ldifs/README.adoc

71 lines
1.7 KiB
Plaintext
Raw Permalink Normal View History

Pre
2018-04-04 18:53:32 +02:00
---
2018-03-29 21:50:34 +02:00
Install slapd and ldap-utils:
2018-03-29 22:49:51 +02:00
sudo aptitude install slapd ldap-utils
2018-03-29 21:50:34 +02:00
It will ask for eg. domain, password.
If your domain is `example.net`, your basedn will be `dc=example,dc=net`.
If you want to use an other basedn, for example `o=example,c=de`,
debian/ubuntu will not provide any way to do that.
Thats because while these steps your database will be lost and you can choose your basedn.
Add your basedn to file `basedn`:
echo dc=example,dc=net > basedn
Init
2018-04-04 18:53:32 +02:00
----
Usefull defaults for security (better Passwordhashes):
ldapmodify -H ldapi:// -Y EXTERNAL -f 10.acls.ldif
ldapmodify -H ldapi:// -Y EXTERNAL -f 20.passwordhash.ldif
BaseDN
2018-04-04 18:53:32 +02:00
------
These steps will erase your database.
If you do not want to change your BaseDN, skip this step.
The next step will print your new password on STDERR, so note it.
You can change it any time.
./00.suffix.ldif.sh | sudo ldapmodify -H ldapi:// -Y external
./30.root.ldif.sh | sudo -u openldap -i slapadd -vb `cat basedn`
Clientconfig
2018-04-04 18:53:32 +02:00
------------
2018-03-29 21:50:34 +02:00
2018-04-04 18:53:32 +02:00
Some lines should be added to `/etc/ldap/ldap.conf`.
2018-04-04 19:27:14 +02:00
These would set defaults, so you could omit `-H ldapi://` and `-b $DN`.
2018-03-29 22:41:19 +02:00
2018-03-29 23:54:42 +02:00
cat >> /etc/ldap/ldap.conf <<EOF
2018-03-29 23:53:05 +02:00
BASE `cat basedn`
URI ldapi://
EOF
2018-03-29 22:41:19 +02:00
Add an user
2018-04-04 18:53:32 +02:00
-----------
2018-03-29 23:53:05 +02:00
For adding an user run:
2018-04-04 19:27:14 +02:00
./90.user.ldif.sh "$username" "$givenname" "$surname" "$emailaddr" | ldapadd -H ldapi:// -Y external
2018-03-29 23:53:05 +02:00
It will print the password on STDERR.
2018-04-04 19:27:14 +02:00
The DN will be `uid=$username,ou=People,$basedn`.
Changing Passwords
2018-04-04 18:53:32 +02:00
------------------
2018-03-29 23:53:05 +02:00
For changing password use:
ldappasswd -xSWD $yourdn
If you forgot your password, the administator can change the password via:
./99.passwordrecovery.ldif.sh $yourdn| sudo ldapmodify -H ldapi:// -Y external