1 |
17f6c75c
|
Serghei Mihai
|
#!/bin/sh
|
2 |
|
|
# initial configuration of slapd
|
3 |
|
|
|
4 |
|
|
set -e
|
5 |
|
|
|
6 |
|
|
LDIFDIR=/usr/share/u-auth
|
7 |
|
|
SERVICE="/usr/sbin/service slapd"
|
8 |
|
|
|
9 |
|
|
echo ""
|
10 |
|
|
echo " *************"
|
11 |
|
|
echo " * * La configuration et toutes les données"
|
12 |
|
|
echo " * ATTENTION * de l'annuaire LDAP vont être définitivement"
|
13 |
|
|
echo " * * effacées. Avez-vous fait un backup ?"
|
14 |
|
|
echo " *************"
|
15 |
|
|
|
16 |
|
|
echo ""
|
17 |
|
|
echo "Confirmez la MISE A ZÉRO COMPLÈTE de l'annuaire LDAP."
|
18 |
|
|
echo ""
|
19 |
|
|
echo -n "Tapez oui en toutes lettres : "
|
20 |
|
|
read ok
|
21 |
|
|
if [ "x$ok" != "xoui" ]; then
|
22 |
|
|
exit 3
|
23 |
|
|
fi
|
24 |
|
|
|
25 |
|
|
${SERVICE} stop || true
|
26 |
|
|
|
27 |
|
|
|
28 |
|
|
BACKUPDIR="/var/backup/reset-ldap-`date +%Y%m%dT%H:%M:%S`"
|
29 |
|
|
mkdir -p "$BACKUPDIR"
|
30 |
|
|
echo Old configuration saved in $BACKUPDIR
|
31 |
|
|
cp -R /var/lib/ldap /etc/ldap/slapd.d/ "$BACKUPDIR"
|
32 |
|
|
|
33 |
|
|
echo -n "Effacement de la configuration"
|
34 |
|
|
rm -rf /etc/ldap/slapd.d/*
|
35 |
|
|
echo -n " et des données .."
|
36 |
|
|
rm -rf /var/lib/ldap/*
|
37 |
|
|
echo "ok"
|
38 |
|
|
|
39 |
|
|
if ! grep "^\s*profile\s\+config\s*$" /etc/ldapvi.conf > /dev/null 2>&1; then
|
40 |
|
|
echo "(ajout du 'profile config' dans /etc/ldapvi.conf)"
|
41 |
|
|
cat << EOLDAPVI >> /etc/ldapvi.conf
|
42 |
|
|
|
43 |
|
|
profile config
|
44 |
|
|
host: ldapi://
|
45 |
|
|
sasl-mech: EXTERNAL
|
46 |
|
|
base: cn=config
|
47 |
|
|
|
48 |
|
|
EOLDAPVI
|
49 |
|
|
fi
|
50 |
|
|
|
51 |
|
|
|
52 |
|
|
|
53 |
|
|
mkdir /var/lib/ldap/config-accesslog/
|
54 |
|
|
|
55 |
|
|
echo "Installation de la nouvelle configuration .. "
|
56 |
|
|
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config.ldif
|
57 |
|
|
echo "ok"
|
58 |
|
|
|
59 |
|
|
echo "Installation des schémas .. "
|
60 |
|
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/core.ldif
|
61 |
|
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/cosine.ldif
|
62 |
|
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/inetorgperson.ldif
|
63 |
|
|
echo "ok"
|
64 |
|
|
|
65 |
|
|
chown -R openldap:openldap /etc/ldap/slapd.d /var/lib/ldap
|
66 |
|
|
|
67 |
|
|
if [ ! -s /etc/ldap/ssl/slapd.pem -o ! -s /etc/ldap/ssl/slapd.key ]; then
|
68 |
|
|
echo "Pose de certificats SSL par défaut (invalides)"
|
69 |
|
|
mkdir -p /etc/ldap/ssl
|
70 |
|
|
cp -v ${LDIFDIR}/ssl.pem /etc/ldap/ssl/slapd.pem
|
71 |
|
|
cp -v ${LDIFDIR}/ssl.key /etc/ldap/ssl/slapd.key
|
72 |
|
|
chown -R root:openldap /etc/ldap/ssl
|
73 |
|
|
chmod 0755 /etc/ldap/ssl
|
74 |
|
|
chmod 0644 /etc/ldap/ssl/slapd.pem
|
75 |
|
|
chmod 0640 /etc/ldap/ssl/slapd.key
|
76 |
|
|
echo "ok"
|
77 |
|
|
fi
|
78 |
|
|
|
79 |
|
|
${SERVICE} start
|