Compare commits
3 Commits
Author | SHA1 | Date |
---|---|---|
Benjamin Dauvergne | e591a3c481 | |
Benjamin Dauvergne | a68e5b66f8 | |
Benjamin Dauvergne | fd9d5867f2 |
|
@ -0,0 +1,93 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
# syncrepl:
|
||||
# rid=<replica ID>
|
||||
# provider=ldap[s]://<hostname>[:port]
|
||||
# searchbase=<base DN>
|
||||
# [type=refreshOnly|refreshAndPersist]
|
||||
# [interval=dd:hh:mm:ss]
|
||||
# [retry=[<retry interval> <# of retries>]+]
|
||||
# [filter=<filter str>]
|
||||
# [scope=sub|one|base|subord]
|
||||
# [attrs=<attr list>]
|
||||
# [attrsonly]
|
||||
# [sizelimit=<limit>]
|
||||
# [timelimit=<limit>]
|
||||
# [schemachecking=on|off]
|
||||
# [network-timeout=<seconds>]
|
||||
# [timeout=<seconds>]
|
||||
# [bindmethod=simple|sasl]
|
||||
# [binddn=<dn>]
|
||||
# [saslmech=<mech>]
|
||||
# [authcid=<identity>]
|
||||
# [authzid=<identity>]
|
||||
# [credentials=<passwd>]
|
||||
# [realm=<realm>]
|
||||
# [secprops=<properties>]
|
||||
# [keepalive=<idle>:<probes>:<interval>]
|
||||
# [starttls=yes|critical]
|
||||
# [tls_cert=<file>]
|
||||
# [tls_key=<file>]
|
||||
# [tls_cacert=<file>]
|
||||
# [tls_cacertdir=<path>]
|
||||
# [tls_reqcert=never|allow|try|demand]
|
||||
# [tls_ciphersuite=<ciphers>]
|
||||
# [tls_crlcheck=none|peer|all]
|
||||
# [suffixmassage=<real DN>]
|
||||
# [logbase=<base DN>]
|
||||
# [logfilter=<filter str>]
|
||||
# [syncdata=default|accesslog|changelog]
|
||||
|
||||
|
||||
set -e
|
||||
|
||||
echo "URL du serveur LDAP à synchroniser (exemple : ldaps://ldap.univ.fr/ ) :"
|
||||
echo -n "-> "
|
||||
read URL
|
||||
echo
|
||||
|
||||
echo "Base DN à répliquer (exemple : dc=univ,dc=fr ) :"
|
||||
echo -n "-> "
|
||||
read BASEDN
|
||||
echo
|
||||
|
||||
echo "Bind DN pour l'authentification (exemple : uid=syncrepl,ou=people,dc=unic,dc=fr ) :"
|
||||
echo "(laisser vide si une connexion anonyme doit être utilisée)"
|
||||
echo -n "-> "
|
||||
read BINDDN
|
||||
echo
|
||||
|
||||
if [ "x$BINDDN" != "x" ]; then
|
||||
echo "Mot de passe de bind pour l'authentification (exemple : uid=syncrepl,ou=people,dc=unic,dc=fr ) :"
|
||||
echo -n "-> "
|
||||
read BINDPW
|
||||
echo
|
||||
fi
|
||||
|
||||
echo "Récapitulatif:"
|
||||
echo " URL: $URL"
|
||||
echo " Base DN: $BASEDN"
|
||||
if [ "x$BINDDN" != "x" ]; then
|
||||
echo " Bind DN: $BINDDN"
|
||||
echo " Bind PW: $BINDPW"
|
||||
else
|
||||
echo " Connexion anonyme"
|
||||
fi
|
||||
echo " Base DN local: $BASEDN,ou=meta"
|
||||
echo
|
||||
echo " Configuration syncrepl généré:"
|
||||
echo
|
||||
LINE="olcSyncRepl: rid=1 provider=\"$URL\" searchbase=\"$BINDDN\" "
|
||||
if [ "x$BINDDN" != "x" ]; then
|
||||
LINE="$LINE bindmethod=simple binddn=\"$BINDDN\" credentials=\"$BINDPWD\" "
|
||||
fi
|
||||
LINE="$LINE suffixmassage=\"$BASEDN,ou=meta\""
|
||||
echo " $LINE"
|
||||
echo
|
||||
echo " Voulez vous créez cette nouvelle branche du méta-annuaire ? (tapez oui)"
|
||||
echo -n " -> "
|
||||
read OUI
|
||||
if [ "x$OUI" != "oui" ]; then
|
||||
exit 1
|
||||
fi
|
11
lib/reset
11
lib/reset
|
@ -30,7 +30,7 @@ rm -rf /var/lib/ldap/*
|
|||
echo "ok"
|
||||
|
||||
mkdir -p /etc/ldap/slapd.d
|
||||
mkdir /var/lib/ldap/config-accesslog/
|
||||
mkdir /var/lib/ldap/config-accesslog/ /var/lib/ldap/meta/
|
||||
|
||||
if [ ! -f /var/lib/ldap/ssl.pem -a ! -f /var/lib/ssl.key ]; then
|
||||
echo -n "Installation des certificats SSL par défaut .."
|
||||
|
@ -40,14 +40,21 @@ fi
|
|||
|
||||
echo -n "Installation de la nouvelle configuration .. "
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config.ldif
|
||||
echo "ok"
|
||||
|
||||
echo "Installation des schémas .."
|
||||
echo -n "Installation des schémas .. "
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/core.ldif
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/cosine.ldif
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l/etc/ldap/schema/inetorgperson.ldif
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/supann-2009.ldif
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/eduperson.ldif
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/eduorg-200210-openldap.ldif
|
||||
echo "ok"
|
||||
|
||||
echo "Installation de la racine du méta-annuaire .. "
|
||||
slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config-meta.ldif
|
||||
slapadd -n2 -F/etc/ldap/slapd.d -l${LDIFDIR}/meta.ldif
|
||||
echo "ok"
|
||||
|
||||
chown -R openldap:openldap /etc/ldap/slapd.d /var/lib/ldap
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
dn: olcDatabase={2}mdb,cn=config
|
||||
objectClass: olcDatabaseConfig
|
||||
objectClass: olcMdbConfig
|
||||
olcSuffix: o=psl-meta
|
||||
olcDbDirectory: /var/lib/ldap/meta/
|
||||
# Allow reading accesslog only by root
|
||||
olcAccess: {0}to *
|
||||
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read
|
||||
by * break
|
|
@ -0,0 +1,4 @@
|
|||
dn: o=psl-meta
|
||||
objectClass: organization
|
||||
o: psl-meta
|
||||
description: méta-annuaire supann PSL
|
Reference in New Issue