You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

121 lines
3.4 KiB

#!/bin/bash
LDAP_ROOT_SUFFIX="dc=kalysto,dc=org"
LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX}
LDAP_ROOT_PW=acdlLlmap
LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=Users,$LDAP_ROOT_SUFFIX}
LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Groups,$LDAP_ROOT_SUFFIX}
LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-basic-users}
LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home/kalysto.org}
LDAP_ROOT_SUFFIX=${LDAP_ROOT_SUFFIX:-dc=example,dc=com}
LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX}
LDAP_ROOT_PW=${LDAP_ROOT_PW:secret}
LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=People,$LDAP_ROOT_SUFFIX}
LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Group,$LDAP_ROOT_SUFFIX}
LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-Domain Users}
LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home}
set -eux
## XXXvlab: this is interactive : requires a password !
apt-get install -y slapd
## XXXvlab: this is a client package, and could maybe be removed from here.
apt-get install -y ldap-utils
## remove default database
/etc/init.d/slapd stop
rm "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif"
/etc/init.d/slapd start
## Install a database
cat <<EOF > /tmp/database.ldif
## XXXvlab: already loaded
## Load dynamic backend modules
#dn: cn=module,cn=config
#objectClass: olcModuleList
#cn: module
#olcModulepath: /usr/lib/ldap
#olcModuleload: back_hdb
## Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: $LDAP_ROOT_SUFFIX
olcDbDirectory: /var/lib/ldap
olcRootDN: $LDAP_ROOT_DN
olcRootPW: $LDAP_ROOT_PW
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="$LDAP_ROOT_DN" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="$LDAP_ROOT_DN" write by * read
EOF
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif
rm /tmp/database.ldif
##
## LDAP Backup
##
cat <<EOF > /etc/cron.d/ldapbackup
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups
EOF
## MMC schema
echo "
## Mandriva Directory Server
deb http://mds.mandriva.org/pub/mds/debian squeeze main
" >> /etc/apt/sources.list
apt-get update
apt-get install -y mmc-agent python-mmc-mail
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
##
## /etc/mmc/plugins/base.ini changes
##
## Doesn't support a lot of different characters... '%\' comes to mind.
function set_cfg_option() {
local file option value
file=$1
option=$2
value=$3
sed -ri "s%^(\s*$option\s*=\s*)(.*)$%\1$value%g" "$file"
}
file="/etc/mmc/plugins/base.ini"
set_cfg_option "$file" baseDN "$LDAP_ROOT_SUFFIX"
set_cfg_option "$file" baseUsersDN "$LDAP_USERS_SUFFIX"
set_cfg_option "$file" baseGroupsDN "$LDAP_GROUPS_SUFFIX"
set_cfg_option "$file" rootName "$LDAP_ROOT_DN"
set_cfg_option "$file" password "{base64}$(echo -n "$LDAP_ROOT_PW" | base64)"
set_cfg_option "$file" defaultUserGroup "$LDAP_DEFAULT_GROUP"
set_cfg_option "$file" defaultHomeDir "$LDAP_DEFAULT_HOME"
set_cfg_option /etc/default/mmc-agent ENABLE yes