API tools faq
paste
Advertisement
alalalal

multimaster ldap test

alalalal
Dec 18th, 2014
401
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.04 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. SCHEMADIR=/etc/openldap/schema
  4. BASEDIR=/root/ldaptest
  5. SLAPD=/usr/lib/openldap/slapd
  6. LDAPADD=/usr/bin/ldapadd
  7. DOMAIN=test
  8. LDAP1HOST="ldap1.${DOMAIN}"
  9. LDAP2HOST="ldap2.${DOMAIN}"
  10. LOGOPTS="-l DAEMON"
  11.  
  12. CADIR="${BASEDIR}/ca"
  13. LDAP1DIR="${BASEDIR}/ldap1"
  14. LDAP2DIR="${BASEDIR}/ldap2"
  15.  
  16. CAPRIVKEY="${CADIR}/cakey.pem"
  17. CAINFO="${CADIR}/ca.info"
  18. CACERT="${CADIR}/cacert.pem"
  19.  
  20. LDAP1PRIVKEY="${LDAP1DIR}/key.pem"
  21. LDAP1INFO="${LDAP1DIR}/ldap1.info"
  22. LDAP1CERT="${LDAP1DIR}/cert.pem"
  23. LDAP1DBDIR="${LDAP1DIR}/db"
  24. LDAP1PIDFILE="${LDAP1DIR}/slapd.pid"
  25. LDAP1CONF="${LDAP1DIR}/slapd.conf"
  26. LDAP1INITCONF="${LDAP1DIR}/slapd.init.conf"
  27.  
  28. LDAP2PRIVKEY="${LDAP2DIR}/key.pem"
  29. LDAP2INFO="${LDAP2DIR}/ldap2.info"
  30. LDAP2CERT="${LDAP2DIR}/cert.pem"
  31. LDAP2DBDIR="${LDAP2DIR}/db"
  32. LDAP2PIDFILE="${LDAP2DIR}/slapd.pid"
  33. LDAP2CONF="${LDAP2DIR}/slapd.conf"
  34.  
  35. mkdir -p "${BASEDIR}" "${CADIR}" "${LDAP1DIR}" "${LDAP2DIR}" "${LDAP1DBDIR}" "${LDAP2DBDIR}"
  36.  
  37. certtool --generate-privkey > "${CAPRIVKEY}"
  38.  
  39. cat > "${CAINFO}" << EOF
  40. cn = Test CA
  41. ca
  42. cert_signing_key
  43. EOF
  44.  
  45. certtool --generate-self-signed --load-privkey "${CAPRIVKEY}" --template "${CAINFO}" --outfile "${CACERT}"
  46.  
  47. certtool --generate-privkey --bits 2048 --outfile "${LDAP1PRIVKEY}"
  48.  
  49. cat > "${LDAP1INFO}" << EOF
  50. cn = ${LDAP1HOST}
  51. organization = Test Co
  52. tls_www_server
  53. encryption_key
  54. signing_key
  55. expiration_days = 3650
  56. EOF
  57.  
  58. certtool --generate-certificate --load-privkey "${LDAP1PRIVKEY}" --load-ca-certificate "${CACERT}" \
  59. --load-ca-privkey "${CAPRIVKEY}" --template "${LDAP1INFO}" --outfile "${LDAP1CERT}"
  60.  
  61. certtool --generate-privkey --bits 2048 --outfile "${LDAP2PRIVKEY}"
  62.  
  63. cat > "${LDAP2INFO}" << EOF
  64. cn = ${LDAP2HOST}
  65. organization = Test Co
  66. tls_www_server
  67. encryption_key
  68. signing_key
  69. expiration_days = 3650
  70. EOF
  71.  
  72. certtool --generate-certificate --load-privkey "${LDAP2PRIVKEY}" --load-ca-certificate "${CACERT}" \
  73. --load-ca-privkey "${CAPRIVKEY}" --template "${LDAP2INFO}" --outfile "${LDAP2CERT}"
  74.  
  75. cat > "${LDAP1DBDIR}/DB_CONFIG" <<EOF
  76. set_cachesize 0 67108864 1
  77. set_lg_regionmax 262144
  78. set_lg_bsize 2097152
  79. set_flags DB_LOG_AUTOREMOVE
  80. EOF
  81.  
  82. cat > "${LDAP2DBDIR}/DB_CONFIG" <<EOF
  83. set_cachesize 0 67108864 1
  84. set_lg_regionmax 262144
  85. set_lg_bsize 2097152
  86. set_flags DB_LOG_AUTOREMOVE
  87. EOF
  88.  
  89. cat > "${LDAP1INITCONF}" << EOF
  90. include ${SCHEMADIR}/core.schema
  91. include ${SCHEMADIR}/cosine.schema
  92. include ${SCHEMADIR}/inetorgperson.schema
  93. include ${SCHEMADIR}/nis.schema
  94. password-hash {crypt}
  95.  
  96. TLSProtocolMin 3.1
  97. TLSCipherSuite HIGH:-MEDIUM:-SSLv2
  98. TLSCertificateFile ${LDAP1CERT}
  99. TLSCertificateKeyFile ${LDAP1PRIVKEY}
  100. TLSCACertificateFile ${CACERT}
  101.  
  102. access to attrs=userPassword
  103. by dn="cn=ldapadmin,dc=test" write
  104. by anonymous auth
  105. by self write
  106. by dn="cn=slapdmirror,dc=test" read
  107. by * none
  108.  
  109. access to attrs=sn
  110. by dn="cn=ldapadmin,dc=test" write
  111. by self write
  112. by dn="cn=slapdmirror,dc=test" read
  113. by * read
  114.  
  115. access to *
  116. by dn="cn=ldapadmin,dc=test" write
  117. by dn="cn=slapdmirror,dc=test" read
  118. by * read
  119.  
  120. pidfile ${LDAP1PIDFILE}
  121.  
  122. loglevel stats sync
  123. idletimeout 3600
  124. sizelimit 10000
  125. timelimit 60
  126.  
  127. database hdb
  128. suffix "dc=test"
  129. checkpoint 128 2
  130. rootdn "cn=Manager,dc=test"
  131. rootpw password
  132. directory ${LDAP1DBDIR}
  133. index objectClass,entryCSN,entryUUID eq
  134. index uidNumber,gidNumber,memberUid,uniqueMember eq
  135. index cn,sn,uid,mail,displayName,givenname pres,eq,subinitial
  136. overlay syncprov
  137. syncprov-checkpoint 100 5
  138. syncprov-sessionlog 100
  139. EOF
  140.  
  141. "${SLAPD}" -f "${LDAP1INITCONF}" -h "ldaps://${LDAP1HOST}" ${LOGOPTS}
  142.  
  143. env "LDAPTLS_CACERT=${CACERT}" "${LDAPADD}" -H "ldaps://${LDAP1HOST}" -D 'cn=Manager,dc=test' -wpassword <<EOF
  144. dn: dc=test
  145. objectClass: dcObject
  146. objectClass: organization
  147. dc: test
  148. o: Test
  149. description: Test
  150.  
  151. dn: cn=Manager,dc=test
  152. objectClass: organizationalRole
  153. cn: Manager
  154. description: Directory Manager
  155.  
  156. dn: cn=ldapadmin,dc=test
  157. objectClass: person
  158. userPassword:: e2NyeXB0fSQxJG0zJFhpS2hubjgwb2c4Qmdsc2tGMVkzQzE=
  159. cn: ldapadmin
  160. sn: ldapadmin
  161.  
  162. dn: cn=slapdmirror,dc=test
  163. objectClass: person
  164. userPassword:: e2NyeXB0fSQxJHo1JHJDeFU3RmNJdUZlMDVvemc3V2N6YS8=
  165. cn: slapdmirror
  166. sn: slapdmirror
  167. EOF
  168.  
  169. cp "${LDAP1INITCONF}" "${LDAP1CONF}"
  170.  
  171. cat >> "${LDAP1CONF}" <<EOF
  172.  
  173. serverID 1
  174.  
  175. syncrepl rid=001
  176. provider=ldaps://${LDAP2HOST}
  177. tls_cacert=${CACERT}
  178. tls_reqcert=demand
  179. tls_crlcheck=none
  180. bindmethod=simple
  181. binddn="cn=slapdmirror,dc=test"
  182. credentials=mirrorpassword
  183. searchbase="dc=test"
  184. schemachecking=on
  185. type=refreshAndPersist
  186. retry="2 +"
  187. network-timeout=2
  188. timeout=2
  189.  
  190. mirrormode on
  191. EOF
  192.  
  193. kill `cat "${LDAP1PIDFILE}"`
  194. sleep 1
  195. "${SLAPD}" -f "${LDAP1CONF}" -h "ldaps://${LDAP1HOST}" ${LOGOPTS}
  196.  
  197. cat > "${LDAP2CONF}" << EOF
  198. include ${SCHEMADIR}/core.schema
  199. include ${SCHEMADIR}/cosine.schema
  200. include ${SCHEMADIR}/inetorgperson.schema
  201. include ${SCHEMADIR}/nis.schema
  202. password-hash {crypt}
  203.  
  204. TLSProtocolMin 3.1
  205. TLSCipherSuite HIGH:-MEDIUM:-SSLv2
  206. TLSCertificateFile ${LDAP2CERT}
  207. TLSCertificateKeyFile ${LDAP2PRIVKEY}
  208. TLSCACertificateFile ${CACERT}
  209.  
  210. access to attrs=userPassword
  211. by dn="cn=ldapadmin,dc=test" write
  212. by anonymous auth
  213. by self write
  214. by dn="cn=slapdmirror,dc=test" read
  215. by * none
  216.  
  217. access to attrs=sn
  218. by dn="cn=ldapadmin,dc=test" write
  219. by self write
  220. by dn="cn=slapdmirror,dc=test" read
  221. by * read
  222.  
  223. access to *
  224. by dn="cn=ldapadmin,dc=test" write
  225. by dn="cn=slapdmirror,dc=test" read
  226. by * read
  227.  
  228. pidfile ${LDAP2PIDFILE}
  229.  
  230. loglevel stats sync
  231. idletimeout 3600
  232. sizelimit 10000
  233. timelimit 60
  234.  
  235. database hdb
  236. suffix "dc=test"
  237. checkpoint 128 2
  238. rootdn "cn=Manager,dc=test"
  239. rootpw password
  240. directory ${LDAP2DBDIR}
  241. index objectClass,entryCSN,entryUUID eq
  242. index uidNumber,gidNumber,memberUid,uniqueMember eq
  243. index cn,sn,uid,mail,displayName,givenname pres,eq,subinitial
  244. overlay syncprov
  245. syncprov-checkpoint 100 5
  246. syncprov-sessionlog 100
  247.  
  248. serverID 2
  249.  
  250. syncrepl rid=001
  251. provider=ldaps://${LDAP1HOST}
  252. tls_cacert=${CACERT}
  253. tls_reqcert=demand
  254. tls_crlcheck=none
  255. bindmethod=simple
  256. binddn="cn=slapdmirror,dc=test"
  257. credentials=mirrorpassword
  258. searchbase="dc=test"
  259. schemachecking=on
  260. type=refreshAndPersist
  261. retry="2 +"
  262. network-timeout=2
  263. timeout=2
  264.  
  265. mirrormode on
  266. EOF
  267.  
  268. "${SLAPD}" -f "${LDAP2CONF}" -h "ldaps://${LDAP2HOST}" ${LOGOPTS}
  269. sleep 2
  270.  
  271. env "LDAPTLS_CACERT=${CACERT}" ldapadd -H "ldaps://${LDAP1HOST}" -D 'cn=ldapadmin,dc=test' -wadminpassword <<EOF
  272. dn: cn=test1,dc=test
  273. objectClass: person
  274. cn: test1
  275. sn: test1
  276.  
  277. EOF
  278.  
  279. env "LDAPTLS_CACERT=${CACERT}" ldapadd -H "ldaps://${LDAP2HOST}" -D 'cn=ldapadmin,dc=test' -wadminpassword <<EOF
  280. dn: cn=test2,dc=test
  281. objectClass: person
  282. cn: test2
  283. sn: test2
  284.  
  285. EOF
  286.  
  287. sleep 1
  288.  
  289. env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP1HOST}" -b 'dc=test' 'cn=test1'
  290. env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP1HOST}" -b 'dc=test' 'cn=test2'
  291. env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP2HOST}" -b 'dc=test' 'cn=test1'
  292. env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP2HOST}" -b 'dc=test' 'cn=test2'
  293.  
  294. kill `cat "${LDAP1PIDFILE}"`
  295. kill `cat "${LDAP2PIDFILE}"`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!