diff --git a/precise/ldap/hooks/install b/precise/ldap/hooks/install index ce1fc02..f4f6b95 100755 --- a/precise/ldap/hooks/install +++ b/precise/ldap/hooks/install @@ -1,7 +1,23 @@ #!/bin/bash -set -eux # -x for verbose logging to juju debug-log +LDAP_ROOT_SUFFIX="dc=kalysto,dc=org" +LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX} +LDAP_ROOT_PW=acdlLlmap +LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=Users,$LDAP_ROOT_SUFFIX} +LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Groups,$LDAP_ROOT_SUFFIX} +LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-basic-users} +LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home/kalysto.org} + +LDAP_ROOT_SUFFIX=${LDAP_ROOT_SUFFIX:-dc=example,dc=com} +LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX} +LDAP_ROOT_PW=${LDAP_ROOT_PW:secret} +LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=People,$LDAP_ROOT_SUFFIX} +LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Group,$LDAP_ROOT_SUFFIX} +LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-Domain Users} +LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home} + +set -eux # -x for verbose logging to juju debug-log ## XXXvlab: this is interactive : requires a password ! apt-get install -y slapd @@ -10,12 +26,12 @@ apt-get install -y slapd apt-get install -y ldap-utils -## Install a database - -rootsuffix="dc=example,dc=com" -rootdn="cn=admin,$rootsuffix" -rootpw="secret" +## remove default database +/etc/init.d/slapd stop +rm "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif" +/etc/init.d/slapd start +## Install a database cat < /tmp/database.ldif ## XXXvlab: already loaded @@ -31,10 +47,10 @@ dn: olcDatabase=hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {1}hdb -olcSuffix: $rootsuffix +olcSuffix: $LDAP_ROOT_SUFFIX olcDbDirectory: /var/lib/ldap -olcRootDN: $rootdn -olcRootPW: $rootpw +olcRootDN: $LDAP_ROOT_DN +olcRootPW: $LDAP_ROOT_PW olcDbConfig: set_cachesize 0 2097152 0 olcDbConfig: set_lk_max_objects 1500 olcDbConfig: set_lk_max_locks 1500 @@ -42,11 +58,10 @@ olcDbConfig: set_lk_max_lockers 1500 olcDbIndex: objectClass eq olcLastMod: TRUE olcDbCheckpoint: 512 30 -olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none +olcAccess: to attrs=userPassword by dn="$LDAP_ROOT_DN" write by anonymous auth by self write by * none olcAccess: to attrs=shadowLastChange by self write by * read olcAccess: to dn.base="" by * read -olcAccess: to * by dn="$rootdn" write by * read - +olcAccess: to * by dn="$LDAP_ROOT_DN" write by * read EOF @@ -54,6 +69,19 @@ ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif rm /tmp/database.ldif +## +## LDAP Backup +## + +cat < /etc/cron.d/ldapbackup + +SHELL=/bin/sh +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups + +EOF + ## MMC schema @@ -62,29 +90,32 @@ echo " deb http://mds.mandriva.org/pub/mds/debian squeeze main " >> /etc/apt/sources.list apt-get update -apt-get install -y mmc-agent +apt-get install -y mmc-agent python-mmc-mail mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/ mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/ -## Change password ## - -#python -c 'print($LDAP_PASSWORD).encode("base64")' - -# to put in /etc/mmc/plugins/base.ini - - -## -## LDAP Backup +## /etc/mmc/plugins/base.ini changes ## -cat < /etc/cron.d/ldapbackup - -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - -32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups - -EOF - +## Doesn't support a lot of different characters... '%\' comes to mind. +function set_cfg_option() { + local file option value + file=$1 + option=$2 + value=$3 + sed -ri "s%^(\s*$option\s*=\s*)(.*)$%\1$value%g" "$file" +} + +file="/etc/mmc/plugins/base.ini" +set_cfg_option "$file" baseDN "$LDAP_ROOT_SUFFIX" +set_cfg_option "$file" baseUsersDN "$LDAP_USERS_SUFFIX" +set_cfg_option "$file" baseGroupsDN "$LDAP_GROUPS_SUFFIX" +set_cfg_option "$file" rootName "$LDAP_ROOT_DN" +set_cfg_option "$file" password "{base64}$(echo -n "$LDAP_ROOT_PW" | base64)" +set_cfg_option "$file" defaultUserGroup "$LDAP_DEFAULT_GROUP" +set_cfg_option "$file" defaultHomeDir "$LDAP_DEFAULT_HOME" + + +set_cfg_option /etc/default/mmc-agent ENABLE yes