remove ldap setup scripts
This commit is contained in:
parent
6fff2a3f7f
commit
cb4a3e4031
@ -1,21 +0,0 @@
|
|||||||
# Add permissions
|
|
||||||
dn: olcDatabase={1}mdb,cn=config
|
|
||||||
changetype: modify
|
|
||||||
delete: olcAccess
|
|
||||||
-
|
|
||||||
add: olcAccess
|
|
||||||
olcAccess: {0}to attrs=userPassword
|
|
||||||
by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" =wcdx
|
|
||||||
by self write
|
|
||||||
by anonymous auth
|
|
||||||
by * none
|
|
||||||
olcAccess: {1}to attrs=shadowLastChange,cn,sn
|
|
||||||
by self write
|
|
||||||
by * read
|
|
||||||
olcAccess: {2}to dn.subtree="$BASE_DN"
|
|
||||||
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
||||||
by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" write
|
|
||||||
by * read
|
|
||||||
olcAccess: {3}to *
|
|
||||||
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
|
|
||||||
by * read
|
|
@ -1,19 +0,0 @@
|
|||||||
# requires gnutls-bin ssl-cert
|
|
||||||
|
|
||||||
export CA_FILE
|
|
||||||
export CERT_FILE
|
|
||||||
export KEY_FILE
|
|
||||||
|
|
||||||
read -p "CA Cert File Path: " CA_FILE
|
|
||||||
read -p "Server Cert File Path: " CERT_FILE
|
|
||||||
read -p "Server Key File Path: " KEY_FILE
|
|
||||||
|
|
||||||
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
|
|
||||||
|
|
||||||
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
|
|
||||||
|
|
||||||
rm cert.ldif
|
|
||||||
|
|
||||||
unset CA_FILE
|
|
||||||
unset CERT_FILE
|
|
||||||
unset KEY_FILE
|
|
@ -1,9 +0,0 @@
|
|||||||
dn: cn=config
|
|
||||||
replace: olcTLSCACertificateFile
|
|
||||||
olcTLSCACertificateFile: $CA_FILE
|
|
||||||
-
|
|
||||||
replace: olcTLSCertificateFile
|
|
||||||
olcTLSCertificateFile: $CERT_FILE
|
|
||||||
-
|
|
||||||
replace: olcTLSCertificateKeyFile
|
|
||||||
olcTLSCertificateKeyFile: $KEY_FILE
|
|
@ -1,44 +0,0 @@
|
|||||||
# PAAS LDAP openldap server initialization script
|
|
||||||
# initializes a blank openldap server using root external bind
|
|
||||||
# requires user input for base dn, admin user, and admin user password
|
|
||||||
# requires slapd ldap-util
|
|
||||||
|
|
||||||
export BASE_DN=''
|
|
||||||
export ADMIN_ID=''
|
|
||||||
export ADMIN_EMAIL=''
|
|
||||||
export ADMIN_CN=''
|
|
||||||
export ADMIN_SN=''
|
|
||||||
export ADMIN_PASSWD=''
|
|
||||||
read -p "Base DN: " BASE_DN
|
|
||||||
read -p "Admin User ID: " ADMIN_ID
|
|
||||||
read -p "Admin User Email: " ADMIN_EMAIL
|
|
||||||
read -p "Admin User CN: " ADMIN_CN
|
|
||||||
read -p "Admin User SN: " ADMIN_SN
|
|
||||||
read -s -p "Admin Password: " ADMIN_PASSWD
|
|
||||||
echo ""
|
|
||||||
read -s -p "Confirm Password: " CONFIRM_PASSWD
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
|
|
||||||
|
|
||||||
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
|
|
||||||
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
|
|
||||||
envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
|
|
||||||
|
|
||||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
|
|
||||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
|
|
||||||
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
|
|
||||||
|
|
||||||
rm auth.ldif init.ldif pass.ldif
|
|
||||||
|
|
||||||
else
|
|
||||||
|
|
||||||
echo "Error: Passwords do not match."
|
|
||||||
|
|
||||||
fi
|
|
||||||
|
|
||||||
unset BASE_DN
|
|
||||||
unset ADMIN_ID
|
|
||||||
unset ADMIN_CN
|
|
||||||
unset ADMIN_SN
|
|
||||||
unset ADMIN_PASSWD
|
|
@ -1,24 +0,0 @@
|
|||||||
# people ou
|
|
||||||
dn: ou=people,$BASE_DN
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: people
|
|
||||||
|
|
||||||
# group ou
|
|
||||||
dn: ou=groups,$BASE_DN
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
ou: groups
|
|
||||||
|
|
||||||
# admin group
|
|
||||||
dn: cn=admins,ou=groups,$BASE_DN
|
|
||||||
objectClass: groupOfNames
|
|
||||||
member: uid=$ADMIN_ID,ou=people,$BASE_DN
|
|
||||||
cn: admins
|
|
||||||
|
|
||||||
# paas user
|
|
||||||
dn: uid=$ADMIN_ID,ou=people,$BASE_DN
|
|
||||||
objectClass: inetOrgPerson
|
|
||||||
mail: $ADMIN_EMAIL
|
|
||||||
cn: $ADMIN_CN
|
|
||||||
sn: $ADMIN_SN
|
|
||||||
uid: $ADMIN_ID
|
|
||||||
userPassword: $ADMIN_PASSWD
|
|
@ -1,23 +0,0 @@
|
|||||||
# load pw-sha2 module
|
|
||||||
dn: cn=module{0},cn=config
|
|
||||||
changetype: modify
|
|
||||||
add: olcModuleLoad
|
|
||||||
olcModuleLoad: pw-sha2.la
|
|
||||||
olcModuleLoad: ppolicy.la
|
|
||||||
|
|
||||||
# set default password hash to SSHA512
|
|
||||||
dn: olcDatabase={-1}frontend,cn=config
|
|
||||||
changetype: modify
|
|
||||||
add: olcPasswordHash
|
|
||||||
olcPasswordHash: {SSHA512}
|
|
||||||
|
|
||||||
# add password policy to use SSHA512 hash
|
|
||||||
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
|
|
||||||
changetype: add
|
|
||||||
objectClass: olcOverlayConfig
|
|
||||||
objectClass: olcPPolicyConfig
|
|
||||||
olcOverlay: ppolicy
|
|
||||||
olcPPolicyDefault: cn=password,ou=policies,$BASE_DN
|
|
||||||
olcPPolicyHashCleartext: TRUE
|
|
||||||
olcPPolicyUseLockout: FALSE
|
|
||||||
olcPPolicyForwardUpdates: FALSE
|
|
Loading…
Reference in New Issue
Block a user