userPassword crypted. testing 10,20

00.root.ldif.sh

@@ -20,7 +20,7 @@ objectClass: simpleSecurityObject
 objectClass: organizationalRole
 cn: root
 description: LDAP administrator
-userPassword:: `echo "$pw" | base64`
+userPassword:: `slappasswd -h '{CRYPT}' -c '$5$rounds=8000$%.16s' -s "$pw" | base64`
 structuralObjectClass: organizationalRole
 
 dn: ou=People,$basedn

90.user.ldif.sh

@@ -21,5 +21,5 @@ uid: $1
 givenName:: `echo "$2" | base64`
 sn:: `echo "$3" | base64`
 mail:: `echo "$4" | base64`
-userPassword:: `echo "$pw" | base64`
+userPassword:: `slappasswd -h '{CRYPT}' -c '$5$rounds=8000$%.16s' -s "$pw" | base64`
 EOF

README.md

@@ -4,14 +4,30 @@ For initialization, first shutdown slapd and delete the content of `/var/lib/lda
 then use:
 
 	./00.root.ldif.sh | slapadd -b `cat basedn` -v
-
-For adding 10 and 20 use:
-
-	slapadd -b `cat basedn` -v -l 10.acls.ldif
-	slapadd -b `cat basedn` -v -l 20.passwordhash.ldif
+	chown -R openldap:openldap /var/lib/ldap/
 
 Now you can start slapd with your fresh config.
 
+Add these lines to `/etc/ldap/ldap.conf`:
+
+	cat > /etc/ldap/ldap.conf <<EOF
+	BASE    `cat basedn`
+	URI     ldapi://
+	EOF
+
 Via `ldapadd -Y EXTERNAL` you can add any other ldif.
 
-For adding an user run `./90.user.ldif.sh username givenname surname emailaddr | ldapadd -Y external`.
+For adding 10 and 20 use: [BROKEN, do it manually in `/etc/...`]
+
+	ldapmodify -Y EXTERNAL -f 10.acls.ldif
+	ldapmodify -Y EXTERNAL -f 20.passwordhash.ldif
+
+For adding an user run:
+
+	./90.user.ldif.sh username givenname surname emailaddr | ldapadd -Y EXTERNAL
+
+It will print the password on STDERR.
+
+For changing password use:
+
+	ldappasswd -xASD YOURDN