From 4d800113ed33eddea5819935baf2b505784c63f1 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 18:10:28 -0400 Subject: [PATCH 1/9] auto manager install --- .gitignore | 1 + files/populate.ldif.template | 70 +++++++++++++++++++++++++++++++++ files/sso-manager.conf.template | 13 ++++++ index.sh | 46 ++++++++++++++++++++-- ldap.vars.template | 14 +++++++ 5 files changed, 140 insertions(+), 4 deletions(-) create mode 100644 .gitignore create mode 100644 files/populate.ldif.template create mode 100644 files/sso-manager.conf.template create mode 100644 ldap.vars.template diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..aa6bd22 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +ldap.vars \ No newline at end of file diff --git a/files/populate.ldif.template b/files/populate.ldif.template new file mode 100644 index 0000000..9356ca0 --- /dev/null +++ b/files/populate.ldif.template @@ -0,0 +1,70 @@ +version: 1 + +dn: ou=People,{{ldap_base}} +objectClass: organizationalUnit +ou: People + +dn: ou=Groups,{{ldap_base}} +objectClass: organizationalUnit +ou: Groups + + +# Entry 1: cn=ldapclient service,ou=Groups,{{ldap_base}} +dn: cn=ldapclient service,ou=Groups,{{ldap_base}} +cn: ldapclient service +gidnumber: 1499 +objectclass: posixGroup +objectclass: top + +# Entry 1: cn=ldapclient_service,ou=People,{{ldap_base}} +dn: cn=ldapclient_service,ou=People,{{ldap_base}} +cn: ldapclient_service +gidnumber: 1499 +givenname: ldapclient +homedirectory: /home/ldapclient +loginshell: /bin/bash +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +sn: service +uid: ldapclient +uidnumber: 1499 +userpassword: {MD5}{{ldpad_client_password}} + + +# Entry 1: cn={{user_uid}},ou=Groups,{{ldap_base}} +dn: cn={{user_uid}},ou=Groups,{{ldap_base}} +cn: {{user_uid}} +gidnumber: 1500 +objectclass: posixGroup +objectclass: top + +# Entry 1: cn={{user_uid}},ou=People,{{ldap_base}} +dn: cn={{user_uid}},ou=People,{{ldap_base}} +cn: {{user_uid}} +gidnumber: 1500 +givenname: {{user_first_name}} +homedirectory: /home/{{user_uid}} +loginshell: /bin/bash +mail: {{user_email}} +objectclass: inetOrgPerson +objectclass: posixAccount +objectclass: top +objectclass: ldapPublicKey +objectclass: sudoRole +sudocommand: ALL +sudohost: ALL +sudouser: {{user_last_name}} +uid: {{user_uid}} +uidnumber: 1500 +userpassword: {MD5}{{user_password}} + + +# Entry 1: cn=app_sso_admin,ou=Groups,{{ldap_base}} +dn: cn=app_sso_admin,ou=Groups,{{ldap_base}} +cn: app_sso_admin +description: Admin access for SSO app +member: cn={{user_uid}},ou=People,{{ldap_base}} +objectclass: groupOfNames +objectclass: top +owner: cn={{user_uid}},ou=People,{{ldap_base}} diff --git a/files/sso-manager.conf.template b/files/sso-manager.conf.template new file mode 100644 index 0000000..b54622b --- /dev/null +++ b/files/sso-manager.conf.template @@ -0,0 +1,13 @@ +module.exports = { + userModel: 'ldap' + ldap: { + url: 'ldap://localhost:389', + bindDN: 'cn=admin,{{ldap_base}}', + bindPassword: '{{password_md5}}', + userBase: 'ou=People,{{ldap_base}}', + groupBase: 'ou=Groups,{{ldap_base}}', + userFilter: '(objectClass=posixAccount)', + userNameAttribute: 'uid' + }, + name: {{org_name}}, +}; diff --git a/index.sh b/index.sh index 8d274aa..0169ba6 100755 --- a/index.sh +++ b/index.sh @@ -2,10 +2,23 @@ set -e -org_name="Theta42" -domain="theta42.com" -password=$1 -ldap_base="dc=theta42,dc=com" +# Pull in the mustache template library for bash +source lib/mo + +if [ ! -f ./ldap.vars ]; then + echo "ldap.vars file not found!" + echo "Please copy ldap.vars_template to ldap.vars and edit it." + exit 1 +fi + + +source ldap.vars + +export user_uid=`echo -n "${user_first_name:0:1}$user_last_name" | tr '[:upper:]' '[:lower:]'` +export password_md5=`echo -n "$password" | openssl dgst -md5 -binary | openssl enc -base64` +export ldpad_client_password_md5=`echo -n "$ldpad_client_password" | openssl dgst -md5 -binary | openssl enc -base64` +export user_password_md5=`echo -n "$user_password" | openssl dgst -md5 -binary | openssl enc -base64` + echo "slapd slapd/internal/adminpw string $password" | debconf-set-selections echo "slapd slapd/password1 string $password" | debconf-set-selections @@ -27,6 +40,10 @@ echo '' > /etc/ldap/ldap.conf echo "BASE $ldap_base" >> /etc/ldap/ldap.conf echo "URI ldap://localhost" >> /etc/ldap/ldap.conf +temp_populate_ldif=$(mkdir) +populate_ldif_template="$(cat files/populate.ldif.template)" +echo "$populate_ldif_template" | mo > "$temp_populate_ldif" + ldapadd -Y EXTERNAL -H ldapi:/// -f files/sshkey.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f files/sudo.ldif ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/add_index.ldif @@ -34,3 +51,24 @@ ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/logging.ldif ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/memberof_config.ldif ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f files/refint1.ldif ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif +ldapadd -x -D "cn=admin,$ldap_base" -w "$password" -H ldap:// -f "$temp_populate_ldif" + + +curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - +apt update +apt-get install -y nodejs git + +mkdir /var/www +cd /var/www + +git clone https://github.com/theta42/sso-manager-node.git + +cd sso-manager-node/nodejs +npm install + +sso_conf_template="$(cat files/sso-manager.conf.template)" +echo "$sso_conf_template" | mo > "conf/secrets.js" + +wget -q https://raw.githubusercontent.com/theta42/sso-manager-node/master/ops/systemd/sso-manager.service -O /etc/systemd/system/sso-manger.service +systemctl start sso-manger.service +systemctl enable sso-manger.service diff --git a/ldap.vars.template b/ldap.vars.template new file mode 100644 index 0000000..75918fb --- /dev/null +++ b/ldap.vars.template @@ -0,0 +1,14 @@ +# Information for the base LDAP server +export org_name='Theta42' +export domain='theta42.com' +export password='password' +export ldap_base='dc=theta42,dc=com' + +# LDAP client services account +export ldpad_client_password='password' + +# First Admin user, you! +export user_first_name='William' +export user_last_name='Mantly' +export user_email='wmantly@gmail.com' +export user_password='password' -- 2.34.1 From fd83bc657c359b9765cb88339b714c011dff5659 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 18:23:20 -0400 Subject: [PATCH 2/9] fixed --- files/populate.ldif.template | 4 ++-- index.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/files/populate.ldif.template b/files/populate.ldif.template index 9356ca0..22698f8 100644 --- a/files/populate.ldif.template +++ b/files/populate.ldif.template @@ -29,7 +29,7 @@ objectclass: top sn: service uid: ldapclient uidnumber: 1499 -userpassword: {MD5}{{ldpad_client_password}} +userpassword: {MD5}{{ldpad_client_password_md5}} # Entry 1: cn={{user_uid}},ou=Groups,{{ldap_base}} @@ -57,7 +57,7 @@ sudohost: ALL sudouser: {{user_last_name}} uid: {{user_uid}} uidnumber: 1500 -userpassword: {MD5}{{user_password}} +userpassword: {MD5}{{user_password_md5}} # Entry 1: cn=app_sso_admin,ou=Groups,{{ldap_base}} diff --git a/index.sh b/index.sh index 0169ba6..5c9cb33 100755 --- a/index.sh +++ b/index.sh @@ -7,7 +7,7 @@ source lib/mo if [ ! -f ./ldap.vars ]; then echo "ldap.vars file not found!" - echo "Please copy ldap.vars_template to ldap.vars and edit it." + echo "Please copy ldap.vars.template to ldap.vars and edit it." exit 1 fi @@ -40,7 +40,7 @@ echo '' > /etc/ldap/ldap.conf echo "BASE $ldap_base" >> /etc/ldap/ldap.conf echo "URI ldap://localhost" >> /etc/ldap/ldap.conf -temp_populate_ldif=$(mkdir) +temp_populate_ldif=$(mktemp) populate_ldif_template="$(cat files/populate.ldif.template)" echo "$populate_ldif_template" | mo > "$temp_populate_ldif" -- 2.34.1 From f8257887b82aec316f7b7d5b61f8d4063ac80afd Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 22:31:32 -0400 Subject: [PATCH 3/9] fixed --- files/populate.ldif.template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/populate.ldif.template b/files/populate.ldif.template index 22698f8..c65f606 100644 --- a/files/populate.ldif.template +++ b/files/populate.ldif.template @@ -54,7 +54,8 @@ objectclass: ldapPublicKey objectclass: sudoRole sudocommand: ALL sudohost: ALL -sudouser: {{user_last_name}} +sudouser: {{uid}} +sn: {{user_last_name}} uid: {{user_uid}} uidnumber: 1500 userpassword: {MD5}{{user_password_md5}} -- 2.34.1 From 4778ddfe4cd4da29c9967f9c4c41d602ab151220 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 22:36:42 -0400 Subject: [PATCH 4/9] fixed --- index.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/index.sh b/index.sh index 5c9cb33..5d140f8 100755 --- a/index.sh +++ b/index.sh @@ -54,6 +54,7 @@ ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif ldapadd -x -D "cn=admin,$ldap_base" -w "$password" -H ldap:// -f "$temp_populate_ldif" +apt install curl git -y curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - apt update apt-get install -y nodejs git -- 2.34.1 From 530ad352442b669c27e3199bc107e1cbccf1ca55 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 22:42:43 -0400 Subject: [PATCH 5/9] fixed --- index.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.sh b/index.sh index 5d140f8..5f36b62 100755 --- a/index.sh +++ b/index.sh @@ -58,6 +58,7 @@ apt install curl git -y curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - apt update apt-get install -y nodejs git +sso_conf_template="$(cat files/sso-manager.conf.template)" mkdir /var/www cd /var/www @@ -67,7 +68,6 @@ git clone https://github.com/theta42/sso-manager-node.git cd sso-manager-node/nodejs npm install -sso_conf_template="$(cat files/sso-manager.conf.template)" echo "$sso_conf_template" | mo > "conf/secrets.js" wget -q https://raw.githubusercontent.com/theta42/sso-manager-node/master/ops/systemd/sso-manager.service -O /etc/systemd/system/sso-manger.service -- 2.34.1 From 9a4c496d194992e3433c541999a8976bba8066b1 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 22:51:40 -0400 Subject: [PATCH 6/9] fixed --- files/sso-manager.conf.template | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/sso-manager.conf.template b/files/sso-manager.conf.template index b54622b..54607c9 100644 --- a/files/sso-manager.conf.template +++ b/files/sso-manager.conf.template @@ -1,9 +1,9 @@ module.exports = { - userModel: 'ldap' + userModel: 'ldap', ldap: { url: 'ldap://localhost:389', bindDN: 'cn=admin,{{ldap_base}}', - bindPassword: '{{password_md5}}', + bindPassword: '{{password}}', userBase: 'ou=People,{{ldap_base}}', groupBase: 'ou=Groups,{{ldap_base}}', userFilter: '(objectClass=posixAccount)', -- 2.34.1 From bfaab88e912e11fbe382e620d94eb61c3d9367d1 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 22:56:53 -0400 Subject: [PATCH 7/9] fixed --- index.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.sh b/index.sh index 5f36b62..2f44899 100755 --- a/index.sh +++ b/index.sh @@ -54,7 +54,7 @@ ldapadd -Q -Y EXTERNAL -H ldapi:/// -f files/refint2.ldif ldapadd -x -D "cn=admin,$ldap_base" -w "$password" -H ldap:// -f "$temp_populate_ldif" -apt install curl git -y +apt install curl git redis-server -y curl -fsSL https://deb.nodesource.com/setup_14.x | sudo -E bash - apt update apt-get install -y nodejs git -- 2.34.1 From 325a3aa7011f8557f0614186998bc493b13cc2be Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 23:11:45 -0400 Subject: [PATCH 8/9] fixed --- files/populate.ldif.template | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/files/populate.ldif.template b/files/populate.ldif.template index c65f606..4a10832 100644 --- a/files/populate.ldif.template +++ b/files/populate.ldif.template @@ -69,3 +69,21 @@ member: cn={{user_uid}},ou=People,{{ldap_base}} objectclass: groupOfNames objectclass: top owner: cn={{user_uid}},ou=People,{{ldap_base}} + +# Entry 1: cn=host_access,ou=Groups,{{ldap_base}} +dn: cn=host_access,ou=Groups,{{ldap_base}} +cn: host_access +description: PAM Access to all hosts +member: cn={{user_uid}},ou=People,{{ldap_base}} +objectclass: groupOfNames +objectclass: top +owner: cn={{user_uid}},ou=People,{{ldap_base}} + +# Entry 1: cn=host_admin,ou=Groups,{{ldap_base}} +dn: cn=host_admin,ou=Groups,{{ldap_base}} +cn: host_admin +description: sudo on all hosts +member: cn={{user_uid}},ou=People,{{ldap_base}} +objectclass: groupOfNames +objectclass: top +owner: cn={{user_uid}},ou=People,{{ldap_base}} -- 2.34.1 From 3629988b2c3105c071615c4a5b1fe01fa946d819 Mon Sep 17 00:00:00 2001 From: William Mantly Date: Mon, 22 Mar 2021 23:12:24 -0400 Subject: [PATCH 9/9] fixed --- files/sso-manager.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/sso-manager.conf.template b/files/sso-manager.conf.template index 54607c9..a765015 100644 --- a/files/sso-manager.conf.template +++ b/files/sso-manager.conf.template @@ -9,5 +9,5 @@ module.exports = { userFilter: '(objectClass=posixAccount)', userNameAttribute: 'uid' }, - name: {{org_name}}, + name: '{{org_name}}', }; -- 2.34.1