You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

121 lines
3.5 KiB

  1. #!/bin/bash
  2. LDAP_ROOT_SUFFIX="dc=kalysto,dc=org"
  3. LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX}
  4. LDAP_ROOT_PW=acdlLlmap
  5. LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=Users,$LDAP_ROOT_SUFFIX}
  6. LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Groups,$LDAP_ROOT_SUFFIX}
  7. LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-basic-users}
  8. LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home/kalysto.org}
  9. LDAP_ROOT_SUFFIX=${LDAP_ROOT_SUFFIX:-dc=example,dc=com}
  10. LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX}
  11. LDAP_ROOT_PW=${LDAP_ROOT_PW:secret}
  12. LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=People,$LDAP_ROOT_SUFFIX}
  13. LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Group,$LDAP_ROOT_SUFFIX}
  14. LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-Domain Users}
  15. LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home}
  16. set -eux # -x for verbose logging to juju debug-log
  17. ## XXXvlab: this is interactive : requires a password !
  18. apt-get install -y slapd
  19. ## XXXvlab: this is a client package, and could maybe be removed from here.
  20. apt-get install -y ldap-utils
  21. ## remove default database
  22. /etc/init.d/slapd stop
  23. rm "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif"
  24. /etc/init.d/slapd start
  25. ## Install a database
  26. cat <<EOF > /tmp/database.ldif
  27. ## XXXvlab: already loaded
  28. ## Load dynamic backend modules
  29. #dn: cn=module,cn=config
  30. #objectClass: olcModuleList
  31. #cn: module
  32. #olcModulepath: /usr/lib/ldap
  33. #olcModuleload: back_hdb
  34. ## Database settings
  35. dn: olcDatabase=hdb,cn=config
  36. objectClass: olcDatabaseConfig
  37. objectClass: olcHdbConfig
  38. olcDatabase: {1}hdb
  39. olcSuffix: $LDAP_ROOT_SUFFIX
  40. olcDbDirectory: /var/lib/ldap
  41. olcRootDN: $LDAP_ROOT_DN
  42. olcRootPW: $LDAP_ROOT_PW
  43. olcDbConfig: set_cachesize 0 2097152 0
  44. olcDbConfig: set_lk_max_objects 1500
  45. olcDbConfig: set_lk_max_locks 1500
  46. olcDbConfig: set_lk_max_lockers 1500
  47. olcDbIndex: objectClass eq
  48. olcLastMod: TRUE
  49. olcDbCheckpoint: 512 30
  50. olcAccess: to attrs=userPassword by dn="$LDAP_ROOT_DN" write by anonymous auth by self write by * none
  51. olcAccess: to attrs=shadowLastChange by self write by * read
  52. olcAccess: to dn.base="" by * read
  53. olcAccess: to * by dn="$LDAP_ROOT_DN" write by * read
  54. EOF
  55. ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif
  56. rm /tmp/database.ldif
  57. ##
  58. ## LDAP Backup
  59. ##
  60. cat <<EOF > /etc/cron.d/ldapbackup
  61. SHELL=/bin/sh
  62. PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  63. 32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups
  64. EOF
  65. ## MMC schema
  66. echo "
  67. ## Mandriva Directory Server
  68. deb http://mds.mandriva.org/pub/mds/debian squeeze main
  69. " >> /etc/apt/sources.list
  70. apt-get update
  71. apt-get install -y mmc-agent python-mmc-mail
  72. mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
  73. mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
  74. ##
  75. ## /etc/mmc/plugins/base.ini changes
  76. ##
  77. ## Doesn't support a lot of different characters... '%\' comes to mind.
  78. function set_cfg_option() {
  79. local file option value
  80. file=$1
  81. option=$2
  82. value=$3
  83. sed -ri "s%^(\s*$option\s*=\s*)(.*)$%\1$value%g" "$file"
  84. }
  85. file="/etc/mmc/plugins/base.ini"
  86. set_cfg_option "$file" baseDN "$LDAP_ROOT_SUFFIX"
  87. set_cfg_option "$file" baseUsersDN "$LDAP_USERS_SUFFIX"
  88. set_cfg_option "$file" baseGroupsDN "$LDAP_GROUPS_SUFFIX"
  89. set_cfg_option "$file" rootName "$LDAP_ROOT_DN"
  90. set_cfg_option "$file" password "{base64}$(echo -n "$LDAP_ROOT_PW" | base64)"
  91. set_cfg_option "$file" defaultUserGroup "$LDAP_DEFAULT_GROUP"
  92. set_cfg_option "$file" defaultHomeDir "$LDAP_DEFAULT_HOME"
  93. set_cfg_option /etc/default/mmc-agent ENABLE yes