add starttls init script,
fix some bugs with init script
This commit is contained in:
parent
677f52b135
commit
04e8f0cac3
19
openldap/cert.sh
Executable file
19
openldap/cert.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
# requires gnutls-bin ssl-cert
|
||||||
|
|
||||||
|
export CA_FILE
|
||||||
|
export CERT_FILE
|
||||||
|
export KEY_FILE
|
||||||
|
|
||||||
|
read -p "CA Cert File Path: " CA_FILE
|
||||||
|
read -p "Server Cert File Path: " CERT_FILE
|
||||||
|
read -p "Server Key File Path: " KEY_FILE
|
||||||
|
|
||||||
|
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
|
||||||
|
|
||||||
|
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
|
||||||
|
|
||||||
|
rm cert.ldif
|
||||||
|
|
||||||
|
unset CA_FILE
|
||||||
|
unset CERT_FILE
|
||||||
|
unset KEY_FILE
|
9
openldap/cert.template.ldif
Normal file
9
openldap/cert.template.ldif
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
dn: cn=config
|
||||||
|
replace: olcTLSCACertificateFile
|
||||||
|
olcTLSCACertificateFile: $CA_FILE
|
||||||
|
-
|
||||||
|
replace: olcTLSCertificateFile
|
||||||
|
olcTLSCertificateFile: $CERT_FILE
|
||||||
|
-
|
||||||
|
replace: olcTLSCertificateKeyFile
|
||||||
|
olcTLSCertificateKeyFile: $KEY_FILE
|
@ -1,3 +1,8 @@
|
|||||||
|
# PAAS LDAP openldap server initialization script
|
||||||
|
# initializes a blank openldap server using root external bind
|
||||||
|
# requires user input for base dn, admin user, and admin user password
|
||||||
|
# requires slapd ldap-util
|
||||||
|
|
||||||
export BASE_DN=''
|
export BASE_DN=''
|
||||||
export ADMIN_ID=''
|
export ADMIN_ID=''
|
||||||
export ADMIN_EMAIL=''
|
export ADMIN_EMAIL=''
|
||||||
@ -24,11 +29,6 @@ if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
|
|||||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
|
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
|
||||||
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
|
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
|
||||||
|
|
||||||
unset BASE_DN
|
|
||||||
unset ADMIN_ID
|
|
||||||
unset ADMIN_CN
|
|
||||||
unset ADMIN_SN
|
|
||||||
unset ADMIN_PASSWD
|
|
||||||
rm auth.ldif init.ldif pass.ldif
|
rm auth.ldif init.ldif pass.ldif
|
||||||
|
|
||||||
else
|
else
|
||||||
@ -36,3 +36,9 @@ else
|
|||||||
echo "Error: Passwords do not match."
|
echo "Error: Passwords do not match."
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
unset BASE_DN
|
||||||
|
unset ADMIN_ID
|
||||||
|
unset ADMIN_CN
|
||||||
|
unset ADMIN_SN
|
||||||
|
unset ADMIN_PASSWD
|
Loading…
Reference in New Issue
Block a user