init

2018-03-29 21:44:11 +02:00 · 2018-03-29 21:44:11 +02:00 · 3cafd73a54
commit 3cafd73a54
6 changed files with 97 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+*~
+.*.sw[op]
+
+basedn
--- a/00.root.ldif.sh
+++ b/00.root.ldif.sh
@ -0,0 +1,43 @@
+#!/bin/sh -e
+
+basedn=$(cat basedn)
+_x=${basedn%%,*}
+dc=${_x#*=}
+en=${_x%%=*}
+if [ Xdc = "X$en" ]
+then
+	en=""
+else
+	en=`printf '\n%s' "$en: $dc"`
+fi
+pw=`pwgen 8 1`
+echo "# Password for cn=root,$basedn: $pw" >&2
+
+cat <<EOF
+dn: $basedn
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+dc: ${dc}${en}
+structuralObjectClass: organization
+
+dn: cn=root,$basedn
+objectClass: simpleSecurityObject
+objectClass: organizationalRole
+cn: root
+description: LDAP administrator
+userPassword:: `echo "$pw" | base64`
+structuralObjectClass: organizationalRole
+
+dn: ou=People,$basedn
+objectClass: top
+objectClass: organizationalUnit
+structuralObjectClass: organizationalUnit
+ou: People
+
+dn: ou=Groups,$basedn
+objectClass: top
+objectClass: organizationalUnit
+structuralObjectClass: organizationalUnit
+ou: Groups
+EOF
--- a/10.acls.ldif
+++ b/10.acls.ldif
@ -0,0 +1,12 @@
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+  by self write
+  by anonymous auth
+  by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to *
+  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth write
+  by * read
--- a/20.passwordhash.ldif
+++ b/20.passwordhash.ldif
@ -0,0 +1,6 @@
+dn: cn=config
+add: olcPasswordHash
+olcPasswordHash: {CRYPT}
+-
+add: olcPasswordCryptSaltFormat
+olcPasswordCryptSaltFormat: $5$rounds=8000$%.16s
--- a/90.user.ldif.sh
+++ b/90.user.ldif.sh
@ -0,0 +1,25 @@
+#!/bin/sh
+
+if ! [ 4 -eq $# ]
+then
+	echo "Usage: $0 username givenname surname mailaddr" >&2
+	echo "random password will be printed.  Use ldappasswd for changing it" >&2
+	exit 1
+fi
+
+pw=`pwgen 8 1`
+echo "# Password: $pw" >&2
+
+cat <<EOF
+dn: cn=$1,ou=People,o=denkn,c=at
+objectClass: top
+objectClass: simpleSecurityObject
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: $1
+uid: $1
+givenName:: `echo "$2" | base64`
+sn:: `echo "$3" | base64`
+mail:: `echo "$4" | base64`
+userPassword:: `echo "$pw" | base64`
+EOF
--- a/README.md
+++ b/README.md
@ -0,0 +1,7 @@
+Add your basedn to basedn (eg: `echo o=denkn,c=at > basedn`).
+For initialization, first shutdown slapd and delete `/var/lib/ldap/` (you will lost all your data!),
+then use `./90.root.ldif | slapadd -b `cat basedn` -v`.
+Now you can start slapd again.
+Via `ldapadd -Y external` you can add any other ldif.
+For adding user run `./90.user.ldif.sh | ldapadd -Y external`.
+