1
|
#!/bin/sh
|
2
|
# initial configuration of slapd
|
3
|
|
4
|
set -e
|
5
|
|
6
|
LDIFDIR=/usr/share/u-auth
|
7
|
SERVICE="/usr/sbin/service slapd"
|
8
|
|
9
|
echo ""
|
10
|
echo " *************"
|
11
|
echo " * * La configuration et toutes les données"
|
12
|
echo " * ATTENTION * de l'annuaire LDAP vont être définitivement"
|
13
|
echo " * * effacées. Avez-vous fait un backup ?"
|
14
|
echo " *************"
|
15
|
|
16
|
echo ""
|
17
|
echo "Confirmez la MISE A ZÉRO COMPLÈTE de l'annuaire LDAP."
|
18
|
echo ""
|
19
|
echo -n "Tapez oui en toutes lettres : "
|
20
|
read ok
|
21
|
if [ "x$ok" != "xoui" ]; then
|
22
|
exit 3
|
23
|
fi
|
24
|
|
25
|
${SERVICE} stop || true
|
26
|
|
27
|
|
28
|
BACKUPDIR="/var/backup/reset-ldap-`date +%Y%m%dT%H:%M:%S`"
|
29
|
mkdir -p "$BACKUPDIR"
|
30
|
echo Old configuration saved in $BACKUPDIR
|
31
|
cp -R /var/lib/ldap /etc/ldap/slapd.d/ "$BACKUPDIR"
|
32
|
|
33
|
echo -n "Effacement de la configuration"
|
34
|
rm -rf /etc/ldap/slapd.d/*
|
35
|
echo -n " et des données .."
|
36
|
rm -rf /var/lib/ldap/*
|
37
|
echo "ok"
|
38
|
|
39
|
if ! grep "^\s*profile\s\+config\s*$" /etc/ldapvi.conf > /dev/null 2>&1; then
|
40
|
echo "(ajout du 'profile config' dans /etc/ldapvi.conf)"
|
41
|
cat << EOLDAPVI >> /etc/ldapvi.conf
|
42
|
|
43
|
profile config
|
44
|
host: ldapi://
|
45
|
sasl-mech: EXTERNAL
|
46
|
base: cn=config
|
47
|
|
48
|
EOLDAPVI
|
49
|
fi
|
50
|
|
51
|
|
52
|
|
53
|
mkdir /var/lib/ldap/config-accesslog/
|
54
|
|
55
|
echo "Installation de la nouvelle configuration .. "
|
56
|
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config.ldif
|
57
|
echo "ok"
|
58
|
|
59
|
echo "Installation des schémas .. "
|
60
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/core.ldif
|
61
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/cosine.ldif
|
62
|
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/inetorgperson.ldif
|
63
|
echo "ok"
|
64
|
|
65
|
chown -R openldap:openldap /etc/ldap/slapd.d /var/lib/ldap
|
66
|
|
67
|
if [ ! -s /etc/ldap/ssl/slapd.pem -o ! -s /etc/ldap/ssl/slapd.key ]; then
|
68
|
echo "Pose de certificats SSL par défaut (invalides)"
|
69
|
mkdir -p /etc/ldap/ssl
|
70
|
cp -v ${LDIFDIR}/ssl.pem /etc/ldap/ssl/slapd.pem
|
71
|
cp -v ${LDIFDIR}/ssl.key /etc/ldap/ssl/slapd.key
|
72
|
chown -R root:openldap /etc/ldap/ssl
|
73
|
chmod 0755 /etc/ldap/ssl
|
74
|
chmod 0644 /etc/ldap/ssl/slapd.pem
|
75
|
chmod 0640 /etc/ldap/ssl/slapd.key
|
76
|
echo "ok"
|
77
|
fi
|
78
|
|
79
|
${SERVICE} start
|
80
|
|