zentyal customization (templates, hooks, ldap)

Linux small business server

How to customize Zentyal(hooks, templates and LDAP)

Zentyal Summit 2011

12th NovemberCarlos Pérez-Aradros <[email protected]>


www.zentyal.com © eBox Technologies S.L. 2011

Zentyal...

Easy to use

Good integration

Versatile

...but sometimes you need

Some specific customization

Integration with external apps



Customization options

Modify source code

Add new logic or functionality

Breaks on upgrade

Templates

Change configuration files written by Zentyal

Hooks

Define custom actions (scripts) on module events

LDAP

Integrate external applications

Upstream!




Modify source code


Breaks on upgrade

Templates


Hooks


LDAP




Templates (I)

Zentyal uses templates to write system configurations files

Modify templates to:

Adjust parameters to adapt Zentyal to your requirements

Add/remove configuration options



Templates (II)

Mason as template processor



Templates (III)

Default templates location:

/usr/share/zentyal/stubs/<module>/<template>.mas

Custom templates:

/etc/zentyal/stubs/<module>/<template>.mas



Templates (IV)

Conf file/etc/resolv.conf

T

T

Default stub/usr/share/zentyal/stubs/network/resolv.conf.mas

Custom stub/etc/zentyal/stubs/network/resolv.conf.mas



Templates example: Samba hidden folders

We want to add a hidden folder in File Sharing module (samba)

Zentyal GUI doesn't allow this:



Copy and edit default template:

mkdir -p /etc/zentyal/stubs/samba/

cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/

Write custom configuration

Templates example: Samba hidden folders




Modify source code


Breaks on upgrade

Templates


Hooks


LDAP




Hooks (I)

Execute actions (scripts) during Zentyal save changes process

Create hook scripts to:

Watch for changes in any module

Add custom scripts before/after module actions



Hooks (II): paths

Before saving changes /etc/zentyal/pre-save/

After saving changes /etc/zentyal/post-save/

/etc/zentyal/hooks/

Before saving module configuration <module>.presetconf

After saving module configuration <module>.postsetconf

Before restarting the service <module>.preservice

After restarting the service <module>.postservice



Hooks (III)pre-save

.presetconf

hook

.preservice

.postservicepost-save

.postsetconf

Zentyal action

Write conf files

Restart daemons

for each moduleone time



Hooks Example: Firewall

We want to block traffic from a specific country (using GeoIP)

Zentyal GUI does not allow this kind of rules

If we add the rule by hand:

Firewall module restart will delete it

Solution:

Add the rule after firewall restart (postservice hook)




Setup GeoIP

sudo apt-get install module-assistant

sudo module-assistant a-i xtables-addons

wget http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/1.38/xtables-addons-1.38.tar.xz

sudo ./xt_geoip_dl

sudo ./xt_geoip_build *.csv

sudo mkdir /var/geoip && sudo cp -r LE /var/geoip




Create the hook

/etc/zentyal/hooks/firewall.postservice

#!/bin/shsudo iptables -I INPUT -m geoip --src-cc KP -j ACCEPT

Don't forget to make it executable!

chmod +x /etc/zentyal/hooks/firewall.postservice



Hooks: Future (3.0)

Users operations hooks

create

modify

delete

Backup

pre-backup

post-backup




Modify source code


Breaks on upgrade

Templates


Hooks


LDAP




LDAP Integration (I)

Zentyal provides great Users and Groups management

LDAP integration:

Central point for users management

Centralized authentication

Distributed: master / slave architecture



LDAP Integration (II)

Integrate third apps with Zentyal Users and Groups



LDAP Integration (II): settings

Users and Groups LDAP Settings→

Server: ldap://localhost:389/ (port 1389 in slaves)

Users DN: ou=Users,<basedn>

Groups DN: ou=Groups,<basedn>

ldap://localhost:389/



LDAP Integration (III): filtersuid=cperez,ou=Users,dc=zentyal,dc=com

uid: cperez

loginShell: /usr/sbin/nologin

uidNumber: 2002

gidNumber: 1901

homeDirectory: /home/cperez

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: passwordHolder

givenName: Carlos

userPassword: {SHA}...

eboxSha1Password: {SHA}...

eboxMd5Password: {MD5}...

eboxDigestPassword: {MD5}...

eboxRealmPassword: {MD5}...

cn:; Carlos Pérez-Aradros Herce

sn:; Pérez-Aradros Herce

cn=developers,ou=Groups,dc=zentyal,dc=com

cn: developers

gidNumber: 2005

objectClass: posixGroup

memberUid: cperez

memberUid: jsalamero

memberUid: ejhernandez

memberUid: jacalvo

memberUid: jamor

...

Base DN: ou=Users,dc=zentyal,dc=com

Filter: (uid=*)

c



LDAP Integration example: Wordpress




Look for a LDAP Auth backend



In summary

Modify source code


Breaks on upgrade

Templates


Hooks


LDAP


Upstream!



Get help

Zentyal Support Forum

http://forum.zentyal.org

Users and Developers mailing lists

https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-devel

https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-users

IRC

#zentyal at freenode.net

Official support and training

http://www.zentyal.com/en/services/ Contribute!

http://forum.zentyal.org/

https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-devel

https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-users

http://www.zentyal.com/en/services/



Further reading...

Zentyal Documentation - Advanced Service Customisation

http://doc.zentyal.org/en/develop.html

Mason Documentation (Templates)

http://www.masonhq.com/docs/manual/Devel.html

xtables addons

http://xtables-addons.sourceforge.net/

Openldap filters doc

http://www.zytrax.com/books/ldap/apa/search.html

http://doc.zentyal.org/en/develop.html

http://www.masonhq.com/docs/manual/Devel.html

http://xtables-addons.sourceforge.net/

http://www.zytrax.com/books/ldap/apa/search.html



?

zentyal customization (templates, hooks, ldap)

Technology