Adicionando script de instalacao ldap

Macartur Carvalho
1 parent 76631894
Showing 1 changed file with 196 additions and 0 deletions Show diff stats
script/instalacaoLdap.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+
+DC="dc=sei,dc=com"
+PASSWORD="cfl5OcVJ"
+
+sudo yum install openldap-servers openldap-clients sssd perl-LDAP.noarch  -y
+
+sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
+
+sudo chown -R ldap:ldap /var/lib/ldap
+cd /etc/openldap
+sudo mv slapd.d slapd.d.original
+
+PASS=`slappasswd  -s  ${PASSWORD}`
+
+sudo service slapd start
+sudo chkconfig slapd on
+
+sudo cp ldap.conf ldap.conf.original
+
+echo "escrevendo arquivo em /etc/openldap/slapd.conf"
+
+echo "# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include     /etc/openldap/schema/core.schema
+include     /etc/openldap/schema/cosine.schema
+include     /etc/openldap/schema/inetorgperson.schema
+include     /etc/openldap/schema/nis.schema
+
+# Added for policy
+include     /etc/openldap/schema/ppolicy.schema
+
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral   ldap://root.openldap.org
+
+pidfile     /var/run/openldap/slapd.pid
+argsfile    /var/run/openldap/slapd.args
+
+# Load dynamic backend modules:
+# modulepath    /usr/lib64/openldap
+
+# Modules available in openldap-servers-overlays RPM package
+# Module syncprov.la is now statically linked with slapd and there
+# is no need to load it here
+# moduleload accesslog.la
+# moduleload auditlog.la
+# moduleload denyop.la
+# moduleload dyngroup.la
+# moduleload dynlist.la
+# moduleload lastmod.la
+# moduleload pcache.la
+
+moduleload ppolicy.la
+
+# moduleload refint.la
+# moduleload retcode.la
+# moduleload rwm.la
+# moduleload smbk5pwd.la
+# moduleload translucent.la
+# moduleload unique.la
+# moduleload valsort.la
+
+# modules available in openldap-servers-sql RPM package:
+# moduleload back_sql.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
+
+# Sample security restrictions
+#   Require integrity protection (prevent hijacking)
+#   Require 112-bit (3DES or better) encryption for updates
+#   Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#   Root DSE: allow anyone to read it
+#   Subschema (sub)entry DSE: allow anyone to read it
+#   Other DSEs:
+#       Allow self write access
+#       Allow authenticated users read access
+#       Allow anonymous users to authenticate
+#   Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base=\"cn=Subschema\" by * read
+# access to *
+#   by self write
+#   by users read
+#   by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# ldbm and/or bdb database definitions
+#######################################################################
+
+database    bdb
+suffix      "${DC}"
+rootdn      "cn=admin,${DC}"
+rootpw      $PASS
+
+# PPolicy Configuration
+overlay ppolicy
+ppolicy_default \"cn=default,ou=policies,${DC}\"
+ppolicy_use_lockout
+ppolicy_hash_cleartext
+
+
+
+# The database directory MUST exist prior to running slapd AND
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory   /var/lib/ldap
+
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,mail,surname,givenname      eq,pres,sub
+index uidNumber,gidNumber,loginShell    eq,pres
+index uid,memberUid                     eq,pres,sub
+index nisMapName,nisMapEntry            eq,pres,sub "   >  /etc/openldap/slapd.conf  
+
+echo "escrevendo em /etc/openldap/ppolicy.ldif"
+
+echo "dn: ou = policies,${DC}
+objectClass: organizationalUnit
+objectClass: top
+ou: policies
+
+# default, policies, example.com
+dn: cn=default,ou=policies,${DC}
+objectClass: top
+objectClass: pwdPolicy
+objectClass: person
+cn: default
+sn: dummy value
+pwdAttribute: userPassword
+pwdMaxAge: 7516800
+pwdExpireWarning: 14482463
+pwdMinLength: 2
+pwdMaxFailure: 10
+pwdLockout: TRUE
+pwdLockoutDuration: 60
+pwdMustChange: FALSE
+pwdAllowUserChange: FALSE
+pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif
+
+sudo service slapd restart
+
+echo "gerando arquivos /tmp/ldap" 
+sudo mkdir -p /tmp/ldap
+cd /tmp/ldap
+
+echo "dn: ${DC}
+objectClass: dcObject
+objectClass: organization
+dc: sei
+o:  Sei
+description:  SEI
+
+dn: cn=admin,${DC}
+objectClass: organizationalRole
+cn: Admin
+description: System Manager
+
+dn: ou=users,${DC}
+objectClass: organizationalUnit
+ou: users
+
+dn: ou=oldusers,${DC}
+objectClass: organizationalUnit
+ou: oldusers " > base.ldif
+
+cd /tmp/ldap
+
+echo "alimentando lda"
+sleep 10
+echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"
+ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif
+
+echo "Pronto foi instalado a ldap na maquina local"
+echo "admin = cn=admin,${DC}"
+echo "senha: ${PASSWORD}"
@@ -0,0 +1,196 @@		@@ -0,0 +1,196 @@
	1	+#!/bin/sh
	2	+
	3	+DC="dc=sei,dc=com"
	4	+PASSWORD="cfl5OcVJ"
	5	+
	6	+sudo yum install openldap-servers openldap-clients sssd perl-LDAP.noarch -y
	7	+
	8	+sudo cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
	9	+
	10	+sudo chown -R ldap:ldap /var/lib/ldap
	11	+cd /etc/openldap
	12	+sudo mv slapd.d slapd.d.original
	13	+
	14	+PASS=`slappasswd -s ${PASSWORD}`
	15	+
	16	+sudo service slapd start
	17	+sudo chkconfig slapd on
	18	+
	19	+sudo cp ldap.conf ldap.conf.original
	20	+
	21	+echo "escrevendo arquivo em /etc/openldap/slapd.conf"
	22	+
	23	+echo "# See slapd.conf(5) for details on configuration options.
	24	+# This file should NOT be world readable.
	25	+#
	26	+include /etc/openldap/schema/core.schema
	27	+include /etc/openldap/schema/cosine.schema
	28	+include /etc/openldap/schema/inetorgperson.schema
	29	+include /etc/openldap/schema/nis.schema
	30	+
	31	+# Added for policy
	32	+include /etc/openldap/schema/ppolicy.schema
	33	+
	34	+# Allow LDAPv2 client connections. This is NOT the default.
	35	+allow bind_v2
	36	+
	37	+# Do not enable referrals until AFTER you have a working directory
	38	+# service AND an understanding of referrals.
	39	+#referral ldap://root.openldap.org
	40	+
	41	+pidfile /var/run/openldap/slapd.pid
	42	+argsfile /var/run/openldap/slapd.args
	43	+
	44	+# Load dynamic backend modules:
	45	+# modulepath /usr/lib64/openldap
	46	+
	47	+# Modules available in openldap-servers-overlays RPM package
	48	+# Module syncprov.la is now statically linked with slapd and there
	49	+# is no need to load it here
	50	+# moduleload accesslog.la
	51	+# moduleload auditlog.la
	52	+# moduleload denyop.la
	53	+# moduleload dyngroup.la
	54	+# moduleload dynlist.la
	55	+# moduleload lastmod.la
	56	+# moduleload pcache.la
	57	+
	58	+moduleload ppolicy.la
	59	+
	60	+# moduleload refint.la
	61	+# moduleload retcode.la
	62	+# moduleload rwm.la
	63	+# moduleload smbk5pwd.la
	64	+# moduleload translucent.la
	65	+# moduleload unique.la
	66	+# moduleload valsort.la
	67	+
	68	+# modules available in openldap-servers-sql RPM package:
	69	+# moduleload back_sql.la
	70	+
	71	+# The next three lines allow use of TLS for encrypting connections using a
	72	+# dummy test certificate which you can generate by changing to
	73	+# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on
	74	+# slapd.pem so that the ldap user or group can read it. Your client software
	75	+# may balk at self-signed certificates, however.
	76	+# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
	77	+# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
	78	+# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
	79	+
	80	+# Sample security restrictions
	81	+# Require integrity protection (prevent hijacking)
	82	+# Require 112-bit (3DES or better) encryption for updates
	83	+# Require 63-bit encryption for simple bind
	84	+# security ssf=1 update_ssf=112 simple_bind=64
	85	+
	86	+# Sample access control policy:
	87	+# Root DSE: allow anyone to read it
	88	+# Subschema (sub)entry DSE: allow anyone to read it
	89	+# Other DSEs:
	90	+# Allow self write access
	91	+# Allow authenticated users read access
	92	+# Allow anonymous users to authenticate
	93	+# Directives needed to implement policy:
	94	+# access to dn.base="" by * read
	95	+# access to dn.base=\"cn=Subschema\" by * read
	96	+# access to *
	97	+# by self write
	98	+# by users read
	99	+# by anonymous auth
	100	+#
	101	+# if no access controls are present, the default policy
	102	+# allows anyone and everyone to read anything but restricts
	103	+# updates to rootdn. (e.g., "access to * by * read")
	104	+#
	105	+# rootdn can always read and write EVERYTHING!
	106	+
	107	+#######################################################################
	108	+# ldbm and/or bdb database definitions
	109	+#######################################################################
	110	+
	111	+database bdb
	112	+suffix "${DC}"
	113	+rootdn "cn=admin,${DC}"
	114	+rootpw $PASS
	115	+
	116	+# PPolicy Configuration
	117	+overlay ppolicy
	118	+ppolicy_default \"cn=default,ou=policies,${DC}\"
	119	+ppolicy_use_lockout
	120	+ppolicy_hash_cleartext
	121	+
	122	+
	123	+
	124	+# The database directory MUST exist prior to running slapd AND
	125	+# should only be accessible by the slapd and slap tools.
	126	+# Mode 700 recommended.
	127	+directory /var/lib/ldap
	128	+
	129	+# Indices to maintain for this database
	130	+index objectClass eq,pres
	131	+index ou,cn,mail,surname,givenname eq,pres,sub
	132	+index uidNumber,gidNumber,loginShell eq,pres
	133	+index uid,memberUid eq,pres,sub
	134	+index nisMapName,nisMapEntry eq,pres,sub " > /etc/openldap/slapd.conf
	135	+
	136	+echo "escrevendo em /etc/openldap/ppolicy.ldif"
	137	+
	138	+echo "dn: ou = policies,${DC}
	139	+objectClass: organizationalUnit
	140	+objectClass: top
	141	+ou: policies
	142	+
	143	+# default, policies, example.com
	144	+dn: cn=default,ou=policies,${DC}
	145	+objectClass: top
	146	+objectClass: pwdPolicy
	147	+objectClass: person
	148	+cn: default
	149	+sn: dummy value
	150	+pwdAttribute: userPassword
	151	+pwdMaxAge: 7516800
	152	+pwdExpireWarning: 14482463
	153	+pwdMinLength: 2
	154	+pwdMaxFailure: 10
	155	+pwdLockout: TRUE
	156	+pwdLockoutDuration: 60
	157	+pwdMustChange: FALSE
	158	+pwdAllowUserChange: FALSE
	159	+pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif
	160	+
	161	+sudo service slapd restart
	162	+
	163	+echo "gerando arquivos /tmp/ldap"
	164	+sudo mkdir -p /tmp/ldap
	165	+cd /tmp/ldap
	166	+
	167	+echo "dn: ${DC}
	168	+objectClass: dcObject
	169	+objectClass: organization
	170	+dc: sei
	171	+o: Sei
	172	+description: SEI
	173	+
	174	+dn: cn=admin,${DC}
	175	+objectClass: organizationalRole
	176	+cn: Admin
	177	+description: System Manager
	178	+
	179	+dn: ou=users,${DC}
	180	+objectClass: organizationalUnit
	181	+ou: users
	182	+
	183	+dn: ou=oldusers,${DC}
	184	+objectClass: organizationalUnit
	185	+ou: oldusers " > base.ldif
	186	+
	187	+cd /tmp/ldap
	188	+
	189	+echo "alimentando lda"
	190	+sleep 10
	191	+echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"
	192	+ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif
	193	+
	194	+echo "Pronto foi instalado a ldap na maquina local"
	195	+echo "admin = cn=admin,${DC}"
	196	+echo "senha: ${PASSWORD}"