Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CPU.CONF(5)		      File Formats Manual		   CPU.CONF(5)

NAME
       cpu.conf	- cpu configuration file

DESCRIPTION
       This  file stores all configurable options for CPU and CPU modules. You
       can specify the location	of the configuration file at runtime by	speci-
       fying  the  --config or -C command line switches	(see cpu(8)). Each CPU
       module has its own configuration	section, but they are  all  documented
       here.  It  is  recommended that the config file have strict permissions
       such as 600. Please note	that configuration options take	the  following
       format: option =	value and section headers are of the format [HEADER]

GLOBAL OPTIONS
       Global options should be	under the section marked [GLOBAL]. All options
       under this section impact all operations.

       DEFAULT_METHOD =	method
	      Specifies	what the default administration	method is. This	 value
	      should be	a string of either ldap	or passwd.

       CRACKLIB_DICTIONARY = file
	      If  CPU was compiled --with-libcrack file	should be the location
	      of cracklib_dict.

LDAP OPTIONS
       LDAP options should be under the	section	marked [LDAP].	These  options
       are  only  useful  when	DEFAULT_METHOD is set to ldap or when ldap was
       specified at the	command	line with the -M  switch.  These  options  are
       only used by the	LDAP module.

       LDAP_HOST = hostname
	      hostname	should be either the IP	address	or the hostname	of the
	      server running the LDAP directory	that you  wish	to  administer
	      users  on.  This	can  be	 overridden  with  the -N command line
	      switch.

       LDAP_PORT = port
	      port is the port that the	LDAP server specified by LDAP_HOST  is
	      listening	on. This value must be non negative. This can be over-
	      ridden by	the -P command line switch.

       BIND_DN = dn
	      dn should	be the fully qualified DN of an	LDAP entity  with  ap-
	      propriate	 rights	 to  perform  any  actions that	you wish. This
	      value can	be overridden by the -D	command	line switch.

       BIND_PASS = password
	      password is the password of the  entity  specified  by  BIND_DN.
	      This value is passed directly to the server, so it may be	stored
	      encrypted	if your	server supports	this. This value can be	 over-
	      ridden by	the -w command line switch.

       USER_BASE = base_dn
	      base_dn  is  the	base  dn that users should be added to,	search
	      for, deleted from, or modified from. In general if you  wish  to
	      add  a user to the following dn: ou=users,o=company,c=us base_dn
	      should be	set to ou=users,o=company,c=us.	If you set this	 value
	      to  o=company,c=us  users	will be	added to that dn, although for
	      searching	purposes the scope is more broad.  This	value  can  be
	      overridden at the	command	line with the -U switch.

       GROUP_BASE = base_dn
	      base_dn  is  the	base dn	that groups should be added to,	search
	      for, deleted from, or modified from. In general if you  wish  to
	      add a group to the following dn: ou=group,o=company,c=us base_dn
	      should be	set to ou=group,o=company,c=us.	If you set this	 value
	      to  o=company,c=us groups	will be	added to that dn, although for
	      searching	purposes the scope is more broad.  This	value  can  be
	      overridden at the	command	line with the -B switch.

       USER_OBJECT_CLASS = object_class

       GROUP_OBJECT_CLASS = object_class
	      object_class  is	a  comma separated list	of object classes that
	      are required by your LDAP	directories schema in order to add  or
	      modify  users  and  groups.  The default should be fine, consult
	      your vendors documentation  or  contact  cpu-users@lists.source-
	      forge.net	if you have problems.

       USER_FILTER = filter

       GROUP_FILTER = filter
	      filter is	a filter that adhears to the following BNF:
		      <filter> ::= '(' <filtercomp> ')'
		      <filtercomp> ::= <and> | <or> | <not> | <simple>
		      <and> ::=	'&' <filterlist>
		      <or> ::= '|' <filterlist>
		      <not> ::=	'!' <filter>
		      <filterlist> ::= <filter>	| <filter> <filterlist>
		      <simple> ::= <attributetype> <filtertype>	<attributevalue>
		      <filtertype> ::= '=' | '~=' | '<=' | '>='
	      These  filters  are utilized to locate users and groups, as well
	      as to aid	in finding new uid's and gid's.

       USER_CN_STRING =	string
	      string is	used during user creation. It allows  you  to  specify
	      the dn of	the user. The dn becomes string=login,...

       GROUP_CN_STRING = string
	      string  is  used during group creation. It allows	you to specify
	      the dn of	the group. The dn becomes string=groupname,...

       TIMEOUT = timeout
	      timeout should be	a value	in seconds and greater than 0. If  un-
	      specified	 the default is	60. This value determines the duration
	      after which an operation should be aborted.

       The following options are still used by the  [LDAP]  section,  but  are
       more user centric and less ldap centric.

       SKEL_DIR	= dir
	      dir  should  be  the  path  for a	directory that files are to be
	      copied from when -m is given at the command line.	This value can
	      be overridden by the -k command line switch.

       DEFAULT_SHELL = shell
	      The  default  name  of the user's	login shell. This value	can be
	      overridden by the	-s command line	switch.

       HOME_DIRECTORY =	directory
	      New users	will be	created	using directory	prepended to the users
	      login  name. If this variable is undefined, it must be specified
	      at the command line with the -d switch. When  specified  at  the
	      command line that	value is used for the users home directory.

       MAX_UIDNUMBER = integer

       MIN_UIDNUMBER = integer

       MAX_GIDNUMBER = integer

       MIN_GIDNUMBER = integer

       ID_MAX_PASSES = integer
	      These  values  control gid and uid generation. When a uid	is not
	      specified	at the command line (for a useradd) these  values  are
	      used for finding the next	unused uid (random or linear). Similar
	      for groupadd. These are pretty self  evident.  ID_MAX_PASSES  is
	      the  number  of  times  that a search should be performed	before
	      giving up.

       RANDOM =	true or	false
	      If RANDOM	is true, then a	random number will  be	generated  and
	      searched	for  (this number, if unused in	the directory, will be
	      the users	uid or a groups	gid). If a user	or group with that  ID
	      exists,  the process will	continue for ID_MAX_PASSES. If true, a
	      linear scan will be done starting	at MIN_UIDNUMBER  (or  GIDNUM-
	      BER) and will not	stop until an unused ID	is found or the	number
	      of scans is equal	to ID_MAX_PASSES. If random is false, only one
	      query is done on the directory, but it may still be a bit	slower
	      then setting random to true in some cases.

       USERGROUPS =  yes or no
	      The USERGROUPS can be either yes or no.  If  yes,	 each  created
	      user  will  be given their own group to use as a default.	If no,
	      each created user	will be	placed	in  the	 group	whose  gid  is
	      USER_GID.

       USERS_GID =  integer
	      If  USERGROUPS  is  no,  then USERS_GID should be	the GID	of the
	      group default is 100.

       GECOS = string
	      The default value	for a user's gecos field. This can be overrid-
	      den at the command line with the -c switch.

       PASSWORD_FILE = file
	      The  value should	be a Unix style, passwd	formatted file.	In or-
	      der to use this value the	-F switch must be used at the  command
	      line.  This value	can be empty if	a file is provided with	the -F
	      switch. In this case, the	users attributes are  taken  from  the
	      file (if the user	is found) and used in the LDAP entry.

       SHADOW_FILE = file
	      The  value should	be a Unix style, shadow	formatted file.	In or-
	      der to use this value the	-S switch must be used at the  command
	      line.  This value	can be empty if	a file is provided with	the -S
	      switch. In this case, the	users attributes are  taken  from  the
	      file  (if	the user is found) and used in the LDAP	entry (includ-
	      ing the password).

       HASH = hash
	      hash is a	hash of	either clear, crypt, sha1, ssha1, md5, or smd5
	      to  be  used when	hashing	user passwords.	This is	largely	imple-
	      mentation	dependent but all are supported.  If  you  are	taking
	      passwords	from a standard	password file, this should be clear (I
	      think, need to check...).	This can be overridden at the  command
	      line with	the -H switch.

       SHADOWLASTCHANGE	= integer

       SHADOWMAX = integer

       SHADOWWARING = integer

       SHADOWEXPIRE = integer

       SHADOWFLAG = integer

       SHADOWMIN = integer

       SHADOWINACTIVE =	integer
	      These   values   are  better  documented	in  shadow(3)  and  in
	      shadow(5).  These	are not	required by RFC2307 but	 are  by  some
	      ldap  authentication  implementations.  These values can only be
	      specified	here, or taken from an existing	shadow	file  for  the
	      user.

       ADD_SCRIPT = executable

       DEL_SCRIPT = executable
	      ADD_SCRIPT  and  DEL_SCRIPT work the same, however ADD_SCRIPT is
	      used only	for a useradd operation	and DEL_SCRIPT	is  used  only
	      for a userdel operation. These can be overridden via the command
	      line switch -X. If specified in the configuration	file or	at the
	      command  line, the script	is executed after a successful useradd
	      or userdel. The first argument to	the script is the  login  name
	      as specified at the command line.

PASSWD OPTIONS
       Password	options	should be under	the section marked [PASSWD]. These op-
       tions are only useful when DEFAULT_METHOD is  set  to  passwd  or  when
       passwd  was specified at	the command line with the -M switch. These op-
       tions are only used by the passwd module. This module is	not yet	 func-
       tional, so I won't document the options.

SEE ALSO
       cpu-ldap(8) cpu(8)

AUTHORS
       Blake Matheny <bmatheny@purdue.edu>

       The   current   version	 of   this  software  is  always  availabe  at
       http://cpu.sourceforge.net

BUGS
       To report a bug or problem, please e-mail:

       cpu-users@lists.sourceforge.net

TODO
       See TODO	file that accompanied software.	Please e-mail us with any  ad-
       ditional	suggestions.

			       17 February 2003			   CPU.CONF(5)

NAME | DESCRIPTION | GLOBAL OPTIONS | LDAP OPTIONS | PASSWD OPTIONS | SEE ALSO | AUTHORS | BUGS | TODO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=cpu.conf&sektion=5&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help