ldifs/README.adoc

Pre
---

Install slapd and ldap-utils:

	sudo aptitude install slapd ldap-utils

It will ask for eg. domain, password.
If your domain is `example.net`, your basedn will be `dc=example,dc=net`.
If you want to use an other basedn, for example `o=example,c=de`,
debian/ubuntu will not provide any way to do that.

Thats because while these steps your database will be lost and you can choose your basedn.

Add your basedn to file `basedn`:

	echo dc=example,dc=net > basedn

Init
----

Usefull defaults for security (better Passwordhashes):

	ldapmodify -H ldapi:// -Y EXTERNAL -f 10.acls.ldif
	ldapmodify -H ldapi:// -Y EXTERNAL -f 20.passwordhash.ldif

BaseDN
------

These steps will erase your database.
If you do not want to change your BaseDN, skip this step.

The next step will print your new password on STDERR, so note it.
You can change it any time.

	./00.suffix.ldif.sh | sudo ldapmodify -H ldapi:// -Y external
	./30.root.ldif.sh | sudo -u openldap -i slapadd -vb `cat basedn`

Clientconfig
------------

Some lines should be added to `/etc/ldap/ldap.conf`.
These would set defaults, so you could omit `-H ldapi://` and `-b $DN`.

	cat >> /etc/ldap/ldap.conf <<EOF
	BASE    `cat basedn`
	URI     ldapi://
	EOF

Add an user
-----------

For adding an user run:

	./90.user.ldif.sh "$username" "$givenname" "$surname" "$emailaddr" | ldapadd -H ldapi:// -Y external

It will print the password on STDERR.

The DN will be `uid=$username,ou=People,$basedn`.

Changing Passwords
------------------

For changing password use:

	ldappasswd -xSWD $yourdn

If you forgot your password, the administator can change the password via:

	./99.passwordrecovery.ldif.sh $yourdn| sudo ldapmodify -H ldapi:// -Y external
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00			`Pre`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`---`
reformating README 2018-03-29 21:50:34 +02:00
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00			`Install slapd and ldap-utils:`
fix readme 2018-03-29 22:49:51 +02:00
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00			`sudo aptitude install slapd ldap-utils`
reformating README 2018-03-29 21:50:34 +02:00
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00			`It will ask for eg. domain, password.`
			If your domain is `example.net`, your basedn will be `dc=example,dc=net`.
			If you want to use an other basedn, for example `o=example,c=de`,
			`debian/ubuntu will not provide any way to do that.`

			`Thats because while these steps your database will be lost and you can choose your basedn.`

			Add your basedn to file `basedn`:

			`echo dc=example,dc=net > basedn`

			`Init`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`----`
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00
			`Usefull defaults for security (better Passwordhashes):`

			`ldapmodify -H ldapi:// -Y EXTERNAL -f 10.acls.ldif`
			`ldapmodify -H ldapi:// -Y EXTERNAL -f 20.passwordhash.ldif`

			`BaseDN`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`------`
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00
			`These steps will erase your database.`
			`If you do not want to change your BaseDN, skip this step.`

			`The next step will print your new password on STDERR, so note it.`
			`You can change it any time.`

			`./00.suffix.ldif.sh \| sudo ldapmodify -H ldapi:// -Y external`
			./30.root.ldif.sh \| sudo -u openldap -i slapadd -vb `cat basedn`

			`Clientconfig`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`------------`
reformating README 2018-03-29 21:50:34 +02:00
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			Some lines should be added to `/etc/ldap/ldap.conf`.
user-dn-fixes 2018-04-04 19:27:14 +02:00			These would set defaults, so you could omit `-H ldapi://` and `-b $DN`.
slapadd for 10,20 2018-03-29 22:41:19 +02:00
extend ldap.conf instead overwrite 2018-03-29 23:54:42 +02:00			`cat >> /etc/ldap/ldap.conf <<EOF`
userPassword crypted. testing 10,20 2018-03-29 23:53:05 +02:00			BASE `cat basedn`
			`URI ldapi://`
			`EOF`
slapadd for 10,20 2018-03-29 22:41:19 +02:00
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00			`Add an user`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`-----------`
userPassword crypted. testing 10,20 2018-03-29 23:53:05 +02:00
			`For adding an user run:`

user-dn-fixes 2018-04-04 19:27:14 +02:00			`./90.user.ldif.sh "$username" "$givenname" "$surname" "$emailaddr" \| ldapadd -H ldapi:// -Y external`
userPassword crypted. testing 10,20 2018-03-29 23:53:05 +02:00
			`It will print the password on STDERR.`

user-dn-fixes 2018-04-04 19:27:14 +02:00			The DN will be `uid=$username,ou=People,$basedn`.
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00
			`Changing Passwords`
README.md -> README.adoc 2018-04-04 18:53:32 +02:00			`------------------`
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00
userPassword crypted. testing 10,20 2018-03-29 23:53:05 +02:00			`For changing password use:`

fixes (clear-text-passwords on create, ...) 2018-04-25 16:43:16 +02:00			`ldappasswd -xSWD $yourdn`
suffix-change, simplified steps, password-recovery 2018-04-01 21:37:44 +02:00
			`If you forgot your password, the administator can change the password via:`

			`./99.passwordrecovery.ldif.sh $yourdn\| sudo ldapmodify -H ldapi:// -Y external`