openldap/service-install.sh

raw link view readme
1 systemctl start firewalld
2 systemctl enable firewalld
3 firewall-cmd --permanent --add-interface=eth0 --zone=public
4 firewall-cmd --permanent --add-service=ldap --zone=public
5 firewall-cmd --reload
6
7 yum install openldap openldap-clients openldap-servers migrationtools -y
8
9 cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
10
11 #++ compare before and after; files are added
12 # ls -l /var/lib/ldap
13 slaptest
14 # ls -l /var/lib/ldap
15
16 chown -R ldap.ldap /var/lib/ldap*
17
18 systemctl start slapd
19 systemctl enable slapd
20
21 ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/cosine.ldif
22
23 ldapadd -Y EXTERNAL -H ldapi:/// -D "cn=config" -f /etc/openldap/schema/nis.ldif
24
25 cat > ~/config.ldif << EOF
26 dn: olcDatabase={2}hdb,cn=config
27 changetype: modify
28 replace: olcSuffix
29 olcSuffix: dc=example,dc=net
30
31 dn: olcDatabase={2}hdb,cn=config
32 changetype: modify
33 replace: olcRootDN
34 olcRootDN: cn=Admin,dc=example,dc=net
35
36 dn: olcDatabase={2}hdb,cn=config
37 changetype: modify
38 replace: olcRootPW
39 olcRootPW: $(slappasswd -s mypassword -n)
40
41 dn: cn=config
42 changetype: modify
43 replace: olcLogLevel
44 olcLogLevel: 0
45
46 dn: olcDatabase={1}monitor,cn=config
47 changetype: modify
48 replace: olcAccess
49 olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Admin,dc=example,dc=net" read by * none
50 EOF
51
52 ldapmodify -Y EXTERNAL -H ldapi:/// -f ~/config.ldif
53
54 cat > ~/structure.ldif <<\EOF
55 dn: dc=example,dc=net
56 dc: example
57 objectClass: top
58 objectClass: domain
59
60 dn: ou=people,dc=example,dc=net
61 ou: people
62 objectClass: top
63 objectClass: organizationalUnit
64
65 dn: ou=group,dc=example,dc=net
66 ou: group
67 objectClass: top
68 objectClass: organizationalUnit
69 EOF
70
71 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/structure.ldif -w mypassword
72
73 cat > ~/group.ldif <<\EOF
74 dn: cn=ldapusers,ou=group,dc=example,dc=net
75 objectClass: posixGroup
76 cn: ldapusers
77 gidNumber: 4000
78 EOF
79
80 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/group.ldif -w mypassword
81
82 sed -i "s/padl\.com/example.net/g;s/dc=padl,dc=com/dc=example,dc=net/g" /usr/share/migrationtools/migrate_common.ph
83
84 useradd normaluser01 -m -s /bin/bash
85
86 echo "myuserpassword" | passwd normaluser01 --stdin
87
88 grep normaluser01 /etc/passwd > ~/normaluser01_passwd
89
90 /usr/share/migrationtools/migrate_passwd.pl normaluser01_passwd ~/user.ldif
91
92 sed -i.original -E "s/normaluser01/davidbetz/g;s/uidNumber:.*/uidNumber: 4000/g;s/gidNumber:.*/gidNumber: 4000/g;s/dc=padl/dc=example/;s/dc=com/dc=net/" ~/user.ldif
93
94 ldapadd -x -D "cn=Admin,dc=example,dc=net" -f ~/user.ldif -w mypassword
95
96 ldappasswd -x -D "cn=Admin,dc=example,dc=net" uid=davidbetz,ou=people,dc=example,dc=net -w mypassword -s newpasswd
97