auto manager install
This commit is contained in:
parent
9975d30559
commit
4d800113ed
GPG Key ID:
186A8370EFF937CA
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
ldap.vars
|
||||||
70
files/populate.ldif.template
Normal file
70
files/populate.ldif.template
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
version: 1
|
||||||
|
|
||||||
|
dn: ou=People,{{ldap_base}}
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: People
|
||||||
|
|
||||||
|
dn: ou=Groups,{{ldap_base}}
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: Groups
|
||||||
|
|
||||||
|
|
||||||
|
# Entry 1: cn=ldapclient service,ou=Groups,{{ldap_base}}
|
||||||
|
dn: cn=ldapclient service,ou=Groups,{{ldap_base}}
|
||||||
|
cn: ldapclient service
|
||||||
|
gidnumber: 1499
|
||||||
|
objectclass: posixGroup
|
||||||
|
objectclass: top
|
||||||
|
|
||||||
|
# Entry 1: cn=ldapclient_service,ou=People,{{ldap_base}}
|
||||||
|
dn: cn=ldapclient_service,ou=People,{{ldap_base}}
|
||||||
|
cn: ldapclient_service
|
||||||
|
gidnumber: 1499
|
||||||
|
givenname: ldapclient
|
||||||
|
homedirectory: /home/ldapclient
|
||||||
|
loginshell: /bin/bash
|
||||||
|
objectclass: inetOrgPerson
|
||||||
|
objectclass: posixAccount
|
||||||
|
objectclass: top
|
||||||
|
sn: service
|
||||||
|
uid: ldapclient
|
||||||
|
uidnumber: 1499
|
||||||
|
userpassword: {MD5}{{ldpad_client_password}}
|
||||||
|
|
||||||
|
|
||||||
|
# Entry 1: cn={{user_uid}},ou=Groups,{{ldap_base}}
|
||||||
|
dn: cn={{user_uid}},ou=Groups,{{ldap_base}}
|
||||||
|
cn: {{user_uid}}
|
||||||
|
gidnumber: 1500
|
||||||
|
objectclass: posixGroup
|
||||||
|
objectclass: top
|
||||||
|
|
||||||
|
# Entry 1: cn={{user_uid}},ou=People,{{ldap_base}}
|
||||||
|
dn: cn={{user_uid}},ou=People,{{ldap_base}}
|
||||||
|
cn: {{user_uid}}
|
||||||
|
gidnumber: 1500
|
||||||
|
givenname: {{user_first_name}}
|
||||||
|
homedirectory: /home/{{user_uid}}
|
||||||
|
loginshell: /bin/bash
|
||||||
|
mail: {{user_email}}
|
||||||
|
objectclass: inetOrgPerson
|
||||||
|
objectclass: posixAccount
|
||||||
|
objectclass: top
|
||||||
|
objectclass: ldapPublicKey
|
||||||
|
objectclass: sudoRole
|
||||||
|
sudocommand: ALL
|
||||||
|
sudohost: ALL
|
||||||
|
sudouser: {{user_last_name}}
|
||||||
|
uid: {{user_uid}}
|
||||||
|
uidnumber: 1500
|
||||||
|
userpassword: {MD5}{{user_password}}
|
||||||
|
|
||||||
|
|
||||||
|
# Entry 1: cn=app_sso_admin,ou=Groups,{{ldap_base}}
|
||||||
|
dn: cn=app_sso_admin,ou=Groups,{{ldap_base}}
|
||||||
|
cn: app_sso_admin
|
||||||
|
description: Admin access for SSO app
|
||||||
|
member: cn={{user_uid}},ou=People,{{ldap_base}}
|
||||||
|
objectclass: groupOfNames
|
||||||
|
objectclass: top
|
||||||
|
owner: cn={{user_uid}},ou=People,{{ldap_base}}
|
||||||
13
files/sso-manager.conf.template
Normal file
13
files/sso-manager.conf.template
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
module.exports = {
|
||||||
|
userModel: 'ldap'
|
||||||
|
ldap: {
|
||||||
|
url: 'ldap://localhost:389',
|
||||||
|
bindDN: 'cn=admin,{{ldap_base}}',
|
||||||
|
bindPassword: '{{password_md5}}',
|
||||||
|
userBase: 'ou=People,{{ldap_base}}',
|
||||||
|
groupBase: 'ou=Groups,{{ldap_base}}',
|
||||||
|
userFilter: '(objectClass=posixAccount)',
|
||||||
|
userNameAttribute: 'uid'
|
||||||
|
},
|
||||||
|
name: {{org_name}},
|
||||||
|
};
|
||||||
46
index.sh
46
index.sh
@ -2,10 +2,23 @@
|
|||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
org_name="Theta42"
|
# Pull in the mustache template library for bash
|
||||||
domain="theta42.com"
|
source lib/mo
|
||||||
password=$1
|
|
||||||
ldap_base="dc=theta42,dc=com"
|
if [ ! -f ./ldap.vars ]; then
|
||||||
|
echo "ldap.vars file not found!"
|
||||||
|
echo "Please copy ldap.vars_template to ldap.vars and edit it."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
source ldap.vars
|
||||||
|
|
||||||
|
export user_uid=`echo -n "${user_first_name:0:1}$user_last_name" | tr '[:upper:]' '[:lower:]'`
|
||||||
|
export password_md5=`echo -n "$password" | openssl dgst -md5 -binary | openssl enc -base64`
|
||||||
|
export ldpad_client_password_md5=`echo -n "$ldpad_client_password" | openssl dgst -md5 -binary | openssl enc -base64`
|
||||||
|
export user_password_md5=`echo -n "$user_password" | openssl dgst -md5 -binary | openssl enc -base64`
|
||||||
|
|
||||||
|
|
||||||
echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections
|
echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections
|
||||||
echo "slapd slapd/password1 string $password" | debconf-set-selections
|
echo "slapd slapd/password1 string $password" | debconf-set-selections
|
||||||
@ -27,6 +40,10 @@ echo '' > /etc/ldap/ldap.conf
|
|||||||
echo "BASE $ldap_base" >> /etc/ldap/ldap.conf
|
echo "BASE $ldap_base" >> /etc/ldap/ldap.conf
|
||||||
echo "URI ldap://localhost" >> /etc/ldap/ldap.conf
|
echo "URI ldap://localhost" >> /etc/ldap/ldap.conf
|
||||||
|
|
||||||
|
temp_populate_ldif=$(mkdir)
|
||||||
|
populate_ldif_template="$(cat files/populate.ldif.template)"
|
||||||
|
echo "$populate_ldif_template" | mo > "$temp_populate_ldif"
|
||||||
|
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif
|
||||||
ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif
|
ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif
|
||||||
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif
|
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif
|
||||||
@ -34,3 +51,24 @@ ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/logging.ldif
|
|||||||
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif
|
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif
|
||||||
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif
|
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif
|
||||||
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif
|
ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif
|
||||||
|
ldapadd -x -D "cn=admin,$ldap_base" -w "$password" -H ldap:// -f "$temp_populate_ldif"
|
||||||
|
|
||||||
|
|
||||||
|
curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash -
|
||||||
|
apt update
|
||||||
|
apt-get install -y nodejs git
|
||||||
|
|
||||||
|
mkdir /var/www
|
||||||
|
cd /var/www
|
||||||
|
|
||||||
|
git clone https://github.com/theta42/sso-manager-node.git
|
||||||
|
|
||||||
|
cd sso-manager-node/nodejs
|
||||||
|
npm install
|
||||||
|
|
||||||
|
sso_conf_template="$(cat files/sso-manager.conf.template)"
|
||||||
|
echo "$sso_conf_template" | mo > "conf/secrets.js"
|
||||||
|
|
||||||
|
wget -q https://raw.githubusercontent.com/theta42/sso-manager-node/master/ops/systemd/sso-manager.service -O /etc/systemd/system/sso-manger.service
|
||||||
|
systemctl start sso-manger.service
|
||||||
|
systemctl enable sso-manger.service
|
||||||
|
|||||||
14
ldap.vars.template
Normal file
14
ldap.vars.template
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# Information for the base LDAP server
|
||||||
|
export org_name='Theta42'
|
||||||
|
export domain='theta42.com'
|
||||||
|
export password='password'
|
||||||
|
export ldap_base='dc=theta42,dc=com'
|
||||||
|
|
||||||
|
# LDAP client services account
|
||||||
|
export ldpad_client_password='password'
|
||||||
|
|
||||||
|
# First Admin user, you!
|
||||||
|
export user_first_name='William'
|
||||||
|
export user_last_name='Mantly'
|
||||||
|
export user_email='wmantly@gmail.com'
|
||||||
|
export user_password='password'
|
||||||
Loading…
x
Reference in New Issue
Block a user