zentyal customization (templates, hooks, ldap)
TRANSCRIPT
Linux small business server
How to customize Zentyal(hooks, templates and LDAP)
Zentyal Summit 2011
12th NovemberCarlos Pérez-Aradros <[email protected]>
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Zentyal...
Easy to use
Good integration
Versatile
...but sometimes you need
Some specific customization
Integration with external apps
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Customization options
Modify source code
Add new logic or functionality
Breaks on upgrade
Templates
Change configuration files written by Zentyal
Hooks
Define custom actions (scripts) on module events
LDAP
Integrate external applications
Upstream!
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Customization options
Modify source code
Add new logic or functionality
Breaks on upgrade
Templates
Change configuration files written by Zentyal
Hooks
Define custom actions (scripts) on module events
LDAP
Integrate external applications
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Templates (I)
Zentyal uses templates to write system configurations files
Modify templates to:
Adjust parameters to adapt Zentyal to your requirements
Add/remove configuration options
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Templates (II)
Mason as template processor
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Templates (III)
Default templates location:
/usr/share/zentyal/stubs/<module>/<template>.mas
Custom templates:
/etc/zentyal/stubs/<module>/<template>.mas
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Templates (IV)
Conf file/etc/resolv.conf
T
T
Default stub/usr/share/zentyal/stubs/network/resolv.conf.mas
Custom stub/etc/zentyal/stubs/network/resolv.conf.mas
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Templates example: Samba hidden folders
We want to add a hidden folder in File Sharing module (samba)
Zentyal GUI doesn't allow this:
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Copy and edit default template:
mkdir -p /etc/zentyal/stubs/samba/
cp /usr/share/zentyal/stubs/samba/smb.conf.mas /etc/zentyal/stubs/samba/
Write custom configuration
Templates example: Samba hidden folders
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Customization options
Modify source code
Add new logic or functionality
Breaks on upgrade
Templates
Change configuration files written by Zentyal
Hooks
Define custom actions (scripts) on module events
LDAP
Integrate external applications
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks (I)
Execute actions (scripts) during Zentyal save changes process
Create hook scripts to:
Watch for changes in any module
Add custom scripts before/after module actions
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks (II): paths
Before saving changes /etc/zentyal/pre-save/
After saving changes /etc/zentyal/post-save/
/etc/zentyal/hooks/
Before saving module configuration <module>.presetconf
After saving module configuration <module>.postsetconf
Before restarting the service <module>.preservice
After restarting the service <module>.postservice
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks (III)pre-save
.presetconf
hook
.preservice
.postservicepost-save
.postsetconf
Zentyal action
Write conf files
Restart daemons
for each moduleone time
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks Example: Firewall
We want to block traffic from a specific country (using GeoIP)
Zentyal GUI does not allow this kind of rules
If we add the rule by hand:
Firewall module restart will delete it
Solution:
Add the rule after firewall restart (postservice hook)
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks Example: Firewall
Setup GeoIP
sudo apt-get install module-assistant
sudo module-assistant a-i xtables-addons
wget http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/1.38/xtables-addons-1.38.tar.xz
sudo ./xt_geoip_dl
sudo ./xt_geoip_build *.csv
sudo mkdir /var/geoip && sudo cp -r LE /var/geoip
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks Example: Firewall
Create the hook
/etc/zentyal/hooks/firewall.postservice
#!/bin/shsudo iptables -I INPUT -m geoip --src-cc KP -j ACCEPT
Don't forget to make it executable!
chmod +x /etc/zentyal/hooks/firewall.postservice
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Hooks: Future (3.0)
Users operations hooks
create
modify
delete
Backup
pre-backup
post-backup
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Customization options
Modify source code
Add new logic or functionality
Breaks on upgrade
Templates
Change configuration files written by Zentyal
Hooks
Define custom actions (scripts) on module events
LDAP
Integrate external applications
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration (I)
Zentyal provides great Users and Groups management
LDAP integration:
Central point for users management
Centralized authentication
Distributed: master / slave architecture
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration (II)
Integrate third apps with Zentyal Users and Groups
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration (II): settings
Users and Groups LDAP Settings→
Server: ldap://localhost:389/ (port 1389 in slaves)
Users DN: ou=Users,<basedn>
Groups DN: ou=Groups,<basedn>
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration (III): filtersuid=cperez,ou=Users,dc=zentyal,dc=com
uid: cperez
loginShell: /usr/sbin/nologin
uidNumber: 2002
gidNumber: 1901
homeDirectory: /home/cperez
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: passwordHolder
givenName: Carlos
userPassword: {SHA}...
eboxSha1Password: {SHA}...
eboxMd5Password: {MD5}...
eboxDigestPassword: {MD5}...
eboxRealmPassword: {MD5}...
cn:; Carlos Pérez-Aradros Herce
sn:; Pérez-Aradros Herce
cn=developers,ou=Groups,dc=zentyal,dc=com
cn: developers
gidNumber: 2005
objectClass: posixGroup
memberUid: cperez
memberUid: jsalamero
memberUid: ejhernandez
memberUid: jacalvo
memberUid: jamor
...
Base DN: ou=Users,dc=zentyal,dc=com
Filter: (uid=*)
c
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration example: Wordpress
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration example: Wordpress
Look for a LDAP Auth backend
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
LDAP Integration example: Wordpress
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
In summary
Modify source code
Add new logic or functionality
Breaks on upgrade
Templates
Change configuration files written by Zentyal
Hooks
Define custom actions (scripts) on module events
LDAP
Integrate external applications
Upstream!
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Get help
Zentyal Support Forum
http://forum.zentyal.org
Users and Developers mailing lists
https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-devel
https://lists.zentyal.com/cgi-bin/mailman/listinfo/zentyal-users
IRC
#zentyal at freenode.net
Official support and training
http://www.zentyal.com/en/services/ Contribute!
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
Further reading...
Zentyal Documentation - Advanced Service Customisation
http://doc.zentyal.org/en/develop.html
Mason Documentation (Templates)
http://www.masonhq.com/docs/manual/Devel.html
xtables addons
http://xtables-addons.sourceforge.net/
Openldap filters doc
http://www.zytrax.com/books/ldap/apa/search.html
Linux small business server
www.zentyal.com © eBox Technologies S.L. 2011
?