openldap/service-install.sh

raw link view readme
1 yum install firewalld -y
2 systemctl start firewalld
3 systemctl enable firewalld
4 firewall-cmd --permanent --add-interface=eth0 --zone=public
5 firewall-cmd --permanent --add-service=ldap --zone=public
6 firewall-cmd --reload
7
8 yum install openldap openldap-clients openldap-servers migrationtools -y
9
10 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
11
12 #++ compare before and after; files are added
13 # ls -l /var/lib/ldap
14 slaptest
15 # ls -l /var/lib/ldap
16
17 chown -R ldap.ldap /var/lib/ldap*
18
19 systemctl start slapd
20 systemctl enable slapd
21
22 ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/cosine.ldif
23
24 ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/nis.ldif
25
26 cat > ~/config.ldif << EOF
27 dn: olcDatabase={2}hdb,cn=config
28 changetype: modify
29 replace: olcSuffix
30 olcSuffix: dc=example,dc=net
31
32 dn: olcDatabase={2}hdb,cn=config
33 changetype: modify
34 replace: olcRootDN
35 olcRootDN: cn=Admin,dc=example,dc=net
36
37 dn: olcDatabase={2}hdb,cn=config
38 changetype: modify
39 replace: olcRootPW
40 olcRootPW: $(slappasswd -s mypassword -n)
41
42 dn: cn=config
43 changetype: modify
44 replace: olcLogLevel
45 olcLogLevel: 0
46
47 dn: olcDatabase={1}monitor,cn=config
48 changetype: modify
49 replace: olcAccess
50 olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Admin,dc=example,dc=net" read by * none
51 EOF
52
53 ldapmodify -Y EXTERNAL -H ldapi:/// -f ~/config.ldif
54
55 cat > ~/structure.ldif <<\EOF
56 dn: dc=example,dc=net
57 dc: example
58 objectClass: top
59 objectClass: domain
60
61 dn: ou=people,dc=example,dc=net
62 ou: people
63 objectClass: top
64 objectClass: organizationalUnit
65
66 dn: ou=group,dc=example,dc=net
67 ou: group
68 objectClass: top
69 objectClass: organizationalUnit
70 EOF
71
72 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/structure.ldif -w mypassword
73
74 cat > ~/group.ldif <<\EOF
75 dn: cn=ldapusers,ou=group,dc=example,dc=net
76 objectClass: posixGroup
77 cn: ldapusers
78 gidNumber: 4000
79 EOF
80
81 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/group.ldif -w mypassword
82
83 sed -i "s/padl\.com/example.net/g;s/dc=padl,dc=com/dc=example,dc=net/g" /usr/share/migrationtools/migrate_common.ph
84
85 useradd normaluser01 -m -s /bin/bash
86
87 echo "myuserpassword" | passwd normaluser01 --stdin
88
89 grep normaluser01 /etc/passwd > ~/normaluser01_passwd
90
91 /usr/share/migrationtools/migrate_passwd.pl normaluser01_passwd ~/user.ldif
92
93 sed -i.original -E "s/normaluser01/davidbetz/g;s/uidNumber:.*/uidNumber: 4000/g;s/gidNumber:.*/gidNumber: 4000/g;s/dc=padl/dc=example/;s/dc=com/dc=net/" ~/user.ldif
94
95 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/user.ldif -w mypassword
96
97 ldappasswd -x -D "cn=Admin,dc=example,dc=net" uid=davidbetz,ou=people,dc=example,dc=net -w mypassword -s newpasswd
98