diff options
Diffstat (limited to 'collab/openldap/mkconf.sh')
-rwxr-xr-x | collab/openldap/mkconf.sh | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/collab/openldap/mkconf.sh b/collab/openldap/mkconf.sh new file mode 100755 index 0000000000..ab625709b4 --- /dev/null +++ b/collab/openldap/mkconf.sh @@ -0,0 +1,197 @@ +#!/bin/sh +# $Id: mkconf.sh,v 1.5 2003/01/04 05:41:22 sergeyli Exp $ + +# full host name +HOST=$(hostname) && +# domain name part +DOMAIN=${HOST#*\.} && +# supposedly a company name +ORG=${DOMAIN%\.*} && +# common LDAP tree suffix +SUFFIX="dc=${DOMAIN//\./,dc=}" && +PASS=123456 && + +message "${MESSAGE_COLOR}Creating default slapd.conf${DEFAULT_COLOR}" && + +cat > /tmp/slapd.conf.default.$$ << __EOF__ && +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +# Auto-generated $NOW +# Change $SUFFIX to dc=company,dc=com for company.com +# +pidfile /var/run/slapd.pid +argsfile /var/run/slapd.args + +schemacheck on + +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/nis.schema +#include /etc/openldap/schema/misc.schema +#include /etc/openldap/schema/openldap.schema +#include /etc/openldap/schema/java.schema + +# +# slapd provides ample logging, so enable this for debugging only +# consult slapd.conf(8) manpage for values +# +#loglevel 968 + +# The userPassword by default can be changed +# by the entry owning it if they are authenticated. +# Others should not be able to see it +# +# rootdn always has write access, just bind using its DN +# +access to attribute=userPassword + by anonymous auth + by self write + by * none +access to * + by * read + +defaultsearchbase "$SUFFIX" + +# +# Save the time that the entry gets modified +# +lastmod on + +####################################################################### +# Berkeley DB backend database definitions +####################################################################### + +# Backend name +backend bdb + +# Berkeley DB (DBD) will serve as a backend +database bdb + +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd/tools. Mode 700 recommended. +directory /var/openldap-data + +# Indices to maintain +index objectclass eq +index uid eq + +suffix "$SUFFIX" +rootdn "cn=root,$SUFFIX" + +# Cleartext passwords, especially for the rootdn, should +# be avoided. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +# Default password (please change!): $PASS +rootpw "$(slappasswd -s "$PASS")" +__EOF__ + +mv /tmp/slapd.conf.default.$$ /etc/openldap/slapd.conf.default && +if ! [ -e /etc/openldap/slapd.conf ]; then + cp /etc/openldap/slapd.conf.default /etc/openldap/slapd.conf +fi && + +message "${MESSAGE_COLOR}Creating default ldap.conf${DEFAULT_COLOR}" && + +cat > /tmp/ldap.conf.default.$$ << __EOF__ && +# This is the configuration file for the LDAP nameservice +# switch library and the LDAP PAM module. +# +# PADL Software +# http://www.padl.com +# +# See ldap.conf from pam_ldap package for more options +# + +# The distinguished name of the search base. +# Replace with suffix from slapd.conf +base $SUFFIX + +# Another way to specify your LDAP server is to provide an +# uri with the server name. This allows to use +# Unix Domain Sockets to connect to a local LDAP Server. +uri ldap://127.0.0.1/ +#uri ldaps://127.0.0.1/ +#uri ldapi://%2fvar%2frun%2fldapi_sock/ +# Note: %2f encodes the '/' used as directory separator + +# Filter to AND with uid=%s +# May speed up searches +pam_filter objectclass=posixAccount + +# Use the OpenLDAP password change +# extended operation to update the password. +pam_password exop + +# LDAP protocol version +ldap_version 3 +__EOF__ + +mv /tmp/ldap.conf.default.$$ /etc/ldap.conf.default && +if ! [ -e /etc/ldap.conf ]; then + cp /etc/ldap.conf.default /etc/ldap.conf +fi && + +message "${MESSAGE_COLOR}Creating sample LDIF for top hierarchy${DEFAULT_COLOR}" && + +cat > /tmp/top.ldif.$$ << __EOF__ && +# +# Replace $SUFFIX with suffix from slapd.conf +# Use the following command to create th hierarchy: +# ldapadd -D "cn=root,$SUFFIX" -W -f /etc/openldap/top.ldif +# + +dn: $SUFFIX +objectclass: dcObject +objectclass: organization +dc: $ORG +o: $ORG + +dn: ou=Users,$SUFFIX +objectclass: organizationalUnit +ou: Users + +dn: ou=Groups,$SUFFIX +objectclass: organizationalUnit +ou: Groups +__EOF__ + +mv /tmp/top.ldif.$$ /etc/openldap/top.ldif && + +message "${MESSAGE_COLOR}Creating sample LDIF for user and group creation${DEFAULT_COLOR}" && + +cat > /tmp/usergroup.ldif.$$ << __EOF__ && +# +# Sample user and group LDIF file +# Replace $SUFFIX with suffix from slapd.conf +# + +dn: cn=john,ou=Groups,$SUFFIX +objectClass: posixGroup +cn: john +userPassword: {CRYPT}x +gidNumber: 1001 +memberuid: john + +dn: cn=john,ou=Users,$SUFFIX +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +cn: john +uid: john +# Sample password: john +userPassword: `slappasswd -s "john"` +shadowLastChange: 11763 +shadowMax: 99999 +shadowWarning: 7 +loginShell: /bin/sh +uidNumber: 1001 +gidNumber: 1001 +homeDirectory: /home/john +__EOF__ + +mv /tmp/usergroup.ldif.$$ /etc/openldap/usergroup.ldif && + +message "${MESSAGE_COLOR}Use $SCRIPT_DIRECTORY/mkaccount.sh${DEFAULT_COLOR}" && +message "${MESSAGE_COLOR}to create LDIF for new account${DEFAULT_COLOR}" |