#!/bin/bash source .openldap.env LDAP_SRV=ldaps://gmoadm.gmolab.net:1636 #LDAP_SRV=ldap://gmoadm.gmolab.net:1389 #echo "Delete from the box users" #ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \ # "cn=user01,ou=people,$LDAP_ROOT" \ # "cn=user02,ou=people,$LDAP_ROOT" \ # "cn=readers,ou=people,$LDAP_ROOT" \ # "ou=people,$LDAP_ROOT" echo "create OUs" ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF dn: $LDAP_ROOT objectClass: top objectClass: dcObject objectclass: organization o: GMoLab Directory dc: gmolab dn: ou=people,$LDAP_ROOT objectClass: organizationalUnit ou: people dn: ou=groups,$LDAP_ROOT objectClass: organizationalUnit ou: groups EOF echo "Populate the directory" ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF dn: cn=Admin LDAP,ou=people,$LDAP_ROOT cn: Admin LDAP displayName: Admin LDAP sn: LDAP givenName: Admin objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: adminldap uidNumber: 1000 gidNumber: 500 homeDirectory: /home/adminldap mail: admin.ldap@gmolab.net dn: cn=Access LDAP,ou=people,$LDAP_ROOT cn: Access LDAP displayName: Access LDAP sn: LDAP givenName: Access objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: accessldap uidNumber: 1001 gidNumber: 500 homeDirectory: /home/accessldap mail: access.ldap@gmolab.net dn: cn=Gilles Mouchet,ou=people,$LDAP_ROOT cn: Gilles Mouchet displayName: Gilles Mouchet sn: Mouchet givenName: Gilles objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: gilles.mouchet uidNumber: 1002 gidNumber: 500 homeDirectory: /home/gilmouchet mail: gilles.mouchet@gmolab.net dn: cn=Christine Mouchet,ou=people,$LDAP_ROOT cn: Christine Mouchet displayName: Christine Mouchet sn: Mouchet givenName: Christine objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: christine.mouchet uidNumber: 1003 gidNumber: 500 homeDirectory: /home/chrmouchet mail: christine.mouchet@gmolab.net dn: cn=Bryan Mouchet,ou=people,$LDAP_ROOT cn: Bryan Mouchet displayName: Bryan Mouchet sn: Mouchet givenName: Bryan objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: bryan.mouchet uidNumber: 1004 gidNumber: 500 homeDirectory: /home/brymouchet mail: bryan.mouchet@gmolab.net dn: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT cn: Aurelie Mouchet displayName: Aurelie Mouchet sn: Mouchet givenName: Aurelie objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: aurelie.mouchet uidNumber: 1005 gidNumber: 500 homeDirectory: /home/aurmouchet mail: aurelie.mouchet@gmolab.net dn: cn=Sarah Mouchet,ou=people,$LDAP_ROOT cn: Sarah Mouchet displayName: Sarah Mouchet sn: Mouchet givenName: Sarah objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw uid: sarah.mouchet uidNumber: 1006 gidNumber: 500 homeDirectory: /home/sarmouchet mail: sarah.mouchet@gmolab.net dn: cn=Mouchet Family,ou=groups,$LDAP_ROOT objectClass: groupOfNames cn: Mouchet Family member: cn=Gilles Mouchet,ou=people,$LDAP_ROOT member: cn=Christine Mouchet,ou=people,$LDAP_ROOT member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT dn: cn=all-users,ou=groups,dc=gmolab,dc=net cn: all-users objectclass: posixGroup objectclass: top gidnumber: 500 memberuid: accessldap memberuid: adminldap memberuid: aurelie.mouchet memberuid: bryan.mouchet memberuid: christine.mouchet memberuid: gilles.mouchet memberuid: sarah.mouchet EOF echo "change ACL" docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF dn: olcDatabase={2}mdb,cn=config changetype: modify replace: olcAccess olcAccess: to attrs=userPassword by self write by anonymous auth by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read by anonymous auth by * none olcAccess: to dn.base="" by * read olcAccess: to * by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write by self write by users read by * none EOF ' docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF dn: olcDatabase={1}monitor,cn=config changetype: modify add: olcAccess #replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externalcn=auth" read by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" read by * none EOF ' #echo "Change organization name" #ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF #dn: dc=gmolab,dc=net #changetype: modify #replace: o #o: GMOLab (Gilles Mouchet Sandbox) #EOF