improve setup script, consolidate cert and other setup

This commit is contained in:
Arthur Lu 2024-04-17 21:52:54 +00:00
parent 6dfca1aeeb
commit 0ecb70e6a9
5 changed files with 106 additions and 64 deletions

19
cert.sh
View File

@ -1,19 +0,0 @@
# requires gnutls-bin ssl-cert
export CA_FILE
export CERT_FILE
export KEY_FILE
read -p "CA Cert File Path: " CA_FILE
read -p "Server Cert File Path: " CERT_FILE
read -p "Server Key File Path: " KEY_FILE
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < cert.template.ldif > cert.ldif
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f cert.ldif
rm cert.ldif
unset CA_FILE
unset CERT_FILE
unset KEY_FILE

44
init.sh
View File

@ -1,44 +0,0 @@
# PAAS LDAP openldap server initialization script
# initializes a blank openldap server using root external bind
# requires user input for base dn, admin user, and admin user password
# requires slapd ldap-util
export BASE_DN=''
export ADMIN_ID=''
export ADMIN_EMAIL=''
export ADMIN_CN=''
export ADMIN_SN=''
export ADMIN_PASSWD=''
read -p "Base DN: " BASE_DN
read -p "Admin User ID: " ADMIN_ID
read -p "Admin User Email: " ADMIN_EMAIL
read -p "Admin User CN: " ADMIN_CN
read -p "Admin User SN: " ADMIN_SN
read -s -p "Admin Password: " ADMIN_PASSWD
echo ""
read -s -p "Confirm Password: " CONFIRM_PASSWD
echo ""
if [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]; then
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
rm auth.ldif init.ldif pass.ldif
else
echo "Error: Passwords do not match."
fi
unset BASE_DN
unset ADMIN_ID
unset ADMIN_CN
unset ADMIN_SN
unset ADMIN_PASSWD

View File

@ -17,8 +17,14 @@ sn: $ADMIN_SN
uid: $ADMIN_ID
userPassword: $ADMIN_PASSWD
# initial user personal group
dn: cn=$ADMIN_ID,ou=groups,$BASE_DN
objectClass: groupOfNames
cn: alu
member: uid=$ADMIN_ID,ou=people,$BASE_DN
# admin group
dn: cn=admins,ou=groups,$BASE_DN
objectClass: groupOfNames
cn: admins
member: uid=$ADMIN_ID,ou=people,$BASE_DN
cn: admins

99
setup.sh Executable file
View File

@ -0,0 +1,99 @@
# PAAS LDAP openldap server initialization script
# initializes a blank openldap server using root external bind
# requires user input for base dn, admin user, and admin user password
# requires slapd ldap-util
export BASE_DN=''
export ADMIN_ID=''
export ADMIN_EMAIL=''
export ADMIN_CN=''
export ADMIN_SN=''
export ADMIN_PASSWD=''
export CA_FILE=''
export CERT_FILE=''
export KEY_FILE=''
DO_AUTH=1
DO_INIT=1
DO_TLS=1
POSITIONAL_ARGS=()
while [[ $# -gt 0 ]]; do
case $1 in
--skip-auth)
DO_AUTH=0
shift # past argument
;;
--skip-init)
DO_INIT=0
shift # past pargument
;;
--skip-tls)
DO_TLS=0
shift # past argument
;;
-*|--*)
echo "Unknown option $1"
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
shift # past argument
;;
esac
done
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
echo "Operations:"
echo "DO FIRST TIME = ${DO_INIT}"
echo "DO AUTH = ${DO_AUTH}"
echo "DO TLS = ${DO_TLS}"
echo "+===============+"
read -p "Base DN: " BASE_DN
if [ "$DO_FIRST" = 1 ]; then
read -p "Admin User ID: " ADMIN_ID
read -p "Admin User Email: " ADMIN_EMAIL
read -p "Admin User CN: " ADMIN_CN
read -p "Admin User SN: " ADMIN_SN
while
read -s -p "Admin Password: " ADMIN_PASSWD
echo ""
read -s -p "Confirm Password: " CONFIRM_PASSWD
echo ""
! [ "$ADMIN_PASSWD" = "$CONFIRM_PASSWD" ]
do echo "Passwords must match" ; done
fi
if [ "$DO_TLS" = 1 ]; then
read -p "CA Cert File Path: " CA_FILE
read -p "Server Cert File Path: " CERT_FILE
read -p "Server Key File Path: " KEY_FILE
fi
if [ "$DO_AUTH" = 1 ]; then
envsubst '$BASE_DN' < auth.template.ldif > auth.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f auth.ldif
rm auth.ldif
fi
if [ "$DO_FIRST" = 1 ]; then
envsubst '$BASE_DN' < pass.template.ldif > pass.ldif
envsubst '$BASE_DN:$ADMIN_ID:$ADMIN_EMAIL:$ADMIN_CN:$ADMIN_SN:$ADMIN_PASSWD' < init.template.ldif > init.ldif
sudo ldapmodify -H ldapi:/// -Y EXTERNAL -f pass.ldif
sudo ldapadd -H ldapi:/// -Y EXTERNAL -c -f init.ldif
rm pass.ldif init.ldif
fi
if [ "$DO_TLS" = 1 ]; then
envsubst '$CA_FILE:$CERT_FILE:$KEY_FILE' < tls.template.ldif > tls.ldif
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f tls.ldif
rm tls.ldif
fi
unset BASE_DN
unset ADMIN_ID
unset ADMIN_CN
unset ADMIN_SN
unset ADMIN_PASSWD
unset CA_FILE
unset CERT_FILE
unset KEY_FILE