forked from 0k/0k-charms
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.0 KiB
90 lines
2.0 KiB
#!/bin/bash
|
|
|
|
set -eux # -x for verbose logging to juju debug-log
|
|
|
|
|
|
## XXXvlab: this is interactive : requires a password !
|
|
apt-get install -y slapd
|
|
|
|
## XXXvlab: this is a client package, and could maybe be removed from here.
|
|
apt-get install -y ldap-utils
|
|
|
|
|
|
## Install a database
|
|
|
|
rootsuffix="dc=example,dc=com"
|
|
rootdn="cn=admin,$rootsuffix"
|
|
rootpw="secret"
|
|
|
|
cat <<EOF > /tmp/database.ldif
|
|
|
|
## XXXvlab: already loaded
|
|
## Load dynamic backend modules
|
|
#dn: cn=module,cn=config
|
|
#objectClass: olcModuleList
|
|
#cn: module
|
|
#olcModulepath: /usr/lib/ldap
|
|
#olcModuleload: back_hdb
|
|
|
|
## Database settings
|
|
dn: olcDatabase=hdb,cn=config
|
|
objectClass: olcDatabaseConfig
|
|
objectClass: olcHdbConfig
|
|
olcDatabase: {1}hdb
|
|
olcSuffix: $rootsuffix
|
|
olcDbDirectory: /var/lib/ldap
|
|
olcRootDN: $rootdn
|
|
olcRootPW: $rootpw
|
|
olcDbConfig: set_cachesize 0 2097152 0
|
|
olcDbConfig: set_lk_max_objects 1500
|
|
olcDbConfig: set_lk_max_locks 1500
|
|
olcDbConfig: set_lk_max_lockers 1500
|
|
olcDbIndex: objectClass eq
|
|
olcLastMod: TRUE
|
|
olcDbCheckpoint: 512 30
|
|
olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none
|
|
olcAccess: to attrs=shadowLastChange by self write by * read
|
|
olcAccess: to dn.base="" by * read
|
|
olcAccess: to * by dn="$rootdn" write by * read
|
|
|
|
|
|
EOF
|
|
|
|
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif
|
|
|
|
rm /tmp/database.ldif
|
|
|
|
|
|
## MMC schema
|
|
|
|
echo "
|
|
## Mandriva Directory Server
|
|
deb http://mds.mandriva.org/pub/mds/debian squeeze main
|
|
" >> /etc/apt/sources.list
|
|
apt-get update
|
|
apt-get install -y mmc-agent
|
|
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
|
|
mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
|
|
|
|
## Change password
|
|
##
|
|
|
|
#python -c 'print($LDAP_PASSWORD).encode("base64")'
|
|
|
|
# to put in /etc/mmc/plugins/base.ini
|
|
|
|
|
|
##
|
|
## LDAP Backup
|
|
##
|
|
|
|
cat <<EOF > /etc/cron.d/ldapbackup
|
|
|
|
SHELL=/bin/sh
|
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
32 1 * * * root ansi_colors=no dayold=3 nbold=15 ldapdump_to_dir /var/backups
|
|
|
|
EOF
|
|
|