add starttls init script,

fix some bugs with init script
This commit is contained in:
Arthur Lu 2024-01-26 03:31:00 +00:00
parent 677f52b135
commit 04e8f0cac3
3 changed files with 40 additions and 6 deletions

19
openldap/cert.sh Executable file
View File

@ -0,0 +1,19 @@
# requires gnutls-bin ssl-cert
export CA_FILE
export CERT_FILE
export KEY_FILE
read -p "CA Cert File Path: " CA_FILE
read -p "Server Cert File Path: " CERT_FILE
read -p "Server Key File Path: " KEY_FILE
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
rm cert.ldif
unset CA_FILE
unset CERT_FILE
unset KEY_FILE

View File

@ -0,0 +1,9 @@
dn: cn=config
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: $CA_FILE
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: $CERT_FILE
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: $KEY_FILE

View File

@ -1,3 +1,8 @@
# PAAS LDAP openldap server initialization script
# initializes a blank openldap server using root external bind
# requires user input for base dn, admin user, and admin user password
# requires slapd ldap-util
export BASE_DN='' export BASE_DN=''
export ADMIN_ID='' export ADMIN_ID=''
export ADMIN_EMAIL='' export ADMIN_EMAIL=''
@ -24,11 +29,6 @@ if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
unset BASE_DN
unset ADMIN_ID
unset ADMIN_CN
unset ADMIN_SN
unset ADMIN_PASSWD
rm auth.ldif init.ldif pass.ldif rm auth.ldif init.ldif pass.ldif
else else
@ -36,3 +36,9 @@ else
echo "Error: Passwords do not match." echo "Error: Passwords do not match."
fi fi
unset BASE_DN
unset ADMIN_ID
unset ADMIN_CN
unset ADMIN_SN
unset ADMIN_PASSWD