create-directory: initialise mieux l'objet établissement, crée un enregistrement pour le premier admin, crée le groupe admin
This commit is contained in:
parent
8e2a5b6dc5
commit
05e054132a
|
@ -1,18 +1,54 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
echo Give suffix
|
||||
set -e
|
||||
|
||||
echo "Indiquez le suffixe (ex.: dc=dauphine,dc=fr):"
|
||||
echo -n "-> "
|
||||
read SUFFIX
|
||||
echo
|
||||
|
||||
if ldapsearch -H ldapi:// -Y EXTERNAL -b cn=config olcSuffix=$SUFFIX 2>/dev/null | grep -q '^result: 0'; then
|
||||
echo ERROR: $SUFFIX already exists >&2
|
||||
if ldapsearch -H ldapi:// -Y EXTERNAL -b cn=config olcSuffix=$SUFFIX 2>/dev/null | grep -q '^result: [1-9]'; then
|
||||
echo "ERROR: le suffixe $SUFFIX existe déjà" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo Give password
|
||||
read PASSWORD
|
||||
if [ -d "/var/lib/ldap/$SUFFIX" ]; then
|
||||
echo "ERROR: le répertoire de donnée '/var/lib/ldap/$SUFFIX' existe déjà" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo Give organization
|
||||
echo "Indiquez le mot de passe de l'administrateur (uid=admin,ou=people,$SUFFIX):"
|
||||
echo -n "-> "
|
||||
read PASSWORD
|
||||
echo
|
||||
|
||||
echo "Donnez le nom de l'organisation:"
|
||||
echo -n "-> "
|
||||
read ORGANIZATION
|
||||
echo
|
||||
|
||||
echo "Indiquez le code de l'établissement, préfixé par son origine, ex.:"
|
||||
echo " - {UAI}0350936C pour désigner l'université de Rennes 1"
|
||||
echo " - {SIRET}18004312700067 pour désigner l'AMUE"
|
||||
echo " - {CNRS}MOY1400 pour désigner la délégation régionale de Toulouse du CNRS"
|
||||
echo -n "-> "
|
||||
read CODEETB
|
||||
echo
|
||||
|
||||
echo Récapitulatif:
|
||||
echo "Suffixe: $SUFFIX"
|
||||
echo "Mot de passe admin: $PASSWORD"
|
||||
echo "Nom de l'établissment: $ORGANIZATION"
|
||||
echo "Code UAI de l'établissemen: $CODEETB"
|
||||
echo
|
||||
echo "Voulez-vous créer cet annuaire? (oui/non)"
|
||||
echo -n "-> "
|
||||
read OK
|
||||
echo
|
||||
|
||||
if [ "x$OK" != "xoui" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
DC=`echo $SUFFIX | sed 's/dc=\([^,]*\).*/\1/'`
|
||||
DBDIR=/var/lib/ldap/$SUFFIX
|
||||
|
@ -21,7 +57,8 @@ DBACCESSLOGDIR=/var/lib/ldap/$SUFFIX/accesslog/
|
|||
mkdir -p "$DBDIR" "$DBACCESSLOGDIR"
|
||||
chown openldap.openldap "$DBDIR" "$DBACCESSLOGDIR"
|
||||
|
||||
cat <<EOF >/tmp/newdb
|
||||
LDIF=`tempfile --prefix=create-branch --suffix=.ldif`
|
||||
cat <<EOF >$LDIF
|
||||
# LDAPVI syntax
|
||||
add olcDatabase={1}mdb,cn=config
|
||||
objectClass: olcDatabaseConfig
|
||||
|
@ -112,10 +149,10 @@ olcConstraintAttribute: mail,supannMailPerso,supannAutreMail
|
|||
regex "^([A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}|[a-z0-9]+)$" # mail ou uid
|
||||
olcConstraintAttribute: supannAliasLogin regex "^[[:alnum:]]+$"
|
||||
olcConstraintAttribute: supannCodeEntiteParent,supannEntiteAffectation uri ldap:///ou=structures,$SUFFIX?supannCodeEntite?sub?(objectClass=supannEntite)
|
||||
olcConstraintAttribute: supannCivilite regex "^(M.|Mme|Mlle)$"
|
||||
olcConstraintAttribute: supannCodeINE count 1
|
||||
olcConstraintAttribute: supannEmpId count 1
|
||||
olcConstraintAttribute: supannListeRouge regex "^(VRAI|FAUX)$"
|
||||
# FIXME: syntex regex pas bonne
|
||||
olcConstraintAttribute: supannCivilite regex "^(M.|Mme|Mlle)$"
|
||||
olcConstraintAttribute: supannTypeEntite,supannEtuCursusAnnee regex "^\{SUPANN\}[A-Z][0-9]+$"
|
||||
# attribut issu d'une nomenclature
|
||||
olcConstraintAttribute: supannEtablissement,
|
||||
|
@ -141,17 +178,40 @@ objectClass: eduOrg
|
|||
objectClass: supannOrg
|
||||
dc: $DC
|
||||
o: $ORGANIZATION
|
||||
supannEtablissement: $CODEETB
|
||||
|
||||
add ou=people,$SUFFIX
|
||||
objectClass: organizationalUnit
|
||||
ou: people
|
||||
|
||||
add ou=groups,$SUFFIX
|
||||
objectClass: organizationalUnit
|
||||
ou: groups
|
||||
add uid=admin,ou=people,$SUFFIX
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: eduPerson
|
||||
objectClass: supannPerson
|
||||
uid: admin
|
||||
cn: Administrateur annuaire
|
||||
displayName: Administrateur annuaire
|
||||
givenName: Administrateur
|
||||
sn: annuaire
|
||||
supannListeRouge: TRUE
|
||||
userPassword: $PASSWORD
|
||||
supannEtablissement: $CODEETB
|
||||
|
||||
add ou=structures,$SUFFIX
|
||||
objectClass: organizationalUnit
|
||||
ou: structures
|
||||
|
||||
add ou=groups,$SUFFIX
|
||||
objectClass: organizationalUnit
|
||||
ou: groups
|
||||
|
||||
add cn=admin,ou=groups,$SUFFIX
|
||||
objectClass: groupOfNames
|
||||
objectClass: supannGroupe
|
||||
cn: admin
|
||||
description: Groupe des administrateurs de l'annuaire
|
||||
member: uid=admin,ou=people,$SUFFIX
|
||||
EOF
|
||||
ldapvi --profile config --ldapmodify --ldapvi --add /tmp/newdb
|
||||
echo -n Chargement de la définition du nouvelle annuaire dans $LDIF..
|
||||
ldapvi --profile config --ldapmodify --ldapvi --add $LDIF
|
||||
echo " FAIT"
|
||||
|
|
Reference in New Issue