files

2020-05-13 12:38:47 -04:00 · 2020-05-13 12:38:47 -04:00 · 309abf4e6a
commit 309abf4e6a
8 changed files with 91 additions and 0 deletions
--- a/files/add_index.ldif
+++ b/files/add_index.ldif
@ -0,0 +1,3 @@
+dn: olcDatabase={1}mdb,cn=config
+add: olcDbIndex
+olcDbIndex: mail eq,sub
--- a/files/logging.ldif
+++ b/files/logging.ldif
@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: olcLogLevel
+olcLogLevel: stats
--- a/files/memberof_config.ldif
+++ b/files/memberof_config.ldif
@ -0,0 +1,17 @@
+dn: cn=module,cn=config
+cn: module
+objectClass: olcModuleList
+olcModuleLoad: memberof
+olcModulePath: /usr/lib/ldap
+
+dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
--- a/files/refint1.ldif
+++ b/files/refint1.ldif
@ -0,0 +1,3 @@
+dn: cn=module{1},cn=config
+add: olcmoduleload
+olcmoduleload: refint
--- a/files/refint2.ldif
+++ b/files/refint2.ldif
@ -0,0 +1,7 @@
+dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner
--- a/files/sshkey.ldif
+++ b/files/sshkey.ldif
@ -0,0 +1,11 @@
+dn: cn=openssh-lpk,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openssh-lpk
+olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
+    DESC 'MANDATORY: OpenSSH Public key'
+    EQUALITY octetStringMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+    DESC 'MANDATORY: OpenSSH LPK objectclass'
+    MAY ( sshPublicKey $ uid )
+    )
--- a/files/sudo.ldif
+++ b/files/sudo.ldif
@ -0,0 +1,11 @@
+dn: cn=sudo,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: sudo
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top AUXILIARY DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) )
--- a/index.sh
+++ b/index.sh
@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -e
+
+org_name="Theta42"
+domain="theta42.com"
+password=$1
+
+echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections
+echo "slapd slapd/password1 string $password" | debconf-set-selections
+echo "slapd slapd/password2 string $password" | debconf-set-selections
+echo "slapd slapd/domain string $domain" | debconf-set-selections
+echo "slapd slapd/backend string MDB" | debconf-set-selections
+echo "slapd shared/organization string $org_name" | debconf-set-selections
+echo "slapd slapd/purge_database boolean true" | debconf-set-selections
+echo "slapd slapd/password_mismatchs string $password" | debconf-set-selections
+echo "slapd slapd/no_configuration boolean false" | debconf-set-selections
+echo "slapd slapd/allow_ldap_v2 string false" | debconf-set-selections
+echo "slapd slapd/dump_database string when needed" | debconf-set-selections
+echo "slapd slapd/move_old_database boolean true" | debconf-set-selections
+echo "slapd slapd/invalid_config boolean true" | debconf-set-selections
+
+apt install -y slapd ldap-utils
+
+echo '' > /etc/ldap/ldap.conf
+echo 'BASE   dc=theta42,dc=com' >> /etc/ldap/ldap.conf
+echo 'URI    ldap://localhost' >> /etc/ldap/ldap.conf
+
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/logging.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif