Appendix D. Setup lamdaemon for home directory and quota management

Lamdaemon.pl is used to modify quota and home directories on a remote or local host via SSH (even if homedirs are located on localhost).

If you want to use it you have to set up the following things to get it to work:

Installation

First of all, you need to install lamdaemon.pl on your remote server where LAM should manage homedirs and/or quota. This is usually a different server than the one where LAM is installed. But there is no problem if it is the same.

LAM server profile configuration

Note that the builtin admin/manager entries do not work for lamdaemon. You need to login with a Unix account.

OpenLDAP ACL location

The access rights for OpenLDAP are configured in /etc/ldap/slapd.conf or /etc/ldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif.

Setup sudo

The perl script has to run as root. Therefore we need a wrapper, sudo. Edit /etc/sudoers on host where homedirs or quotas should be used and add the following line:

$admin All= NOPASSWD: $path_to_lamdaemon *

$admin is the admin user from LAM (must be a valid Unix account) and $path_to_lamdaemon is the path to lamdaemon.pl.

Example:

myAdmin ALL= NOPASSWD: /srv/www/htdocs/lam/lib/lamdaemon.pl *

You might need to run the sudo command once manually to init sudo. The command "sudo -l" will show all possible sudo commands of the current user.

Attention: Please do not use the options "Defaults requiretty" and "Defaults env_reset" in /etc/sudoers. Otherwise you might get errors like "you must have a tty to run sudo" or "no tty present and no askpass program specified".

Setup Perl

We need an extra Perl module - Quota. To install it, run:

perl -MCPAN -e shell
install Quota

If your Perl executable is not located in /usr/bin/perl you will have to edit the path in the first line of lamdaemon.pl. If you have problems compiling the Perl modules try installing a newer release of your GCC compiler and the "make" application.

Several Linux distributions already include a quota package for Perl.

Set up SSH

Your SSH daemon must offer the password authentication method. To activate it just use this configuration option in /etc/ssh/sshd_config:

PasswordAuthentication yes

Calling of external scripts

The following extra scripts are called if they exist:

Troubleshooting

If you have problems managing quotas and home directories then these points might help:

Error message "Your LAM admin user (...) must be a valid Unix account to work with lamdaemon!": This happens if you use the default LDAP admin/manager user to login to LAM. Please see here and setup a Unix account.