diff --git a/cert.sh b/cert.sh deleted file mode 100755 index 5d1b329..0000000 --- a/cert.sh +++ /dev/null @@ -1,19 +0,0 @@ -# requires gnutls-bin ssl-cert - -export CA_FILE -export CERT_FILE -export KEY_FILE - -read -p "CA Cert File Path: " CA_FILE -read -p "Server Cert File Path: " CERT_FILE -read -p "Server Key File Path: " KEY_FILE - -envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif - -sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif - -rm cert.ldif - -unset CA_FILE -unset CERT_FILE -unset KEY_FILE \ No newline at end of file diff --git a/init.sh b/init.sh deleted file mode 100755 index 77227bb..0000000 --- a/init.sh +++ /dev/null @@ -1,44 +0,0 @@ -# PAAS LDAP openldap server initialization script -# initializes a blank openldap server using root external bind -# requires user input for base dn, admin user, and admin user password -# requires slapd ldap-util - -export BASE_DN='' -export ADMIN_ID='' -export ADMIN_EMAIL='' -export ADMIN_CN='' -export ADMIN_SN='' -export ADMIN_PASSWD='' -read -p "Base DN: " BASE_DN -read -p "Admin User ID: " ADMIN_ID -read -p "Admin User Email: " ADMIN_EMAIL -read -p "Admin User CN: " ADMIN_CN -read -p "Admin User SN: " ADMIN_SN -read -s -p "Admin Password: " ADMIN_PASSWD -echo "" -read -s -p "Confirm Password: " CONFIRM_PASSWD -echo "" - -if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then - - envsubst '$BASE_DN' < auth.template.ldif > auth.ldif - envsubst '$BASE_DN' < pass.template.ldif > pass.ldif - envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif - - sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif - sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif - sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif - - rm auth.ldif init.ldif pass.ldif - -else - - echo "Error: Passwords do not match." - -fi - -unset BASE_DN -unset ADMIN_ID -unset ADMIN_CN -unset ADMIN_SN -unset ADMIN_PASSWD \ No newline at end of file diff --git a/init.template.ldif b/init.template.ldif index 4af8bcb..1c63285 100644 --- a/init.template.ldif +++ b/init.template.ldif @@ -17,8 +17,14 @@ sn: $ADMIN_SN uid: $ADMIN_ID userPassword: $ADMIN_PASSWD +# initial user personal group +dn: cn=$ADMIN_ID,ou=groups,$BASE_DN +objectClass: groupOfNames +cn: alu +member: uid=$ADMIN_ID,ou=people,$BASE_DN + # admin group dn: cn=admins,ou=groups,$BASE_DN objectClass: groupOfNames +cn: admins member: uid=$ADMIN_ID,ou=people,$BASE_DN -cn: admins \ No newline at end of file diff --git a/setup.sh b/setup.sh new file mode 100755 index 0000000..b4cbb21 --- /dev/null +++ b/setup.sh @@ -0,0 +1,99 @@ +# PAAS LDAP openldap server initialization script +# initializes a blank openldap server using root external bind +# requires user input for base dn, admin user, and admin user password +# requires slapd ldap-util + +export BASE_DN='' +export ADMIN_ID='' +export ADMIN_EMAIL='' +export ADMIN_CN='' +export ADMIN_SN='' +export ADMIN_PASSWD='' +export CA_FILE='' +export CERT_FILE='' +export KEY_FILE='' +DO_AUTH=1 +DO_INIT=1 +DO_TLS=1 + +POSITIONAL_ARGS=() + +while [[ $# -gt 0 ]]; do + case $1 in + --skip-auth) + DO_AUTH=0 + shift # past argument + ;; + --skip-init) + DO_INIT=0 + shift # past pargument + ;; + --skip-tls) + DO_TLS=0 + shift # past argument + ;; + -*|--*) + echo "Unknown option $1" + exit 1 + ;; + *) + POSITIONAL_ARGS+=("$1") # save positional arg + shift # past argument + ;; + esac +done + +set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters + +echo "Operations:" +echo "DO FIRST TIME = ${DO_INIT}" +echo "DO AUTH = ${DO_AUTH}" +echo "DO TLS = ${DO_TLS}" +echo "+===============+" + +read -p "Base DN: " BASE_DN +if [ "$DO_FIRST" = 1 ]; then + read -p "Admin User ID: " ADMIN_ID + read -p "Admin User Email: " ADMIN_EMAIL + read -p "Admin User CN: " ADMIN_CN + read -p "Admin User SN: " ADMIN_SN + while + read -s -p "Admin Password: " ADMIN_PASSWD + echo "" + read -s -p "Confirm Password: " CONFIRM_PASSWD + echo "" + ! [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ] + do echo "Passwords must match" ; done +fi +if [ "$DO_TLS" = 1 ]; then + read -p "CA Cert File Path: " CA_FILE + read -p "Server Cert File Path: " CERT_FILE + read -p "Server Key File Path: " KEY_FILE +fi + +if [ "$DO_AUTH" = 1 ]; then + envsubst '$BASE_DN' < auth.template.ldif > auth.ldif + sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif + rm auth.ldif +fi +if [ "$DO_FIRST" = 1 ]; then + envsubst '$BASE_DN' < pass.template.ldif > pass.ldif + envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif + sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif + sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif + rm pass.ldif init.ldif +fi +if [ "$DO_TLS" = 1 ]; then + envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < tls.template.ldif > tls.ldif + sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f tls.ldif + rm tls.ldif +fi + +unset BASE_DN +unset ADMIN_ID +unset ADMIN_CN +unset ADMIN_SN +unset ADMIN_PASSWD +unset CA_FILE +unset CERT_FILE +unset KEY_FILE \ No newline at end of file diff --git a/cert.template.ldif b/tls.template.ldif similarity index 100% rename from cert.template.ldif rename to tls.template.ldif