Revision 5154 (by auerswald-guest, 2011/02/13 15:20:06) CipUX DebianEdu install guide: replaced CipUX-Trait-DebianEdu-3.4.0.3 with
CipUX-Trait-DebianEdu-3.4.2.0

This adds, among other things, the Samba attributes needed for login.
 
# CipUX installation on Debian Edu Lenny

This guide describes the installation of the CipUX middleware and the XML-RPC
server.


## Versions

    2010-06-27 by Kurt Gramlich - v0.1
    2010-06-28 by Kurt Gramlich - v0.2
    2010-06-29 by Chrstian Kuelker, Kurt Gramlich - v0.3
    2010-07-01 by Kurt Gramlich - v0.4
    2010-07-03 by Kurt Gramlich - v0.5
    2010-07-15 by Erik Auerswald, Kurt Gramlich - v0.6
    2010-07-15 by Erik Auerswald, Kurt Gramlich - v0.7
    2010-08-02 by Kurt Gramlich - v0.8
    2010-08-10 by Erik Auerswald, Kurt Gramlich - v0.9
    2010-08-10 by Kurt Gramlich - v1.0
    2010-08-14 by Harald Meyer, Kurt Gramlich - v1.1
    2010-08-15 by Peter Mueller, Kurt Gramlich - v1.2
    2010-12-13 by Kurt Gramlich - v1.3
    2010-12-14 by Kurt Gramlich - v1.4
    2011-01-05 by Kurt Gramlich - v1.5
    2011-01-08 by Erik Auerswald - v1.6
    2011-02-13 by Christian Kuelker, Erik Auerswald - v1.7
    2011-02-13 by Erik Auerswald - v1.8, v1.9, v1.10


## Install medium

Debian Edu: Lenny-Tjener


# Installation of CipUX Middleware

Edit source list

    echo "deb http://debian.jones.dk/ lenny cipux" >> /etc/apt/sources.list

Update package database

    aptitude update
    aptitude install cipux-task-tools

Only for Debian-Edu you have to do as root:

    cd
    mkdir CipUX-Install
    cd CipUX-Install
    unset http_proxy
    wget http://release.cipux.org/CipUX-Trait-DebianEdu-3.4.2.0.tar.gz
    tar xvzf CipUX-Trait-DebianEdu-3.4.2.0.tar.gz
    cp -a CipUX-Trait-DebianEdu-3.4.2.0/usr/share/cipux /usr/share
    cp -a CipUX-Trait-DebianEdu-3.4.2.0/lib/CipUX /usr/share/perl5/



Start installation

    mkdir /etc/cipux/ldap

    cp /usr/share/doc/libcipux-storage-perl/examples/cipux.schema.gz  /etc/ldap/schema/

    gunzip /etc/ldap/schema/cipux.schema.gz

    export cipuxrootpw="$(perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)')"

    perl -pe 's/\@PW\@/$ENV{"cipuxrootpw"}/' /usr/share/doc/libcipux-storage-perl/examples/debian-edu/cipuxroot.ldif | ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no

After entering the root password you should get as output:

adding new entry "cn=cipuxroot,dc=skole,dc=skolelinux,dc=no"

Stop OpenLDAP:

    invoke-rc.d slapd stop


Include CipUX schema:

    perl -i -p0e '$t="CipUX schema";$s="include\t\t/etc/ldap/schema/cipux.schema";s!^[ \t#]*(BEGIN $t).*[ \t#]*(END $t)[ \t]*$!# $1\n$s\n# $2!ms or s!^((.*\n)?[ \t]*include[ \t]*\S*\.schema[ \t]*\n)!$1\n# BEGIN $t\n$s\n# END $t\n!s or exit 1' $(readlink -f /etc/ldap/slapd.conf)

Copy ACL Rules:

    cp -f /usr/share/doc/libcipux-storage-perl/examples/debian-edu/slapd_acl_cipuxroot.conf /etc/cipux/ldap/

Include ACL Rules:

    perl -i -p0e '$t="CipUX ACL";$s="include /etc/cipux/ldap/slapd_acl_cipuxroot.conf";s!^[ \t#]*(BEGIN $t).*[ \t#]*(END $t)[ \t]*$!# $1\n$s\n# $2!ms or s!((\n[ \t]*#.*)*\naccess[ \t])!\n# BEGIN $t\n$s\n# END $t\n$1! or exit 1' $(readlink -f /etc/ldap/slapd.conf)

Create a CipUX trust account on OpenLDAP:

    cp /usr/share/cipux/etc/cipux-access.d/50-cipux-access-debian-edu.ini /etc/cipux/cipux-access.ini
    chown root:root /etc/cipux/cipux-access.ini
    chmod u=rw,go= /etc/cipux/cipux-access.ini
    perl -i -pe "s/[ \t]*#([ \t]*password[ \t]*=).*/\$1\$ENV{'cipuxrootpw'}/" /etc/cipux/cipux-access.ini
    unset cipuxrootpw

Start OpenLDAP:

    invoke-rc.d slapd start
    invoke-rc.d nslcd restart

Create organisational units:

    ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no < /usr/share/doc/libcipux-storage-perl/examples/debian-edu/cat.ldif
    ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no < /usr/share/doc/libcipux-storage-perl/examples/debian-edu/task.ldif
    ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no < /usr/share/doc/libcipux-storage-perl/examples/debian-edu/room.ldif

Create cipadmin object:

You will have to enter the password for the root account. This will create cipadmin-group in ldap.

    ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no < /usr/share/doc/libcipux-storage-perl/examples/debian-edu/cipadmin-group.ldif

You will have to enter the password for the cipadmin account. Choose a secure password you can remember.

    cipadminpw="<secure password>"
    export cipadminpw

You will have to enter the password for the root account. This will create cipadmin-user in ldap.

    perl -pe 's/\@PW\@/$ENV{"cipadminpw"}/' /usr/share/doc/libcipux-storage-perl/examples/debian-edu/cipadmin-user.ldif | ldapadd -xWZD cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
    printf "$cipadminpw\n$cipadminpw\n" | smbpasswd -a -s cipadmin
    unset cipadminpw

## Installing CipUX task tools

Add cipadmin to group admins

    cipux_task_client -t cipux_task_add_member_to_role_account -o admins -x value=cipadmin

Create role accounts

    for i in professor assistant pupil tutor lecturer examinee; do  cipux_task_client -t cipux_task_create_role_account -o $i; done

Remark: admins, jradmins, teachers, students in Debian-Edu are only group, no user.


# Installing CipUX-RPC Server on top of the Middleware

    aptitude update
    aptitude install cipux-rpcd