[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Fedora-directory-users] Another one-button script - rebuild_fds.sh



Title: Another one-button script - rebuild_fds.sh

FDS Folks,

Another automated script from me.

Gary

#! /bin/sh
#
# rebuild_fds.sh - ReBuild Fedora Directory Server
#
# Gary Tay
#
# NOTE: This script will rebuild a FDS Server compatible with BOTH
#       RedHat and Solaris LDAP Clients
#
# 1) Make sure 'root' is used to run this script
# 2) Make sure /home/ldap/dirmgr.pwd contains password of cn=Direcyory Manager
#
#set -vx
IS_ROOT_UID=`id | grep "uid=0(root)"`
if [ ! -n "$IS_ROOT_UID" ]; then
   echo "Please run this script as root"
   exit 1
fi
if [ ! -f /home/ldap/dirmgr.pwd ]; then
   echo "Please setup /home/ldap/dirmgr.pwd."
   exit 1
else
   chmod 600 /home/ldap/dirmgr.pwd
fi
# Pls customize the followings
FDS1_PATH=/opt/fedora-ds
HOST=ldap1
DOMAIN="example.com"
BASEDN="dc=example,dc=com"
SLAPD_OWNER=nobody
SLAPD_GROUP=nobody
LD_LIBRARY_PATH=$FDS1_PATH/shared/lib:$FDS1_PATH/lib
export LD_LIBRARY_PATH
PATH=$FDS1_PATH/shared/bin:$PATH; export PATH
echo "ASSUMPTION: This script assumes that you have performed"
echo "'rpm -e' and then 'rpm -ivh' to reinstall Fedora Directory Server"
echo "and you have re-run the setup program"
echo "ns-slapd should be running"
echo "Press [Ctrl-C] to abort, enter [Yes] to continue..."
read a_key
[ "$a_key" != "Yes" ] && exit 1
# Load schemas
cat <<EOF >/tmp/61DUAConfigProfile.ldif
dn: cn=schema
attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.0 NAME 'defaultServerList' DESC 'Default LDAP server host address used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.1 NAME 'defaultSearchBase' DESC 'Default LDAP base DN used by a DUA' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.2 NAME 'preferredServerList' DESC 'Preferred LDAP server host addresses to be used by a DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.3 NAME 'searchTimeLimit' DESC 'Maximum time in seconds a DUA should allow for a search to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.4 NAME 'bindTimeLimit' DESC 'Maximum time in seconds a DUA should allow for the bind operation to complete' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.5 NAME 'followReferrals' DESC 'Tells DUA if it should follow referrals returned by a DSA search result' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.6 NAME 'authenticationMethod' DESC 'A keystring which identifies the type of authentication method used to contact the DSA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.7 NAME 'profileTTL' DESC 'Time to live, in seconds, before a client DUA should re-read this configuration profile' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.14 NAME 'serviceSearchDescriptor' DESC 'LDAP search descriptor list used by a DUA' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.9 NAME 'attributeMap' DESC 'Attribute mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.10 NAME 'credentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.11 NAME 'objectclassMap' DESC 'Objectclass mappings used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.12 NAME 'defaultSearchScope' DESC 'Default search scope used by a DUA' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.13 NAME 'serviceCredentialLevel' DESC 'Identifies type of credentials a DUA should use when binding to the LDAP server for a specific service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

attributeTypes: ( 1.3.6.1.4.1.11.1.3.1.1.15 NAME 'serviceAuthenticationMethod' DESC 'Authentication method used by a service of the DUA' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectClasses: ( 1.3.6.1.4.1.11.1.3.1.2.4 NAME 'DUAConfigProfile' SUP top STRUCTURAL DESC 'Abstraction of a base configuration for a DUA' MUST ( cn ) MAY ( defaultServerList $ preferredServerList $ defaultSearchBase $ defaultSearchScope $ searchTimeLimit $ bindTimeLimit $ credentialLevel $ authenticationMethod $ followReferrals $ serviceSearchDescriptor $ serviceCredentialLevel $ serviceAuthenticationMethod $ objectclassMap $ attributeMap $ profileTTL ) )

EOF
cat <<EOF >/tmp/62nisDomain.ldif
dn: cn=schema
attributeTypes: ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )

objectClasses: ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top STRUCTURAL MUST nisDomain X-ORIGIN 'user defined' )
EOF
/bin/cp -f /tmp/61DUAConfigProfile.ldif $FDS1_PATH/slapd-$HOST/config/schema
/bin/cp -f /tmp/62nisDomain.ldif $FDS1_PATH/slapd-$HOST/config/schema
chown $SLAPD_OWNER:$SLAPD_GROUP $FDS1_PATH/slapd-$HOST/config/schema/61DUAConfigProfile.ldif
chown $SLAPD_OWNER:$SLAPD_GROUP $FDS1_PATH/slapd-$HOST/config/schema/62nisDomain.ldif
$FDS1_PATH/slapd-$HOST/stop-slapd
$FDS1_PATH/slapd-$HOST/start-slapd
# Add nisDomainObject
cat <<EOF >/tmp/add_nisDomainObject.ldif
dn: $BASEDN
changetype: modify
add: objectclass
objectclass: nisdomainobject
-
replace: nisdomain
nisdomain: $DOMAIN

EOF
ldapmodify -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/add_nisDomainObject.ldif
# Add two ACIs
cat <<EOF >/tmp/add_two_ACIs.ldif
dn: $BASEDN
changetype: modify
add: aci
aci: (targetattr = "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write) userdn = "ldap:///self";)

-
add: aci
aci: (target="ldap:///$BASEDN")(targetattr="userPassword")(version 3.0; acl LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn = "ldap:///cn=proxyagent,ou=profile,$BASEDN";)

EOF
ldapmodify -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/add_two_ACIs.ldif
# Modify default password storage scheme
cat <<EOF >/tmp/mod_passwordStorageScheme.ldif
dn: cn=config
changetype: modify
replace: passwordStorageScheme
passwordStorageScheme: CRYPT
EOF
ldapmodify -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/mod_passwordStorageScheme.ldif
# Create ou=group, proxyAgent and ldapclient profiles
cat <<EOF >/tmp/People.ldif
dn: uid=gtay, ou=People, $BASEDN
givenName: Gary
sn: Tay
loginShell: /bin/bash
uidNumber: 6167
gidNumber: 102
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowAccount
uid: gtay
cn: Gary Tay
homeDirectory: /home/gtay
userPassword: {CRYPT}U8bo2twhJ9Kkg

dn: uid=tuser, ou=People, $BASEDN
givenName: Test
sn: User
loginShell: /bin/bash
uidNumber: 9999
gidNumber: 102
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
objectClass: shadowAccount
uid: tuser
cn: Test User
homeDirectory: /home/tuser
userPassword: {SHA}MWxHz/4F3kXGXlfK4EvIJUo2C2U=

EOF
$FDS1_PATH/shared/bin/ldapmodify -a -c -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/People.ldif
cat <<EOF >/tmp/group_and_other_OUs.ldif
dn: ou=group,$BASEDN
objectClass: organizationalUnit
objectClass: top
ou: group

dn: cn=Users,ou=group,$BASEDN
cn: Users
gidNumber: 102
objectClass: top
objectClass: posixGroup
memberUid: gtay
memberUid: tuser

dn: ou=netgroup,$BASEDN
objectClass: organizationalUnit
objectClass: top
ou: netgroup

dn: ou=sudoers,$BASEDN
objectClass: organizationalUnit
objectClass: top
ou: sudoers

EOF
$FDS1_PATH/shared/bin/ldapmodify -a -c -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/group_and_other_OUs.ldif

cat <<EOF >/tmp/proxyAgent_and_profiles.ldif
dn: ou=profile,$BASEDN
objectClass: top
objectClass: organizationalUnit
ou: profile

dn: cn=proxyAgent,ou=profile,$BASEDN
objectClass: top
objectClass: person
cn: proxyAgent
sn: proxyAgent
userPassword: {CRYPT}l14aeXtphVSUg

dn: cn=default,ou=profile,$BASEDN
objectClass: top
objectClass: DUAConfigProfile
defaultServerList: $HOST.$DOMAIN
defaultSearchBase: $BASEDN
authenticationMethod: simple
followReferrals: TRUE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
cn: default
credentialLevel: proxy
bindTimeLimit: 2
serviceSearchDescriptor: passwd: ou=People,$BASEDN?one
serviceSearchDescriptor: group: ou=group,$BASEDN?one
serviceSearchDescriptor: shadow: ou=People,$BASEDN?one
serviceSearchDescriptor: netgroup: ou=netgroup,$BASEDN?one
serviceSearchDescriptor: sudoers: ou=sudoers,$BASEDN?one

dn: cn=tls_profile,ou=profile,$BASEDN
ObjectClass: top
ObjectClass: DUAConfigProfile
defaultServerList: $HOST.$DOMAIN
defaultSearchBase: $BASEDN
authenticationMethod: tls:simple
followReferrals: FALSE
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
bindTimeLimit: 10
cn: tls_profile
credentialLevel: proxy
serviceSearchDescriptor: passwd: ou=People,$BASEDN?one
serviceSearchDescriptor: group: ou=group,$BASEDN?one
serviceSearchDescriptor: shadow: ou=People,$BASEDN?one
serviceSearchDescriptor: netgroup: ou=netgroup,$BASEDN?one
serviceSearchDescriptor: sudoers: ou=sudoers,$BASEDN?one

EOF
$FDS1_PATH/shared/bin/ldapmodify -a -c -D "cn=Directory Manager" -w `cat /home/ldap/dirmgr.pwd` -f /tmp/proxyAgent_and_profiles.ldif

echo "Rebuild done."

===Sample Run===

# ./rebuild_fds.sh
ASSUMPTION: This script assumes that you have performed
'rpm -e' and then 'rpm -ivh' to reinstall Fedora Directory Server
and you have re-run the setup program
ns-slapd should be running
Press [Ctrl-C] to abort, enter [Yes] to continue...
Yes
modifying entry dc=example,dc=com

modifying entry dc=example,dc=com
ldap_modify: Type or value exists

modifying entry cn=config

adding new entry uid=gtay, ou=People, dc=example,dc=com

adding new entry uid=tuser, ou=People, dc=example,dc=com

adding new entry ou=group,dc=example,dc=com

adding new entry cn=Users,ou=group,dc=example,dc=com

adding new entry ou=netgroup,dc=example,dc=com

adding new entry ou=sudoers,dc=example,dc=com

adding new entry ou=profile,dc=example,dc=com

adding new entry cn=proxyAgent,ou=profile,dc=example,dc=com

adding new entry cn=default,ou=profile,dc=example,dc=com

adding new entry cn=tls_profile,ou=profile,dc=example,dc=com

Rebuild done.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]