improve setup script, consolidate cert and other setup
This commit is contained in:
parent
6dfca1aeeb
commit
0ecb70e6a9
19
cert.sh
19
cert.sh
@ -1,19 +0,0 @@
|
||||
# requires gnutls-bin ssl-cert
|
||||
|
||||
export CA_FILE
|
||||
export CERT_FILE
|
||||
export KEY_FILE
|
||||
|
||||
read -p "CA Cert File Path: " CA_FILE
|
||||
read -p "Server Cert File Path: " CERT_FILE
|
||||
read -p "Server Key File Path: " KEY_FILE
|
||||
|
||||
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
|
||||
|
||||
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
|
||||
|
||||
rm cert.ldif
|
||||
|
||||
unset CA_FILE
|
||||
unset CERT_FILE
|
||||
unset KEY_FILE
|
44
init.sh
44
init.sh
@ -1,44 +0,0 @@
|
||||
# PAAS LDAP openldap server initialization script
|
||||
# initializes a blank openldap server using root external bind
|
||||
# requires user input for base dn, admin user, and admin user password
|
||||
# requires slapd ldap-util
|
||||
|
||||
export BASE_DN=''
|
||||
export ADMIN_ID=''
|
||||
export ADMIN_EMAIL=''
|
||||
export ADMIN_CN=''
|
||||
export ADMIN_SN=''
|
||||
export ADMIN_PASSWD=''
|
||||
read -p "Base DN: " BASE_DN
|
||||
read -p "Admin User ID: " ADMIN_ID
|
||||
read -p "Admin User Email: " ADMIN_EMAIL
|
||||
read -p "Admin User CN: " ADMIN_CN
|
||||
read -p "Admin User SN: " ADMIN_SN
|
||||
read -s -p "Admin Password: " ADMIN_PASSWD
|
||||
echo ""
|
||||
read -s -p "Confirm Password: " CONFIRM_PASSWD
|
||||
echo ""
|
||||
|
||||
if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
|
||||
|
||||
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
|
||||
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
|
||||
envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
|
||||
|
||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
|
||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
|
||||
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
|
||||
|
||||
rm auth.ldif init.ldif pass.ldif
|
||||
|
||||
else
|
||||
|
||||
echo "Error: Passwords do not match."
|
||||
|
||||
fi
|
||||
|
||||
unset BASE_DN
|
||||
unset ADMIN_ID
|
||||
unset ADMIN_CN
|
||||
unset ADMIN_SN
|
||||
unset ADMIN_PASSWD
|
@ -17,8 +17,14 @@ sn: $ADMIN_SN
|
||||
uid: $ADMIN_ID
|
||||
userPassword: $ADMIN_PASSWD
|
||||
|
||||
# initial user personal group
|
||||
dn: cn=$ADMIN_ID,ou=groups,$BASE_DN
|
||||
objectClass: groupOfNames
|
||||
cn: alu
|
||||
member: uid=$ADMIN_ID,ou=people,$BASE_DN
|
||||
|
||||
# admin group
|
||||
dn: cn=admins,ou=groups,$BASE_DN
|
||||
objectClass: groupOfNames
|
||||
cn: admins
|
||||
member: uid=$ADMIN_ID,ou=people,$BASE_DN
|
||||
cn: admins
|
99
setup.sh
Executable file
99
setup.sh
Executable file
@ -0,0 +1,99 @@
|
||||
# PAAS LDAP openldap server initialization script
|
||||
# initializes a blank openldap server using root external bind
|
||||
# requires user input for base dn, admin user, and admin user password
|
||||
# requires slapd ldap-util
|
||||
|
||||
export BASE_DN=''
|
||||
export ADMIN_ID=''
|
||||
export ADMIN_EMAIL=''
|
||||
export ADMIN_CN=''
|
||||
export ADMIN_SN=''
|
||||
export ADMIN_PASSWD=''
|
||||
export CA_FILE=''
|
||||
export CERT_FILE=''
|
||||
export KEY_FILE=''
|
||||
DO_AUTH=1
|
||||
DO_INIT=1
|
||||
DO_TLS=1
|
||||
|
||||
POSITIONAL_ARGS=()
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
--skip-auth)
|
||||
DO_AUTH=0
|
||||
shift # past argument
|
||||
;;
|
||||
--skip-init)
|
||||
DO_INIT=0
|
||||
shift # past pargument
|
||||
;;
|
||||
--skip-tls)
|
||||
DO_TLS=0
|
||||
shift # past argument
|
||||
;;
|
||||
-*|--*)
|
||||
echo "Unknown option $1"
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
POSITIONAL_ARGS+=("$1") # save positional arg
|
||||
shift # past argument
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
||||
|
||||
echo "Operations:"
|
||||
echo "DO FIRST TIME = ${DO_INIT}"
|
||||
echo "DO AUTH = ${DO_AUTH}"
|
||||
echo "DO TLS = ${DO_TLS}"
|
||||
echo "+===============+"
|
||||
|
||||
read -p "Base DN: " BASE_DN
|
||||
if [ "$DO_FIRST" = 1 ]; then
|
||||
read -p "Admin User ID: " ADMIN_ID
|
||||
read -p "Admin User Email: " ADMIN_EMAIL
|
||||
read -p "Admin User CN: " ADMIN_CN
|
||||
read -p "Admin User SN: " ADMIN_SN
|
||||
while
|
||||
read -s -p "Admin Password: " ADMIN_PASSWD
|
||||
echo ""
|
||||
read -s -p "Confirm Password: " CONFIRM_PASSWD
|
||||
echo ""
|
||||
! [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]
|
||||
do echo "Passwords must match" ; done
|
||||
fi
|
||||
if [ "$DO_TLS" = 1 ]; then
|
||||
read -p "CA Cert File Path: " CA_FILE
|
||||
read -p "Server Cert File Path: " CERT_FILE
|
||||
read -p "Server Key File Path: " KEY_FILE
|
||||
fi
|
||||
|
||||
if [ "$DO_AUTH" = 1 ]; then
|
||||
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
|
||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
|
||||
rm auth.ldif
|
||||
fi
|
||||
if [ "$DO_FIRST" = 1 ]; then
|
||||
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
|
||||
envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
|
||||
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
|
||||
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
|
||||
rm pass.ldif init.ldif
|
||||
fi
|
||||
if [ "$DO_TLS" = 1 ]; then
|
||||
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < tls.template.ldif > tls.ldif
|
||||
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f tls.ldif
|
||||
rm tls.ldif
|
||||
fi
|
||||
|
||||
unset BASE_DN
|
||||
unset ADMIN_ID
|
||||
unset ADMIN_CN
|
||||
unset ADMIN_SN
|
||||
unset ADMIN_PASSWD
|
||||
unset CA_FILE
|
||||
unset CERT_FILE
|
||||
unset KEY_FILE
|
Loading…
Reference in New Issue
Block a user