|
@ -0,0 +1,76 @@ |
|
|
|
|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
|
|
|
set -eux # -x for verbose logging to juju debug-log |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## XXXvlab: this is interactive : requires a password ! |
|
|
|
|
|
apt-get install -y slapd |
|
|
|
|
|
|
|
|
|
|
|
## XXXvlab: this is a client package, and could maybe be removed from here. |
|
|
|
|
|
apt-get install -y ldap-utils |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Install a database |
|
|
|
|
|
|
|
|
|
|
|
rootsuffix="dc=example,dc=com" |
|
|
|
|
|
rootdn="cn=admin,$rootsuffix" |
|
|
|
|
|
rootpw="secret" |
|
|
|
|
|
|
|
|
|
|
|
cat <<EOF > /tmp/database.ldif |
|
|
|
|
|
|
|
|
|
|
|
## XXXvlab: already loaded |
|
|
|
|
|
## Load dynamic backend modules |
|
|
|
|
|
#dn: cn=module,cn=config |
|
|
|
|
|
#objectClass: olcModuleList |
|
|
|
|
|
#cn: module |
|
|
|
|
|
#olcModulepath: /usr/lib/ldap |
|
|
|
|
|
#olcModuleload: back_hdb |
|
|
|
|
|
|
|
|
|
|
|
## Database settings |
|
|
|
|
|
dn: olcDatabase=hdb,cn=config |
|
|
|
|
|
objectClass: olcDatabaseConfig |
|
|
|
|
|
objectClass: olcHdbConfig |
|
|
|
|
|
olcDatabase: {1}hdb |
|
|
|
|
|
olcSuffix: $rootsuffix |
|
|
|
|
|
olcDbDirectory: /var/lib/ldap |
|
|
|
|
|
olcRootDN: $rootdn |
|
|
|
|
|
olcRootPW: $rootpw |
|
|
|
|
|
olcDbConfig: set_cachesize 0 2097152 0 |
|
|
|
|
|
olcDbConfig: set_lk_max_objects 1500 |
|
|
|
|
|
olcDbConfig: set_lk_max_locks 1500 |
|
|
|
|
|
olcDbConfig: set_lk_max_lockers 1500 |
|
|
|
|
|
olcDbIndex: objectClass eq |
|
|
|
|
|
olcLastMod: TRUE |
|
|
|
|
|
olcDbCheckpoint: 512 30 |
|
|
|
|
|
olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none |
|
|
|
|
|
olcAccess: to attrs=shadowLastChange by self write by * read |
|
|
|
|
|
olcAccess: to dn.base="" by * read |
|
|
|
|
|
olcAccess: to * by dn="$rootdn" write by * read |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif |
|
|
|
|
|
|
|
|
|
|
|
rm /tmp/database.ldif |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## MMC schema |
|
|
|
|
|
|
|
|
|
|
|
echo " |
|
|
|
|
|
## Mandriva Directory Server |
|
|
|
|
|
deb http://mds.mandriva.org/pub/mds/debian squeeze main |
|
|
|
|
|
" >> /etc/apt/sources.list |
|
|
|
|
|
apt-get update |
|
|
|
|
|
apt-get install -y mmc-agent |
|
|
|
|
|
|
|
|
|
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/ |
|
|
|
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/ |
|
|
|
|
|
|
|
|
|
|
|
## Change password |
|
|
|
|
|
## |
|
|
|
|
|
|
|
|
|
|
|
#python -c 'print($LDAP_PASSWORD).encode("base64")' |
|
|
|
|
|
|
|
|
|
|
|
# to put in /etc/mmc/plugins/base.ini |
|
|
|
|
|
|