change paas to any admin user in init

This commit is contained in:
Arthur Lu 2024-01-16 22:44:37 +00:00
parent 68eebae8cf
commit b7731c1fc7
3 changed files with 19 additions and 12 deletions

View File

@ -1,18 +1,25 @@
export BASE_DN='' export BASE_DN=''
export ADMIN_ID=''
export ADMIN_CN=''
export ADMIN_SN=''
export ADMIN_PASSWD=''
read -p "Base DN: " BASE_DN read -p "Base DN: " BASE_DN
read -p "Admin User ID: " ADMIN_ID
export PAAS_PASSWD=$(tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' < /dev/urandom | head -c 256; echo) read -p "Admin User CN: " ADMIN_CN
echo -n "$PAAS_PASSWD" > paas.token read -p "Admin User SN: " ADMIN_SN
echo "Saved PAAS Authentication Token (password) to paas.token" read -s -p "Admin Password: " ADMIN_PASSWD
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
envsubst '$BASE_DN:$PAAS_PASSWD' < init.template.ldif > init.ldif envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
unset BASE_DN unset BASE_DN
unset PAAS_PASSWD unset ADMIN_ID
unset ADMIN_CN
unset ADMIN_SN
unset ADMIN_PASSWD
rm auth.ldif init.ldif pass.ldif rm auth.ldif init.ldif pass.ldif

View File

@ -15,9 +15,9 @@ member: uid=paas,ou=people,$BASE_DN
cn: admins cn: admins
# paas user # paas user
dn: uid=paas,ou=people,$BASE_DN dn: uid=$ADMIN_ID,ou=people,$BASE_DN
objectClass: inetOrgPerson objectClass: inetOrgPerson
cn: paas cn: $ADMIN_CN
sn: paas sn: $ADMIN_SN
uid: paas uid: $ADMIN_ID
userPassword: $PAAS_PASSWD userPassword: $ADMIN_PASSWD

View File

@ -70,7 +70,7 @@ app.post("/ticket", async (req, res) => {
res.status(200).send({ auth: true }); res.status(200).send({ auth: true });
} }
else { else {
res.send({ res.status(403).send({
ok: bindResult.ok, ok: bindResult.ok,
error: bindResult.error error: bindResult.error
}); });