openldap/ldap-init.sh

#!/bin/bash
source .env
LDAP_SRV=ldaps://gmoadm.gmolab.net:1636

echo "Delete from the box users"
ldapdelete -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN \
  "cn=user01,ou=people,$LDAP_ROOT" \
  "cn=user02,ou=people,$LDAP_ROOT" \
  "cn=readers,ou=people,$LDAP_ROOT" \
  "ou=people,$LDAP_ROOT"

echo "create OUs"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: ou=people,$LDAP_ROOT
objectClass: organizationalUnit
ou: people
EOF
#dn: ou=groups,$LDAP_ROOT
#objectClass: organizationalUnit
#ou: groups
#EOF

echo "Create users"
ldapadd -x -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: cn=Admin LDAP,ou=people,$LDAP_ROOT
cn: Admin LDAP
displayName: Admin LDAP
sn: LDAP
givenName: Admin
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: pa55w0rd
uid: adminldap
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/adminldap
mail: admin.ldap@gmolab.net

dn: cn=Access LDAP,ou=people,$LDAP_ROOT
cn: Access LDAP
displayName: Access LDAP
sn: LDAP
givenName: Access
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: pa55w0rd
uid: accessldap
uidNumber: 10002
gidNumber: 10002
homeDirectory: /home/accessldap
mail: access.ldap@gmolab.net
EOF

echo "change ACL"
docker exec ldap /bin/bash -c 'ldapmodify -H ldapi:/// -Y EXTERNAL << EOF
dn: olcDatabase={2}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to attrs=userPassword
  by self write
  by anonymous auth
  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
  by dn.base="cn=Access LDAP,ou=people,$LDAP_ROOT" read
  by anonymous  auth
  by * none
olcAccess: to dn.base=""
  by * read
olcAccess: to *
  by dn.base="cn=Admin LDAP,ou=people,$LDAP_ROOT" write
  by self write
  by users read
  by * none
EOF
'

echo "Change organization name"
ldapmodify -H $LDAP_SRV -w $LDAP_ADMIN_PASSWORD -D $LDAP_ADMIN_DN << EOF
dn: dc=gmolab,dc=net
changetype: modify
replace: o
o: GMOLab (Gilles Mouchet Sandbox)
EOF