83/conf.d/99_imap.ini @@ -0,0 +1,6 @@ +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 diff --git a/etc/php83/conf.d/99_intl.ini b/etc/php83/conf.d/99_intl.ini new file mode 100644 index 0000000..c36c85c --- /dev/null +++ b/etc/php83/conf.d/99_intl.ini @@ -0,0 +1,7 @@ +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING +;intl.use_exceptions = 0 diff --git a/etc/php83/conf.d/99_ldap.ini b/etc/php83/conf.d/99_ldap.ini new file mode 100644 index 0000000..941d8b2 --- /dev/null +++ b/etc/php83/conf.d/99_ldap.ini @@ -0,0 +1,3 @@ +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 diff --git a/etc/php83/conf.d/99_mbstring b/etc/php83/conf.d/99_mbstring new file mode 100644 index 0000000..a5dbc73 --- /dev/null +++ b/etc/php83/conf.d/99_mbstring @@ -0,0 +1,78 @@ +[mbstring] +; language for internal character representation. +; This affects mb_send_mail() and mbstring.detect_order. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; internal/script encoding. +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = + +; Use of this INI entry is deprecated, use global input_encoding instead. +; http input encoding. +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; http://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; http://php.net/mbstring.http-output +;mbstring.http_output = + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; "auto" detect order is changed according to mbstring.language +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +mbstring.func_overload = 0 + +; enable strict encoding detection. +; Default: Off +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +; Default: 100000 +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +; Default: 1000000 +;mbstring.regex_retry_limit=1000000 diff --git a/etc/php83/conf.d/99_mysqli.ini b/etc/php83/conf.d/99_mysqli.ini new file mode 100644 index 0000000..a6c2571 --- /dev/null +++ b/etc/php83/conf.d/99_mysqli.ini @@ -0,0 +1,48 @@ +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysqli_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off diff --git a/etc/php83/conf.d/99_mysqlnd.ini b/etc/php83/conf.d/99_mysqlnd.ini new file mode 100644 index 0000000..8d8978d --- /dev/null +++ b/etc/php83/conf.d/99_mysqlnd.ini @@ -0,0 +1,33 @@ +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +mysqlnd.collect_memory_statistics = Off + +; Records communication from all extensions using mysqlnd to the specified log +; file. +; http://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +;mysqlnd.net_read_buffer_size = 32768 + +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = diff --git a/etc/php83/conf.d/99_odbc.ini b/etc/php83/conf.d/99_odbc.ini new file mode 100644 index 0000000..13d3635 --- /dev/null +++ b/etc/php83/conf.d/99_odbc.ini @@ -0,0 +1,40 @@ +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 diff --git a/etc/php83/conf.d/99_opcache.ini b/etc/php83/conf.d/99_opcache.ini new file mode 100644 index 0000000..3beda00 --- /dev/null +++ b/etc/php83/conf.d/99_opcache.ini @@ -0,0 +1,148 @@ +[opcache] +; Determines if Zend OPCache is enabled +opcache.enable=1 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +opcache.enable_cli=0 + +; The OPcache shared memory storage size. +opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=8 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 1000000 are allowed. +opcache.max_accelerated_files=1000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +opcache.save_comments=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0x7FFFBFFF + +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +;opcache.huge_code_pages=1 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; http://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; http://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp diff --git a/etc/php83/conf.d/99_openssl.ini b/etc/php83/conf.d/99_openssl.ini new file mode 100644 index 0000000..ba95cd7 --- /dev/null +++ b/etc/php83/conf.d/99_openssl.ini @@ -0,0 +1,17 @@ +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= diff --git a/etc/php83/conf.d/99_pdo.ini b/etc/php83/conf.d/99_pdo.ini new file mode 100644 index 0000000..1e03675 --- /dev/null +++ b/etc/php83/conf.d/99_pdo.ini @@ -0,0 +1,6 @@ +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name diff --git a/etc/php83/conf.d/99_pdo_mysql.ini b/etc/php83/conf.d/99_pdo_mysql.ini new file mode 100644 index 0000000..1598241 --- /dev/null +++ b/etc/php83/conf.d/99_pdo_mysql.ini @@ -0,0 +1,4 @@ +[Pdo_mysql] +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +;pdo_mysql.default_socket= diff --git a/etc/php83/conf.d/99_pgsql.ini b/etc/php83/conf.d/99_pgsql.ini new file mode 100644 index 0000000..0b17fb5 --- /dev/null +++ b/etc/php83/conf.d/99_pgsql.ini @@ -0,0 +1,27 @@ +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 diff --git a/etc/php83/conf.d/99_phar.ini b/etc/php83/conf.d/99_phar.ini new file mode 100644 index 0000000..e3fc161 --- /dev/null +++ b/etc/php83/conf.d/99_phar.ini @@ -0,0 +1,8 @@ +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = diff --git a/etc/php83/conf.d/99_session.ini b/etc/php83/conf.d/99_session.ini new file mode 100644 index 0000000..214fac5 --- /dev/null +++ b/etc/php83/conf.d/99_session.ini @@ -0,0 +1,269 @@ +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +session.save_path = "/var/lib/php/sessions" + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHP_SESSION_ID + +; Initialize session on request startup. +; http://php.net/session.auto-start +;session.auto_start = 0 + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php_serialize + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +;session.gc_probability = 1 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +;session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 86400 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +;session.referer_check = + +; Gives a path to an external resource (file) which will be used as an +; additional entropy source in the session id creation process. +;session.entropy_file string = /dev/urandom + +; Whether to use strict session mode. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +;session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +; session.use_cookies = 1 + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the be-all and end-all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +;session.use_only_cookies = 1 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +;session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +;session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +;session.cookie_domain = + +; http://php.net/session.cookie-secure +; session.cookie_secure = On + +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = Off + +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +; session.cookie_samesite = + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +;session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +;session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users' security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +;session.use_trans_sid = 0 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; http://php.net/url-rewriter.tags +;session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" + +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; http://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 64 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 6 + +; Define the hash algorithm used to generate the session IDs. +; Possible values: +; '0' MD5 (128 bits) +; '1' SHA-1 (160 bits) +; It is also possible to specify any of the algorithms provided by the hash +; extension (if it is available), like sha512 or whirlpool. +session.hash_function = 1 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +session.hash_bits_per_character = 6 + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = 1 + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +; Only write session data when session data is changed. Enabled by default. +; http://php.net/session.lazy-write +;session.lazy_write = On +session.lazy_write = Off diff --git a/etc/php83/conf.d/99_soap.ini b/etc/php83/conf.d/99_soap.ini new file mode 100644 index 0000000..c048b3f --- /dev/null +++ b/etc/php83/conf.d/99_soap.ini @@ -0,0 +1,16 @@ +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 diff --git a/etc/php83/conf.d/99_sqlite3.ini b/etc/php83/conf.d/99_sqlite3.ini new file mode 100644 index 0000000..1965589 --- /dev/null +++ b/etc/php83/conf.d/99_sqlite3.ini @@ -0,0 +1,13 @@ +[sqlite3] +; Directory pointing to SQLite3 extensions +; http://php.net/sqlite3.extension-dir +;sqlite3.extension_dir = + +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 diff --git a/etc/php83/conf.d/99_sysvshm.ini b/etc/php83/conf.d/99_sysvshm.ini new file mode 100644 index 0000000..03da3ab --- /dev/null +++ b/etc/php83/conf.d/99_sysvshm.ini @@ -0,0 +1,3 @@ +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 diff --git a/etc/php83/conf.d/99_tidy.ini b/etc/php83/conf.d/99_tidy.ini new file mode 100644 index 0000000..90c5f13 --- /dev/null +++ b/etc/php83/conf.d/99_tidy.ini @@ -0,0 +1,10 @@ +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off diff --git a/etc/php83/conf.d/imagick.ini b/etc/php83/conf.d/imagick.ini new file mode 100644 index 0000000..76225ec --- /dev/null +++ b/etc/php83/conf.d/imagick.ini @@ -0,0 +1 @@ +extension=imagick diff --git a/etc/php83/php-fpm.conf b/etc/php83/php-fpm.conf new file mode 100644 index 0000000..f0b273f --- /dev/null +++ b/etc/php83/php-fpm.conf @@ -0,0 +1,143 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +pid = run/php-fpm.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; into a local file. +; Note: the default prefix is /var +; Default Value: log/php-fpm.log +error_log = syslog + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +syslog.facility = local2 + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm +syslog.ident = php-fpm + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentionaly improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +emergency_restart_threshold = 5 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +emergency_restart_interval = 10 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +process.max = 16 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +process.priority = 0 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/etc/php83/php-fpm.d/*.conf diff --git a/etc/php83/php-fpm.d/www.conf b/etc/php83/php-fpm.d/www.conf new file mode 100644 index 0000000..dfc4cef --- /dev/null +++ b/etc/php83/php-fpm.d/www.conf @@ -0,0 +1,424 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +;listen = 127.0.0.1:9000 +listen = /run/php-fpm83/php-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = nobody +listen.group = apache +listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +; listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +process.priority = 0 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 8 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 4 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 5000 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 60 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +security.limit_extensions = .php .phar .phtml + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/etc/php83/php.ini b/etc/php83/php.ini new file mode 100644 index 0000000..b81394b --- /dev/null +++ b/etc/php83/php.ini @@ -0,0 +1,844 @@ +[PHP] +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +; To disable this feature set this option to an empty value +;user_ini.filename = ".user.ini" + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; Note: if open_basedir is set, the cache is disabled +; http://php.net/realpath-cache-size +;realpath_cache_size = 4096k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default: Off +zend.exception_ignore_args = On + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = Off + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 45 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 30 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +;max_input_vars = 1000 + +; Maximum amount of memory a script may consume +; http://php.net/memory-limit +memory_limit = 1073741824 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it is automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = On + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. We strongly recommend you +; set this to 'off' for production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = On + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This is only effective in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; This directive is DEPRECATED. +; Default Value: Off +; Development Value: Off +; Production Value: Off +; http://php.net/track-errors +;track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; http://php.net/html-errors +;html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on Windows). +error_log = syslog + +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +syslog.facility = local2 + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; http://php.net/syslog.filter +syslog.filter = ascii + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any effect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. +; PHP's built-in default media type is set to text/html. +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to UTF-8. +; http://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; http://php.net/input-encoding +;input_encoding = + +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; http://php.net/output-encoding +;output_encoding = + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path +;include_path = ".:/php/includes" + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +;doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +;user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +;extension_dir = "./" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +;sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +upload_tmp_dir = /var/lib/php/uploads + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 20M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +[Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; http://php.net/zend.assertions +zend.assertions = -1 + +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Throw an AssertionError on failed assertions +; http://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = UTC + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + + +;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Built-In Module Settings ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a component's typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[mail function] +; You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t" + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(). +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = Off + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on Windows). +;mail.log = syslog + +[Pcre] +; PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 diff --git a/etc/pkglist b/etc/pkglist index 3a35591..f13153d 100644 --- a/etc/pkglist +++ b/etc/pkglist @@ -1,3 +1,4 @@ +7zip acl acl-libs alpine-base @@ -6,6 +7,7 @@ alpine-baselayout-data alpine-conf alpine-keys alpine-release +aom-libs apache2 apache2-ctl apache2-http2 @@ -27,12 +29,20 @@ busybox-mdev-openrc busybox-openrc busybox-suid c-ares +c-client ca-certificates-bundle +composer cups-libs curl dbus-libs doas +fftw-double-libs +fontconfig +freetype gdbm +gettext +gettext-envsubst +gettext-libs git git-init-template gmp @@ -45,24 +55,29 @@ gpg-agent icu-data-en icu-libs ifupdown-ng +imagemagick +imagemagick-libs iptables iptables-openrc jansson keyutils-libs krb5-conf krb5-libs +lcms2 ldb libapk2 libarchive libassuan libattr libauth-samba +libavif libbsd libbz2 libcap2 libcom_err libcrypto3 libcurl +libdav1d libedit libestr libexpat @@ -71,23 +86,31 @@ libffi libformw libgcc libgcrypt +libgomp libgpg-error libgsasl +libice libidn libidn2 libintl +libjpeg-turbo libksba libldap liblockfile +libltdl libmd libmnl libncursesw libnftnl libpanelw +libpng libproc2 libpsl libsasl +libsharpyuv +libsm libsmbclient +libsodium libssl3 libstdc++ libtasn1 @@ -96,8 +119,18 @@ liburing libuuid libverto libwbclient +libwebp +libx11 +libxau +libxcb +libxdmcp +libxext libxml2 +libxpm +libxt libxtables +libyuv +libzip linux-pam lmdb lynx @@ -114,6 +147,8 @@ ncurses-terminfo-base nettle nghttp2-libs npth +oniguruma +openldap-clients openrc openrc-user openssh @@ -128,8 +163,30 @@ openssl p11-kit pcre2 php83 +php83-bcmath +php83-bz2 php83-common +php83-curl php83-fpm +php83-gd +php83-gettext +php83-gmp +php83-iconv +php83-imap +php83-intl +php83-ldap +php83-mbstring +php83-opcache +php83-openssl +php83-pecl-imagick +php83-phar +php83-posix +php83-session +php83-simplexml +php83-sodium +php83-sqlite3 +php83-xml +php83-zip pinentry popt procps-ng diff --git a/etc/pla/config.php.gpg b/etc/pla/config.php.gpg new file mode 100644 index 0000000..6e5ba71 Binary files /dev/null and b/etc/pla/config.php.gpg differ diff --git a/etc/rsyslog.conf b/etc/rsyslog.conf new file mode 100644 index 0000000..e3caae5 --- /dev/null +++ b/etc/rsyslog.conf @@ -0,0 +1,143 @@ +# Load modules. +module(load="imudp") +module(load="imtcp") +module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd") + + +# Global configuration. +global( + workDirectory="/var/lib/rsyslog" + #stdlog.channelspec="on" + maxMessageSize="16K" + senders.keepTrack="on" + senders.timeoutAfter="2419200" + senders.reportGoneAway="on" + senders.reportNew="on" +) + + +# Inputs. +input(type="imudp" port="25414" ruleset="syslog") +input(type="imudp" port="25415" ruleset="httplog") +input(type="imtcp" port="25414" ruleset="syslog") + + +# Rulesets. +ruleset(name="syslog") { + set $.host = tolower(field($hostname, ".", 1)); + set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain")); + if ($app-name != "") then { + set $.proc = $app-name; + if ($procid != "" and $procid != "-") then { + set $.proc = '[' & $procid & ']'; + } + } else { + set $.proc = '-'; + } + if ($msgid != "") then { + set $.id = $msgid; + } else { + set $.id = '-'; + } + + template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + +# FIXME: Log each facility to the AllHosts logs. Compression? + if prifilt("auth.*,authpriv.*") then { + action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" ) + } else if ... then { + + + + template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/ +%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n") + + + + if prifilt("*.info") then { + action(type="omfile" file="/var/log/info.log") + } +} + + + + +#template(name="SyslogLineFormat" type="list") { +# property(name="timereported" dateFormat="rfc3339" caseConversion="lower") # Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z' +# constant(value=" ") +# property(name="hostname") # Hostname +# constant(value=" ") +# property(name="syslogfacility") # Facility +# constant(value=".") +# property(name="syslogpriority") # Log priority +# constant(value=" ") +# property(name="syslogtag") # Syslog tag +# constant(value=": ") +# property(name="msg") # Message content +# constant(value="\n") +#} + + + + +#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + +#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/ +#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/ +# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n") + + + + +#VMWare: RFC 5424 + + + +# Parser. +#parser( +# name="FIXME" +# type="pmnormalize" +# rule=[ +# "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%", +# "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%" +# ] +#) + + +# Rules +#ruleset(name="outp" parser="custom.pmnormalize") { +# action(type="omfile" File="/tmp/output") +#} + + +# Outputs. +action(type="omfile" file="/tmp/messages" template="LogLineSingleHost") + + + +# Include additional configurations. +include(file="/etc/rsyslog.d/*.conf" mode="optional") + + + + +### Examples #### + +# Send all logs to remote syslog via UDP. +# An on-disk queue is created for this action. If the remote host is +# down, messages are spooled to disk and sent when it is up again. +#*.* action( +# type="omfwd" +# target="192.168.0.1" +# port="514" +# protocol="udp" +# queue.filename="fwdRule1" # unique name prefix for spool files +# queue.type="LinkedList" +# queue.maxDiskSpace="256m" +# queue.saveOnShutdown="on" +# action.resumeRetryCount="-1" +# action.resumeInterval="30" +#) diff --git a/etc/samba/smb.conf b/etc/samba/smb.conf index 4060f8a..5f73988 100644 --- a/etc/samba/smb.conf +++ b/etc/samba/smb.conf @@ -5,13 +5,17 @@ workgroup = SLACKWAREUKNET server string = "slackware.uk.net Domain Controller" # dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169 dns forwarder = 216.119.155.58 185.176.90.169 -allow dns updates = disabled -tls cafile = /etc/certificates/core.slackware.uk.net_fullchain.pem +allow dns updates = no +tls cafile = /etc/ssl/certs/ca-certificates.crt tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem tls verify peer = ca_and_name_if_available log level = 1 logging = syslog:local5 +log file = /var/log/core.slackware.uk.net/today/samba/samba-debug +debug syslog format = always +debug hires timestamp = yes +enable core files = no idmap config * : backend = tdb # There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used. idmap config * : range = 10000-10500 diff --git a/etc/shadow.gpg b/etc/shadow.gpg index 0296a51..3f03b2e 100644 Binary files a/etc/shadow.gpg and b/etc/shadow.gpg differ diff --git a/etc/ssl/certs/ca.cert b/etc/ssl/certs/ca.cert new file mode 120000 index 0000000..1b1bbd8 --- /dev/null +++ b/etc/ssl/certs/ca.cert @@ -0,0 +1 @@ +/etc/certificates/core.slackware.uk.net_chain.pem \ No newline at end of file diff --git a/etc/ssl/certs/fd.cert b/etc/ssl/certs/fd.cert new file mode 120000 index 0000000..7991568 --- /dev/null +++ b/etc/ssl/certs/fd.cert @@ -0,0 +1 @@ +/etc/certificates/core.slackware.uk.net_cert.pem \ No newline at end of file diff --git a/home/sysadmin/.bashrc b/home/sysadmin/.bashrc index c6e8906..7fcb2ed 100644 --- a/home/sysadmin/.bashrc +++ b/home/sysadmin/.bashrc @@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() { hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always' hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999' -echo -ne "\e[2q" -echo -e "\e]12;#00FF00" +[[ -z "$SSH_TTY" ]] && { + echo -ne "\e[2q" + echo -e "\e]12;#00FF00" +} for FILE in "$HOME"/.bashrc.d/*; do [[ -x "$FILE" ]] && source "$FILE" diff --git a/opt/sbin/cronjob-rotate-logs-symlinks b/opt/sbin/cronjob-rotate-logs-symlinks index aae8e1a..49997ea 100755 --- a/opt/sbin/cronjob-rotate-logs-symlinks +++ b/opt/sbin/cronjob-rotate-logs-symlinks @@ -5,6 +5,9 @@ LOGS_DIR="/var/log" DIR_MODE="0750" UMASK="027" +# This array may be used in the defaults file. +declare -A CREATE_DIRS + # Allow /etc/default/rotate-logs-symlinks to override default configuration. [[ -e /etc/default/rotate-logs-symlinks ]] && { # shellcheck disable=SC1091 @@ -21,7 +24,7 @@ UMASK="027" umask "$UMASK" # Process all the directories in the logs directory. - for DIR in "$LOGS_DIR"/*; do + for DIR in "$LOGS_DIR"/*/; do cd "$DIR" 2>/dev/null || { printf "%s: %s\\n" "${0##*/}" "failed to change directory to '$DIR'" >&2 continue @@ -34,9 +37,17 @@ UMASK="027" continue } + # If configured to do so for this directory, create sub directories. + for CREATE_DIR in ${CREATE_DIRS[$(printf "$DIR" | awk -F / -e '{print $4}')]}; do + mkdir -p -m "$DIR_MODE" "$TODAY/$CREATE_DIR" 2>/dev/null || { + printf "%s: %s\\n" "${0##*/}" "failed to create directory '$DIR/$TODAY/$CREATE_DIR'" >&2 + continue + } + done + # Create a 'today' symlink to the new days' directory. - ( cd "$DIR" 2>/dev/null && ln -sf "$TODAY" "today" 2>/dev/null ) || { - printf "%s: %s\\n" "${0##*/}" "creating 'today' symlink failed" >&2 + ( cd "$DIR" 2>/dev/null && ln -sfn "$TODAY" "today" 2>/dev/null ) || { + printf "%s: %s\\n" "${0##*/}" "updating 'today' symlink failed" >&2 continue } done diff --git a/root/.bashrc b/root/.bashrc index c6e8906..7fcb2ed 100644 --- a/root/.bashrc +++ b/root/.bashrc @@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() { hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always' hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999' -echo -ne "\e[2q" -echo -e "\e]12;#00FF00" +[[ -z "$SSH_TTY" ]] && { + echo -ne "\e[2q" + echo -e "\e]12;#00FF00" +} for FILE in "$HOME"/.bashrc.d/*; do [[ -x "$FILE" ]] && source "$FILE" diff --git a/root/.gitignore b/root/.gitignore index 589f81f..5402730 100644 --- a/root/.gitignore +++ b/root/.gitignore @@ -2,7 +2,9 @@ !/.* !/.*/ !/.*/** +!/clean-fd /.bash_history* +/.composer/ /.gnupg/ /.nano_history diff --git a/root/clean-fd b/root/clean-fd new file mode 100755 index 0000000..c0a69d9 --- /dev/null +++ b/root/clean-fd @@ -0,0 +1,5 @@ +#!/bin/bash + +rm -f /var/spool/fusiondirectory/* +rm -f /var/cache/fusiondirectory/{fai/*,fusiondirectory.auth,template/*,tmp/*} +rm -f /var/lib/php/sessions/* diff --git a/srv/dehydrated/.gitkeepdir b/srv/dehydrated/.gitkeepdir deleted file mode 100644 index e69de29..0000000 diff --git a/var/.gitignore b/var/.gitignore new file mode 100644 index 0000000..1a26644 --- /dev/null +++ b/var/.gitignore @@ -0,0 +1,12 @@ +/cache/ +/db/ +/empty/ +/local/ +/lock +/log/ +/mail/ +/opt/ +/run +/spool/ +/tmp/ +/www/ diff --git a/var/lib/.gitignore b/var/lib/.gitignore new file mode 100644 index 0000000..64d0447 --- /dev/null +++ b/var/lib/.gitignore @@ -0,0 +1,9 @@ +/ip6tables/ +/iptables/ +/misc/ +/prometheus/ +/rsyslog/ +/samba/ +/samba.pre-provision/ +/sudo/ +/terraform-http-backend/