2018-04-01 21:37:44 +02:00
|
|
|
Pre
|
2018-04-04 18:53:32 +02:00
|
|
|
---
|
2018-03-29 21:50:34 +02:00
|
|
|
|
2018-04-01 21:37:44 +02:00
|
|
|
Install slapd and ldap-utils:
|
2018-03-29 22:49:51 +02:00
|
|
|
|
2018-04-01 21:37:44 +02:00
|
|
|
sudo aptitude install slapd ldap-utils
|
2018-03-29 21:50:34 +02:00
|
|
|
|
2018-04-01 21:37:44 +02:00
|
|
|
It will ask for eg. domain, password.
|
|
|
|
If your domain is `example.net`, your basedn will be `dc=example,dc=net`.
|
|
|
|
If you want to use an other basedn, for example `o=example,c=de`,
|
|
|
|
debian/ubuntu will not provide any way to do that.
|
|
|
|
|
|
|
|
Thats because while these steps your database will be lost and you can choose your basedn.
|
|
|
|
|
|
|
|
Add your basedn to file `basedn`:
|
|
|
|
|
|
|
|
echo dc=example,dc=net > basedn
|
|
|
|
|
|
|
|
Init
|
2018-04-04 18:53:32 +02:00
|
|
|
----
|
2018-04-01 21:37:44 +02:00
|
|
|
|
|
|
|
Usefull defaults for security (better Passwordhashes):
|
|
|
|
|
|
|
|
ldapmodify -H ldapi:// -Y EXTERNAL -f 10.acls.ldif
|
|
|
|
ldapmodify -H ldapi:// -Y EXTERNAL -f 20.passwordhash.ldif
|
|
|
|
|
|
|
|
BaseDN
|
2018-04-04 18:53:32 +02:00
|
|
|
------
|
2018-04-01 21:37:44 +02:00
|
|
|
|
|
|
|
These steps will erase your database.
|
|
|
|
If you do not want to change your BaseDN, skip this step.
|
|
|
|
|
|
|
|
The next step will print your new password on STDERR, so note it.
|
|
|
|
You can change it any time.
|
|
|
|
|
|
|
|
./00.suffix.ldif.sh | sudo ldapmodify -H ldapi:// -Y external
|
|
|
|
./30.root.ldif.sh | sudo -u openldap -i slapadd -vb `cat basedn`
|
|
|
|
|
|
|
|
Clientconfig
|
2018-04-04 18:53:32 +02:00
|
|
|
------------
|
2018-03-29 21:50:34 +02:00
|
|
|
|
2018-04-04 18:53:32 +02:00
|
|
|
Some lines should be added to `/etc/ldap/ldap.conf`.
|
2018-04-04 19:27:14 +02:00
|
|
|
These would set defaults, so you could omit `-H ldapi://` and `-b $DN`.
|
2018-03-29 22:41:19 +02:00
|
|
|
|
2018-03-29 23:54:42 +02:00
|
|
|
cat >> /etc/ldap/ldap.conf <<EOF
|
2018-03-29 23:53:05 +02:00
|
|
|
BASE `cat basedn`
|
|
|
|
URI ldapi://
|
|
|
|
EOF
|
2018-03-29 22:41:19 +02:00
|
|
|
|
2018-04-01 21:37:44 +02:00
|
|
|
Add an user
|
2018-04-04 18:53:32 +02:00
|
|
|
-----------
|
2018-03-29 23:53:05 +02:00
|
|
|
|
|
|
|
For adding an user run:
|
|
|
|
|
2018-04-04 19:27:14 +02:00
|
|
|
./90.user.ldif.sh "$username" "$givenname" "$surname" "$emailaddr" | ldapadd -H ldapi:// -Y external
|
2018-03-29 23:53:05 +02:00
|
|
|
|
|
|
|
It will print the password on STDERR.
|
|
|
|
|
2018-04-04 19:27:14 +02:00
|
|
|
The DN will be `uid=$username,ou=People,$basedn`.
|
2018-04-01 21:37:44 +02:00
|
|
|
|
|
|
|
Changing Passwords
|
2018-04-04 18:53:32 +02:00
|
|
|
------------------
|
2018-04-01 21:37:44 +02:00
|
|
|
|
2018-03-29 23:53:05 +02:00
|
|
|
For changing password use:
|
|
|
|
|
2018-04-25 16:43:16 +02:00
|
|
|
ldappasswd -xSWD $yourdn
|
2018-04-01 21:37:44 +02:00
|
|
|
|
|
|
|
If you forgot your password, the administator can change the password via:
|
|
|
|
|
|
|
|
./99.passwordrecovery.ldif.sh $yourdn| sudo ldapmodify -H ldapi:// -Y external
|