|
@ -1,7 +1,23 @@ |
|
|
#!/bin/bash |
|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
set -eux # -x for verbose logging to juju debug-log |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDAP_ROOT_SUFFIX="dc=kalysto,dc=org" |
|
|
|
|
|
LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_ROOT_PW=acdlLlmap |
|
|
|
|
|
LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=Users,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Groups,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-basic-users} |
|
|
|
|
|
LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home/kalysto.org} |
|
|
|
|
|
|
|
|
|
|
|
LDAP_ROOT_SUFFIX=${LDAP_ROOT_SUFFIX:-dc=example,dc=com} |
|
|
|
|
|
LDAP_ROOT_DN=${LDAP_ROOT_DN:-cn=admin,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_ROOT_PW=${LDAP_ROOT_PW:secret} |
|
|
|
|
|
LDAP_USERS_SUFFIX=${LDAP_USERS_SUFFIX:-ou=People,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_GROUPS_SUFFIX=${LDAP_GROUPS_SUFFIX:-ou=Group,$LDAP_ROOT_SUFFIX} |
|
|
|
|
|
LDAP_DEFAULT_GROUP=${LDAP_DEFAULT_GROUP:-Domain Users} |
|
|
|
|
|
LDAP_DEFAULT_HOME=${LDAP_DEFAULT_HOME:-/home} |
|
|
|
|
|
|
|
|
|
|
|
set -eux # -x for verbose logging to juju debug-log |
|
|
|
|
|
|
|
|
## XXXvlab: this is interactive : requires a password ! |
|
|
## XXXvlab: this is interactive : requires a password ! |
|
|
apt-get install -y slapd |
|
|
apt-get install -y slapd |
|
@ -10,12 +26,12 @@ apt-get install -y slapd |
|
|
apt-get install -y ldap-utils |
|
|
apt-get install -y ldap-utils |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Install a database |
|
|
|
|
|
|
|
|
|
|
|
rootsuffix="dc=example,dc=com" |
|
|
|
|
|
rootdn="cn=admin,$rootsuffix" |
|
|
|
|
|
rootpw="secret" |
|
|
|
|
|
|
|
|
## remove default database |
|
|
|
|
|
/etc/init.d/slapd stop |
|
|
|
|
|
rm "/etc/ldap/slapd.d/cn=config/olcDatabase={1}hdb.ldif" |
|
|
|
|
|
/etc/init.d/slapd start |
|
|
|
|
|
|
|
|
|
|
|
## Install a database |
|
|
cat <<EOF > /tmp/database.ldif |
|
|
cat <<EOF > /tmp/database.ldif |
|
|
|
|
|
|
|
|
## XXXvlab: already loaded |
|
|
## XXXvlab: already loaded |
|
@ -31,10 +47,10 @@ dn: olcDatabase=hdb,cn=config |
|
|
objectClass: olcDatabaseConfig |
|
|
objectClass: olcDatabaseConfig |
|
|
objectClass: olcHdbConfig |
|
|
objectClass: olcHdbConfig |
|
|
olcDatabase: {1}hdb |
|
|
olcDatabase: {1}hdb |
|
|
olcSuffix: $rootsuffix |
|
|
|
|
|
|
|
|
olcSuffix: $LDAP_ROOT_SUFFIX |
|
|
olcDbDirectory: /var/lib/ldap |
|
|
olcDbDirectory: /var/lib/ldap |
|
|
olcRootDN: $rootdn |
|
|
|
|
|
olcRootPW: $rootpw |
|
|
|
|
|
|
|
|
olcRootDN: $LDAP_ROOT_DN |
|
|
|
|
|
olcRootPW: $LDAP_ROOT_PW |
|
|
olcDbConfig: set_cachesize 0 2097152 0 |
|
|
olcDbConfig: set_cachesize 0 2097152 0 |
|
|
olcDbConfig: set_lk_max_objects 1500 |
|
|
olcDbConfig: set_lk_max_objects 1500 |
|
|
olcDbConfig: set_lk_max_locks 1500 |
|
|
olcDbConfig: set_lk_max_locks 1500 |
|
@ -42,11 +58,10 @@ olcDbConfig: set_lk_max_lockers 1500 |
|
|
olcDbIndex: objectClass eq |
|
|
olcDbIndex: objectClass eq |
|
|
olcLastMod: TRUE |
|
|
olcLastMod: TRUE |
|
|
olcDbCheckpoint: 512 30 |
|
|
olcDbCheckpoint: 512 30 |
|
|
olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none |
|
|
|
|
|
|
|
|
olcAccess: to attrs=userPassword by dn="$LDAP_ROOT_DN" write by anonymous auth by self write by * none |
|
|
olcAccess: to attrs=shadowLastChange by self write by * read |
|
|
olcAccess: to attrs=shadowLastChange by self write by * read |
|
|
olcAccess: to dn.base="" by * read |
|
|
olcAccess: to dn.base="" by * read |
|
|
olcAccess: to * by dn="$rootdn" write by * read |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
olcAccess: to * by dn="$LDAP_ROOT_DN" write by * read |
|
|
|
|
|
|
|
|
EOF |
|
|
EOF |
|
|
|
|
|
|
|
@ -54,6 +69,19 @@ ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif |
|
|
|
|
|
|
|
|
rm /tmp/database.ldif |
|
|
rm /tmp/database.ldif |
|
|
|
|
|
|
|
|
|
|
|
## |
|
|
|
|
|
## LDAP Backup |
|
|
|
|
|
## |
|
|
|
|
|
|
|
|
|
|
|
cat <<EOF > /etc/cron.d/ldapbackup |
|
|
|
|
|
|
|
|
|
|
|
SHELL=/bin/sh |
|
|
|
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
|
|
|
|
|
|
|
|
|
|
32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups |
|
|
|
|
|
|
|
|
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## MMC schema |
|
|
## MMC schema |
|
|
|
|
|
|
|
@ -62,29 +90,32 @@ echo " |
|
|
deb http://mds.mandriva.org/pub/mds/debian squeeze main |
|
|
deb http://mds.mandriva.org/pub/mds/debian squeeze main |
|
|
" >> /etc/apt/sources.list |
|
|
" >> /etc/apt/sources.list |
|
|
apt-get update |
|
|
apt-get update |
|
|
apt-get install -y mmc-agent |
|
|
|
|
|
|
|
|
apt-get install -y mmc-agent python-mmc-mail |
|
|
|
|
|
|
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/ |
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/ |
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/ |
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/ |
|
|
|
|
|
|
|
|
## Change password |
|
|
|
|
|
## |
|
|
## |
|
|
|
|
|
|
|
|
#python -c 'print($LDAP_PASSWORD).encode("base64")' |
|
|
|
|
|
|
|
|
|
|
|
# to put in /etc/mmc/plugins/base.ini |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## |
|
|
|
|
|
## LDAP Backup |
|
|
|
|
|
|
|
|
## /etc/mmc/plugins/base.ini changes |
|
|
## |
|
|
## |
|
|
|
|
|
|
|
|
cat <<EOF > /etc/cron.d/ldapbackup |
|
|
|
|
|
|
|
|
|
|
|
SHELL=/bin/sh |
|
|
|
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
|
|
|
|
|
|
|
|
|
|
32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups |
|
|
|
|
|
|
|
|
|
|
|
EOF |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Doesn't support a lot of different characters... '%\' comes to mind. |
|
|
|
|
|
function set_cfg_option() { |
|
|
|
|
|
local file option value |
|
|
|
|
|
file=$1 |
|
|
|
|
|
option=$2 |
|
|
|
|
|
value=$3 |
|
|
|
|
|
sed -ri "s%^(\s*$option\s*=\s*)(.*)$%\1$value%g" "$file" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
file="/etc/mmc/plugins/base.ini" |
|
|
|
|
|
set_cfg_option "$file" baseDN "$LDAP_ROOT_SUFFIX" |
|
|
|
|
|
set_cfg_option "$file" baseUsersDN "$LDAP_USERS_SUFFIX" |
|
|
|
|
|
set_cfg_option "$file" baseGroupsDN "$LDAP_GROUPS_SUFFIX" |
|
|
|
|
|
set_cfg_option "$file" rootName "$LDAP_ROOT_DN" |
|
|
|
|
|
set_cfg_option "$file" password "{base64}$(echo -n "$LDAP_ROOT_PW" | base64)" |
|
|
|
|
|
set_cfg_option "$file" defaultUserGroup "$LDAP_DEFAULT_GROUP" |
|
|
|
|
|
set_cfg_option "$file" defaultHomeDir "$LDAP_DEFAULT_HOME" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
set_cfg_option /etc/default/mmc-agent ENABLE yes |