195 lines
4.9 KiB
Bash
Executable File
195 lines
4.9 KiB
Bash
Executable File
#!/bin/bash
|
|
source .openldap.env
|
|
#echo "Delete from the box users"
|
|
#ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
|
|
# "cn=user01,ou=people,$LDAP_ROOT" \
|
|
# "cn=user02,ou=people,$LDAP_ROOT" \
|
|
# "cn=readers,ou=people,$LDAP_ROOT" \
|
|
# "ou=people,$LDAP_ROOT"
|
|
|
|
echo "create OUs"
|
|
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
|
|
dn: $LDAP_ROOT
|
|
objectClass: top
|
|
objectClass: dcObject
|
|
objectclass: organization
|
|
o: GMoLab Directory
|
|
dc: gmolab
|
|
|
|
dn: ou=people,$LDAP_ROOT
|
|
objectClass: organizationalUnit
|
|
ou: people
|
|
|
|
dn: ou=groups,$LDAP_ROOT
|
|
objectClass: organizationalUnit
|
|
ou: groups
|
|
EOF
|
|
|
|
echo "Populate the directory"
|
|
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
|
|
dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
|
|
cn: Admin LDAP
|
|
displayName: Admin LDAP
|
|
sn: LDAP
|
|
givenName: Admin
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: adminldap
|
|
uidNumber: 1000
|
|
gidNumber: 500
|
|
homeDirectory: /home/adminldap
|
|
mail: admin.ldap@gmolab.net
|
|
|
|
dn: cn=Access LDAP,ou=people,$LDAP_ROOT
|
|
cn: Access LDAP
|
|
displayName: Access LDAP
|
|
sn: LDAP
|
|
givenName: Access
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: accessldap
|
|
uidNumber: 1001
|
|
gidNumber: 500
|
|
homeDirectory: /home/accessldap
|
|
mail: access.ldap@gmolab.net
|
|
|
|
dn: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
|
|
cn: Gilles Mouchet
|
|
displayName: Gilles Mouchet
|
|
sn: Mouchet
|
|
givenName: Gilles
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: gilles.mouchet
|
|
uidNumber: 1002
|
|
gidNumber: 500
|
|
homeDirectory: /home/gilmouchet
|
|
mail: gilles.mouchet@gmolab.net
|
|
|
|
dn: cn=Christine Mouchet,ou=people,$LDAP_ROOT
|
|
cn: Christine Mouchet
|
|
displayName: Christine Mouchet
|
|
sn: Mouchet
|
|
givenName: Christine
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: christine.mouchet
|
|
uidNumber: 1003
|
|
gidNumber: 500
|
|
homeDirectory: /home/chrmouchet
|
|
mail: christine.mouchet@gmolab.net
|
|
|
|
dn: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
|
|
cn: Bryan Mouchet
|
|
displayName: Bryan Mouchet
|
|
sn: Mouchet
|
|
givenName: Bryan
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: bryan.mouchet
|
|
uidNumber: 1004
|
|
gidNumber: 500
|
|
homeDirectory: /home/brymouchet
|
|
mail: bryan.mouchet@gmolab.net
|
|
|
|
dn: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
|
|
cn: Aurelie Mouchet
|
|
displayName: Aurelie Mouchet
|
|
sn: Mouchet
|
|
givenName: Aurelie
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: aurelie.mouchet
|
|
uidNumber: 1005
|
|
gidNumber: 500
|
|
homeDirectory: /home/aurmouchet
|
|
mail: aurelie.mouchet@gmolab.net
|
|
|
|
dn: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
|
|
cn: Sarah Mouchet
|
|
displayName: Sarah Mouchet
|
|
sn: Mouchet
|
|
givenName: Sarah
|
|
objectClass: inetOrgPerson
|
|
objectClass: posixAccount
|
|
objectClass: shadowAccount
|
|
userPassword: {SSHA}VUkfz85JIvPsUUbMbAdY5CMgeh3YcBGw
|
|
uid: sarah.mouchet
|
|
uidNumber: 1006
|
|
gidNumber: 500
|
|
homeDirectory: /home/sarmouchet
|
|
mail: sarah.mouchet@gmolab.net
|
|
|
|
dn: cn=Mouchet Family,ou=groups,$LDAP_ROOT
|
|
objectClass: groupOfNames
|
|
cn: Mouchet Family
|
|
member: cn=Gilles Mouchet,ou=people,$LDAP_ROOT
|
|
member: cn=Christine Mouchet,ou=people,$LDAP_ROOT
|
|
member: cn=Bryan Mouchet,ou=people,$LDAP_ROOT
|
|
member: cn=Aurelie Mouchet,ou=people,$LDAP_ROOT
|
|
member: cn=Sarah Mouchet,ou=people,$LDAP_ROOT
|
|
|
|
dn: cn=all-users,ou=groups,dc=gmolab,dc=net
|
|
cn: all-users
|
|
objectclass: posixGroup
|
|
objectclass: top
|
|
gidnumber: 500
|
|
memberuid: accessldap
|
|
memberuid: adminldap
|
|
memberuid: aurelie.mouchet
|
|
memberuid: bryan.mouchet
|
|
memberuid: christine.mouchet
|
|
memberuid: gilles.mouchet
|
|
memberuid: sarah.mouchet
|
|
EOF
|
|
|
|
echo "change ACL"
|
|
docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
|
|
dn: olcDatabase={2}mdb,cn=config
|
|
changetype: modify
|
|
replace: olcAccess
|
|
olcAccess: to attrs=userPassword
|
|
by self write
|
|
by anonymous auth
|
|
by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
|
|
by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
|
|
by anonymous auth
|
|
by * none
|
|
olcAccess: to dn.base=""
|
|
by * read
|
|
olcAccess: to *
|
|
by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
|
|
by self write
|
|
by users read
|
|
by * none
|
|
EOF
|
|
'
|
|
docker exec openldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
|
|
dn: olcDatabase={1}monitor,cn=config
|
|
changetype: modify
|
|
add: olcAccess
|
|
#replace: olcAccess
|
|
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=externalcn=auth" read
|
|
by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" read by * none
|
|
EOF
|
|
'
|
|
|
|
#echo "Change organization name"
|
|
#ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
|
|
#dn: dc=gmolab,dc=net
|
|
#changetype: modify
|
|
#replace: o
|
|
#o: GMOLab (Gilles Mouchet Sandbox)
|
|
#EOF |