# CPU configuration file.
#
# This file should probably be owned by root and set 0600

############################################
# GLOBAL Configuration
############################################
[GLOBAL]

# This is the name of the type of password changing you are intending on
# performing. Currently support is only for ldap. This string should be in all
# lower case and can be modified on the command line with the -m switch.
DEFAULT_METHOD	= ldap

# If cpu was compiled --with-cracklib, specify the location of the cracklib
# dictionary here
CRACKLIB_DICTIONARY = /usr/lib/cracklib_dict

############################################
# Flatfile Configuration (broken)
############################################
[PASSWD]
# Default Group
GROUP	=	1000
# Home Prefix
HOME	=	/home
# Default Inactive
INACTIVE =	-1
#EXPIRE	=
SHELL	=	/bin/bash
SKEL	=	/etc/skel
COMMENT =	"Default Gecos"
# What files to read/write from/to
PASSWORD =	/etc/passwd
SHADOW	=	/etc/shadow

############################################
# LDAP Configuration
############################################
[LDAP]

# This is the IP address or hostname of a machine running an LDAP server
LDAP_HOST	= 127.0.0.1

# The LDAP Uri. If this is specified, start tls may be used and LDAP_HOST and
# LDAP_PORT may not be needed.
LDAP_URI	= ldaps://hostname

# This is a port > -1 && port < 65535 to connect to the server on
LDAP_PORT	= 389

# This is a DN with appropriate credentials to make modification to objects on
# the LDAP server
BIND_DN		= cn=Manager,dc=backwatcher,dc=com

# This password may be omitted and specified at the command line. If you are
# smart enough to not be using a password at all, well, CPU probably isn't for
# you since someone else is probably already administering your LDAP server.
BIND_PASS	= secret

# This is the base for where users are added. This is likely to change often
# with complex dits, so you can also change this via the -U (--userbase)
# switch on the command line. This is also used to build the dn for users.
USER_BASE 	= ou=People,o=Backwatcher,dc=backwatcher,dc=com

# This is analagous to the USER_BASE
GROUP_BASE 	= ou=Group,o=Backwatcher,dc=backwatcher,dc=com

# These are specific to your ldap installation. Depending on the
# implementation, you may need to modify these values. The default will work
# for a basic user. If you want to add things like email, etc. you may have to
# change these
USER_OBJECT_CLASS	= account,posixAccount,shadowAccount,top
GROUP_OBJECT_CLASS	= posixGroup,top

# These filters are used to locate and identify users and groups
USER_FILTER	= (objectClass=posixAccount)
GROUP_FILTER	= (objectClass=posixGroup)

# USER_CN_STRING should be the attribute for the user cn. For example if you
# specify uid, dn will look like "uid=usersName". If you specify cn, the dn
# will look like "cn=userName", etc.
USER_CN_STRING	= uid

# GROUP_CN_STRING should be the attribute for the group cn. For example if you
# specify gid, dn will look like "gid=groupName". If you specify cn, the dn
# will look like "cn=groupName", etc.
GROUP_CN_STRING	= cn

# The TIMEOUT is the ammount of time to wait before an operation should time
# out. The default is 60 seconds. This value should be in seconds.
TIMEOUT	= 60

# SKEL_DIR can only be used with useradd in conjunction with the -M
# (--makehome) command line switch. If this is specified and exists, and -M is
# specified, the files in SKEL_DIR will be copied to the users new home
# directory
SKEL_DIR	= /etc/skel

# This is a default shell for your users. This is actually optional according
# to RFC 2307, but most users like shells
DEFAULT_SHELL 	= /bin/bash

# HOME_DIRECTORY is required to be specified either by the command line or the
# configuration file. They way that this variable is used is as follows. If
# HOME_DIRECTORY does _not_ end with a slash, a slash and the users name are
# appended to the string. If HOME_DIRECTORY _does_ end with a slash, that
# string is not modified and is used for the users directory. The same holds
# for the command line. If the user is found in PASSWORD_FILE, that value is
# used unless HOME_DIRECTORY was specified at the command line.
HOME_DIRECTORY	= /home

# You should not set MIN_UIDNUMBER < 100 unless you know what you are doing
# You should not set MIN_GIDNUMBER < 100 unless you know what you are doing
# MAX_{GID,UID}NUMBER should be set at something that your operating platform
# supports
# You should adjust ID_MAX_PASSES so that you don't have to change it
# frequently but it doesn't take forever to find a number
# USERS_GID should not be in the range of {MIN_GIDNUMBER,MAX_GIDNUMBER}
MAX_UIDNUMBER = 10000
MIN_UIDNUMBER = 100
MAX_GIDNUMBER = 10000
MIN_GIDNUMBER = 100
ID_MAX_PASSES = 1000

# The USERGROUPS variable can be either "yes" or "no".  If "yes" each
# created user will be given their own group to use as a default. If "no", each
# created user will be placed in the group whose gid is USERS_GID (see below).
USERGROUPS = yes

# If USERGROUPS is "no", then USERS_GID should be the GID of the group
# `users' (or the equivalent group) on your system. If this is unspecified, we
# default to 100
USERS_GID = 100


# If RANDOM is false, the next sequential UID or GID will be used
# If RANDOM is true, the first unused random UID or GID found will be used
RANDOM = "false"

# The GECOS is a string for use with populating the gecos field during a
# useradd. This is not required, but many people like it.
GECOS	=	"Ldap User"

# The DEFAULT_PASSWORD is probably a bad idea, but some people may need it.
# This is only used for useradds
# DEFAULT_PASSWORD = "secret"

# A password file and shadow file to pull users from, or just passwords
PASSWORD_FILE = "/etc/passfile"
SHADOW_FILE = "/etc/shadowfile"

# This is the default HASH to use for passwords. Currently CPU supports:
#  md5, smd5, sha1, ssha1, and crypt
# This can be modified on the command line with the -H option
HASH = "md5"

# These are not required, except by perhaps your authentication backend.
# see shadow(3) for more details
SHADOWLASTCHANGE	= 11192
SHADOWMAX		= 99999
SHADOWWARING		= 7
SHADOWEXPIRE		= -1
SHADOWFLAG		= 134538308
SHADOWMIN		= -1
SHADOWINACTIVE		= -1

# ADD_SCRIPT  and  DEL_SCRIPT work the same, however ADD_SCRIPT is
# used only for a useradd operation and DEL_SCRIPT  is  used  only
# for a userdel operation. These can be overridden via the command
# line switch -X. If specified in the configuration file or at the
# command  line, the script is executed after a successful useradd
# or userdel. The first argument to the script is the  login  name
# as specified at the command line.
ADD_SCRIPT = "contrib/postaddscript.sh"
DEL_SCRIPT = "foo.sh"