From cb4a3e4031e541e8dcea9ab03c53e8f60881384e Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Thu, 28 Mar 2024 21:29:37 +0000
Subject: [PATCH] remove ldap setup scripts

---
 openldap/auth.template.ldif | 21 ------------------
 openldap/cert.sh            | 19 ----------------
 openldap/cert.template.ldif |  9 --------
 openldap/init.sh            | 44 -------------------------------------
 openldap/init.template.ldif | 24 --------------------
 openldap/pass.template.ldif | 23 -------------------
 6 files changed, 140 deletions(-)
 delete mode 100644 openldap/auth.template.ldif
 delete mode 100755 openldap/cert.sh
 delete mode 100644 openldap/cert.template.ldif
 delete mode 100755 openldap/init.sh
 delete mode 100644 openldap/init.template.ldif
 delete mode 100644 openldap/pass.template.ldif

diff --git a/openldap/auth.template.ldif b/openldap/auth.template.ldif
deleted file mode 100644
index 9eab252..0000000
--- a/openldap/auth.template.ldif
+++ /dev/null
@@ -1,21 +0,0 @@
-# Add permissions
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-delete: olcAccess
--
-add: olcAccess
-olcAccess: {0}to attrs=userPassword
-    by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" =wcdx
-    by self write 
-    by anonymous auth 
-    by * none
-olcAccess: {1}to attrs=shadowLastChange,cn,sn
-    by self write 
-    by * read
-olcAccess: {2}to dn.subtree="$BASE_DN"
-    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
-    by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" write
-    by * read
-olcAccess: {3}to * 
-    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
-    by * read
diff --git a/openldap/cert.sh b/openldap/cert.sh
deleted file mode 100755
index 5d1b329..0000000
--- a/openldap/cert.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-# requires gnutls-bin ssl-cert
-
-export CA_FILE
-export CERT_FILE
-export KEY_FILE
-
-read -p "CA Cert File Path: " CA_FILE
-read -p "Server Cert File Path: " CERT_FILE
-read -p "Server Key File Path: " KEY_FILE
-
-envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
-
-sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
-
-rm cert.ldif
-
-unset CA_FILE
-unset CERT_FILE
-unset KEY_FILE
\ No newline at end of file
diff --git a/openldap/cert.template.ldif b/openldap/cert.template.ldif
deleted file mode 100644
index 3062c96..0000000
--- a/openldap/cert.template.ldif
+++ /dev/null
@@ -1,9 +0,0 @@
-dn: cn=config
-replace: olcTLSCACertificateFile
-olcTLSCACertificateFile: $CA_FILE
--
-replace: olcTLSCertificateFile
-olcTLSCertificateFile: $CERT_FILE
--
-replace: olcTLSCertificateKeyFile
-olcTLSCertificateKeyFile: $KEY_FILE
\ No newline at end of file
diff --git a/openldap/init.sh b/openldap/init.sh
deleted file mode 100755
index 77227bb..0000000
--- a/openldap/init.sh
+++ /dev/null
@@ -1,44 +0,0 @@
-# PAAS LDAP openldap server initialization script
-# initializes a blank openldap server using root external bind
-# requires user input for base dn, admin user, and admin user password
-# requires slapd ldap-util
-
-export BASE_DN=''
-export ADMIN_ID=''
-export ADMIN_EMAIL=''
-export ADMIN_CN=''
-export ADMIN_SN=''
-export ADMIN_PASSWD=''
-read -p "Base DN: " BASE_DN
-read -p "Admin User ID: " ADMIN_ID
-read -p "Admin User Email: " ADMIN_EMAIL
-read -p "Admin User CN: " ADMIN_CN
-read -p "Admin User SN: " ADMIN_SN
-read -s -p "Admin Password: " ADMIN_PASSWD
-echo ""
-read -s -p "Confirm Password: " CONFIRM_PASSWD
-echo ""
-
-if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
-
-    envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
-    envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
-    envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
-
-    sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
-    sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
-    sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
-
-    rm auth.ldif init.ldif pass.ldif
-
-else 
-
-    echo "Error: Passwords do not match."
-
-fi
-
-unset BASE_DN
-unset ADMIN_ID
-unset ADMIN_CN
-unset ADMIN_SN
-unset ADMIN_PASSWD
\ No newline at end of file
diff --git a/openldap/init.template.ldif b/openldap/init.template.ldif
deleted file mode 100644
index 886f4e8..0000000
--- a/openldap/init.template.ldif
+++ /dev/null
@@ -1,24 +0,0 @@
-# people ou
-dn: ou=people,$BASE_DN
-objectClass: organizationalUnit
-ou: people
-
-# group ou
-dn: ou=groups,$BASE_DN
-objectClass: organizationalUnit
-ou: groups
-
-# admin group
-dn: cn=admins,ou=groups,$BASE_DN
-objectClass: groupOfNames
-member: uid=$ADMIN_ID,ou=people,$BASE_DN
-cn: admins
-
-# paas user 
-dn: uid=$ADMIN_ID,ou=people,$BASE_DN
-objectClass: inetOrgPerson
-mail: $ADMIN_EMAIL
-cn: $ADMIN_CN
-sn: $ADMIN_SN
-uid: $ADMIN_ID
-userPassword: $ADMIN_PASSWD
diff --git a/openldap/pass.template.ldif b/openldap/pass.template.ldif
deleted file mode 100644
index 260fbc9..0000000
--- a/openldap/pass.template.ldif
+++ /dev/null
@@ -1,23 +0,0 @@
-# load pw-sha2 module
-dn: cn=module{0},cn=config
-changetype: modify
-add: olcModuleLoad
-olcModuleLoad: pw-sha2.la
-olcModuleLoad: ppolicy.la
-
-# set default password hash to SSHA512
-dn: olcDatabase={-1}frontend,cn=config
-changetype: modify
-add: olcPasswordHash
-olcPasswordHash: {SSHA512}
-
-# add password policy to use SSHA512 hash
-dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
-changetype: add
-objectClass: olcOverlayConfig
-objectClass: olcPPolicyConfig
-olcOverlay: ppolicy
-olcPPolicyDefault: cn=password,ou=policies,$BASE_DN
-olcPPolicyHashCleartext: TRUE
-olcPPolicyUseLockout: FALSE
-olcPPolicyForwardUpdates: FALSE