From 04e8f0cac3e90632f105316b5c8a07e4d4366fec Mon Sep 17 00:00:00 2001 From: Arthur Lu Date: Fri, 26 Jan 2024 03:31:00 +0000 Subject: [PATCH] add starttls init script, fix some bugs with init script --- openldap/cert.sh | 19 +++++++++++++++++++ openldap/cert.template.ldif | 9 +++++++++ openldap/init.sh | 18 ++++++++++++------ 3 files changed, 40 insertions(+), 6 deletions(-) create mode 100755 openldap/cert.sh create mode 100644 openldap/cert.template.ldif diff --git a/openldap/cert.sh b/openldap/cert.sh new file mode 100755 index 0000000..5d1b329 --- /dev/null +++ b/openldap/cert.sh @@ -0,0 +1,19 @@ +# requires gnutls-bin ssl-cert + +export CA_FILE +export CERT_FILE +export KEY_FILE + +read -p "CA Cert File Path: " CA_FILE +read -p "Server Cert File Path: " CERT_FILE +read -p "Server Key File Path: " KEY_FILE + +envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif + +sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif + +rm cert.ldif + +unset CA_FILE +unset CERT_FILE +unset KEY_FILE \ No newline at end of file diff --git a/openldap/cert.template.ldif b/openldap/cert.template.ldif new file mode 100644 index 0000000..3062c96 --- /dev/null +++ b/openldap/cert.template.ldif @@ -0,0 +1,9 @@ +dn: cn=config +replace: olcTLSCACertificateFile +olcTLSCACertificateFile: $CA_FILE +- +replace: olcTLSCertificateFile +olcTLSCertificateFile: $CERT_FILE +- +replace: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: $KEY_FILE \ No newline at end of file diff --git a/openldap/init.sh b/openldap/init.sh index 1574529..77227bb 100755 --- a/openldap/init.sh +++ b/openldap/init.sh @@ -1,3 +1,8 @@ +# PAAS LDAP openldap server initialization script +# initializes a blank openldap server using root external bind +# requires user input for base dn, admin user, and admin user password +# requires slapd ldap-util + export BASE_DN='' export ADMIN_ID='' export ADMIN_EMAIL='' @@ -24,15 +29,16 @@ if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif - unset BASE_DN - unset ADMIN_ID - unset ADMIN_CN - unset ADMIN_SN - unset ADMIN_PASSWD rm auth.ldif init.ldif pass.ldif else echo "Error: Passwords do not match." -fi \ No newline at end of file +fi + +unset BASE_DN +unset ADMIN_ID +unset ADMIN_CN +unset ADMIN_SN +unset ADMIN_PASSWD \ No newline at end of file