clean-fd script.

Correct rsyslog.conf.
PHP configs.
2025-10-29 17:15:16 +00:00 · 2025-10-29 17:13:19 +00:00 · 2025-10-29 17:11:28 +00:00 · 2025-10-29 17:10:50 +00:00 · 2025-10-29 17:09:56 +00:00 · 2025-10-29 17:08:38 +00:00
85 changed files with 4393 additions and 47 deletions
--- a/.gitattributesdb
+++ b/.gitattributesdb
@ -5,12 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - -
 LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - -
 LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - -
 LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - -
-LmdpdGlnbm9yZQ== 1758124916 1757593248 root:root 0644 - -
+LmdpdGlnbm9yZQ== 1758288513 1757593248 root:root 0644 - -
 LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - -
-ZXRjLy5naXRpZ25vcmU= 1758218823 1757611781 root:root 0644 - -
+ZXRjLy5naXRpZ25vcmU= 1758642133 1757611781 root:root 0644 - -
 ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
-ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - -
-ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - -
+ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758837649 1757785514 root:root 0644 - -
+ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758817141 1757785113 root:root 0644 - -
 ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - -
 ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
 ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
@ -18,9 +18,10 @@ ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - -
 ZXRjL2NvbmYuZC9zc2hk 1757593051 1757593051 root:root 0644 - -
 ZXRjL2NvbmYuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757771663 1757595391 root:root 0644 - -
 ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - -
+ZXRjL2RlZmF1bHQvcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758555243 1758552192 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvLmdpdGlnbm9yZQ== 1758038054 1758038054 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvLmdpdGlnbm9yZQ== 1757873230 1757873230 root:root 0644 - -
-ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1757873275 1757873275 root:root 0644 - -
+ZXRjL2RlaHlkcmF0ZWQvYWNjb3VudHMvYUhSMGNITTZMeTloWTIxbExYWXdNaTVoY0drdWJHVjBjMlZ1WTNKNWNIUXViM0puTDJScGNtVmpkRzl5ZVFvLnRhci5ncGc= 1761052714 1757873275 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvYXJjaGl2ZS8uZ2l0aWdub3Jl 1757874259 1757873451 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvY2VydHMvLmdpdGlnbm9yZQ== 1757874303 1757873537 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvY29uZmln 1758044465 1757862077 root:root 0644 - -
@ -28,9 +29,13 @@ ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucw== 1757862328 1757862077 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL19leGFtcGxlXw== 1757863238 1757862077 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvZG9tYWlucy5kL2NvcmUuc2xhY2t3YXJlLnVrLm5ldA== 1757863250 1757863250 root:root 0644 - -
 ZXRjL2RlaHlkcmF0ZWQvaG9va3MvZGVmYXVsdA== 1758045829 1757862077 root:root 0755 - -
+ZXRjL2Z1c2lvbmRpcmVjdG9yeS9mdXNpb25kaXJlY3RvcnkuY29uZg== 1760207207 1760207207 root:root 0644 - -
 ZXRjL2dyb3Vw 1757873802 1757869538 root:root 0644 - -
 ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - -
 ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - -
+ZXRjL2luaXQuZC8uZ2l0aWdub3Jl 1758555849 1758555812 root:root 0644 - -
+ZXRjL2luaXQuZC9zYW1iYQ== 1758645132 1748355660 root:root 0755 - -
+ZXRjL2luaXQuZC90ZXJyYWZvcm0taHR0cC1iYWNrZW5k 1757772166 1757770736 root:root 0755 - -
 ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - -
 ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - -
 ZXRjL2tyYjUuY29uZg== 1758214709 1583171707 root:root 0644 - -
@ -39,17 +44,76 @@ ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RhcnQ= 1758225142 1758225089 root:root 075
 ZXRjL2xvY2FsLmQvcHVzaG92ZXItYWxlcnQuc3RvcA== 1758225254 1758225155 root:root 0755 - -
 ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - -
 ZXRjL21zbXRwLmFsaWFzZXM= 1758035451 1758035451 root:root 0644 - -
-ZXRjL21zbXRwcmMuZ3Bn 1758049424 1758049424 root:root 0644 - -
+ZXRjL21zbXRwcmMuZ3Bn 1761052674 1758049424 root:root 0644 - -
 ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - -
-ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1757759982 1757596330 root:root 0644 - -
-ZXRjL3Bhc3N3ZA== 1757873724 1757869538 root:root 0644 - -
+ZXRjL25ldHdvcmsvaW50ZXJmYWNlcw== 1758915694 1757596330 root:root 0644 - -
+ZXRjL29wZW5sZGFwL2xkYXAuY29uZg== 1758374529 1730112559 root:root 0644 - -
+ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLWNvbmYuc2NoZW1h 1759848180 1759848180 root:root 0644 - -
+ZXRjL29wZW5sZGFwL3NjaGVtYS9jb3JlLWZkLnNjaGVtYQ== 1759848180 1759848180 root:root 0644 - -
+ZXRjL29wZW5sZGFwL3NjaGVtYS9sZGFwbnMuc2NoZW1h 1759848180 1759848180 root:root 0644 - -
+ZXRjL29wZW5sZGFwL3NjaGVtYS9yZmMyMzA3YmlzLnNjaGVtYQ== 1759835660 1759835660 root:root 0644 - -
+ZXRjL29wZW5sZGFwL3NjaGVtYS90ZW1wbGF0ZS1mZC5zY2hlbWE= 1759848180 1759848180 root:root 0644 - -
+ZXRjL3Bhc3N3ZA== 1761056398 1761056398 root:root 0644 - -
 ZXRjL3BlcmlvZGljL2RhaWx5LzAtcm90YXRlLWxvZ3Mtc3ltbGlua3M= 1758222266 1758222266 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5LzEwLWRlaHlkcmF0ZWQ= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5LzUtdXBkYXRlLXBhY2thZ2VzLWxpc3Q= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3BlcmlvZGljL2RhaWx5Lzctd2Fybi1naXQtc3RhdHVz 1757708520 1757708520 root:root 0777 - -
-ZXRjL3BrZ2xpc3Q= 1758211839 1757609913 root:root 0644 - -
+ZXRjL3BlcmlvZGljL3dlZWtseS85LWNsZWFuLXBocA== 1758294154 1758289390 root:root 0755 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9iY21hdGguaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9iejIuaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9jdXJsLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9nZC5pbmk= 1758756479 1758756479 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9nZXR0ZXh0LmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9nbXAuaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9pY29udi5pbmk= 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9pbWFwLmluaQ== 1758756479 1758756479 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9pbnRsLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9sZGFwLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9tYnN0cmluZy5pbmk= 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGNhY2hlLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9vcGVuc3NsLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9wb3NpeC5pbmk= 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9zZXNzaW9uLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9zaW1wbGV4bWwuaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9zb2RpdW0uaW5p 1758756479 1758756479 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF9zcWxpdGUzLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF94bWwuaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMF96aXAuaW5p 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC8wMV9waGFyLmluaQ== 1754432591 1754432591 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9iY21hdGguaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9jdXJsLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9kYmEuaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9leGlmLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9mZmkuaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9nZC5pbmk= 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9pY29udi5pbmk= 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9pbWFwLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9pbnRsLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9sZGFwLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9tYnN0cmluZw== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbGkuaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9teXNxbG5kLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9vZGJjLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9vcGNhY2hlLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9vcGVuc3NsLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9wZG8uaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9wZG9fbXlzcWwuaW5p 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9wZ3NxbC5pbmk= 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9waGFyLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9zZXNzaW9uLmluaQ== 1760206689 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9zb2FwLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9zcWxpdGUzLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV9zeXN2c2htLmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC85OV90aWR5LmluaQ== 1758566165 1758566165 root:root 0644 - -
+ZXRjL3BocDgzL2NvbmYuZC9pbWFnaWNrLmluaQ== 1755096904 1755096904 root:root 0644 - -
+ZXRjL3BocDgzL3BocC1mcG0uY29uZg== 1758566251 1758566184 root:root 0644 - -
+ZXRjL3BocDgzL3BocC1mcG0uZC93d3cuY29uZg== 1758566277 1758566199 root:root 0644 - -
+ZXRjL3BocDgzL3BocC5pbmk= 1759845481 1758566175 root:root 0644 - -
+ZXRjL3BrZ2xpc3Q= 1761696000 1757609913 root:root 0644 - -
+ZXRjL3BsYS9jb25maWcucGhwLmdwZw== 1761052640 1758539944 root:root 0644 - -
 ZXRjL3B1c2hvdmVyLWNsaWVudC9kZWZhdWx0 1758224985 1758224590 root:root 0600 - -
 ZXRjL3Jlc29sdi5jb25m 1757611605 1757611605 root:root 0644 - -
+ZXRjL3JzeXNsb2cuY29uZg== 1757785113 1757785113 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290Ly5naXRpZ25vcmU= 1757769666 1757598667 root:root 0644 - -
 ZXRjL3J1bmxldmVscy9ib290L3JzeXNsb2c= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0Ly5naXRpZ25vcmU= 1757598703 1757598703 root:root 0644 - -
@ -58,26 +122,28 @@ ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwNnRhYmxlcw== 1757770233 1757770233 root:root 077
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L2lwdGFibGVz 1757770222 1757770222 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L25vZGUtZXhwb3J0ZXI= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3BocC1mcG04Mw== 1757708520 1757708520 root:root 0777 - -
-ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1757708520 1757708520 root:root 0777 - -
+ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NhbWJh 1758837930 1758837930 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3NzaGQ= 1757708520 1757708520 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9kZWZhdWx0L3RlcnJhZm9ybS1odHRwLWJhY2tlbmQ= 1757772274 1757772274 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcDZ0YWJsZXM= 1757770292 1757770292 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9pcHRhYmxlcw== 1757770284 1757770284 root:root 0777 - -
 ZXRjL3J1bmxldmVscy9zaHV0ZG93bi9zYW1iYQ== 1757708520 1757708520 root:root 0777 - -
-ZXRjL3NhbWJhL3NtYi5jb25m 1758215678 1758208516 root:root 0644 - -
+ZXRjL3NhbWJhL3NtYi5jb25m 1758656295 1758208516 root:root 0644 - -
 ZXRjL3NhbWJhL3NtYnVzZXJz 1758121825 1758121586 root:root 0644 - -
-ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - -
+ZXRjL3NoYWRvdy5ncGc= 1761052608 1757599010 root:root 0644 - -
 ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - -
 ZXRjL3NzaC9zc2hfY29uZmln 1757606630 1757606630 root:root 0644 - -
 ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1758202229 1757606896 root:root 0644 - -
 ZXRjL3NzaGd1YXJkLmNvbmY= 1758050700 1758050700 root:root 0644 - -
 ZXRjL3NzaGd1YXJkLndoaXRlbGlzdA== 1758050235 1758050235 root:root 0644 - -
+ZXRjL3NzbC9jZXJ0cy9jYS5jZXJ0 1758642260 1758642260 root:root 0777 - -
+ZXRjL3NzbC9jZXJ0cy9mZC5jZXJ0 1758642260 1758642260 root:root 0777 - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
 aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - -
 aG9tZS9zeXNhZG1pbi8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uYmFzaF9wcm9maWxl 1757861225 1757584711 sysadmin:users 0644 - -
-aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1757861322 1757586493 sysadmin:users 0644 - -
+aG9tZS9zeXNhZG1pbi8uYmFzaHJj 1758887092 1757586493 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0Y29uZmln 1757582738 1757582738 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uZ2l0aWdub3Jl 1757600312 1757600312 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 sysadmin:users 0644 - -
@ -85,7 +151,7 @@ aG9tZS9zeXNhZG1pbi8ubmFub3Jj 1757585756 1757585756 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 sysadmin:users 0644 - -
 aG9tZS9zeXNhZG1pbi8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757763178 1757587611 sysadmin:users 0644 - -
 b3B0L3NiaW4vY3JvbmpvYi1kZWh5ZHJhdGVk 1758033093 1757531685 root:root 0755 - -
-b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758224324 1758224324 root:root 0755 - -
+b3B0L3NiaW4vY3JvbmpvYi1yb3RhdGUtbG9ncy1zeW1saW5rcw== 1758555302 1758224324 root:root 0755 - -
 b3B0L3NiaW4vY3JvbmpvYi11cGRhdGUtcGFja2FnZXMtbGlzdA== 1757531121 1757531121 root:root 0755 - -
 b3B0L3NiaW4vY3JvbmpvYi13YXJuLWdpdC1zdGF0dXM= 1758221607 1757591137 root:root 0755 - -
 b3B0L3NiaW4vZGVoeWRyYXRlZA== 1757531557 1757531557 root:root 0755 - -
@ -93,19 +159,21 @@ b3B0L3NiaW4vcHVzaG92ZXItY2xpZW50 1758224526 1758224526 root:root 0755 - -
 b3B0L3NiaW4vdGVycmFmb3JtLWh0dHAtYmFja2VuZA== 1757590543 1757590543 root:root 0755 - -
 cm9vdC8uYmFzaF9sb2dvdXQ= 1757582867 1757582867 root:root 0644 - -
 cm9vdC8uYmFzaF9wcm9maWxl 1757584711 1757584711 root:root 0644 - -
-cm9vdC8uYmFzaHJj 1757861289 1757586493 root:root 0644 - -
+cm9vdC8uYmFzaHJj 1758887027 1757586493 root:root 0644 - -
 cm9vdC8uZ2l0Y29uZmln 1757582738 1757582738 root:root 0644 - -
-cm9vdC8uZ2l0aWdub3Jl 1757600312 1757600312 root:root 0644 - -
+cm9vdC8uZ2l0aWdub3Jl 1761758092 1757600312 root:root 0644 - -
 cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 0644 - -
 cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - -
 cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - -
 cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - -
-c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - -
+cm9vdC9jbGVhbi1mZA== 1758994151 1758992264 root:root 0755 - -
+dmFyLy5naXRpZ25vcmU= 1758288612 1758288560 root:root 0644 - -
+dmFyL2xpYi8uZ2l0aWdub3Jl 1758288797 1758288764 root:root 0644 - -
 ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - -
 ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - -
-ZXRjL3NoYWRvdw== 1757873748 1757869538 root:shadow 0640 - -
-ZXRjL3NoYWRvdy0= 1757761290 1757702629 root:shadow 0640 - -
+ZXRjL3NoYWRvdw== 1761056398 1761056398 root:shadow 0640 - -
+ZXRjL3NoYWRvdy0= 1761056356 1761056356 root:shadow 0640 - -
 ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
-aG9tZS9zeXNhZG1pbg== 1757861322 1757761412 sysadmin:users 0711 - -
+aG9tZS9zeXNhZG1pbg== 1758887092 1757761412 sysadmin:users 0711 - -
--- a/.gitignore
+++ b/.gitignore
@ -15,4 +15,3 @@
 /sys/
 /tmp/
 /usr/
-/var/
--- a/etc/.gitignore
+++ b/etc/.gitignore
@ -10,7 +10,6 @@
 /ethertypes
 /fstab
 /group-
-/init.d/
 /inittab
 /inputrc
 /issue
@ -43,7 +42,6 @@
 /shadow
 /shadow-
 /shells
-/ssl/
 /ssl1.1/
 /sudo.conf
 /sudo_logsrvd.conf
--- a/etc/apache2/httpd.conf
+++ b/etc/apache2/httpd.conf
@ -38,6 +38,9 @@ LoadModule	authn_file_module	/usr/lib/apache2/mod_authn_file.so
 LoadModule	authz_core_module	/usr/lib/apache2/mod_authz_core.so
 LoadModule	authz_user_module	/usr/lib/apache2/mod_authz_user.so

+# Custom headers.
+LoadModule	headers_module		/usr/lib/apache2/mod_headers.so
+
 # Proxying.
 #<IfModule !proxy_module>
 #  LoadModule	proxy_module		/usr/lib/apache2/mod_proxy.so
@ -66,7 +69,7 @@ ServerSignature			Email
 ServerTokens			Major
 User				apache
 Group				apache
-DefaultRuntimeDir		/run/apache2
+DefaultRuntimeDir		/run
 Mutex				pthread
 ScriptSock			cgid.sock

@ -119,6 +122,16 @@ BrowserMatch			"MSIE [2-5]"	nokeepalive downgrade-1.0 force-response-1.0
 </IfModule>


+# PHP.
+<IfModule proxy_fcgi_module>
+  DirectoryIndex	index.php index.phtml
+
+  <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
+    SetHandler		proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
+  </If>
+</IfModule>
+
+
 # Filters and Handlers.
 <IfModule include_module>
  AddOutputFilter	INCLUDES	.shtml .html
@ -177,7 +190,7 @@ Alias		/.well-known/acme-challenge/		/srv/dehydrated/
  Require		all granted
 </Directory>

-<Directory /srv/www/*/html/>
+<Directory /data/sites/*/html/>
  Options		Includes MultiViews SymLinksIfOwnerMatch
  AllowOverride		AuthConfig FileInfo Indexes Limit

@ -195,18 +208,10 @@ Alias		/.well-known/acme-challenge/		/srv/dehydrated/
      SSLOptions	+StdEnvVars
    </FilesMatch>
  </IfModule>
-
-  <IfModule proxy_fcgi_module>
-    DirectoryIndex	index.php index.phtml
-
-    <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
-      SetHandler	proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
-    </If>
-  </IfModule>
 </Directory>

 <IfModule cgid_module>
-  <Directory /srv/www/*/cgi-bin/>
+  <Directory /data/sites/*/cgi-bin/>
    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
    AllowOverride	AuthConfig FileInfo Limit

--- a/etc/apache2/sites.d/core.slackware.uk.net.conf
+++ b/etc/apache2/sites.d/core.slackware.uk.net.conf
@ -1,3 +1,17 @@
+<Directory /srv/pla/>
+  Options		FollowSymlinks
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/fusiondirectory>
+  # include /etc/fusiondirectory/fusiondirectory.secrets
+
+  AllowOverride			None
+  Require			all granted
+  AddType application/wasm	.wasm
+</Directory> 
+
 <VirtualHost 5.101.171.215:80 [2a01:a500:2981:1::d7]:80>
  ServerName		core.slackware.uk.net

@ -9,9 +23,10 @@
 </VirtualHost>

 <IfModule ssl_module>
-  <VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443>
+  <VirtualHost 5.101.171.215:25443 [2a01:a500:2981:1::d7]:25443>
    ServerName			core.slackware.uk.net

+    SSLEngine			On
    SSLCertificateFile		/etc/certificates/core.slackware.uk.net_cert.pem
    SSLCertificateKeyFile	/etc/certificates/core.slackware.uk.net_key.pem
    SSLCertificateChainFile	/etc/certificates/core.slackware.uk.net_chain.pem
@ -22,5 +37,8 @@
    ScriptAlias			/cgi-bin/	/data/sites/core.slackware.uk.net/cgi-bin/

    DocumentRoot		/data/sites/core.slackware.uk.net/html
+
+    Alias			/fd		/srv/fusiondirectory/html
+    Alias			/pla		/srv/pla
  </VirtualHost>
 </IfModule>
--- a/etc/default/rotate-logs-symlinks
+++ b/etc/default/rotate-logs-symlinks
@ -0,0 +1 @@
+CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba"
--- a/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg
+++ b/etc/dehydrated/accounts/aHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2RpcmVjdG9yeQo.tar.gpg
--- a/etc/fusiondirectory/fusiondirectory.conf
+++ b/etc/fusiondirectory/fusiondirectory.conf
@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<conf>
+  <main default="Slackware UK LDAP Server" logging="true" displayerrors="true" debuglevel="1024" templateCompileDirectory="/var/cache/fusiondirectory/template/" theme="breezy">
+    <location name="Slackware UK LDAP Server" forceSSL="true">
+      <referral URI="ldaps://core.slackware.uk.net:636" base="dc=slackware,dc=uk,dc=net" adminDn="cn=Administrator,cn=Users,dc=slackware,dc=uk,dc=net" adminPassword="rxdnq8cksunsa$0D" />
+    </location>
+  </main>
+</conf>
--- a/etc/init.d/.gitignore
+++ b/etc/init.d/.gitignore
@ -0,0 +1,4 @@
+/*
+!/.gitignore
+!/samba
+!/terraform-http-backend
--- a/etc/init.d/samba
+++ b/etc/init.d/samba
@ -0,0 +1,90 @@
+#!/sbin/openrc-run
+
+extra_started_commands="reload"
+piddir=${piddir:-"/run/samba"}
+
+DAEMON=${RC_SVCNAME#samba.}
+if [ "$DAEMON" != "$RC_SVCNAME" ]; then
+	daemon_list=$DAEMON
+fi
+
+depend() {
+	need net
+	after firewall
+}
+
+start_pre() {
+	checkpath --directory "$piddir"
+}
+
+start_samba() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/samba -- \
+		${samba_options:-"-D"}
+}
+
+stop_samba() {
+	start-stop-daemon --stop --quiet --pidfile "$piddir"/samba.pid
+}
+
+start_smbd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \
+		${smbd_options:-"-D"}
+}
+
+stop_smbd() {
+	start-stop-daemon --stop --quiet --pidfile "$piddir"/smbd.pid
+}
+
+start_nmbd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \
+		${nmbd_options:-"-D"}
+}
+
+stop_nmbd() {
+	start-stop-daemon --stop --quiet --pidfile "$piddir"/nmbd.pid
+}
+
+start_winbindd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \
+		${winbindd_options:-"-D"}
+}
+
+stop_winbindd() {
+	start-stop-daemon --stop --quiet --pidfile "$piddir"/winbindd.pid
+}
+
+
+start_bgqd() {
+	start-stop-daemon --start --quiet --exec /usr/lib/samba/samba-bgqd -- \
+		${bgqd_options:-"-D"}
+}
+
+stop_bgqd() {
+	start-stop-daemon --stop --quiet --pidfile "$piddir"/samba-bgqd.pid
+}
+
+start() {
+	for i in $daemon_list; do
+		ebegin "Starting $i"
+		start_$i
+		eend $?
+	done
+}
+
+stop() {
+	for i in $daemon_list; do
+		ebegin "Stopping $i"
+		stop_$i
+		eend $?
+	done
+}
+
+reload() {
+	for i in $daemon_list; do
+		ebegin "Reloading $i"
+		# bgqd binary is called samba-bgqd
+		busybox killall -HUP ${i/bgqd/samba-bgqd}
+		eend $?
+	done
+}
+
--- a/etc/init.d/terraform-http-backend
+++ b/etc/init.d/terraform-http-backend
@ -0,0 +1,19 @@
+#!/sbin/openrc-run
+
+depend() {
+	need net
+	after firewall
+}
+
+start() {
+	ebegin "Starting terraform-http-backend"
+	source /etc/conf.d/terraform-http-backend || eend 1
+	su "$TF_USER" -c "/opt/sbin/terraform-http-backend &" || eend 1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping terraform-http-backend"
+	busybox killall -TERM terraform-http-backend
+	eend $?
+}
--- a/etc/msmtprc.gpg
+++ b/etc/msmtprc.gpg
--- a/etc/network/interfaces
+++ b/etc/network/interfaces
@ -2,13 +2,13 @@ auto eth0
 iface eth0 inet static
  address 5.101.171.215/28
  gateway 5.101.171.209
-  mtu 9000
+  mtu 1500
 iface eth0 inet6 static
  address 2a01:a500:2981:1::d7/64
  gateway 2a01:a500:2981:1:ff:ff:ff:ff
-  mtu 9000
+  mtu 1500

 auto eth1
 iface eth1 inet static
  address 10.254.0.215/24
-  mtu 9000
+  mtu 1500
--- a/etc/openldap/ldap.conf
+++ b/etc/openldap/ldap.conf
@ -0,0 +1,10 @@
+# LDAP Defaults
+
+URI			ldap://core.slackware.uk.net
+BASE			dc=slackware,dc=uk,dc=net
+VERSION			3
+
+TLS_CACERT		/etc/certificates/LetsEncrypt-CompleteCertificateStore.pem
+TLS_CERT		/etc/certificates/core.slackware.uk.net_cert.pem
+TLS_KEY			/etc/certificates/core.slackware.uk.net_key.pem
+TLS_PROTOCOL_MIN	3.3
--- a/etc/openldap/schema/core-fd-conf.schema
+++ b/etc/openldap/schema/core-fd-conf.schema
@ -0,0 +1,732 @@
+##
+## fusiondirectory-conf.schema - Needed by FusionDirectory for its configuration
+##
+
+#~ ldapTLS="true"
+
+# Attributes
+
+# Schema setup
+
+attributetype ( 1.3.6.1.4.1.38414.8.10.2 NAME 'fdSchemaCheck'
+  DESC 'FusionDirectory - Schema check'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+# Look n feel
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.1 NAME 'fdLanguage'
+  DESC 'FusionDirectory - language'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.2 NAME 'fdTheme'
+  DESC 'FusionDirectory - theme'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.11.3 NAME 'fdTimezone'
+  DESC 'FusionDirectory - timezone'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+# People and group storage
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.1 NAME 'fdAccountPrimaryAttribute'
+  DESC 'FusionDirectory - attribute that should be used in user dn'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.3 NAME 'fdNextIdHook'
+  DESC 'FusionDirectory - A script to be called for finding the next free id for users or groups'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.6 NAME 'fdStrictNamingRules'
+  DESC 'FusionDirectory - Strict naming rules'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.7 NAME 'fdMinId'
+  DESC 'FusionDirectory - minimum user id'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.8 NAME 'fdUidNumberBase'
+  DESC 'FusionDirectory - uid number base'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.9 NAME 'fdGidNumberBase'
+  DESC 'FusionDirectory - gid number base'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.10 NAME 'fdUserRDN'
+  DESC 'FusionDirectory - User RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.11 NAME 'fdGroupRDN'
+  DESC 'FusionDirectory - Group RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.12 NAME 'fdIdAllocationMethod'
+  DESC 'FusionDirectory - id allocation method traditional/pool'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.13 NAME 'fdGidNumberPoolMin'
+  DESC 'FusionDirectory - pool gid number min'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.14 NAME 'fdUidNumberPoolMin'
+  DESC 'FusionDirectory - pool uid number min'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.15 NAME 'fdGidNumberPoolMax'
+  DESC 'FusionDirectory - pool gid number max'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.16 NAME 'fdUidNumberPoolMax'
+  DESC 'FusionDirectory - pool uid number max'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.17 NAME 'fdAclRoleRDN'
+  DESC 'FusionDirectory - ACL role RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.18 NAME 'fdCnPattern'
+  DESC 'FusionDirectory - Common Name pattern'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.19 NAME 'fdRestrictRoleMembers'
+  DESC 'FusionDirectory - Restrict role members to users from the same LDAP branch'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.20 NAME 'fdSplitPostalAddress'
+  DESC 'FusionDirectory - Expose street, postOfficeBox and postalCode fields instead of postalAddress'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.21 NAME 'fdPostalAddressPattern'
+  DESC 'FusionDirectory - When using separate address fields, you can use a pattern to fill postalAddress field'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.22 NAME 'fdMaxAvatarSize'
+  DESC 'FusionDirectory - Maximum user picture width and height in pixels'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.12.23 NAME 'fdGivenNameRequired'
+  DESC 'FusionDirectory - Whether givenName field is required on users'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+# Password
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.1 NAME 'fdPasswordDefaultHash'
+  DESC 'FusionDirectory - Password default hash'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.2 NAME 'fdPasswordMinLength'
+  DESC 'FusionDirectory - Password min length'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.3 NAME 'fdPasswordMinDiffer'
+  DESC 'FusionDirectory - password min differ'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.5 NAME 'fdHandleExpiredAccounts'
+  DESC 'FusionDirectory - Handle expired accounts'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.6 NAME 'fdSaslRealm'
+  DESC 'FusionDirectory - SASL Realm'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.7 NAME 'fdSaslExop'
+  DESC 'FusionDirectory - SASL Exop'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.8 NAME 'fdForcePasswordDefaultHash'
+  DESC 'FusionDirectory - Force password default hash'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.13.9 NAME 'fdPasswordAllowedHashes'
+  DESC 'FusionDirectory - Allowed password hashes'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# Core settings
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.2 NAME 'fdListSummary'
+  DESC 'FusionDirectory - Show list summary'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.4 NAME 'fdModificationDetectionAttribute'
+  DESC 'FusionDirectory - Modification detection attribute'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.6 NAME 'fdLogging'
+  DESC 'FusionDirectory - Logging'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.7 NAME 'fdLdapSizeLimit'
+  DESC 'FusionDirectory - LDAP size limit'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.14.8 NAME 'fdWildcardForeignKeys'
+  DESC 'FusionDirectory - Weither or not to enable wildcard searches for foreign keys on dn'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+# Login and session
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.1 NAME 'fdLoginAttribute'
+  DESC 'FusionDirectory attribute that will be used for login'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.2 NAME 'fdForceSSL'
+  DESC 'FusionDirectory - Force SSL'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.3 NAME 'fdWarnSSL'
+  DESC 'FusionDirectory - Warn user when SSL is not used'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.4 NAME 'fdStoreFilterSettings'
+  DESC 'FusionDirectory - Store filter settings'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.5 NAME 'fdSessionLifeTime'
+  DESC 'FusionDirectory - Session life time in seconds'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.6 NAME 'fdHttpAuthActivated'
+  DESC 'FusionDirectory - HTTP Basic Auth activation'
+  OBSOLETE
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.7 NAME 'fdHttpHeaderAuthActivated'
+  DESC 'FusionDirectory - HTTP Header Auth activation'
+  OBSOLETE
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.8 NAME 'fdHttpHeaderAuthHeaderName'
+  DESC 'FusionDirectory - HTTP Header Auth - Header name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.15.9 NAME 'fdLoginMethod'
+  DESC 'FusionDirectory - Active login method'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+# Debugging
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.1 NAME 'fdDisplayErrors'
+  DESC 'FusionDirectory - Weither or not to display errors'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.2 NAME 'fdLdapMaxQueryTime'
+  DESC 'FusionDirectory - Maximum LDAP query time'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.3 NAME 'fdLdapStats'
+  DESC 'FusionDirectory - Weither or not to activate ldap stats'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.4 NAME 'fdDebugLevel'
+  DESC 'FusionDirectory - Debug level'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.16.5 NAME 'fdDebugLogging'
+  DESC 'FusionDirectory - Debug logging'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+# Snapshots
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.1 NAME 'fdEnableSnapshots'
+  DESC 'FusionDirectory - Weither or not to enable snapshots'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.2 NAME 'fdSnapshotBase'
+  DESC 'FusionDirectory - Snaphost base'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.3 NAME 'fdEnableAutomaticSnapshots'
+  DESC 'FusionDirectory - Weither or not to enable snapshots'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.4 NAME 'fdSnapshotMinRetention'
+    DESC 'Minimum number of snapshots to be kept in store'
+    EQUALITY integerMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.17.5 NAME 'fdSnapshotRetentionDays'
+    DESC 'Number of days a snapshot should be kept'
+    EQUALITY integerMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+    SINGLE-VALUE )
+
+attributetype (  1.3.6.1.4.1.38414.8.17.6 NAME 'fdSnapshotSourceData'
+  DESC 'Possible Origin / Source of data received '
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+  SINGLE-VALUE)
+
+# Miscellaneous
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.2 NAME 'fdTabHook'
+  DESC 'FusionDirectory - tab hook'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.3 NAME 'fdShells'
+  DESC 'FusionDirectory - available shells'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.4 NAME 'fusionConfigMd5'
+  DESC 'FusionDirectory - md5sum of class.cache'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.5 NAME 'fdDisplayHookOutput'
+  DESC 'FusionDirectory - display hook execution output to the user'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.6 NAME 'fdAclTabOnObjects'
+  DESC 'FusionDirectory - Should acl tabs be shown on all objects'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.7 NAME 'fdDepartmentCategories'
+  DESC 'FusionDirectory - available categories for departments'
+  EQUALITY caseExactMatch
+  SUBSTR caseExactSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.8 NAME 'fdDefaultShell'
+  DESC 'FusionDirectory - default shell'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.9 NAME 'fdPluginsMenuBlacklist'
+  DESC 'FusionDirectory - Blacklist as groupdn|plugin or roledn|plugin'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.10 NAME 'fdManagementConfig'
+  DESC 'FusionDirectory - Configuration for management classes'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.11 NAME 'fdManagementUserConfig'
+  DESC 'FusionDirectory - Per user configuration for management classes'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.12 NAME 'fdAclTargetFilterLimit'
+  DESC 'Fusion Directory - Size limit for LDAP filter on ACL targets'
+  EQUALITY integerMatch
+  ORDERING integerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.18.13 NAME 'fdIncrementalModifierStates'
+  DESC 'FusionDirectory - States of the incremental modifier intances, with keys value and date, encoded as JSON'
+  EQUALITY caseExactMatch
+  SUBSTR caseExactSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+# Plugins
+
+attributetype ( 1.3.6.1.4.1.38414.8.19.1 NAME 'fdOGroupRDN'
+  DESC 'FusionDirectory - OGroup RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.19.2 NAME 'fdForceSaslPasswordAsk'
+  DESC 'FusionDirectory - Force password ask for SASL users'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.19.3 NAME 'fdOGroupDefaultUser'
+  DESC 'FusionDirectory - Create a default user in ou=restricted for object groups'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+# SSL
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.1 NAME 'fdSslCaCertPath'
+  DESC 'FusionDirectory - CA certificate path'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath'
+  DESC 'FusionDirectory - SSL key path'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.20.3 NAME 'fdSslCertPath'
+  DESC 'FusionDirectory - SSL certificate path'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+# CAS
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.1 NAME 'fdCasActivated'
+  DESC 'FusionDirectory - CAS activation'
+  OBSOLETE
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.2 NAME 'fdCasServerCaCertPath'
+  DESC 'FusionDirectory - CAS server CA certificate path'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.3 NAME 'fdCasHost'
+  DESC 'FusionDirectory - CAS host'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.4 NAME 'fdCasPort'
+  DESC 'FusionDirectory - CAS port'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.5 NAME 'fdCasContext'
+  DESC 'FusionDirectory - CAS context'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.6 NAME 'fdCasVerbose'
+  DESC 'FusionDirectory - CAS verbose flag'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.7 NAME 'fdCasLibraryBool'
+  DESC 'FusionDirectory - CAS boolean to activate CAS library >= 1.6'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.21.8 NAME 'fdCasClientServiceName'
+  DESC 'FusionDirectory - CAS client service name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+# FusionDirectory Tokens
+
+attributetype ( 1.3.6.1.4.1.38414.8.22.1 NAME 'fdTokenRDN'
+  DESC 'FusionDirectory - Branch where FusionDirectory Tokens are stored'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.22.2 NAME 'fdOrchestratorTokenRDN'
+  DESC 'FusionDirectory - Branch where FusionDirectory Orchestrator Tokens are stored'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.8.22.3 NAME 'fdRecoveryTokenRDN'
+  DESC 'FusionDirectory - Branch where FusionDirectory Recovery Tokens are stored'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+# merged from dashboard-fd.schema - Needed by Fusion Directory for dashboard options
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.1 NAME 'fdDashboardPrefix'
+  DESC 'FusionDirectory - Dashboard computer name prefix'
+  OBSOLETE
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.2 NAME 'fdDashboardNumberOfDigit'
+  DESC 'FusionDirectory - Dashboard number of digits after prefixes in computer names'
+  OBSOLETE
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.27.1.3 NAME 'fdDashboardExpiredAccountsDays'
+  DESC 'FusionDirectory - Dashboard number of days before expiration to be shown in board user tab'
+  OBSOLETE
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+# merged from recovery-fd.schema - Needed by Fusion Directory for password recovery options
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.1 NAME 'fdPasswordRecoveryActivated'
+  DESC 'Fusion Directory - Password recovery enabled/disabled'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.2 NAME 'fdPasswordRecoveryEmail'
+  DESC 'Fusion Directory - Password recovery sender email'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.3 NAME 'fdPasswordRecoveryMailSubject'
+  DESC 'Fusion Directory - Password recovery first email subject'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.4 NAME 'fdPasswordRecoveryMailBody'
+  DESC 'Fusion Directory - Password recovery first email body'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.5 NAME 'fdPasswordRecoveryMail2Subject'
+  DESC 'Fusion Directory - Password recovery second email subject'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.6 NAME 'fdPasswordRecoveryMail2Body'
+  DESC 'Fusion Directory - Password recovery second email body'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.7 NAME 'fdPasswordRecoveryValidity'
+  DESC 'Fusion Directory - Password recovery link validity in minutes'
+  EQUALITY integerMatch
+  ORDERING integerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.8 NAME 'fdPasswordRecoverySalt'
+  DESC 'Fusion Directory - Password recovery token salt'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.9 NAME 'fdPasswordRecoveryUseAlternate'
+  DESC 'Fusion Directory - Allow/disallow the use of alternate addresses for password recovery'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.8.110.10 NAME 'fdPasswordRecoveryLoginAttribute'
+  DESC 'Fusion Directory - Password recovery login attribute (usually uid)'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+
+# Object Class
+objectclass ( 1.3.6.1.4.1.38414.8.2.1 NAME 'fusionDirectoryConf'
+  DESC 'FusionDirectory configuration'
+  SUP top STRUCTURAL
+  MUST ( cn )
+  MAY (
+    fusionConfigMd5 $
+    fdSchemaCheck $
+    fdLanguage $ fdTheme $ fdTimezone $
+    fdAccountPrimaryAttribute $ fdNextIdHook $
+    fdStrictNamingRules $ fdMinId $ fdUidNumberBase $
+    fdGidNumberBase $ fdUserRDN $ fdGroupRDN $ fdIdAllocationMethod $
+    fdGidNumberPoolMin $ fdUidNumberPoolMin $ fdGidNumberPoolMax $ fdUidNumberPoolMax $
+    fdAclRoleRDN $ fdCnPattern $ fdRestrictRoleMembers $
+    fdSplitPostalAddress $ fdPostalAddressPattern $ fdMaxAvatarSize $ fdGivenNameRequired $
+    fdPasswordDefaultHash $ fdPasswordMinLength $ fdPasswordMinDiffer $
+    fdHandleExpiredAccounts $ fdSaslRealm $ fdSaslExop $
+    fdForcePasswordDefaultHash $ fdPasswordAllowedHashes $
+    fdListSummary $
+    fdModificationDetectionAttribute $ fdLogging $ fdLdapSizeLimit $ fdWildcardForeignKeys $
+    fdLoginAttribute $ fdForceSSL $ fdWarnSSL $ fdStoreFilterSettings $ fdSessionLifeTime $
+    fdHttpAuthActivated $ fdHttpHeaderAuthActivated $ fdHttpHeaderAuthHeaderName $
+    fdDisplayErrors $ fdLdapMaxQueryTime $ fdLdapStats $ fdDebugLevel $ fdDebugLogging $
+    fdEnableSnapshots $ fdSnapshotBase $
+    fdTabHook $ fdShells $ fdDefaultShell $ fdDisplayHookOutput $
+    fdPluginsMenuBlacklist $ fdManagementConfig $ fdManagementUserConfig $
+    fdAclTabOnObjects $ fdDepartmentCategories $ fdAclTargetFilterLimit $
+    fdIncrementalModifierStates $
+    fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $ fdSnapshotRetentionDays $ fdSnapshotSourceData $
+    fdCasActivated $ fdCasServerCaCertPath $ fdCasHost $ fdCasPort $ fdCasContext $ fdCasVerbose $
+    fdLoginMethod $ fdCasLibraryBool $ fdCasClientServiceName $ fdEnableAutomaticSnapshots $ fdSnapshotMinRetention $
+    fdTokenRDN $ fdOrchestratorTokenRDN $ fdRecoveryTokenRDN
+  ) )
+
+objectclass ( 1.3.6.1.4.1.38414.8.2.2 NAME 'fusionDirectoryPluginsConf'
+  DESC 'FusionDirectory plugins configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdOGroupRDN $ fdForceSaslPasswordAsk $ fdOGroupDefaultUser ) )
+
+objectclass ( 1.3.6.1.4.1.38414.8.2.3 NAME 'fdPasswordRecoveryConf'
+  DESC 'FusionDirectory password recovery configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY (
+    fdPasswordRecoveryActivated     $ fdPasswordRecoveryEmail     $
+    fdPasswordRecoveryMailSubject   $ fdPasswordRecoveryMailBody  $
+    fdPasswordRecoveryMail2Subject  $ fdPasswordRecoveryMail2Body $
+    fdPasswordRecoveryValidity      $ fdPasswordRecoverySalt      $
+    fdPasswordRecoveryUseAlternate  $ fdPasswordRecoveryLoginAttribute
+  ) )
+
+# Dashboard Object Class
+objectclass ( 1.3.6.1.4.1.38414.27.2.1 NAME 'fdDashboardPluginConf'
+  DESC 'FusionDirectory dashboard plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdDashboardPrefix $ fdDashboardNumberOfDigit $ fdDashboardExpiredAccountsDays) )
--- a/etc/openldap/schema/core-fd.schema
+++ b/etc/openldap/schema/core-fd.schema
@ -0,0 +1,580 @@
+##
+## core-fd.schema - Needed by FusionDirectory for its basic functionalities
+##
+
+# Last OID used for attributes  : 1.3.6.1.4.1.38414.62.1.77 04/08/25 #
+# Last OID used for objectClass : 1.3.6.1.4.1.38414.62.2.11 29/01/24 #
+
+##### Attributes from gosa ######
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
+  DESC 'GOsa - List of all object types that are in a gosaGroupOfNames'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate'
+  DESC 'GOsa - ACL entries for ACL roles'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry'
+  DESC 'GOsa - ACL entries'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp'
+  DESC 'GOsa - Unix timestamp of snapshot'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN'
+  DESC 'GOsa - Original DN of saved object in snapshot'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
+  DESC 'GOsa - Original data of saved object in snapshot'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
+
+##### Attributes from FusionDirectory #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.1 NAME 'fdUserDn'
+  DESC 'FusionDirectory - DN of a user'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.2 NAME 'fdObjectDn'
+  DESC 'FusionDirectory - DN of an object'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.3 NAME 'fdLockTimestamp'
+  DESC 'FusionDirectory - Lock token timestamp'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.4 NAME 'fdSnapshotObjectType'
+  DESC 'FusionDirectory - object type of the snapshotted object'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.51 NAME 'fdSnapshotDataSource'
+  DESC 'FusionDirectory - snapshot data origin / source'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.68 NAME 'fdSnapshotHash'
+  DESC 'FusionDirectory - hash of the current snapShot allowing diff verification with MD5'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+##### Subscriptions Attributes ######
+
+attributetype ( 1.3.6.1.4.1.38414.62.11.1 NAME 'fdSubscriptionStartDate'
+  DESC 'FusionDirectory - Subscription Starting Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.11.2 NAME 'fdSubscriptionEndDate'
+  DESC 'FusionDirectory - Subscription End Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.11.3 NAME 'fdSubscriptionType'
+  DESC 'FusionDirectory - Subscription type'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.11.4 NAME 'fdSubscriptionContractId'
+  DESC 'FusionDirectory - Subscription contract ID'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.11.5 NAME 'fdSubscriptionName'
+  DESC 'FusionDirectory - Subscription client name'
+  SUP name )
+  
+### Mail Template Attributes ###
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.5 NAME 'fdMailTemplateBody'
+  DESC 'FusionDirectory - template mail field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.6 NAME 'fdMailTemplateRDN'
+  DESC 'FusionDirectory - template Mail RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.7 NAME 'fdMailTemplateSignature'
+  DESC 'FusionDirectory - template mail field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.8 NAME 'fdMailAttachmentsContent'
+  DESC 'FusionDirectory - attachment data in bin format'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.9 NAME 'fdMailTemplateReadReceipt'
+  DESC 'FusionDirectory - template mail field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.10 NAME 'fdMailTemplateSubject'
+  DESC 'FusionDirectory - template mail field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+##### Tasks Attributes #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.11 NAME 'fdTasksMailObject'
+  DESC 'Fusion Directory - Tasks for mail template objects'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.12 NAME 'fdTasksScheduleDate'
+  DESC 'Scheduling of the Task - required processed date'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.13 NAME 'fdTasksMailUsers'
+  DESC 'Fusion Directory - Tasks Mail Users Recipient'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.14 NAME 'fdTasksStatus'
+  DESC 'Fusion Directory - Task Status'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.15 NAME 'fdTasksEndDate'
+  DESC 'Fusion Directory - Task End Date'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.57 NAME 'fdTasksLastExec'
+  DESC 'Fusion Directory - Time when tasks was last activated'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.77 NAME 'fdTasksNextExec'
+  DESC 'Fusion Directory - Time when tasks will be executed next'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.58 NAME 'fdTasksLastActivation'
+  DESC 'Fusion Directory - Time when tasks was last activated'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.16 NAME 'fdTasksCreationDate'
+  DESC 'Fusion Directory - Task Start Date'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.17 NAME 'fdTasksEmailsFromDN'
+  DESC 'Fusion Directory - Emails derived from DN' 
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.18 NAME 'fdTasksEmailSender'
+  DESC 'Fusion Directory - Emails derived from DN' 
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.55 NAME 'fdTasksEmailBCC'
+  DESC 'Fusion Directory - Emails derived from DN'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.19 NAME 'fdTasksMailType'
+  DESC 'Fusion Directory - Type of Mail attribute required'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+##### Tasks Granular #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.20 NAME 'fdTasksGranularStatus'
+  DESC 'Fusion Directory - Task Status'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.21 NAME 'fdTasksGranularSchedule'
+  DESC 'Scheduling of the Task - required processed date'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.22 NAME 'fdTasksGranularMaster'
+  DESC 'Fusion Directory - Tasks Master objects'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.23 NAME 'fdTasksGranularType'
+  DESC 'Fusion Directory - Tasks Type'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.24 NAME 'fdTasksGranularMail'
+  DESC 'Fusion Directory - Emails recipients if object mail'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.25 NAME 'fdTasksGranularMailFrom'
+  DESC 'Fusion Directory - Emails sender if object mail'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.56 NAME 'fdTasksGranularMailBCC'
+  DESC 'Fusion Directory - Emails sender if object mail'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.26 NAME 'fdTasksGranularRef'
+  DESC 'Fusion Directory - Reference towards a CN (E.g Mail Template)'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.69 NAME 'fdTasksGranularHelper'
+  DESC 'Fusion Directory - Reference towards a potential helper value from main task (case of reminder)'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.74 NAME 'fdTasksGranularCreationDate'
+  DESC 'Fusion Directory - Task Granular Creation Date'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.75 NAME 'fdTasksGranularLastExec'
+  DESC 'Fusion Directory - Time when granular tasks was last executed'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.76 NAME 'fdTasksGranularNextExec'
+  DESC 'Fusion Directory - Time when granular tasks will be executed next'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+## Any tasks requiring to store DN (Such as lifeCycle). ##
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.67 NAME 'fdTasksGranularDN'
+  DESC 'Fusion Directory - DN of the targeted user'
+  EQUALITY caseExactMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+##### Tasks Conf #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.27 NAME 'fdTasksRDN'
+  DESC 'FusionDirectory - Tasks RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.28 NAME 'fdTasksConfLastExecTime'
+	DESC 'Store time of last mail tasks success - secure spam interval'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.29 NAME 'fdTasksConfMaxEmails'
+	DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.30 NAME 'fdTasksConfIntervalEmails'
+	DESC 'FusionDirectory maximum emails to be processed by Orchestrator - secure spam'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+##### Plugin Manager #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.31 NAME 'fdPluginManagerInfoAuthors'
+  DESC 'FusionDirectory - Plugin authors attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.32 NAME 'fdPluginManagerInfoVersion'
+  DESC 'FusionDirectory - Plugin Version attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.33 NAME 'fdPluginManagerSupportHomeUrl'
+  DESC 'FusionDirectory - Plugin Support page url attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.34 NAME 'fdPluginManagerSupportTicketUrl'
+  DESC 'FusionDirectory - Plugin Suuport ticket url attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.35 NAME 'fdPluginManagerSupportDiscussionUrl'
+  DESC 'FusionDirectory - Pluging discussion url attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.36 NAME 'fdPluginManagerSupportSchemaUrl'
+  DESC 'FusionDirectory - Plugin schema url attribute needed if necessary'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.37 NAME 'fdPluginManagerReqFdVersion'
+  DESC 'FusionDirectory - Plugin Fusiondirectory Version requirement attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.38 NAME 'fdPluginManagerReqPhpVersion'
+  DESC 'FusionDirectory - Plugin PHP Version requirement attribute'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.39 NAME 'fdPluginManagerContentPhpClass'
+  DESC 'FusionDirectory - Plugin Manager : list on php class provided'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.40 NAME 'fdPluginManagerContentLdapObject'
+  DESC 'FusionDirectory - Plugin Manager : list on Ldap Object needed'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.41 NAME 'fdPluginManagerContentLdapAttributes'
+  DESC 'FusionDirectory - Plugin Manager : list on Ldap attributes needed'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.42 NAME 'fdPluginManagerInfoStatus'
+  DESC 'FusionDirectory - Plugin Manager : status of plugin : Dev / stable / dontuse '
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.43 NAME 'fdPluginManagerSupportDownloadUrl'
+  DESC 'FusionDirectory - Plugin direct download url '
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.44 NAME 'fdPluginManagerInfoTags'
+  DESC 'FusionDirectory - Plugin Tag for identity plugins goals'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.45 NAME 'fdPluginManagerInfoLogoUrl'
+  DESC 'FusionDirectory - Plugin Logo url '
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.46 NAME 'fdPluginManagerInfoScreenshotUrl'
+  DESC 'FusionDirectory - Plugin Screenshot Url '
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.47 NAME 'fdPluginManagerInfoLicence'
+  DESC 'FusionDirectory - Plugin Licence'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.48 NAME 'fdPluginManagerInfoOrigin'
+  DESC 'FusionDirectory - Plugin Origin'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.49 NAME 'fdPluginManagerSupportProvider'
+  DESC 'FusionDirectory - Plugin Support Provider'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.50 NAME 'fdPluginManagerSupportContractUrl'
+  DESC 'FusionDirectory - Plugin Support Contract url'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+##### Tasks Granular Part 2 #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.52 NAME 'fdTasksRepeatable'
+		DESC 'Allow a given task to be repeatable'
+		EQUALITY booleanMatch
+		SUBSTR caseIgnoreSubstringsMatch
+		SYNTAX '1.3.6.1.4.1.1466.115.121.1.7')
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.53 NAME 'fdTasksUpdatable'
+		DESC 'Allow a given task to be updatable'
+		EQUALITY booleanMatch
+		SUBSTR caseIgnoreSubstringsMatch
+		SYNTAX '1.3.6.1.4.1.1466.115.121.1.7')
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.54 NAME 'fdTasksRepeatableSchedule'
+		DESC 'Set the repetition of the tasks via a set attribute'
+		EQUALITY caseIgnoreMatch
+		SUBSTR caseIgnoreSubstringsMatch
+		SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')
+
+##### Token management attributes #####
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.70 NAME 'fdTokenUserDN'
+  DESC 'The DN user linked to the token'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.71 NAME 'fdTokenType'
+    DESC 'The token type eg reminder, recovery'
+    EQUALITY caseIgnoreMatch
+    SUBSTR caseIgnoreSubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.72 NAME 'fdToken'
+  DESC 'The token'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+attributetype ( 1.3.6.1.4.1.38414.62.1.73 NAME 'fdTokenTimestamp'
+  DESC 'Timestamp for the validation of the token'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+
+##### Classes #####
+
+### old gosa ObjectClass ###
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
+  DESC 'GOsa - Class to mark Departments for GOsa'
+  MUST  ( ou $ description )
+  MAY   ( manager $ co $ labeledURI ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
+  DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames'
+  SUP top AUXILIARY
+  MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
+  DESC 'GOsa - ACL container to define ACL roles'
+  SUP top STRUCTURAL
+  MUST ( gosaAclTemplate $ cn )
+  MAY  ( description ) )
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
+  DESC 'GOsa - ACL container to define single ACLs'
+  SUP top AUXILIARY
+  MUST ( gosaAclEntry  ))
+
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
+  DESC 'GOsa - Container object for undo and snapshot data'
+  SUP top STRUCTURAL
+  MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData $ fdSnapshotDataSource )
+  MAY  ( fdSnapshotObjectType $ description $ fdSnapshotHash) )
+
+### New FusionDirectory Objectclass ###
+
+objectclass ( 1.3.6.1.4.1.38414.62.2.1 NAME 'fdLockEntry' SUP top STRUCTURAL
+  DESC 'FusionDirectory - Class for FD locking'
+  MUST ( fdUserDn $ fdObjectDn $ cn $ fdLockTimestamp ))
+
+### Subscription Related Object Class ###
+
+objectclass ( 1.3.6.1.4.1.38414.62.2.2 NAME 'fdSubscriptionInformation' SUP top STRUCTURAL
+  DESC 'FusionDirectory - Information about current subscription'
+  MUST ( cn )
+  MAY ( uid $ fdSubscriptionStartDate $ fdSubscriptionEndDate $ fdSubscriptionType $ fdSubscriptionContractId $ fdSubscriptionName ))
+
+### Plugin manager Related Object Class ###
+
+objectclass (1.3.6.1.4.1.38414.62.2.3 NAME 'fdPluginManager'
+  DESC 'FusionDirectory - Plugins Manager ObjectClass'
+  MUST ( cn $ description $ fdPluginManagerInfoAuthors $ fdPluginManagerInfoVersion $ fdPluginManagerInfoStatus $ fdPluginManagerInfoLicence $ fdPluginManagerInfoOrigin $ fdPluginManagerSupportHomeUrl $ fdPluginManagerReqFdVersion $ fdPluginManagerReqPhpVersion $ fdPluginManagerSupportProvider )
+  MAY ( fdPluginManagerInfoScreenshotUrl $ fdPluginManagerInfoLogoUrl $ fdPluginManagerInfoTags $ fdPluginManagerSupportTicketUrl $ fdPluginManagerSupportDiscussionUrl $ fdPluginManagerSupportSchemaUrl $ fdPluginManagerSupportDownloadUrl $ fdPluginManagerContentPhpClass $ fdPluginManagerContentLdapObject $ fdPluginManagerContentLdapAttributes $ fdPluginManagerSupportContractUrl ))
+
+### Mail Template Related Object Class ###
+
+objectclass (1.3.6.1.4.1.38414.62.2.4 NAME 'fdMailTemplate'
+  DESC 'FusionDirectory - template mail object'
+  SUP top STRUCTURAL
+  MUST ( cn $ fdMailTemplateBody $ fdMailTemplateSubject )
+  MAY ( fdMailTemplateSignature $ fdMailTemplateReadReceipt))
+
+objectclass (1.3.6.1.4.1.38414.62.2.10 NAME 'fdMailAttachments'
+  DESC 'FusionDirectory - mail template attachments'
+  MUST ( cn $ fdMailAttachmentsContent ))
+
+objectclass ( 1.3.6.1.4.1.38414.62.2.5 NAME 'fdMailTemplateConf'
+  DESC 'FusionDirectory Mail Template Configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdMailTemplateRDN ) )
+
+### Tasks Related Object Class ###
+
+objectclass (1.3.6.1.4.1.38414.62.2.6 NAME 'fdTasks'
+  DESC 'FusionDirectory - Tasks objects'
+  MUST ( cn $ fdTasksStatus $ fdTasksCreationDate )
+  MAY ( fdTasksScheduleDate $ fdTasksEndDate $ fdTasksRepeatableSchedule $ fdTasksUpdatable $ fdTasksRepeatable
+  $ fdTasksLastActivation $ fdTasksLastExec $ fdTasksNextExec $ description))
+
+objectclass (1.3.6.1.4.1.38414.62.2.7 NAME 'fdTasksMail'
+  DESC 'FusionDirectory - Tasks objects Mail'
+  SUP top AUXILIARY
+  MUST ( fdTasksMailObject $ fdTasksEmailSender )
+  MAY ( fdTasksMailUsers $ fdTasksEmailsFromDN $ fdTasksMailType $ fdTasksEmailBCC ) )
+
+objectclass (1.3.6.1.4.1.38414.62.2.8 NAME 'fdTasksGranular'
+  DESC 'FusionDirectory - Tasks granular objects'
+  MUST ( fdTasksGranularMaster $ cn $ fdTasksGranularType $ fdTasksGranularSchedule $ fdTasksGranularStatus $ fdTasksGranularCreationDate )
+  MAY (fdTasksGranularMailBCC $ fdTasksGranularDN $ fdTasksGranularRef $ fdTasksGranularMail $ fdTasksGranularMailFrom $ fdTasksGranularHelper $ fdTasksGranularLastExec $ fdTasksGranularNextExec))
+
+objectclass (1.3.6.1.4.1.38414.62.2.9 NAME 'fdTasksConf'
+  DESC 'FusionDirectory - Tasks objects Configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdTasksRDN $ fdTasksConfLastExecTime $ fdTasksConfMaxEmails $ fdTasksConfIntervalEmails))
+
+### token objectclass ###
+
+objectclass ( 1.3.6.1.4.1.38414.62.2.11 NAME 'fdTokenEntry'
+  SUP top STRUCTURAL
+  DESC 'FusionDirectory - Class for token storage'
+  MUST ( cn $ fdTokenUserDN $ fdTokenType $ fdToken $ fdTokenTimestamp ))
--- a/etc/openldap/schema/ldapns.schema
+++ b/etc/openldap/schema/ldapns.schema
@ -0,0 +1,23 @@
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+
+# LDAP Name Service Additional Schema
+
+# http://www.iana.org/assignments/gssapi-service-names
+
+attributetype ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+	DESC 'IANA GSS-API authorized service name'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+	DESC 'Auxiliary object class for adding authorizedService attribute'
+	SUP top
+	AUXILIARY
+	MAY authorizedService )
+
+objectclass ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+	DESC 'Auxiliary object class for adding host attribute'
+	SUP top
+	AUXILIARY
+	MAY host )
+
--- a/etc/openldap/schema/rfc2307bis.schema
+++ b/etc/openldap/schema/rfc2307bis.schema
@ -0,0 +1,288 @@
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+#  DESC 'An integer uniquely identifying a user in an administrative domain'
+#  EQUALITY integerMatch
+#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#  SINGLE-VALUE )
+
+# builtin
+#
+#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+#  DESC 'An integer uniquely identifying a group in an
+#        administrative domain'
+#  EQUALITY integerMatch
+#  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+#  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+  DESC 'The GECOS field; the common name'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+  DESC 'The absolute path to the home directory'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+  DESC 'The path to the login shell'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+  DESC 'Netgroup triple'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+  DESC 'Service port number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+  DESC 'Service protocol name'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+  DESC 'IP protocol number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+  DESC 'ONC RPC number'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+  DESC 'IPv4 addresses as a dotted decimal omitting leading
+        zeros or IPv6 addresses as defined in RFC2373'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+  DESC 'IP network as a dotted decimal, eg. 192.168,
+        omitting leading zeros'
+  SUP name
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+  DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0,
+        omitting leading zeros'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+  DESC 'MAC address in maximal, colon separated hex
+        notation, eg. 00:00:92:90:ee:e2'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+  DESC 'rpc.bootparamd parameter'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+  DESC 'Boot image name'
+  EQUALITY caseExactIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+  DESC 'Name of a A generic NIS map'
+  SUP name )
+
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+  DESC 'A generic NIS entry'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey'
+  DESC 'NIS public key'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey'
+  DESC 'NIS secret key'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain'
+  DESC 'NIS domain'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName'
+  DESC 'automount Map Name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey'
+  DESC 'Automount Key value'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation'
+  DESC 'Automount information'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
+  DESC 'Abstraction of an account with POSIX attributes'
+  MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+  MAY ( userPassword $ loginShell $ gecos $
+        description ) )
+
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+  DESC 'Additional attributes for shadow passwords'
+  MUST uid
+  MAY ( userPassword $ description $
+        shadowLastChange $ shadowMin $ shadowMax $
+        shadowWarning $ shadowInactive $
+        shadowExpire $ shadowFlag ) )
+
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
+  DESC 'Abstraction of a group of accounts'
+  MUST gidNumber
+  MAY ( userPassword $ memberUid $
+        description ) )
+
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL
+  DESC 'Abstraction an Internet Protocol service.
+        Maps an IP port and protocol (such as tcp or udp)
+        to one or more names; the distinguished value of
+        the cn attribute denotes the services canonical
+        name'
+  MUST ( cn $ ipServicePort $ ipServiceProtocol )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL
+  DESC 'Abstraction of an IP protocol. Maps a protocol number
+        to one or more names. The distinguished value of the cn
+        attribute denotes the protocols canonical name'
+  MUST ( cn $ ipProtocolNumber )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL
+  DESC 'Abstraction of an Open Network Computing (ONC)
+       [RFC1057] Remote Procedure Call (RPC) binding.
+       This class maps an ONC RPC number to a name.
+       The distinguished value of the cn attribute denotes
+       the RPC services canonical name'
+  MUST ( cn $ oncRpcNumber )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY
+  DESC 'Abstraction of a host, an IP device. The distinguished
+        value of the cn attribute denotes the hosts canonical
+        name. Device SHOULD be used as a structural class'
+  MUST ( cn $ ipHostNumber )
+  MAY ( userPassword $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL
+  DESC 'Abstraction of a network. The distinguished value of
+        the cn attribute denotes the networks canonical name'
+  MUST ipNetworkNumber
+  MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )
+
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL
+  DESC 'Abstraction of a netgroup. May refer to other netgroups'
+  MUST cn
+  MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL
+  DESC 'A generic abstraction of a NIS map'
+  MUST nisMapName
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL
+  DESC 'An entry in a NIS map'
+  MUST ( cn $ nisMapEntry $ nisMapName )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY
+  DESC 'A device with a MAC address; device SHOULD be
+        used as a structural class'
+  MAY macAddress )
+
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY
+  DESC 'A device with boot parameters; device SHOULD be
+        used as a structural class'
+  MAY ( bootFile $ bootParameter ) )
+
+objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY
+  DESC 'An object with a public and secret key'
+  MUST ( cn $ nisPublicKey $ nisSecretKey )
+  MAY ( uidNumber $ description ) )
+
+objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY
+  DESC 'Associates a NIS domain with a naming context'
+  MUST nisDomain )
+
+objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL
+  MUST ( automountMapName )
+  MAY description )
+
+objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL
+  DESC 'Automount information'
+  MUST ( automountKey $ automountInformation )
+  MAY description )
+## namedObject is needed for groups without members
+objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top
+       STRUCTURAL MAY cn )
+
--- a/etc/openldap/schema/template-fd.schema
+++ b/etc/openldap/schema/template-fd.schema
@ -0,0 +1,16 @@
+##
+## template-fd.schema - Needed by Fusion Directory for managing templates
+##
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField'
+  DESC 'FusionDirectory - template field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+
+# Objectclasses
+objectclass (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate'
+  DESC 'FusionDirectory - template object'
+  MUST ( cn )
+  MAY ( fdTemplateField ) )
--- a/etc/periodic/weekly/9-clean-php
+++ b/etc/periodic/weekly/9-clean-php
@ -0,0 +1,4 @@
+#!/bin/bash
+
+find /var/lib/php/sessions -mmin +1440 -type f -print0 | xargs -0 rm -f
+find /var/lib/php/uploads -mmin +1440 -type f -print0 | xargs -0 rm -f
--- a/etc/php83/conf.d/00_bcmath.ini
+++ b/etc/php83/conf.d/00_bcmath.ini
@ -0,0 +1 @@
+extension=bcmath
--- a/etc/php83/conf.d/00_bz2.ini
+++ b/etc/php83/conf.d/00_bz2.ini
@ -0,0 +1 @@
+extension=bz2
--- a/etc/php83/conf.d/00_curl.ini
+++ b/etc/php83/conf.d/00_curl.ini
@ -0,0 +1 @@
+extension=curl
--- a/etc/php83/conf.d/00_gd.ini
+++ b/etc/php83/conf.d/00_gd.ini
@ -0,0 +1 @@
+extension=gd
--- a/etc/php83/conf.d/00_gettext.ini
+++ b/etc/php83/conf.d/00_gettext.ini
@ -0,0 +1 @@
+extension=gettext
--- a/etc/php83/conf.d/00_gmp.ini
+++ b/etc/php83/conf.d/00_gmp.ini
@ -0,0 +1 @@
+extension=gmp
--- a/etc/php83/conf.d/00_iconv.ini
+++ b/etc/php83/conf.d/00_iconv.ini
@ -0,0 +1 @@
+extension=iconv
--- a/etc/php83/conf.d/00_imap.ini
+++ b/etc/php83/conf.d/00_imap.ini
@ -0,0 +1 @@
+extension=imap
--- a/etc/php83/conf.d/00_intl.ini
+++ b/etc/php83/conf.d/00_intl.ini
@ -0,0 +1 @@
+extension=intl
--- a/etc/php83/conf.d/00_ldap.ini
+++ b/etc/php83/conf.d/00_ldap.ini
@ -0,0 +1 @@
+extension=ldap
--- a/etc/php83/conf.d/00_mbstring.ini
+++ b/etc/php83/conf.d/00_mbstring.ini
@ -0,0 +1 @@
+extension=mbstring
--- a/etc/php83/conf.d/00_opcache.ini
+++ b/etc/php83/conf.d/00_opcache.ini
@ -0,0 +1 @@
+zend_extension=opcache
--- a/etc/php83/conf.d/00_openssl.ini
+++ b/etc/php83/conf.d/00_openssl.ini
@ -0,0 +1 @@
+extension=openssl
--- a/etc/php83/conf.d/00_posix.ini
+++ b/etc/php83/conf.d/00_posix.ini
@ -0,0 +1 @@
+extension=posix
--- a/etc/php83/conf.d/00_session.ini
+++ b/etc/php83/conf.d/00_session.ini
@ -0,0 +1 @@
+extension=session
--- a/etc/php83/conf.d/00_simplexml.ini
+++ b/etc/php83/conf.d/00_simplexml.ini
@ -0,0 +1 @@
+extension=simplexml
--- a/etc/php83/conf.d/00_sodium.ini
+++ b/etc/php83/conf.d/00_sodium.ini
@ -0,0 +1 @@
+extension=sodium
--- a/etc/php83/conf.d/00_sqlite3.ini
+++ b/etc/php83/conf.d/00_sqlite3.ini
@ -0,0 +1 @@
+extension=sqlite3
--- a/etc/php83/conf.d/00_xml.ini
+++ b/etc/php83/conf.d/00_xml.ini
@ -0,0 +1 @@
+extension=xml
--- a/etc/php83/conf.d/00_zip.ini
+++ b/etc/php83/conf.d/00_zip.ini
@ -0,0 +1 @@
+extension=zip
--- a/etc/php83/conf.d/01_phar.ini
+++ b/etc/php83/conf.d/01_phar.ini
@ -0,0 +1 @@
+extension=phar
--- a/etc/php83/conf.d/99_bcmath.ini
+++ b/etc/php83/conf.d/99_bcmath.ini
@ -0,0 +1,4 @@
+[bcmath]
+; Number of decimal digits for all bcmath functions.
+; http://php.net/bcmath.scale
+bcmath.scale = 0
--- a/etc/php83/conf.d/99_curl.ini
+++ b/etc/php83/conf.d/99_curl.ini
@ -0,0 +1,4 @@
+[curl]
+; A default value for the CURLOPT_CAINFO option. This is required to be an
+; absolute path.
+;curl.cainfo =
--- a/etc/php83/conf.d/99_dba.ini
+++ b/etc/php83/conf.d/99_dba.ini
@ -0,0 +1,2 @@
+[dba]
+;dba.default_handler=
--- a/etc/php83/conf.d/99_exif.ini
+++ b/etc/php83/conf.d/99_exif.ini
@ -0,0 +1,23 @@
+[exif]
+; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
+; With mbstring support this will automatically be converted into the encoding
+; given by corresponding encode setting. When empty mbstring.internal_encoding
+; is used. For the decode settings you can distinguish between motorola and
+; intel byte order. A decode setting cannot be empty.
+; http://php.net/exif.encode-unicode
+;exif.encode_unicode = ISO-8859-15
+
+; http://php.net/exif.decode-unicode-motorola
+;exif.decode_unicode_motorola = UCS-2BE
+
+; http://php.net/exif.decode-unicode-intel
+;exif.decode_unicode_intel    = UCS-2LE
+
+; http://php.net/exif.encode-jis
+;exif.encode_jis =
+
+; http://php.net/exif.decode-jis-motorola
+;exif.decode_jis_motorola = JIS
+
+; http://php.net/exif.decode-jis-intel
+;exif.decode_jis_intel    = JIS
--- a/etc/php83/conf.d/99_ffi.ini
+++ b/etc/php83/conf.d/99_ffi.ini
@ -0,0 +1,9 @@
+[ffi]
+; FFI API restriction. Possible values:
+; "preload" - enabled in CLI scripts and preloaded files (default)
+; "false"   - always disabled
+; "true"    - always enabled
+;ffi.enable=preload
+
+; List of headers files to preload, wildcard patterns allowed.
+;ffi.preload=
--- a/etc/php83/conf.d/99_gd.ini
+++ b/etc/php83/conf.d/99_gd.ini
@ -0,0 +1,6 @@
+[gd]
+; Tell the jpeg decode to ignore warnings and try to create
+; a gd image. The warning will then be displayed as notices
+; disabled by default
+; http://php.net/gd.jpeg-ignore-warning
+;gd.jpeg_ignore_warning = 1
--- a/etc/php83/conf.d/99_iconv.ini
+++ b/etc/php83/conf.d/99_iconv.ini
@ -0,0 +1,17 @@
+[iconv]
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; If empty, default_charset or input_encoding or iconv.input_encoding is used.
+; The precedence is: default_charset < input_encoding < iconv.input_encoding
+;iconv.input_encoding =
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;iconv.internal_encoding =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; If empty, default_charset or output_encoding or iconv.output_encoding is used.
+; The precedence is: default_charset < output_encoding < iconv.output_encoding
+; To use an output encoding conversion, iconv's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+;iconv.output_encoding =
--- a/etc/php83/conf.d/99_imap.ini
+++ b/etc/php83/conf.d/99_imap.ini
@ -0,0 +1,6 @@
+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
--- a/etc/php83/conf.d/99_intl.ini
+++ b/etc/php83/conf.d/99_intl.ini
@ -0,0 +1,7 @@
+[intl]
+;intl.default_locale =
+; This directive allows you to produce PHP errors when some error
+; happens within intl functions. The value is the level of the error produced.
+; Default is 0, which does not produce any errors.
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
--- a/etc/php83/conf.d/99_ldap.ini
+++ b/etc/php83/conf.d/99_ldap.ini
@ -0,0 +1,3 @@
+[ldap]
+; Sets the maximum number of open links or -1 for unlimited.
+ldap.max_links = -1
--- a/etc/php83/conf.d/99_mbstring
+++ b/etc/php83/conf.d/99_mbstring
@ -0,0 +1,78 @@
+[mbstring]
+; language for internal character representation.
+; This affects mb_send_mail() and mbstring.detect_order.
+; http://php.net/mbstring.language
+;mbstring.language = Japanese
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; internal/script encoding.
+; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;mbstring.internal_encoding =
+
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; http input encoding.
+; mbstring.encoding_translation = On is needed to use this setting.
+; If empty, default_charset or input_encoding or mbstring.input is used.
+; The precedence is: default_charset < input_encoding < mbstring.http_input
+; http://php.net/mbstring.http-input
+;mbstring.http_input =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; http output encoding.
+; mb_output_handler must be registered as output buffer to function.
+; If empty, default_charset or output_encoding or mbstring.http_output is used.
+; The precedence is: default_charset < output_encoding < mbstring.http_output
+; To use an output encoding conversion, mbstring's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+; http://php.net/mbstring.http-output
+;mbstring.http_output =
+
+; enable automatic encoding translation according to
+; mbstring.internal_encoding setting. Input chars are
+; converted to internal encoding by setting this to On.
+; Note: Do _not_ use automatic encoding translation for
+;       portable libs/applications.
+; http://php.net/mbstring.encoding-translation
+;mbstring.encoding_translation = Off
+
+; automatic encoding detection order.
+; "auto" detect order is changed according to mbstring.language
+; http://php.net/mbstring.detect-order
+;mbstring.detect_order = auto
+
+; substitute_character used when character cannot be converted
+; one from another
+; http://php.net/mbstring.substitute-character
+;mbstring.substitute_character = none
+
+; overload(replace) single byte functions by mbstring functions.
+; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
+; etc. Possible values are 0,1,2,4 or combination of them.
+; For example, 7 for overload everything.
+; 0: No overload
+; 1: Overload mail() function
+; 2: Overload str*() functions
+; 4: Overload ereg*() functions
+; http://php.net/mbstring.func-overload
+mbstring.func_overload = 0
+
+; enable strict encoding detection.
+; Default: Off
+;mbstring.strict_detection = On
+
+; This directive specifies the regex pattern of content types for which mb_output_handler()
+; is activated.
+; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
+;mbstring.http_output_conv_mimetype=
+
+; This directive specifies maximum stack depth for mbstring regular expressions. It is similar
+; to the pcre.recursion_limit for PCRE.
+; Default: 100000
+;mbstring.regex_stack_limit=100000
+
+; This directive specifies maximum retry count for mbstring regular expressions. It is similar
+; to the pcre.backtrack_limit for PCRE.
+; Default: 1000000
+;mbstring.regex_retry_limit=1000000
--- a/etc/php83/conf.d/99_mysqli.ini
+++ b/etc/php83/conf.d/99_mysqli.ini
@ -0,0 +1,48 @@
+[MySQLi]
+
+; Maximum number of persistent links.  -1 means no limit.
+; http://php.net/mysqli.max-persistent
+mysqli.max_persistent = -1
+
+; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
+; http://php.net/mysqli.allow_local_infile
+;mysqli.allow_local_infile = On
+
+; Allow or prevent persistent links.
+; http://php.net/mysqli.allow-persistent
+mysqli.allow_persistent = On
+
+; Maximum number of links.  -1 means no limit.
+; http://php.net/mysqli.max-links
+mysqli.max_links = -1
+
+; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
+; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
+; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
+; at MYSQL_PORT.
+; http://php.net/mysqli.default-port
+mysqli.default_port = 3306
+
+; Default socket name for local MySQL connects.  If empty, uses the built-in
+; MySQL defaults.
+; http://php.net/mysqli.default-socket
+mysqli.default_socket =
+
+; Default host for mysqli_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-host
+mysqli.default_host =
+
+; Default user for mysqli_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-user
+mysqli.default_user =
+
+; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Note that this is generally a *bad* idea to store passwords in this file.
+; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
+; and reveal this password!  And of course, any users with read access to this
+; file will be able to reveal the password as well.
+; http://php.net/mysqli.default-pw
+mysqli.default_pw =
+
+; Allow or prevent reconnect
+mysqli.reconnect = Off
--- a/etc/php83/conf.d/99_mysqlnd.ini
+++ b/etc/php83/conf.d/99_mysqlnd.ini
@ -0,0 +1,33 @@
+[mysqlnd]
+; Enable / Disable collection of general statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_statistics = On
+
+; Enable / Disable collection of memory usage statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_memory_statistics = Off
+
+; Records communication from all extensions using mysqlnd to the specified log
+; file.
+; http://php.net/mysqlnd.debug
+;mysqlnd.debug =
+
+; Defines which queries will be logged.
+;mysqlnd.log_mask = 0
+
+; Default size of the mysqlnd memory pool, which is used by result sets.
+;mysqlnd.mempool_default_size = 16000
+
+; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
+;mysqlnd.net_cmd_buffer_size = 2048
+
+; Size of a pre-allocated buffer used for reading data sent by the server in
+; bytes.
+;mysqlnd.net_read_buffer_size = 32768
+
+; Timeout for network requests in seconds.
+;mysqlnd.net_read_timeout = 31536000
+
+; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
+; key.
+;mysqlnd.sha256_server_public_key =
--- a/etc/php83/conf.d/99_odbc.ini
+++ b/etc/php83/conf.d/99_odbc.ini
@ -0,0 +1,40 @@
+[ODBC]
+; http://php.net/odbc.default-db
+;odbc.default_db    =  Not yet implemented
+
+; http://php.net/odbc.default-user
+;odbc.default_user  =  Not yet implemented
+
+; http://php.net/odbc.default-pw
+;odbc.default_pw    =  Not yet implemented
+
+; Controls the ODBC cursor model.
+; Default: SQL_CURSOR_STATIC (default).
+;odbc.default_cursortype
+
+; Allow or prevent persistent links.
+; http://php.net/odbc.allow-persistent
+odbc.allow_persistent = On
+
+; Check that a connection is still valid before reuse.
+; http://php.net/odbc.check-persistent
+odbc.check_persistent = On
+
+; Maximum number of persistent links.  -1 means no limit.
+; http://php.net/odbc.max-persistent
+odbc.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent).  -1 means no limit.
+; http://php.net/odbc.max-links
+odbc.max_links = -1
+
+; Handling of LONG fields.  Returns number of bytes to variables.  0 means
+; passthru.
+; http://php.net/odbc.defaultlrl
+odbc.defaultlrl = 4096
+
+; Handling of binary data.  0 means passthru, 1 return as is, 2 convert to char.
+; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
+; of odbc.defaultlrl and odbc.defaultbinmode
+; http://php.net/odbc.defaultbinmode
+odbc.defaultbinmode = 1
--- a/etc/php83/conf.d/99_opcache.ini
+++ b/etc/php83/conf.d/99_opcache.ini
@ -0,0 +1,148 @@
+[opcache]
+; Determines if Zend OPCache is enabled
+opcache.enable=1
+
+; Determines if Zend OPCache is enabled for the CLI version of PHP
+opcache.enable_cli=0
+
+; The OPcache shared memory storage size.
+opcache.memory_consumption=64
+
+; The amount of memory for interned strings in Mbytes.
+;opcache.interned_strings_buffer=8
+
+; The maximum number of keys (scripts) in the OPcache hash table.
+; Only numbers between 200 and 1000000 are allowed.
+opcache.max_accelerated_files=1000
+
+; The maximum percentage of "wasted" memory until a restart is scheduled.
+;opcache.max_wasted_percentage=5
+
+; When this directive is enabled, the OPcache appends the current working
+; directory to the script key, thus eliminating possible collisions between
+; files with the same name (basename). Disabling the directive improves
+; performance, but may break existing applications.
+opcache.use_cwd=1
+
+; When disabled, you must reset the OPcache manually or restart the
+; webserver for changes to the filesystem to take effect.
+;opcache.validate_timestamps=1
+
+; How often (in seconds) to check file timestamps for changes to the shared
+; memory storage allocation. ("1" means validate once per second, but only
+; once per request. "0" means always validate)
+;opcache.revalidate_freq=2
+
+; Enables or disables file search in include_path optimization
+;opcache.revalidate_path=0
+
+; If disabled, all PHPDoc comments are dropped from the code to reduce the
+; size of the optimized code.
+opcache.save_comments=0
+
+; Allow file existence override (file_exists, etc.) performance feature.
+;opcache.enable_file_override=0
+
+; A bitmask, where each bit enables or disables the appropriate OPcache
+; passes
+;opcache.optimization_level=0x7FFFBFFF
+
+;opcache.dups_fix=0
+
+; The location of the OPcache blacklist file (wildcards allowed).
+; Each OPcache blacklist file is a text file that holds the names of files
+; that should not be accelerated. The file format is to add each filename
+; to a new line. The filename may be a full path or just a file prefix
+; (i.e., /var/www/x  blacklists all the files and directories in /var/www
+; that start with 'x'). Line starting with a ; are ignored (comments).
+;opcache.blacklist_filename=
+
+; Allows exclusion of large files from being cached. By default all files
+; are cached.
+;opcache.max_file_size=0
+
+; Check the cache checksum each N requests.
+; The default value of "0" means that the checks are disabled.
+;opcache.consistency_checks=0
+
+; How long to wait (in seconds) for a scheduled restart to begin if the cache
+; is not being accessed.
+;opcache.force_restart_timeout=180
+
+; OPcache error_log file name. Empty string assumes "stderr".
+;opcache.error_log=
+
+; All OPcache errors go to the Web server log.
+; By default, only fatal errors (level 0) or errors (level 1) are logged.
+; You can also enable warnings (level 2), info messages (level 3) or
+; debug messages (level 4).
+;opcache.log_verbosity_level=1
+
+; Preferred Shared Memory back-end. Leave empty and let the system decide.
+;opcache.preferred_memory_model=
+
+; Protect the shared memory from unexpected writing during script execution.
+; Useful for internal debugging only.
+;opcache.protect_memory=0
+
+; Allows calling OPcache API functions only from PHP scripts which path is
+; started from specified string. The default "" means no restriction
+;opcache.restrict_api=
+
+; Mapping base of shared memory segments (for Windows only). All the PHP
+; processes have to map shared memory into the same address space. This
+; directive allows to manually fix the "Unable to reattach to base address"
+; errors.
+;opcache.mmap_base=
+
+; Facilitates multiple OPcache instances per user (for Windows only). All PHP
+; processes with the same cache ID and user share an OPcache instance.
+;opcache.cache_id=
+
+; Enables and sets the second level cache directory.
+; It should improve performance when SHM memory is full, at server restart or
+; SHM reset. The default "" disables file based caching.
+;opcache.file_cache=
+
+; Enables or disables opcode caching in shared memory.
+;opcache.file_cache_only=0
+
+; Enables or disables checksum validation when script loaded from file cache.
+;opcache.file_cache_consistency_checks=1
+
+; Implies opcache.file_cache_only=1 for a certain process that failed to
+; reattach to the shared memory (for Windows only). Explicitly enabled file
+; cache is required.
+;opcache.file_cache_fallback=1
+
+; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
+; This should improve performance, but requires appropriate OS configuration.
+;opcache.huge_code_pages=1
+
+; Validate cached file permissions.
+;opcache.validate_permission=0
+
+; Prevent name collisions in chroot'ed environment.
+;opcache.validate_root=0
+
+; If specified, it produces opcode dumps for debugging different stages of
+; optimizations.
+;opcache.opt_debug_level=0
+
+; Specifies a PHP script that is going to be compiled and executed at server
+; start-up.
+; http://php.net/opcache.preload
+;opcache.preload=
+
+; Preloading code as root is not allowed for security reasons. This directive
+; facilitates to let the preloading to be run as another user.
+; http://php.net/opcache.preload_user
+;opcache.preload_user=
+
+; Prevents caching files that are less than this number of seconds old. It
+; protects from caching of incompletely updated files. In case all file updates
+; on your site are atomic, you may increase performance by setting it to "0".
+;opcache.file_update_protection=2
+
+; Absolute path used to store shared lockfiles (for *nix only).
+;opcache.lockfile_path=/tmp
--- a/etc/php83/conf.d/99_openssl.ini
+++ b/etc/php83/conf.d/99_openssl.ini
@ -0,0 +1,17 @@
+[openssl]
+; The location of a Certificate Authority (CA) file on the local filesystem
+; to use when verifying the identity of SSL/TLS peers. Most users should
+; not specify a value for this directive as PHP will attempt to use the
+; OS-managed cert stores in its absence. If specified, this value may still
+; be overridden on a per-stream basis via the "cafile" SSL stream context
+; option.
+;openssl.cafile=
+
+; If openssl.cafile is not specified or if the CA file is not found, the
+; directory pointed to by openssl.capath is searched for a suitable
+; certificate. This value must be a correctly hashed certificate directory.
+; Most users should not specify a value for this directive as PHP will
+; attempt to use the OS-managed cert stores in its absence. If specified,
+; this value may still be overridden on a per-stream basis via the "capath"
+; SSL stream context option.
+;openssl.capath=
--- a/etc/php83/conf.d/99_pdo.ini
+++ b/etc/php83/conf.d/99_pdo.ini
@ -0,0 +1,6 @@
+[Pdo]
+; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
+; http://php.net/pdo-odbc.connection-pooling
+;pdo_odbc.connection_pooling=strict
+
+;pdo_odbc.db2_instance_name
--- a/etc/php83/conf.d/99_pdo_mysql.ini
+++ b/etc/php83/conf.d/99_pdo_mysql.ini
@ -0,0 +1,4 @@
+[Pdo_mysql]
+; Default socket name for local MySQL connects.  If empty, uses the built-in
+; MySQL defaults.
+;pdo_mysql.default_socket=
--- a/etc/php83/conf.d/99_pgsql.ini
+++ b/etc/php83/conf.d/99_pgsql.ini
@ -0,0 +1,27 @@
+[PostgreSQL]
+; Allow or prevent persistent links.
+; http://php.net/pgsql.allow-persistent
+pgsql.allow_persistent = On
+
+; Detect broken persistent links always with pg_pconnect().
+; Auto reset feature requires a little overheads.
+; http://php.net/pgsql.auto-reset-persistent
+pgsql.auto_reset_persistent = Off
+
+; Maximum number of persistent links.  -1 means no limit.
+; http://php.net/pgsql.max-persistent
+pgsql.max_persistent = -1
+
+; Maximum number of links (persistent+non persistent).  -1 means no limit.
+; http://php.net/pgsql.max-links
+pgsql.max_links = -1
+
+; Ignore PostgreSQL backends Notice message or not.
+; Notice message logging require a little overheads.
+; http://php.net/pgsql.ignore-notice
+pgsql.ignore_notice = 0
+
+; Log PostgreSQL backends Notice message or not.
+; Unless pgsql.ignore_notice=0, module cannot log notice message.
+; http://php.net/pgsql.log-notice
+pgsql.log_notice = 0
--- a/etc/php83/conf.d/99_phar.ini
+++ b/etc/php83/conf.d/99_phar.ini
@ -0,0 +1,8 @@
+[Phar]
+; http://php.net/phar.readonly
+;phar.readonly = On
+
+; http://php.net/phar.require-hash
+;phar.require_hash = On
+
+;phar.cache_list =
--- a/etc/php83/conf.d/99_session.ini
+++ b/etc/php83/conf.d/99_session.ini
@ -0,0 +1,269 @@
+[Session]
+; Handler used to store/retrieve data.
+; http://php.net/session.save-handler
+session.save_handler = files
+
+; Argument passed to save_handler.  In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+;     session.save_path = "N;/path"
+;
+; where N is an integer.  Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories.  This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+;         You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+;         use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+;     session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; http://php.net/session.save-path
+session.save_path = "/var/lib/php/sessions"
+
+; Name of the session (used as cookie name).
+; http://php.net/session.name
+session.name = PHP_SESSION_ID
+
+; Initialize session on request startup.
+; http://php.net/session.auto-start
+;session.auto_start = 0
+
+; Handler used to serialize data. php is the standard serializer of PHP.
+; http://php.net/session.serialize-handler
+session.serialize_handler = php_serialize
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.gc-probability
+;session.gc_probability = 1
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using gc_probability/gc_divisor,
+; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
+; For high volume production servers, using a value of 1000 is a more efficient approach.
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+; http://php.net/session.gc-divisor
+;session.gc_divisor = 1000
+
+; After this number of seconds, stored data will be seen as 'garbage' and
+; cleaned up by the garbage collection process.
+; http://php.net/session.gc-maxlifetime
+session.gc_maxlifetime = 86400
+
+; NOTE: If you are using the subdirectory option for storing session files
+;       (see session.save_path above), then garbage collection does *not*
+;       happen automatically.  You will need to do your own garbage
+;       collection through a shell script, cron entry, or some other method.
+;       For example, the following script is the equivalent of setting
+;       session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+;          find /path/to/sessions -cmin +24 -type f | xargs rm
+
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
+; http://php.net/session.referer-check
+;session.referer_check =
+
+; Gives a path to an external resource (file) which will be used as an
+; additional entropy source in the session id creation process.
+;session.entropy_file string = /dev/urandom
+
+; Whether to use strict session mode.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+;session.use_strict_mode = 0
+
+; Whether to use cookies.
+; http://php.net/session.use-cookies
+; session.use_cookies = 1
+
+; This option forces PHP to fetch and use a cookie for storing and maintaining
+; the session id. We encourage this operation as it's very helpful in combating
+; session hijacking when not specifying and managing your own session id. It is
+; not the be-all and end-all of session hijacking defense, but it's a good start.
+; http://php.net/session.use-only-cookies
+;session.use_only_cookies = 1
+
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
+; http://php.net/session.cookie-lifetime
+;session.cookie_lifetime = 0
+
+; The path for which the cookie is valid.
+; http://php.net/session.cookie-path
+;session.cookie_path = /
+
+; The domain for which the cookie is valid.
+; http://php.net/session.cookie-domain
+;session.cookie_domain =
+
+; http://php.net/session.cookie-secure
+; session.cookie_secure = On
+
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
+; http://php.net/session.cookie-httponly
+session.cookie_httponly = Off
+
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Strict", "Lax" or "None". When using "None",
+; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+; session.cookie_samesite =
+
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+; http://php.net/session.cache-limiter
+;session.cache_limiter = nocache
+
+; Document expires after n minutes.
+; http://php.net/session.cache-expire
+;session.cache_expire = 180
+
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users' security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+;   to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+;   in publicly accessible computer.
+; - User may access your site with the same session ID
+;   always using URL stored in browser's history or bookmarks.
+; http://php.net/session.use-trans-sid
+;session.use_trans_sid = 0
+
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+; <form> is special; if you include them here, the rewriter will
+; add a hidden <input> field with the info which is otherwise appended
+; to URLs. <form> tag's action attribute URL will not be modified
+; unless it is specified.
+; Note that all valid entries require a "=", even if no value follows.
+; Default Value: "a=href,area=href,frame=src,form="
+; Development Value: "a=href,area=href,frame=src,form="
+; Production Value: "a=href,area=href,frame=src,form="
+; http://php.net/url-rewriter.tags
+;session.trans_sid_tags = "a=href,area=href,frame=src,form="
+
+; URL rewriter does not rewrite absolute URLs by default.
+; To enable rewrites for absolute paths, target hosts must be specified
+; at RUNTIME. i.e. use ini_set()
+; <form> tags is special. PHP will check action attribute's URL regardless
+; of session.trans_sid_tags setting.
+; If no host is defined, HTTP_HOST will be used for allowed host.
+; Example value: php.net,www.php.net,wiki.php.net
+; Use "," for multiple hosts. No spaces are allowed.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;session.trans_sid_hosts=""
+
+; Set session ID character length. This value could be between 22 to 256.
+; Shorter length than default is supported only for compatibility reason.
+; Users should use 32 or more chars.
+; http://php.net/session.sid-length
+; Default Value: 32
+; Development Value: 26
+; Production Value: 26
+session.sid_length = 64
+
+; Define how many bits are stored in each character when converting
+; the binary hash data to something readable.
+; Possible values:
+;   4  (4 bits: 0-9, a-f)
+;   5  (5 bits: 0-9, a-v)
+;   6  (6 bits: 0-9, a-z, A-Z, "-", ",")
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+; http://php.net/session.hash-bits-per-character
+session.sid_bits_per_character = 6
+
+; Define the hash algorithm used to generate the session IDs.
+; Possible values:
+;   '0'  MD5 (128 bits)
+;   '1'  SHA-1 (160 bits)
+; It is also possible to specify any of the algorithms provided by the hash
+; extension (if it is available), like sha512 or whirlpool.
+session.hash_function = 1
+
+; Define how many bits are stored in each character when converting
+; the binary hash data to something readable.
+; Possible values:
+;   4  (4 bits: 0-9, a-f)
+;   5  (5 bits: 0-9, a-v)
+;   6  (6 bits: 0-9, a-z, A-Z, "-", ",")
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+session.hash_bits_per_character = 6
+
+; Enable upload progress tracking in $_SESSION
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.enabled
+;session.upload_progress.enabled = On
+
+; Cleanup the progress information as soon as all POST data has been read
+; (i.e. upload completed).
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.cleanup
+;session.upload_progress.cleanup = 1
+
+; A prefix used for the upload progress key in $_SESSION
+; Default Value: "upload_progress_"
+; Development Value: "upload_progress_"
+; Production Value: "upload_progress_"
+; http://php.net/session.upload-progress.prefix
+;session.upload_progress.prefix = "upload_progress_"
+
+; The index name (concatenated with the prefix) in $_SESSION
+; containing the upload progress information
+; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; http://php.net/session.upload-progress.name
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+
+; How frequently the upload progress should be updated.
+; Given either in percentages (per-file), or in bytes
+; Default Value: "1%"
+; Development Value: "1%"
+; Production Value: "1%"
+; http://php.net/session.upload-progress.freq
+;session.upload_progress.freq =  "1%"
+
+; The minimum delay between updates, in seconds
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.upload-progress.min-freq
+;session.upload_progress.min_freq = "1"
+
+; Only write session data when session data is changed. Enabled by default.
+; http://php.net/session.lazy-write
+;session.lazy_write = On
+session.lazy_write = Off
--- a/etc/php83/conf.d/99_soap.ini
+++ b/etc/php83/conf.d/99_soap.ini
@ -0,0 +1,16 @@
+[soap]
+; Enables or disables WSDL caching feature.
+; http://php.net/soap.wsdl-cache-enabled
+soap.wsdl_cache_enabled=1
+
+; Sets the directory name where SOAP extension will put cache files.
+; http://php.net/soap.wsdl-cache-dir
+soap.wsdl_cache_dir="/tmp"
+
+; (time to live) Sets the number of second while cached file will be used
+; instead of original one.
+; http://php.net/soap.wsdl-cache-ttl
+soap.wsdl_cache_ttl=86400
+
+; Sets the size of the cache limit. (Max. number of WSDL files to cache)
+soap.wsdl_cache_limit = 5
--- a/etc/php83/conf.d/99_sqlite3.ini
+++ b/etc/php83/conf.d/99_sqlite3.ini
@ -0,0 +1,13 @@
+[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
+;sqlite3.extension_dir =
+
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+;sqlite3.defensive = 1
--- a/etc/php83/conf.d/99_sysvshm.ini
+++ b/etc/php83/conf.d/99_sysvshm.ini
@ -0,0 +1,3 @@
+[sysvshm]
+; A default size of the shared memory segment
+;sysvshm.init_mem = 10000
--- a/etc/php83/conf.d/99_tidy.ini
+++ b/etc/php83/conf.d/99_tidy.ini
@ -0,0 +1,10 @@
+[Tidy]
+; The path to a default tidy configuration file to use when using tidy
+; http://php.net/tidy.default-config
+;tidy.default_config = /usr/local/lib/php/default.tcfg
+
+; Should tidy clean and repair output automatically?
+; WARNING: Do not use this option if you are generating non-html content
+; such as dynamic images
+; http://php.net/tidy.clean-output
+tidy.clean_output = Off
--- a/etc/php83/conf.d/imagick.ini
+++ b/etc/php83/conf.d/imagick.ini
@ -0,0 +1 @@
+extension=imagick
--- a/etc/php83/php-fpm.conf
+++ b/etc/php83/php-fpm.conf
@ -0,0 +1,143 @@
+;;;;;;;;;;;;;;;;;;;;;
+; FPM Configuration ;
+;;;;;;;;;;;;;;;;;;;;;
+
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+
+;;;;;;;;;;;;;;;;;;
+; Global Options ;
+;;;;;;;;;;;;;;;;;;
+
+[global]
+; Pid file
+; Note: the default prefix is /var
+; Default Value: none
+pid = run/php-fpm.pid
+
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; into a local file.
+; Note: the default prefix is /var
+; Default Value: log/php-fpm.log
+error_log = syslog
+
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+syslog.facility = local2
+
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+syslog.ident = php-fpm
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+log_level = notice
+
+; Log limit on number of characters in the single line (log entry). If the
+; line is over the limit, it is wrapped on multiple lines. The limit is for
+; all logged characters including message prefix and suffix if present. However
+; the new line character does not count into it as it is present only when
+; logging to a file descriptor. It means the new line character is not present
+; when logging to syslog.
+; Default Value: 1024
+;log_limit = 4096
+
+; Log buffering specifies if the log line is buffered which means that the
+; line is written in a single write operation. If the value is false, then the
+; data is written directly into the file descriptor. It is an experimental
+; option that can potentionaly improve logging performance and memory usage
+; for some heavy logging scenarios. This option is ignored if logging to syslog
+; as it has to be always buffered.
+; Default value: yes
+;log_buffering = no
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+emergency_restart_threshold = 5
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated.  This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+emergency_restart_interval = 10
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+
+; The maximum number of processes FPM will fork. This has been designed to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+process.max = 16
+
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lowest priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool process will inherit the master process priority
+;         unless specified otherwise
+; Default Value: no set
+process.priority = 0
+
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Specify the event mechanism FPM will use. The following is available:
+; - select     (any POSIX os)
+; - poll       (any POSIX os)
+; - epoll      (linux >= 2.5.44)
+; - kqueue     (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll  (Solaris >= 7)
+; - port       (Solaris >= 10)
+; Default Value: not set (auto detection)
+;events.mechanism = epoll
+
+; When FPM is built with systemd integration, specify the interval,
+; in seconds, between health report notification to systemd.
+; Set to 0 to disable.
+; Available Units: s(econds), m(inutes), h(ours)
+; Default Unit: seconds
+; Default value: 10
+;systemd_interval = 10
+
+;;;;;;;;;;;;;;;;;;;;
+; Pool Definitions ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Multiple pools of child processes may be started with different listening
+; ports and different management options.  The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+;  - the global prefix if it's been set (-p argument)
+;  - /usr otherwise
+include=/etc/php83/php-fpm.d/*.conf
--- a/etc/php83/php-fpm.d/www.conf
+++ b/etc/php83/php-fpm.d/www.conf
@ -0,0 +1,424 @@
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
+[www]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+;       will be used.
+user = nobody
+group = nobody
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
+;                            a specific port;
+;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+;                            a specific port;
+;   'port'                 - to listen on a TCP socket to all addresses
+;                            (IPv6 and IPv4-mapped) on a specific port;
+;   '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+;listen = 127.0.0.1:9000
+listen = /run/php-fpm83/php-fpm.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+;                 mode is set to 0660
+listen.owner = nobody
+listen.group = apache
+listen.mode = 0660
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+; listen.allowed_clients = 127.0.0.1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+;       - The pool processes will inherit the master process priority
+;         unless it specified otherwise
+; Default Value: no set
+process.priority = 0
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+;   static  - a fixed number (pm.max_children) of child processes;
+;   dynamic - the number of child processes are set dynamically based on the
+;             following directives. With this process management, there will be
+;             always at least 1 children.
+;             pm.max_children      - the maximum number of children that can
+;                                    be alive at the same time.
+;             pm.start_servers     - the number of children created on startup.
+;             pm.min_spare_servers - the minimum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is less than this
+;                                    number then some children will be created.
+;             pm.max_spare_servers - the maximum number of children in 'idle'
+;                                    state (waiting to process). If the number
+;                                    of 'idle' processes is greater than this
+;                                    number then some children will be killed.
+;  ondemand - no children are created at startup. Children will be forked when
+;             new requests will connect. The following parameter are used:
+;             pm.max_children           - the maximum number of children that
+;                                         can be alive at the same time.
+;             pm.process_idle_timeout   - The number of seconds after which
+;                                         an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 8
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 2
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 4
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+pm.max_requests = 5000
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following informations:
+;   pool                 - the name of the pool;
+;   process manager      - static, dynamic or ondemand;
+;   start time           - the date and time FPM has started;
+;   start since          - number of seconds since FPM has started;
+;   accepted conn        - the number of request accepted by the pool;
+;   listen queue         - the number of request in the queue of pending
+;                          connections (see backlog in listen(2));
+;   max listen queue     - the maximum number of requests in the queue
+;                          of pending connections since FPM has started;
+;   listen queue len     - the size of the socket queue of pending connections;
+;   idle processes       - the number of idle processes;
+;   active processes     - the number of active processes;
+;   total processes      - the number of idle + active processes;
+;   max active processes - the maximum number of active processes since FPM
+;                          has started;
+;   max children reached - number of times, the process limit has been reached,
+;                          when pm tries to start more children (works only for
+;                          pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+;   pool:                 www
+;   process manager:      static
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          62636
+;   accepted conn:        190460
+;   listen queue:         0
+;   max listen queue:     1
+;   listen queue len:     42
+;   idle processes:       4
+;   active processes:     11
+;   total processes:      15
+;   max active processes: 12
+;   max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+;   http://www.foo.bar/status
+;   http://www.foo.bar/status?json
+;   http://www.foo.bar/status?html
+;   http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+;   http://www.foo.bar/status?full
+;   http://www.foo.bar/status?json&full
+;   http://www.foo.bar/status?html&full
+;   http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+;   pid                  - the PID of the process;
+;   state                - the state of the process (Idle, Running, ...);
+;   start time           - the date and time the process has started;
+;   start since          - the number of seconds since the process has started;
+;   requests             - the number of requests the process has served;
+;   request duration     - the duration in µs of the requests;
+;   request method       - the request method (GET, POST, ...);
+;   request URI          - the request URI with the query string;
+;   content length       - the content length of the request (only with POST);
+;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
+;   script               - the main script called (or '-' if not set);
+;   last request cpu     - the %cpu the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because CPU calculation is done when the request
+;                          processing has terminated;
+;   last request memory  - the max amount of memory the last request consumed
+;                          it's always 0 if the process is not in Idle state
+;                          because memory calculation is done when the request
+;                          processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+;   ************************
+;   pid:                  31330
+;   state:                Running
+;   start time:           01/Jul/2011:17:53:49 +0200
+;   start since:          63087
+;   requests:             12808
+;   request duration:     1250261
+;   request method:       GET
+;   request URI:          /test_mem.php?N=10000
+;   content length:       0
+;   user:                 -
+;   script:               /home/fat/web/docs/php/test_mem.php
+;   last request cpu:     0.00
+;   last request memory:  0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+;       It's available in: /usr/share/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+;       anything, but it may not be a good idea to use the .php extension or it
+;       may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+;  %%: the '%' character
+;  %C: %CPU used by the request
+;      it can accept the following format:
+;      - %{user}C for user CPU only
+;      - %{system}C for system CPU only
+;      - %{total}C  for user + system CPU (default)
+;  %d: time taken to serve the request
+;      it can accept the following format:
+;      - %{seconds}d (default)
+;      - %{miliseconds}d
+;      - %{mili}d
+;      - %{microseconds}d
+;      - %{micro}d
+;  %e: an environment variable (same as $_ENV or $_SERVER)
+;      it must be associated with embraces to specify the name of the env
+;      variable. Some exemples:
+;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+;  %f: script filename
+;  %l: content-length of the request (for POST request only)
+;  %m: request method
+;  %M: peak of memory allocated by PHP
+;      it can accept the following format:
+;      - %{bytes}M (default)
+;      - %{kilobytes}M
+;      - %{kilo}M
+;      - %{megabytes}M
+;      - %{mega}M
+;  %n: pool name
+;  %o: output header
+;      it must be associated with embraces to specify the name of the header:
+;      - %{Content-Type}o
+;      - %{X-Powered-By}o
+;      - %{Transfert-Encoding}o
+;      - ....
+;  %p: PID of the child that serviced the request
+;  %P: PID of the parent of the child that serviced the request
+;  %q: the query string
+;  %Q: the '?' character if query string exists
+;  %r: the request URI (without the query string, see %q and %Q)
+;  %R: remote IP address
+;  %s: status (response code)
+;  %t: server time the request was received
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %T: time the log has been written (the request has finished)
+;      it can accept a strftime(3) format:
+;      %d/%b/%Y:%H:%M:%S %z (default)
+;      The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
+;      e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+;  %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; Depth of slow log stack trace.
+; Default Value: 20
+;request_slowlog_trace_depth = 20
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+request_terminate_timeout = 60
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+;       possible. However, all PHP paths will be relative to the chroot
+;       (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+;chdir = /var/www
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+security.limit_extensions = .php .phar .phtml
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+;   php_value/php_flag             - you can set classic ini defines which can
+;                                    be overwritten from PHP call 'ini_set'.
+;   php_admin_value/php_admin_flag - these directives won't be overwritten by
+;                                     PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+;                specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
--- a/etc/php83/php.ini
+++ b/etc/php83/php.ini
@ -0,0 +1,844 @@
+[PHP]
+;;;;;;;;;;;;;;;;;;;;
+; php.ini Options  ;
+;;;;;;;;;;;;;;;;;;;;
+; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
+; To disable this feature set this option to an empty value
+;user_ini.filename = ".user.ini"
+
+; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
+;user_ini.cache_ttl = 300
+
+;;;;;;;;;;;;;;;;;;;;
+; Language Options ;
+;;;;;;;;;;;;;;;;;;;;
+; Enable the PHP scripting language engine under Apache.
+; http://php.net/engine
+engine = On
+
+; This directive determines whether or not PHP will recognize code between
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/short-open-tag
+short_open_tag = Off
+
+; The number of significant digits displayed in floating point numbers.
+; http://php.net/precision
+precision = 14
+
+; Output buffering is a mechanism for controlling how much output data
+; (excluding headers and cookies) PHP should keep internally before pushing that
+; data to the client. If your application's output exceeds this setting, PHP
+; will send that data in chunks of roughly the size you specify.
+; Turning on this setting and managing its maximum buffer size can yield some
+; interesting side-effects depending on your application and web server.
+; You may be able to send headers and cookies after you've already sent output
+; through print or echo. You also may see performance benefits if your server is
+; emitting less packets due to buffered output versus PHP streaming the output
+; as it gets it. On production servers, 4096 bytes is a good setting for performance
+; reasons.
+; Note: Output buffering can also be controlled via Output Buffering Control
+;   functions.
+; Possible Values:
+;   On = Enabled and buffer is unlimited. (Use with caution)
+;   Off = Disabled
+;   Integer = Enables the buffer and sets its maximum size in bytes.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+; http://php.net/output-buffering
+output_buffering = 4096
+
+; You can redirect all of the output of your scripts to a function.  For
+; example, if you set output_handler to "mb_output_handler", character
+; encoding will be transparently converted to the specified encoding.
+; Setting any output handler automatically turns on output buffering.
+; Note: People who wrote portable scripts should not depend on this ini
+;   directive. Instead, explicitly set the output handler using ob_start().
+;   Using this ini directive may cause problems unless you know what script
+;   is doing.
+; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
+;   and you cannot use both "ob_gzhandler" and "zlib.output_compression".
+; Note: output_handler must be empty if this is set 'On' !!!!
+;   Instead you must use zlib.output_handler.
+; http://php.net/output-handler
+;output_handler =
+
+; URL rewriter function rewrites URL on the fly by using
+; output buffer. You can set target tags by this configuration.
+; "form" tag is special tag. It will add hidden input tag to pass values.
+; Refer to session.trans_sid_tags for usage.
+; Default Value: "form="
+; Development Value: "form="
+; Production Value: "form="
+;url_rewriter.tags
+
+; URL rewriter will not rewrite absolute URL nor form by default. To enable
+; absolute URL rewrite, allowed hosts must be defined at RUNTIME.
+; Refer to session.trans_sid_hosts for more details.
+; Default Value: ""
+; Development Value: ""
+; Production Value: ""
+;url_rewriter.hosts
+
+; Transparent output compression using the zlib library
+; Valid values for this option are 'off', 'on', or a specific buffer size
+; to be used for compression (default is 4KB)
+; Note: Resulting chunk size may vary due to nature of compression. PHP
+;   outputs chunks that are few hundreds bytes each as a result of
+;   compression. If you prefer a larger chunk size for better
+;   performance, enable output_buffering in addition.
+; Note: You need to use zlib.output_handler instead of the standard
+;   output_handler, or otherwise the output will be corrupted.
+; http://php.net/zlib.output-compression
+zlib.output_compression = On
+
+; http://php.net/zlib.output-compression-level
+;zlib.output_compression_level = -1
+
+; You cannot specify additional output handlers if zlib.output_compression
+; is activated here. This setting does the same as output_handler but in
+; a different order.
+; http://php.net/zlib.output-handler
+;zlib.output_handler =
+
+; Implicit flush tells PHP to tell the output layer to flush itself
+; automatically after every output block.  This is equivalent to calling the
+; PHP function flush() after each and every call to print() or echo() and each
+; and every HTML block.  Turning this option on has serious performance
+; implications and is generally recommended for debugging purposes only.
+; http://php.net/implicit-flush
+; Note: This directive is hardcoded to On for the CLI SAPI
+implicit_flush = Off
+
+; The unserialize callback function will be called (with the undefined class'
+; name as parameter), if the unserializer finds an undefined class
+; which should be instantiated. A warning appears if the specified function is
+; not defined, or if the function doesn't include/implement the missing class.
+; So only set this entry, if you really want to implement such a
+; callback-function.
+unserialize_callback_func =
+
+; The unserialize_max_depth specifies the default depth limit for unserialized
+; structures. Setting the depth limit too high may result in stack overflows
+; during unserialization. The unserialize_max_depth ini setting can be
+; overridden by the max_depth option on individual unserialize() calls.
+; A value of 0 disables the depth limit.
+;unserialize_max_depth = 4096
+
+; When floats & doubles are serialized, store serialize_precision significant
+; digits after the floating point. The default value ensures that when floats
+; are decoded with unserialize, the data will remain the same.
+; The value is also used for json_encode when encoding double values.
+; If -1 is used, then dtoa mode 0 is used which automatically select the best
+; precision.
+serialize_precision = -1
+
+; open_basedir, if set, limits all file operations to the defined directory
+; and below.  This directive makes most sense if used in a per-directory
+; or per-virtualhost web server configuration file.
+; Note: disables the realpath cache
+; http://php.net/open-basedir
+;open_basedir =
+
+; This directive allows you to disable certain functions.
+; It receives a comma-delimited list of function names.
+; http://php.net/disable-functions
+disable_functions =
+
+; This directive allows you to disable certain classes.
+; It receives a comma-delimited list of class names.
+; http://php.net/disable-classes
+disable_classes =
+
+; Colors for Syntax Highlighting mode.  Anything that's acceptable in
+; <span style="color: ???????"> would work.
+; http://php.net/syntax-highlighting
+;highlight.string  = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html    = #000000
+
+; If enabled, the request will be allowed to complete even if the user aborts
+; the request. Consider enabling it if executing long requests, which may end up
+; being interrupted by the user or a browser timing out. PHP's default behavior
+; is to disable this feature.
+; http://php.net/ignore-user-abort
+;ignore_user_abort = On
+
+; Determines the size of the realpath cache to be used by PHP. This value should
+; be increased on systems where PHP opens many files to reflect the quantity of
+; the file operations performed.
+; Note: if open_basedir is set, the cache is disabled
+; http://php.net/realpath-cache-size
+;realpath_cache_size = 4096k
+
+; Duration of time, in seconds for which to cache realpath information for a given
+; file or directory. For systems with rarely changing files, consider increasing this
+; value.
+; http://php.net/realpath-cache-ttl
+;realpath_cache_ttl = 120
+
+; Enables or disables the circular reference collector.
+; http://php.net/zend.enable-gc
+zend.enable_gc = On
+
+; If enabled, scripts may be written in encodings that are incompatible with
+; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
+; encodings.  To use this feature, mbstring extension must be enabled.
+; Default: Off
+;zend.multibyte = Off
+
+; Allows to set the default encoding for the scripts.  This value will be used
+; unless "declare(encoding=...)" directive appears at the top of the script.
+; Only affects if zend.multibyte is set.
+; Default: ""
+;zend.script_encoding =
+
+; Allows to include or exclude arguments from stack traces generated for exceptions.
+; In production, it is recommended to turn this setting on to prohibit the output 
+; of sensitive information in stack traces
+; Default: Off
+zend.exception_ignore_args = On
+
+;;;;;;;;;;;;;;;;;
+; Miscellaneous ;
+;;;;;;;;;;;;;;;;;
+; Decides whether PHP may expose the fact that it is installed on the server
+; (e.g. by adding its signature to the Web server header).  It is no security
+; threat in any way, but it makes it possible to determine whether you use PHP
+; on your server or not.
+; http://php.net/expose-php
+expose_php = Off
+
+;;;;;;;;;;;;;;;;;;;
+; Resource Limits ;
+;;;;;;;;;;;;;;;;;;;
+; Maximum execution time of each script, in seconds
+; http://php.net/max-execution-time
+; Note: This directive is hardcoded to 0 for the CLI SAPI
+max_execution_time = 45
+
+; Maximum amount of time each script may spend parsing request data. It's a good
+; idea to limit this time on productions servers in order to eliminate unexpectedly
+; long running scripts.
+; Note: This directive is hardcoded to -1 for the CLI SAPI
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+; http://php.net/max-input-time
+max_input_time = 30
+
+; Maximum input variable nesting level
+; http://php.net/max-input-nesting-level
+;max_input_nesting_level = 64
+
+; How many GET/POST/COOKIE input variables may be accepted
+;max_input_vars = 1000
+
+; Maximum amount of memory a script may consume
+; http://php.net/memory-limit
+memory_limit = 1073741824
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Error handling and logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; This directive informs PHP of which errors, warnings and notices you would like
+; it to take action for. The recommended way of setting values for this
+; directive is through the use of the error level constants and bitwise
+; operators. The error level constants are below here for convenience as well as
+; some common settings and their meanings.
+; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
+; those related to E_NOTICE and E_STRICT, which together cover best practices and
+; recommended coding standards in PHP. For performance reasons, this is the
+; recommend error reporting setting. Your production server shouldn't be wasting
+; resources complaining about best practices and coding standards. That's what
+; development servers and development settings are for.
+; Note: The php.ini-development file has this setting as E_ALL. This
+; means it pretty much reports everything which is exactly what you want during
+; development and early testing.
+;
+; Error Level Constants:
+; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
+; E_ERROR           - fatal run-time errors
+; E_RECOVERABLE_ERROR  - almost fatal run-time errors
+; E_WARNING         - run-time warnings (non-fatal errors)
+; E_PARSE           - compile-time parse errors
+; E_NOTICE          - run-time notices (these are warnings which often result
+;                     from a bug in your code, but it's possible that it was
+;                     intentional (e.g., using an uninitialized variable and
+;                     relying on the fact it is automatically initialized to an
+;                     empty string)
+; E_STRICT          - run-time notices, enable to have PHP suggest changes
+;                     to your code which will ensure the best interoperability
+;                     and forward compatibility of your code
+; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup
+; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's
+;                     initial startup
+; E_COMPILE_ERROR   - fatal compile-time errors
+; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
+; E_USER_ERROR      - user-generated error message
+; E_USER_WARNING    - user-generated warning message
+; E_USER_NOTICE     - user-generated notice message
+; E_DEPRECATED      - warn about code that will not work in future versions
+;                     of PHP
+; E_USER_DEPRECATED - user-generated deprecation warnings
+;
+; Common Values:
+;   E_ALL (Show all errors, warnings and notices including coding standards.)
+;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
+;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
+;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; http://php.net/error-reporting
+error_reporting = ~E_DEPRECATED | ~E_USER_DEPRECATED | E_ERROR | E_RECOVERABLE_ERROR | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR
+
+; This directive controls whether or not and where PHP will output errors,
+; notices and warnings too. Error output is very useful during development, but
+; it could be very dangerous in production environments. Depending on the code
+; which is triggering the error, sensitive information could potentially leak
+; out of your application such as database usernames and passwords or worse.
+; For production environments, we recommend logging errors rather than
+; sending them to STDOUT.
+; Possible Values:
+;   Off = Do not display any errors
+;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
+;   On or stdout = Display errors to STDOUT
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-errors
+display_errors = On
+
+; The display of errors which occur during PHP's startup sequence are handled
+; separately from display_errors. PHP's default behavior is to suppress those
+; errors from clients. Turning the display of startup errors on can be useful in
+; debugging configuration problems. We strongly recommend you
+; set this to 'off' for production servers.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-startup-errors
+display_startup_errors = On
+
+; Besides displaying errors, PHP can also log errors to locations such as a
+; server-specific log, STDERR, or a location specified by the error_log
+; directive found below. While errors should not be displayed on productions
+; servers they should still be monitored and logging is a great way to do that.
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+; http://php.net/log-errors
+log_errors = On
+
+; Set maximum length of log_errors. In error_log information about the source is
+; added. The default is 1024 and 0 allows to not apply any maximum length at all.
+; http://php.net/log-errors-max-len
+log_errors_max_len = 1024
+
+; Do not log repeated messages. Repeated errors must occur in same file on same
+; line unless ignore_repeated_source is set true.
+; http://php.net/ignore-repeated-errors
+ignore_repeated_errors = Off
+
+; Ignore source of message when ignoring repeated messages. When this setting
+; is On you will not log errors with repeated messages from different files or
+; source lines.
+; http://php.net/ignore-repeated-source
+ignore_repeated_source = Off
+
+; If this parameter is set to Off, then memory leaks will not be shown (on
+; stdout or in the log). This is only effective in a debug compile, and if
+; error reporting includes E_WARNING in the allowed list
+; http://php.net/report-memleaks
+report_memleaks = On
+
+; This setting is on by default.
+;report_zend_debug = 0
+
+; Store the last error/warning message in $php_errormsg (boolean). Setting this value
+; to On can assist in debugging and is appropriate for development servers. It should
+; however be disabled on production servers.
+; This directive is DEPRECATED.
+; Default Value: Off
+; Development Value: Off
+; Production Value: Off
+; http://php.net/track-errors
+;track_errors = Off
+
+; Turn off normal error reporting and emit XML-RPC error XML
+; http://php.net/xmlrpc-errors
+;xmlrpc_errors = 0
+
+; An XML-RPC faultCode
+;xmlrpc_error_number = 0
+
+; When PHP displays or logs an error, it has the capability of formatting the
+; error message as HTML for easier reading. This directive controls whether
+; the error message is formatted as HTML or not.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; http://php.net/html-errors
+;html_errors = On
+
+; If html_errors is set to On *and* docref_root is not empty, then PHP
+; produces clickable error messages that direct to a page describing the error
+; or function causing the error in detail.
+; You can download a copy of the PHP manual from http://php.net/docs
+; and change docref_root to the base URL of your local copy including the
+; leading '/'. You must also specify the file extension being used including
+; the dot. PHP's default behavior is to leave these settings empty, in which
+; case no links to documentation are generated.
+; Note: Never use this feature for production boxes.
+; http://php.net/docref-root
+; Examples
+;docref_root = "/phpmanual/"
+
+; http://php.net/docref-ext
+;docref_ext = .html
+
+; String to output before an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-prepend-string
+; Example:
+;error_prepend_string = "<span style='color: #ff0000'>"
+
+; String to output after an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-append-string
+; Example:
+;error_append_string = "</span>"
+
+; Log errors to specified file. PHP's default behavior is to leave this value
+; empty.
+; http://php.net/error-log
+; Example:
+;error_log = php_errors.log
+; Log errors to syslog (Event Log on Windows).
+error_log = syslog
+
+; The syslog ident is a string which is prepended to every message logged
+; to syslog. Only used when error_log is set to syslog.
+syslog.ident = php
+
+; The syslog facility is used to specify what type of program is logging
+; the message. Only used when error_log is set to syslog.
+syslog.facility = local2
+
+; Set this to disable filtering control characters (the default).
+; Some loggers only accept NVT-ASCII, others accept anything that's not
+; control characters. If your logger accepts everything, then no filtering
+; is needed at all.
+; Allowed values are:
+;   ascii (all printable ASCII characters and NL)
+;   no-ctrl (all characters except control characters)
+;   all (all characters)
+;   raw (like "all", but messages are not split at newlines)
+; http://php.net/syslog.filter
+syslog.filter = ascii
+
+;windows.show_crt_warning
+; Default value: 0
+; Development value: 0
+; Production value: 0
+
+;;;;;;;;;;;;;;;;;
+; Data Handling ;
+;;;;;;;;;;;;;;;;;
+; The separator used in PHP generated URLs to separate arguments.
+; PHP's default setting is "&".
+; http://php.net/arg-separator.output
+; Example:
+;arg_separator.output = "&amp;"
+
+; List of separator(s) used by PHP to parse input URLs into variables.
+; PHP's default setting is "&".
+; NOTE: Every character in this directive is considered as separator!
+; http://php.net/arg-separator.input
+; Example:
+;arg_separator.input = ";&"
+
+; This directive determines which super global arrays are registered when PHP
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+; paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS";
+; http://php.net/variables-order
+variables_order = "GPCS"
+
+; This directive determines which super global data (G,P & C) should be
+; registered into the super global array REQUEST. If so, it also determines
+; the order in which that data is registered. The values for this directive
+; are specified in the same manner as the variables_order directive,
+; EXCEPT one. Leaving this value empty will cause PHP to use the value set
+; in the variables_order directive. It does not mean it will leave the super
+; globals array REQUEST empty.
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+; http://php.net/request-order
+request_order = "GP"
+
+; This directive determines whether PHP registers $argv & $argc each time it
+; runs. $argv contains an array of all the arguments passed to PHP when a script
+; is invoked. $argc contains an integer representing the number of arguments
+; that were passed when the script was invoked. These arrays are extremely
+; useful when running scripts from the command line. When this directive is
+; enabled, registering these variables consumes CPU cycles and memory each time
+; a script is executed. For performance reasons, this feature should be disabled
+; on production servers.
+; Note: This directive is hardcoded to On for the CLI SAPI
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/register-argc-argv
+register_argc_argv = Off
+
+; When enabled, the ENV, REQUEST and SERVER variables are created when they're
+; first used (Just In Time) instead of when the script starts. If these
+; variables are not used within a script, having this directive on will result
+; in a performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any effect.
+; http://php.net/auto-globals-jit
+auto_globals_jit = On
+
+; Whether PHP will read the POST data.
+; This option is enabled by default.
+; Most likely, you won't want to disable this option globally. It causes $_POST
+; and $_FILES to always be empty; the only way you will be able to read the
+; POST data will be through the php://input stream wrapper. This can be useful
+; to proxy requests or to process the POST data in a memory efficient fashion.
+; http://php.net/enable-post-data-reading
+;enable_post_data_reading = Off
+
+; Maximum size of POST data that PHP will accept.
+; Its value may be 0 to disable the limit. It is ignored if POST data reading
+; is disabled through enable_post_data_reading.
+; http://php.net/post-max-size
+post_max_size = 8M
+
+; Automatically add files before PHP document.
+; http://php.net/auto-prepend-file
+auto_prepend_file =
+
+; Automatically add files after PHP document.
+; http://php.net/auto-append-file
+auto_append_file =
+
+; By default, PHP will output a media type using the Content-Type header. To
+; disable this, simply set it to be empty.
+; PHP's built-in default media type is set to text/html.
+; http://php.net/default-mimetype
+default_mimetype = "text/html"
+
+; PHP's default character set is set to UTF-8.
+; http://php.net/default-charset
+default_charset = "UTF-8"
+
+; PHP internal character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/internal-encoding
+;internal_encoding =
+
+; PHP input character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/input-encoding
+;input_encoding =
+
+; PHP output character encoding is set to empty.
+; If empty, default_charset is used.
+; See also output_buffer.
+; http://php.net/output-encoding
+;output_encoding =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;
+; Paths and Directories ;
+;;;;;;;;;;;;;;;;;;;;;;;;;
+; PHP's default setting for include_path is ".;/path/to/php/pear"
+; http://php.net/include-path
+;include_path = ".:/php/includes"
+
+; The root of the PHP pages, used only if nonempty.
+; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+; if you are running php as a CGI under any web server (other than IIS)
+; see documentation for security issues.  The alternate is to use the
+; cgi.force_redirect configuration below
+; http://php.net/doc-root
+;doc_root =
+
+; The directory under which PHP opens the script using /~username used only
+; if nonempty.
+; http://php.net/user-dir
+;user_dir =
+
+; Directory in which the loadable extensions (modules) reside.
+; http://php.net/extension-dir
+;extension_dir = "./"
+
+; Directory where the temporary files should be placed.
+; Defaults to the system default (see sys_get_temp_dir)
+;sys_temp_dir = "/tmp"
+
+; Whether or not to enable the dl() function.  The dl() function does NOT work
+; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+; disabled on them.
+; http://php.net/enable-dl
+enable_dl = Off
+
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers.  Left undefined, PHP turns this on by default.  You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; http://php.net/cgi.force-redirect
+;cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request. PHP's default behavior is to disable this feature.
+;cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution.  Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; http://php.net/cgi.redirect-status-env
+;cgi.redirect_status_env =
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
+; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
+; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; http://php.net/cgi.fix-pathinfo
+;cgi.fix_pathinfo=1
+
+; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
+; of the web tree and people will not be able to circumvent .htaccess security.
+;cgi.discard_path=1
+
+; FastCGI under IIS supports the ability to impersonate
+; security tokens of the calling client.  This allows IIS to define the
+; security context that the request runs under.  mod_fastcgi under Apache
+; does not currently support this feature (03/17/2002)
+; Set to 1 if running under IIS.  Default is zero.
+; http://php.net/fastcgi.impersonate
+;fastcgi.impersonate = 1
+
+; Disable logging through FastCGI connection. PHP's default behavior is to enable
+; this feature.
+;fastcgi.logging = 0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If set to 0, PHP sends Status: header that
+; is supported by Apache. When this option is set to 1, PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+; http://php.net/cgi.rfc2616-headers
+;cgi.rfc2616_headers = 0
+
+; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
+; (shebang) at the top of the running script. This line might be needed if the
+; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
+; mode skips this line and ignores its content if this directive is turned on.
+; http://php.net/cgi.check-shebang-line
+;cgi.check_shebang_line=1
+
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+; Whether to allow HTTP file uploads.
+; http://php.net/file-uploads
+file_uploads = On
+
+; Temporary directory for HTTP uploaded files (will use system default if not
+; specified).
+; http://php.net/upload-tmp-dir
+upload_tmp_dir = /var/lib/php/uploads
+
+; Maximum allowed size for uploaded files.
+; http://php.net/upload-max-filesize
+upload_max_filesize = 20M
+
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 20
+
+;;;;;;;;;;;;;;;;;;
+; Fopen wrappers ;
+;;;;;;;;;;;;;;;;;;
+; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-fopen
+allow_url_fopen = On
+
+; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-include
+allow_url_include = Off
+
+; Define the anonymous ftp password (your email address). PHP's default setting
+; for this is empty.
+; http://php.net/from
+;from="john@doe.com"
+
+; Define the User-Agent string. PHP's default setting for this is empty.
+; http://php.net/user-agent
+;user_agent="PHP"
+
+; Default timeout for socket based streams (seconds)
+; http://php.net/default-socket-timeout
+default_socket_timeout = 60
+
+; If your scripts have to deal with files from Macintosh systems,
+; or you are running on a Mac and need to deal with files from
+; unix or win32 systems, setting this flag will cause PHP to
+; automatically detect the EOL character in those files so that
+; fgets() and file() will work regardless of the source of the file.
+; http://php.net/auto-detect-line-endings
+;auto_detect_line_endings = Off
+
+[Assertion]
+; Switch whether to compile assertions at all (to have no overhead at run-time)
+; -1: Do not compile at all
+;  0: Jump over assertion at run-time
+;  1: Execute assertions
+; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1)
+; Default Value: 1
+; Development Value: 1
+; Production Value: -1
+; http://php.net/zend.assertions
+zend.assertions = -1
+
+; Assert(expr); active by default.
+; http://php.net/assert.active
+;assert.active = On
+
+; Throw an AssertionError on failed assertions
+; http://php.net/assert.exception
+;assert.exception = On
+
+; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active)
+; http://php.net/assert.warning
+;assert.warning = On
+
+; Don't bail out by default.
+; http://php.net/assert.bail
+;assert.bail = Off
+
+; User-function to be called if an assertion fails.
+; http://php.net/assert.callback
+;assert.callback = 0
+
+; Eval the expression with current error_reporting().  Set to true if you want
+; error_reporting(0) around the eval().
+; http://php.net/assert.quiet-eval
+;assert.quiet_eval = 0
+
+[browscap]
+; http://php.net/browscap
+;browscap = extra/browscap.ini
+
+[CLI Server]
+; Whether the CLI web server uses ANSI color coding in its terminal output.
+cli_server.color = On
+
+[Date]
+; Defines the default timezone used by the date functions
+; http://php.net/date.timezone
+date.timezone = UTC
+
+; http://php.net/date.default-latitude
+;date.default_latitude = 31.7667
+
+; http://php.net/date.default-longitude
+;date.default_longitude = 35.2333
+
+; http://php.net/date.sunrise-zenith
+;date.sunrise_zenith = 90.583333
+
+; http://php.net/date.sunset-zenith
+;date.sunset_zenith = 90.583333
+
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Built-In Module Settings ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+[COM]
+; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
+; http://php.net/com.typelib-file
+;com.typelib_file =
+
+; allow Distributed-COM calls
+; http://php.net/com.allow-dcom
+;com.allow_dcom = true
+
+; autoregister constants of a component's typlib on com_load()
+; http://php.net/com.autoregister-typelib
+;com.autoregister_typelib = true
+
+; register constants casesensitive
+; http://php.net/com.autoregister-casesensitive
+;com.autoregister_casesensitive = false
+
+; show warnings on duplicate constant registrations
+; http://php.net/com.autoregister-verbose
+;com.autoregister_verbose = true
+
+; The default character set code-page to use when passing strings to and from COM objects.
+; Default: system ANSI code page
+;com.code_page=
+
+[filter]
+; http://php.net/filter.default
+;filter.default = unsafe_raw
+
+; http://php.net/filter.default-flags
+;filter.default_flags =
+
+[mail function]
+; You may supply arguments as well (default: "sendmail -t -i").
+; http://php.net/sendmail-path
+;sendmail_path = "/usr/sbin/sendmail -f 'noreply@slackware.uk' -t"
+
+; Force the addition of the specified parameters to be passed as extra parameters
+; to the sendmail binary. These parameters will always replace the value of
+; the 5th parameter to mail().
+;mail.force_extra_parameters =
+
+; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
+mail.add_x_header = Off
+
+; The path to a log file that will log all mail() calls. Log entries include
+; the full path of the script, line number, To address and headers.
+;mail.log =
+; Log mail to syslog (Event Log on Windows).
+;mail.log = syslog
+
+[Pcre]
+; PCRE library backtracking limit.
+; http://php.net/pcre.backtrack-limit
+;pcre.backtrack_limit=100000
+
+; PCRE library recursion limit.
+; Please note that if you set this value to a high number you may consume all
+; the available process stack and eventually crash PHP (due to reaching the
+; stack size limit imposed by the Operating System).
+; http://php.net/pcre.recursion-limit
+;pcre.recursion_limit=100000
+
+; Enables or disables JIT compilation of patterns. This requires the PCRE
+; library to be compiled with JIT support.
+;pcre.jit=1
--- a/etc/pkglist
+++ b/etc/pkglist
@ -1,3 +1,4 @@
+7zip
 acl
 acl-libs
 alpine-base
@ -6,6 +7,7 @@ alpine-baselayout-data
 alpine-conf
 alpine-keys
 alpine-release
+aom-libs
 apache2
 apache2-ctl
 apache2-http2
@ -27,12 +29,20 @@ busybox-mdev-openrc
 busybox-openrc
 busybox-suid
 c-ares
+c-client
 ca-certificates-bundle
+composer
 cups-libs
 curl
 dbus-libs
 doas
+fftw-double-libs
+fontconfig
+freetype
 gdbm
+gettext
+gettext-envsubst
+gettext-libs
 git
 git-init-template
 gmp
@ -45,24 +55,29 @@ gpg-agent
 icu-data-en
 icu-libs
 ifupdown-ng
+imagemagick
+imagemagick-libs
 iptables
 iptables-openrc
 jansson
 keyutils-libs
 krb5-conf
 krb5-libs
+lcms2
 ldb
 libapk2
 libarchive
 libassuan
 libattr
 libauth-samba
+libavif
 libbsd
 libbz2
 libcap2
 libcom_err
 libcrypto3
 libcurl
+libdav1d
 libedit
 libestr
 libexpat
@ -71,23 +86,31 @@ libffi
 libformw
 libgcc
 libgcrypt
+libgomp
 libgpg-error
 libgsasl
+libice
 libidn
 libidn2
 libintl
+libjpeg-turbo
 libksba
 libldap
 liblockfile
+libltdl
 libmd
 libmnl
 libncursesw
 libnftnl
 libpanelw
+libpng
 libproc2
 libpsl
 libsasl
+libsharpyuv
+libsm
 libsmbclient
+libsodium
 libssl3
 libstdc++
 libtasn1
@ -96,8 +119,18 @@ liburing
 libuuid
 libverto
 libwbclient
+libwebp
+libx11
+libxau
+libxcb
+libxdmcp
+libxext
 libxml2
+libxpm
+libxt
 libxtables
+libyuv
+libzip
 linux-pam
 lmdb
 lynx
@ -114,6 +147,8 @@ ncurses-terminfo-base
 nettle
 nghttp2-libs
 npth
+oniguruma
+openldap-clients
 openrc
 openrc-user
 openssh
@ -128,8 +163,30 @@ openssl
 p11-kit
 pcre2
 php83
+php83-bcmath
+php83-bz2
 php83-common
+php83-curl
 php83-fpm
+php83-gd
+php83-gettext
+php83-gmp
+php83-iconv
+php83-imap
+php83-intl
+php83-ldap
+php83-mbstring
+php83-opcache
+php83-openssl
+php83-pecl-imagick
+php83-phar
+php83-posix
+php83-session
+php83-simplexml
+php83-sodium
+php83-sqlite3
+php83-xml
+php83-zip
 pinentry
 popt
 procps-ng
--- a/etc/pla/config.php.gpg
+++ b/etc/pla/config.php.gpg
--- a/etc/rsyslog.conf
+++ b/etc/rsyslog.conf
@ -0,0 +1,143 @@
+# Load modules.
+module(load="imudp")
+module(load="imtcp")
+module(load="builtin:omfile" dirCreateMode="0750" dirOwnerNum="0" dirGroupNum="0" fileCreateMode="0640" fileOwnerNum="0" fileGroupNum="0" compression.driver="zstd")
+
+
+# Global configuration.
+global(
+  workDirectory="/var/lib/rsyslog"
+  #stdlog.channelspec="on"
+  maxMessageSize="16K"
+  senders.keepTrack="on"
+  senders.timeoutAfter="2419200"
+  senders.reportGoneAway="on"
+  senders.reportNew="on"
+)
+
+
+# Inputs.
+input(type="imudp" port="25414" ruleset="syslog")
+input(type="imudp" port="25415" ruleset="httplog")
+input(type="imtcp" port="25414" ruleset="syslog")
+
+
+# Rulesets.
+ruleset(name="syslog") {
+  set $.host = tolower(field($hostname, ".", 1));
+  set $.domain = tolower(re_extract($hostname, '[^.]+\\.(.*)', 0, 1, "unknown_domain"));
+  if ($app-name != "") then {
+    set $.proc = $app-name;
+    if ($procid != "" and $procid != "-") then {
+      set $.proc = '[' & $procid & ']';
+    }
+  } else {
+    set $.proc = '-';
+  }
+  if ($msgid != "") then {
+    set $.id = $msgid;
+  } else {
+    set $.id = '-';
+  }
+
+  template(name="LogLineSingleHost" type="string" string="%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+  template(name="LogLineAllHosts" type="string" string="%timereported:::date-utc,date-rfc3339% %hostname% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+# FIXME: Log each facility to the AllHosts logs.  Compression?
+  if prifilt("auth.*,authpriv.*") then {
+    action(type="omfile" file="/tmp/log/AllHosts/auth" template="LogLineAllHosts" zipLevel="6" asyncWriting="on" flushInterval="5" ioBufferSize="64k" )
+  } else if ... then {
+
+
+
+  template(name="LogFileeSingleHost" type="string" string="/tmp/logs/%$.host%/
+%timereported:::date-utc,date-rfc3339% %$.host% %pri-text% %$.proc% %$.id% :%msg:::sp-if-no-1st-sp%%msg:::escape-cc,drop-last-lf%\n")
+
+
+
+    if prifilt("*.info") then {
+        action(type="omfile" file="/var/log/info.log")
+    }
+}
+
+
+
+
+#template(name="SyslogLineFormat" type="list") {
+#  property(name="timereported" dateFormat="rfc3339" caseConversion="lower")		# Timestamp yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+#  constant(value=" ")
+#  property(name="hostname")								# Hostname
+#  constant(value=" ")
+#  property(name="syslogfacility")							# Facility
+#  constant(value=".")
+#  property(name="syslogpriority")							# Log priority
+#  constant(value=" ")
+#  property(name="syslogtag")								# Syslog tag
+#  constant(value=": ")
+#  property(name="msg")									# Message content
+#  constant(value="\n")
+#}
+
+
+
+
+#template(name="LogHostFile" type="string" string="/mnt/Data/logs/%HOSTNAME:::escape-cc,secpath-replace%/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+#template(name="LogAllHostsFile" type="string" string="/mnt/Data/logs/AllHosts/
+#%TIMESTAMP:::date-utc,date-year%/%TIMESTAMP:::date-utc,date-month%/%TIMESTAMP:::date-utc,date-day%/
+# %syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\n")
+
+
+
+
+#VMWare: RFC 5424
+
+
+
+# Parser.
+#parser(
+#  name="FIXME"
+#  type="pmnormalize"
+#  rule=[
+#    "rule=:<%pri:number%> %fromhost-ip:ipv4% %hostname:word% %syslogtag:char-to:\\x3a%: %msg:rest%",
+#    "rule=:<%pri:number%> %hostname:word% %fromhost-ip:ipv4% %syslogtag:char-to:\\x3a%: %msg:rest%"
+#  ]
+#)
+
+
+# Rules
+#ruleset(name="outp" parser="custom.pmnormalize") {
+#   action(type="omfile" File="/tmp/output")
+#}
+
+
+# Outputs.
+action(type="omfile" file="/tmp/messages" template="LogLineSingleHost")
+
+
+
+# Include additional configurations.
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
+
+
+
+
+### Examples ####
+
+# Send all logs to remote syslog via UDP.
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#*.* action(
+#	type="omfwd"
+#	target="192.168.0.1"
+#	port="514"
+#	protocol="udp"
+#	queue.filename="fwdRule1"  # unique name prefix for spool files
+#	queue.type="LinkedList"
+#	queue.maxDiskSpace="256m"
+#	queue.saveOnShutdown="on"
+#	action.resumeRetryCount="-1"
+#	action.resumeInterval="30"
+#)
--- a/etc/samba/smb.conf
+++ b/etc/samba/smb.conf
@ -5,13 +5,17 @@ workgroup = SLACKWAREUKNET
 server string = "slackware.uk.net Domain Controller"
 # dns forwarder = 5.101.171.216 5.101.171.217 185.176.90.169
 dns forwarder = 216.119.155.58 185.176.90.169
-allow dns updates = disabled
-tls cafile = /etc/certificates/core.slackware.uk.net_fullchain.pem
+allow dns updates = no
+tls cafile = /etc/ssl/certs/ca-certificates.crt
 tls certfile = /etc/certificates/core.slackware.uk.net_cert.pem
 tls keyfile = /etc/certificates/core.slackware.uk.net_key.pem
 tls verify peer = ca_and_name_if_available
 log level = 1
 logging = syslog:local5
+log file = /var/log/core.slackware.uk.net/today/samba/samba-debug
+debug syslog format = always
+debug hires timestamp = yes
+enable core files = no
 idmap config * : backend = tdb
 # There are only 568 IDs mapped into the container by TrueNAS, so limit the number that can be used.
 idmap config * : range = 10000-10500
--- a/etc/shadow.gpg
+++ b/etc/shadow.gpg
--- a/etc/ssl/certs/ca.cert
+++ b/etc/ssl/certs/ca.cert
@ -0,0 +1 @@
+/etc/certificates/core.slackware.uk.net_chain.pem
--- a/etc/ssl/certs/fd.cert
+++ b/etc/ssl/certs/fd.cert
@ -0,0 +1 @@
+/etc/certificates/core.slackware.uk.net_cert.pem
--- a/home/sysadmin/.bashrc
+++ b/home/sysadmin/.bashrc
@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() {
 hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always'
 hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999'

-echo -ne "\e[2q"
-echo -e "\e]12;#00FF00"
+[[ -z "$SSH_TTY" ]] && {
+  echo -ne "\e[2q"
+  echo -e "\e]12;#00FF00"
+}

 for FILE in "$HOME"/.bashrc.d/*; do
  [[ -x "$FILE" ]] && source "$FILE"
--- a/opt/sbin/cronjob-rotate-logs-symlinks
+++ b/opt/sbin/cronjob-rotate-logs-symlinks
@ -5,6 +5,9 @@ LOGS_DIR="/var/log"
 DIR_MODE="0750"
 UMASK="027"

+# This array may be used in the defaults file.
+declare -A CREATE_DIRS
+
 # Allow /etc/default/rotate-logs-symlinks to override default configuration.
 [[ -e /etc/default/rotate-logs-symlinks ]] && {
  # shellcheck disable=SC1091
@ -21,7 +24,7 @@ UMASK="027"
  umask "$UMASK"

  # Process all the directories in the logs directory.
-  for DIR in "$LOGS_DIR"/*; do
+  for DIR in "$LOGS_DIR"/*/; do
    cd "$DIR" 2>/dev/null || {
      printf "%s: %s\\n" "${0##*/}" "failed to change directory to '$DIR'" >&2
      continue
@ -34,9 +37,17 @@ UMASK="027"
      continue
    }

+    # If configured to do so for this directory, create sub directories.
+    for CREATE_DIR in ${CREATE_DIRS[$(printf "$DIR" | awk -F / -e '{print $4}')]}; do
+      mkdir -p -m "$DIR_MODE" "$TODAY/$CREATE_DIR" 2>/dev/null || {
+        printf "%s: %s\\n" "${0##*/}" "failed to create directory '$DIR/$TODAY/$CREATE_DIR'" >&2
+        continue
+      }
+    done
+
    # Create a 'today' symlink to the new days' directory.
-    ( cd "$DIR" 2>/dev/null && ln -sf "$TODAY" "today" 2>/dev/null ) || {
-      printf "%s: %s\\n" "${0##*/}" "creating 'today' symlink failed" >&2
+    ( cd "$DIR" 2>/dev/null && ln -sfn "$TODAY" "today" 2>/dev/null ) || {
+      printf "%s: %s\\n" "${0##*/}" "updating 'today' symlink failed" >&2
      continue
    }
  done
--- a/root/.bashrc
+++ b/root/.bashrc
@ -43,8 +43,10 @@ hash ps grep >/dev/null 2>&1 && psgrep() {
 hash ls >/dev/null 2>&1 && alias ls='ls -Fv --color=always'
 hash nc >/dev/null 2>&1 && alias pastebin='nc termbin.com 9999'

-echo -ne "\e[2q"
-echo -e "\e]12;#00FF00"
+[[ -z "$SSH_TTY" ]] && {
+  echo -ne "\e[2q"
+  echo -e "\e]12;#00FF00"
+}

 for FILE in "$HOME"/.bashrc.d/*; do
  [[ -x "$FILE" ]] && source "$FILE"
--- a/root/.gitignore
+++ b/root/.gitignore
@ -2,7 +2,9 @@
 !/.*
 !/.*/
 !/.*/**
+!/clean-fd

 /.bash_history*
+/.composer/
 /.gnupg/
 /.nano_history
--- a/root/clean-fd
+++ b/root/clean-fd
@ -0,0 +1,5 @@
+#!/bin/bash
+
+rm -f /var/spool/fusiondirectory/*
+rm -f /var/cache/fusiondirectory/{fai/*,fusiondirectory.auth,template/*,tmp/*}
+rm -f /var/lib/php/sessions/*
--- a/srv/dehydrated/.gitkeepdir
+++ b/srv/dehydrated/.gitkeepdir
--- a/var/.gitignore
+++ b/var/.gitignore
@ -0,0 +1,12 @@
+/cache/
+/db/
+/empty/
+/local/
+/lock
+/log/
+/mail/
+/opt/
+/run
+/spool/
+/tmp/
+/www/
--- a/var/lib/.gitignore
+++ b/var/lib/.gitignore
@ -0,0 +1,9 @@
+/ip6tables/
+/iptables/
+/misc/
+/prometheus/
+/rsyslog/
+/samba/
+/samba.pre-provision/
+/sudo/
+/terraform-http-backend/
Author	SHA1	Message	Date
Darren 'Tadgy' Austin	630fe332da	clean-fd script.	2025-10-29 17:15:16 +00:00
Darren 'Tadgy' Austin	f5955ae05d	Correct rsyslog.conf.	2025-10-29 17:13:19 +00:00
Darren 'Tadgy' Austin	53a5c90c91	PHP configs.	2025-10-29 17:11:28 +00:00
Darren 'Tadgy' Austin	bb97b312f1	openldap schemas.	2025-10-29 17:10:50 +00:00
Darren 'Tadgy' Austin	394f25572a	fusiondirectory.conf.	2025-10-29 17:09:56 +00:00
Darren 'Tadgy' Austin	bcc9130fa8	rsyslog.conf.	2025-10-29 17:08:38 +00:00
Darren 'Tadgy' Austin	300875d8a6	Config for log rotation cronjob.	2025-10-29 17:08:14 +00:00
Darren 'Tadgy' Austin	0c09c87549	SSL certs for fusiondirectory.	2025-10-29 17:07:37 +00:00
Darren 'Tadgy' Austin	86c4e99795	Update log rotation cronjob.	2025-10-29 17:05:09 +00:00
Darren 'Tadgy' Austin	a312a4d12d	Update .bashrcs.	2025-10-29 17:04:49 +00:00
Darren 'Tadgy' Austin	4db0bd143a	New samba configs.	2025-10-29 17:04:09 +00:00
Darren 'Tadgy' Austin	017e2406a8	Update pkglist.	2025-10-29 17:01:12 +00:00
Darren 'Tadgy' Austin	6460bfd7bc	network/interfaces config.	2025-10-29 17:00:48 +00:00
Darren 'Tadgy' Austin	0904a68ff6	Update http configs.	2025-10-29 16:59:42 +00:00
Darren 'Tadgy' Austin	8556a9836a	Add/update .git* files	2025-10-29 16:58:41 +00:00
Darren 'Tadgy' Austin	af99cd38ac	Remove old php84 files.	2025-10-29 16:57:27 +00:00
Darren 'Tadgy' Austin	b40a01832b	Update gpg passphrases.	2025-10-21 13:19:57 +00:00
Darren 'Tadgy' Austin	03d8ec939c	Fix samba logging, hopefully finally!	2025-09-22 15:46:15 +00:00
Darren 'Tadgy' Austin	e792992cfb	Finalise logging in smb.conf.	2025-09-20 14:26:08 +00:00
Darren 'Tadgy' Austin	ad930e33a6	Increase memory usable for PHP.	2025-09-20 13:57:56 +00:00
Darren 'Tadgy' Austin	dea8fed8cc	Added an ldap.conf.	2025-09-20 13:22:45 +00:00
Darren 'Tadgy' Austin	9fba300e45	Update pkglist.	2025-09-20 13:21:16 +00:00
Darren 'Tadgy' Austin	62ebcafcc1	Clean up php.ini.	2025-09-19 16:10:43 +00:00
Darren 'Tadgy' Austin	2358839ef6	Correct php-fpm socket location.	2025-09-19 15:59:16 +00:00
Darren 'Tadgy' Austin	de2273d84a	Update http configs to correct bugs.	2025-09-19 15:56:38 +00:00
Darren 'Tadgy' Austin	4feb9a2760	Configure PHP.	2025-09-19 15:56:16 +00:00
				`@ -0,0 +1 @@`
				`CREATE_DIRS['core.slackware.uk.net']="fusiondirectory samba"`
				`@ -0,0 +1 @@`
				`/etc/certificates/core.slackware.uk.net_chain.pem`