userPassword crypted. testing 10,20

This commit is contained in:
Denis Knauf 2018-03-29 23:53:05 +02:00
parent 36bd698cbc
commit ab3dd14853
3 changed files with 24 additions and 8 deletions

View file

@ -20,7 +20,7 @@ objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: root
description: LDAP administrator
userPassword:: `echo "$pw" | base64`
userPassword:: `slappasswd -h '{CRYPT}' -c '$5$rounds=8000$%.16s' -s "$pw" | base64`
structuralObjectClass: organizationalRole
dn: ou=People,$basedn

View file

@ -21,5 +21,5 @@ uid: $1
givenName:: `echo "$2" | base64`
sn:: `echo "$3" | base64`
mail:: `echo "$4" | base64`
userPassword:: `echo "$pw" | base64`
userPassword:: `slappasswd -h '{CRYPT}' -c '$5$rounds=8000$%.16s' -s "$pw" | base64`
EOF

View file

@ -4,14 +4,30 @@ For initialization, first shutdown slapd and delete the content of `/var/lib/lda
then use:
./00.root.ldif.sh | slapadd -b `cat basedn` -v
For adding 10 and 20 use:
slapadd -b `cat basedn` -v -l 10.acls.ldif
slapadd -b `cat basedn` -v -l 20.passwordhash.ldif
chown -R openldap:openldap /var/lib/ldap/
Now you can start slapd with your fresh config.
Add these lines to `/etc/ldap/ldap.conf`:
cat > /etc/ldap/ldap.conf <<EOF
BASE `cat basedn`
URI ldapi://
EOF
Via `ldapadd -Y EXTERNAL` you can add any other ldif.
For adding an user run `./90.user.ldif.sh username givenname surname emailaddr | ldapadd -Y external`.
For adding 10 and 20 use: [BROKEN, do it manually in `/etc/...`]
ldapmodify -Y EXTERNAL -f 10.acls.ldif
ldapmodify -Y EXTERNAL -f 20.passwordhash.ldif
For adding an user run:
./90.user.ldif.sh username givenname surname emailaddr | ldapadd -Y EXTERNAL
It will print the password on STDERR.
For changing password use:
ldappasswd -xASD YOURDN