commit 309abf4e6ac7213b069c3f163bef84058897801f Author: William Mantly Date: Wed May 13 12:38:47 2020 -0400 files diff --git a/files/add_index.ldif b/files/add_index.ldif new file mode 100644 index 0000000..5fe3953 --- /dev/null +++ b/files/add_index.ldif @@ -0,0 +1,3 @@ +dn: olcDatabase={1}mdb,cn=config +add: olcDbIndex +olcDbIndex: mail eq,sub \ No newline at end of file diff --git a/files/logging.ldif b/files/logging.ldif new file mode 100644 index 0000000..b50f137 --- /dev/null +++ b/files/logging.ldif @@ -0,0 +1,4 @@ +dn: cn=config +changetype: modify +replace: olcLogLevel +olcLogLevel: stats \ No newline at end of file diff --git a/files/memberof_config.ldif b/files/memberof_config.ldif new file mode 100644 index 0000000..b404728 --- /dev/null +++ b/files/memberof_config.ldif @@ -0,0 +1,17 @@ +dn: cn=module,cn=config +cn: module +objectClass: olcModuleList +olcModuleLoad: memberof +olcModulePath: /usr/lib/ldap + +dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config +objectClass: olcConfig +objectClass: olcMemberOf +objectClass: olcOverlayConfig +objectClass: top +olcOverlay: memberof +olcMemberOfDangling: ignore +olcMemberOfRefInt: TRUE +olcMemberOfGroupOC: groupOfNames +olcMemberOfMemberAD: member +olcMemberOfMemberOfAD: memberOf \ No newline at end of file diff --git a/files/refint1.ldif b/files/refint1.ldif new file mode 100644 index 0000000..420f454 --- /dev/null +++ b/files/refint1.ldif @@ -0,0 +1,3 @@ +dn: cn=module{1},cn=config +add: olcmoduleload +olcmoduleload: refint \ No newline at end of file diff --git a/files/refint2.ldif b/files/refint2.ldif new file mode 100644 index 0000000..86d8abf --- /dev/null +++ b/files/refint2.ldif @@ -0,0 +1,7 @@ +dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config +objectClass: olcConfig +objectClass: olcOverlayConfig +objectClass: olcRefintConfig +objectClass: top +olcOverlay: {1}refint +olcRefintAttribute: memberof member manager owner \ No newline at end of file diff --git a/files/sshkey.ldif b/files/sshkey.ldif new file mode 100644 index 0000000..f1579e7 --- /dev/null +++ b/files/sshkey.ldif @@ -0,0 +1,11 @@ +dn: cn=openssh-lpk,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: openssh-lpk +olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) +olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MAY ( sshPublicKey $ uid ) + ) \ No newline at end of file diff --git a/files/sudo.ldif b/files/sudo.ldif new file mode 100644 index 0000000..aad26d8 --- /dev/null +++ b/files/sudo.ldif @@ -0,0 +1,11 @@ +dn: cn=sudo,cn=schema,cn=config +objectClass: olcSchemaConfig +cn: sudo +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +olcObjectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top AUXILIARY DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ description ) ) diff --git a/index.sh b/index.sh new file mode 100644 index 0000000..b51c6b5 --- /dev/null +++ b/index.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +org_name="Theta42" +domain="theta42.com" +password=$1 + +echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections +echo "slapd slapd/password1 string $password" | debconf-set-selections +echo "slapd slapd/password2 string $password" | debconf-set-selections +echo "slapd slapd/domain string $domain" | debconf-set-selections +echo "slapd slapd/backend string MDB" | debconf-set-selections +echo "slapd shared/organization string $org_name" | debconf-set-selections +echo "slapd slapd/purge_database boolean true" | debconf-set-selections +echo "slapd slapd/password_mismatchs string $password" | debconf-set-selections +echo "slapd slapd/no_configuration boolean false" | debconf-set-selections +echo "slapd slapd/allow_ldap_v2 string false" | debconf-set-selections +echo "slapd slapd/dump_database string when needed" | debconf-set-selections +echo "slapd slapd/move_old_database boolean true" | debconf-set-selections +echo "slapd slapd/invalid_config boolean true" | debconf-set-selections + +apt install -y slapd ldap-utils + +echo '' > /etc/ldap/ldap.conf +echo 'BASE dc=theta42,dc=com' >> /etc/ldap/ldap.conf +echo 'URI ldap://localhost' >> /etc/ldap/ldap.conf + +ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/logging.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif