Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- SCHEMADIR=/etc/openldap/schema
- BASEDIR=/root/ldaptest
- SLAPD=/usr/lib/openldap/slapd
- LDAPADD=/usr/bin/ldapadd
- DOMAIN=test
- LDAP1HOST="ldap1.${DOMAIN}"
- LDAP2HOST="ldap2.${DOMAIN}"
- LOGOPTS="-l DAEMON"
- CADIR="${BASEDIR}/ca"
- LDAP1DIR="${BASEDIR}/ldap1"
- LDAP2DIR="${BASEDIR}/ldap2"
- CAPRIVKEY="${CADIR}/cakey.pem"
- CAINFO="${CADIR}/ca.info"
- CACERT="${CADIR}/cacert.pem"
- LDAP1PRIVKEY="${LDAP1DIR}/key.pem"
- LDAP1INFO="${LDAP1DIR}/ldap1.info"
- LDAP1CERT="${LDAP1DIR}/cert.pem"
- LDAP1DBDIR="${LDAP1DIR}/db"
- LDAP1PIDFILE="${LDAP1DIR}/slapd.pid"
- LDAP1CONF="${LDAP1DIR}/slapd.conf"
- LDAP1INITCONF="${LDAP1DIR}/slapd.init.conf"
- LDAP2PRIVKEY="${LDAP2DIR}/key.pem"
- LDAP2INFO="${LDAP2DIR}/ldap2.info"
- LDAP2CERT="${LDAP2DIR}/cert.pem"
- LDAP2DBDIR="${LDAP2DIR}/db"
- LDAP2PIDFILE="${LDAP2DIR}/slapd.pid"
- LDAP2CONF="${LDAP2DIR}/slapd.conf"
- mkdir -p "${BASEDIR}" "${CADIR}" "${LDAP1DIR}" "${LDAP2DIR}" "${LDAP1DBDIR}" "${LDAP2DBDIR}"
- certtool --generate-privkey > "${CAPRIVKEY}"
- cat > "${CAINFO}" << EOF
- cn = Test CA
- ca
- cert_signing_key
- EOF
- certtool --generate-self-signed --load-privkey "${CAPRIVKEY}" --template "${CAINFO}" --outfile "${CACERT}"
- certtool --generate-privkey --bits 2048 --outfile "${LDAP1PRIVKEY}"
- cat > "${LDAP1INFO}" << EOF
- cn = ${LDAP1HOST}
- organization = Test Co
- tls_www_server
- encryption_key
- signing_key
- expiration_days = 3650
- EOF
- certtool --generate-certificate --load-privkey "${LDAP1PRIVKEY}" --load-ca-certificate "${CACERT}" \
- --load-ca-privkey "${CAPRIVKEY}" --template "${LDAP1INFO}" --outfile "${LDAP1CERT}"
- certtool --generate-privkey --bits 2048 --outfile "${LDAP2PRIVKEY}"
- cat > "${LDAP2INFO}" << EOF
- cn = ${LDAP2HOST}
- organization = Test Co
- tls_www_server
- encryption_key
- signing_key
- expiration_days = 3650
- EOF
- certtool --generate-certificate --load-privkey "${LDAP2PRIVKEY}" --load-ca-certificate "${CACERT}" \
- --load-ca-privkey "${CAPRIVKEY}" --template "${LDAP2INFO}" --outfile "${LDAP2CERT}"
- cat > "${LDAP1DBDIR}/DB_CONFIG" <<EOF
- set_cachesize 0 67108864 1
- set_lg_regionmax 262144
- set_lg_bsize 2097152
- set_flags DB_LOG_AUTOREMOVE
- EOF
- cat > "${LDAP2DBDIR}/DB_CONFIG" <<EOF
- set_cachesize 0 67108864 1
- set_lg_regionmax 262144
- set_lg_bsize 2097152
- set_flags DB_LOG_AUTOREMOVE
- EOF
- cat > "${LDAP1INITCONF}" << EOF
- include ${SCHEMADIR}/core.schema
- include ${SCHEMADIR}/cosine.schema
- include ${SCHEMADIR}/inetorgperson.schema
- include ${SCHEMADIR}/nis.schema
- password-hash {crypt}
- TLSProtocolMin 3.1
- TLSCipherSuite HIGH:-MEDIUM:-SSLv2
- TLSCertificateFile ${LDAP1CERT}
- TLSCertificateKeyFile ${LDAP1PRIVKEY}
- TLSCACertificateFile ${CACERT}
- access to attrs=userPassword
- by dn="cn=ldapadmin,dc=test" write
- by anonymous auth
- by self write
- by dn="cn=slapdmirror,dc=test" read
- by * none
- access to attrs=sn
- by dn="cn=ldapadmin,dc=test" write
- by self write
- by dn="cn=slapdmirror,dc=test" read
- by * read
- access to *
- by dn="cn=ldapadmin,dc=test" write
- by dn="cn=slapdmirror,dc=test" read
- by * read
- pidfile ${LDAP1PIDFILE}
- loglevel stats sync
- idletimeout 3600
- sizelimit 10000
- timelimit 60
- database hdb
- suffix "dc=test"
- checkpoint 128 2
- rootdn "cn=Manager,dc=test"
- rootpw password
- directory ${LDAP1DBDIR}
- index objectClass,entryCSN,entryUUID eq
- index uidNumber,gidNumber,memberUid,uniqueMember eq
- index cn,sn,uid,mail,displayName,givenname pres,eq,subinitial
- overlay syncprov
- syncprov-checkpoint 100 5
- syncprov-sessionlog 100
- EOF
- "${SLAPD}" -f "${LDAP1INITCONF}" -h "ldaps://${LDAP1HOST}" ${LOGOPTS}
- env "LDAPTLS_CACERT=${CACERT}" "${LDAPADD}" -H "ldaps://${LDAP1HOST}" -D 'cn=Manager,dc=test' -wpassword <<EOF
- dn: dc=test
- objectClass: dcObject
- objectClass: organization
- dc: test
- o: Test
- description: Test
- dn: cn=Manager,dc=test
- objectClass: organizationalRole
- cn: Manager
- description: Directory Manager
- dn: cn=ldapadmin,dc=test
- objectClass: person
- userPassword:: e2NyeXB0fSQxJG0zJFhpS2hubjgwb2c4Qmdsc2tGMVkzQzE=
- cn: ldapadmin
- sn: ldapadmin
- dn: cn=slapdmirror,dc=test
- objectClass: person
- userPassword:: e2NyeXB0fSQxJHo1JHJDeFU3RmNJdUZlMDVvemc3V2N6YS8=
- cn: slapdmirror
- sn: slapdmirror
- EOF
- cp "${LDAP1INITCONF}" "${LDAP1CONF}"
- cat >> "${LDAP1CONF}" <<EOF
- serverID 1
- syncrepl rid=001
- provider=ldaps://${LDAP2HOST}
- tls_cacert=${CACERT}
- tls_reqcert=demand
- tls_crlcheck=none
- bindmethod=simple
- binddn="cn=slapdmirror,dc=test"
- credentials=mirrorpassword
- searchbase="dc=test"
- schemachecking=on
- type=refreshAndPersist
- retry="2 +"
- network-timeout=2
- timeout=2
- mirrormode on
- EOF
- kill `cat "${LDAP1PIDFILE}"`
- sleep 1
- "${SLAPD}" -f "${LDAP1CONF}" -h "ldaps://${LDAP1HOST}" ${LOGOPTS}
- cat > "${LDAP2CONF}" << EOF
- include ${SCHEMADIR}/core.schema
- include ${SCHEMADIR}/cosine.schema
- include ${SCHEMADIR}/inetorgperson.schema
- include ${SCHEMADIR}/nis.schema
- password-hash {crypt}
- TLSProtocolMin 3.1
- TLSCipherSuite HIGH:-MEDIUM:-SSLv2
- TLSCertificateFile ${LDAP2CERT}
- TLSCertificateKeyFile ${LDAP2PRIVKEY}
- TLSCACertificateFile ${CACERT}
- access to attrs=userPassword
- by dn="cn=ldapadmin,dc=test" write
- by anonymous auth
- by self write
- by dn="cn=slapdmirror,dc=test" read
- by * none
- access to attrs=sn
- by dn="cn=ldapadmin,dc=test" write
- by self write
- by dn="cn=slapdmirror,dc=test" read
- by * read
- access to *
- by dn="cn=ldapadmin,dc=test" write
- by dn="cn=slapdmirror,dc=test" read
- by * read
- pidfile ${LDAP2PIDFILE}
- loglevel stats sync
- idletimeout 3600
- sizelimit 10000
- timelimit 60
- database hdb
- suffix "dc=test"
- checkpoint 128 2
- rootdn "cn=Manager,dc=test"
- rootpw password
- directory ${LDAP2DBDIR}
- index objectClass,entryCSN,entryUUID eq
- index uidNumber,gidNumber,memberUid,uniqueMember eq
- index cn,sn,uid,mail,displayName,givenname pres,eq,subinitial
- overlay syncprov
- syncprov-checkpoint 100 5
- syncprov-sessionlog 100
- serverID 2
- syncrepl rid=001
- provider=ldaps://${LDAP1HOST}
- tls_cacert=${CACERT}
- tls_reqcert=demand
- tls_crlcheck=none
- bindmethod=simple
- binddn="cn=slapdmirror,dc=test"
- credentials=mirrorpassword
- searchbase="dc=test"
- schemachecking=on
- type=refreshAndPersist
- retry="2 +"
- network-timeout=2
- timeout=2
- mirrormode on
- EOF
- "${SLAPD}" -f "${LDAP2CONF}" -h "ldaps://${LDAP2HOST}" ${LOGOPTS}
- sleep 2
- env "LDAPTLS_CACERT=${CACERT}" ldapadd -H "ldaps://${LDAP1HOST}" -D 'cn=ldapadmin,dc=test' -wadminpassword <<EOF
- dn: cn=test1,dc=test
- objectClass: person
- cn: test1
- sn: test1
- EOF
- env "LDAPTLS_CACERT=${CACERT}" ldapadd -H "ldaps://${LDAP2HOST}" -D 'cn=ldapadmin,dc=test' -wadminpassword <<EOF
- dn: cn=test2,dc=test
- objectClass: person
- cn: test2
- sn: test2
- EOF
- sleep 1
- env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP1HOST}" -b 'dc=test' 'cn=test1'
- env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP1HOST}" -b 'dc=test' 'cn=test2'
- env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP2HOST}" -b 'dc=test' 'cn=test1'
- env "LDAPTLS_CACERT=${CACERT}" ldapsearch -H "ldaps://${LDAP2HOST}" -b 'dc=test' 'cn=test2'
- kill `cat "${LDAP1PIDFILE}"`
- kill `cat "${LDAP2PIDFILE}"`
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement