hivefans

openldap_openmember.sh

May 17th, 2021
588
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. ######!/bin/bash
  3. ####systemctl stop slapd
  4. ####rm -rf /var/lib/ldap/*
  5. ####rm -rf /etc/openldap/*
  6. ####cp -r /opt/openldap/* /etc/openldap/
  7. ####/opt/openldap 目录中保存的刚安装openldap服务后目录中备份文件
  8. ####chown -R ldap:ldap /etc/openldap
  9.  
  10.  
  11.  
  12. yum install -y openldap openldap-servers openldap-clients
  13.  
  14. cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  15.  
  16. chown -R ldap:ldap /etc/openldap
  17. chown -R ldap:ldap /var/lib/ldap
  18.  
  19. systemctl start slapd
  20. systemctl enable slapd
  21.  
  22. ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
  23.  
  24. mkdir -p /root/openldap
  25. ls /etc/openldap/schema/*.ldif | while read f; do ldapadd -Y EXTERNAL -H ldapi:/// -f $f; done
  26.  
  27. ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
  28.  
  29. LDAP_Root_DN='cn=root,dc=gwmedc,dc=com'
  30. LDAP_Root_PW=`slappasswd -s root@pw`
  31. cat <<EOF > /root/openldap/rootpw.ldif
  32. dn: olcDatabase={2}hdb,cn=config
  33. changetype: modify
  34. add: olcRootPW
  35. olcRootPW: ${LDAP_Root_PW}
  36. -
  37. replace: olcRootDN
  38. olcRootDN: ${LDAP_Root_DN}
  39. EOF
  40.  
  41.  
  42. ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/rootpw.ldif
  43.  
  44. ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
  45.  
  46. LDAP_BASE_DN='dc=gwmedc,dc=com'
  47. cat <<EOF > /root/openldap/dc.ldif
  48. dn: olcDatabase={1}monitor,cn=config
  49. changetype: modify
  50. replace: olcAccess
  51. olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
  52. ,cn=auth" read by dn.base="${LDAP_Root_DN}" read by * none
  53.  
  54.  
  55. dn: olcDatabase={2}hdb,cn=config
  56. changetype: modify
  57. replace: olcSuffix
  58. olcSuffix: ${LDAP_BASE_DN}
  59. EOF
  60.  
  61. ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/dc.ldif
  62.  
  63. cat <<EOF > /root/openldap/acl.ldif
  64. dn: olcDatabase={2}hdb,cn=config
  65. changetype: modify
  66. add: olcAccess
  67. olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=root,${LDAP_BASE_DN}" write by anonymous auth by * none
  68. olcAccess: to * by self read by dn="cn=root,${LDAP_BASE_DN}" write by * none
  69. EOF
  70.  
  71. ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/acl.ldif
  72.  
  73.  
  74. cat <<EOF > /root/openldap/memberof.ldif
  75. # Load memberof module
  76. dn: cn=module{0},cn=config
  77. objectClass: olcModuleList
  78. objectclass: top
  79. olcModuleLoad: memberof
  80.  
  81. # Backend memberOf overlay
  82. dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
  83. objectClass: olcOverlayConfig
  84. objectClass: olcMemberOf
  85. olcOverlay: {0}memberof
  86. olcMemberOfDangling: ignore
  87. olcMemberOfRefInt: TRUE
  88. olcMemberOfGroupOC: groupofnames
  89. olcMemberOfMemberAD: member
  90. #olcMemberOfGroupOC: groupOfUniqueNames
  91. #olcMemberOfMemberAD: uniqueMember
  92. olcMemberOfMemberOfAD: memberof
  93. EOF
  94.  
  95. ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /root/openldap/memberof.ldif
  96.  
  97. slapcat -n 0 | grep olcModuleLoad
  98.  
  99. cat <<EOF > /root/openldap/organization.ldif
  100. dn: ${LDAP_BASE_DN}
  101. objectClass: top
  102. objectClass: dcObject
  103. objectClass: organization
  104. o: Gwm
  105.  
  106. dn: ou=people,${LDAP_BASE_DN}
  107. objectClass: organizationalUnit
  108. ou: People
  109.  
  110. dn: ou=group,${LDAP_BASE_DN}
  111. objectClass: organizationalUnit
  112. ou: Group
  113. EOF
  114.  
  115. ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/organization.ldif
  116.  
  117. LDAP_USER_PW=`slappasswd -s sdj`
  118. #Base DN
  119. cat <<EOF > /root/openldap/user.ldif
  120. dn: uid=sdj,ou=people,${LDAP_BASE_DN}
  121. cn: sdj
  122. givenName: sdj
  123. sn: sdj
  124. uid: sdj
  125. uidNumber: 10001
  126. gidNumber: 10001
  127. homeDirectory: /home/sdj
  128. mail: sdj@gwmedc.com
  129. objectClass: top
  130. objectClass: posixAccount
  131. objectClass: shadowAccount
  132. objectClass: inetOrgPerson
  133. objectClass: organizationalPerson
  134. objectClass: person
  135. loginShell: /bin/bash
  136. userPassword: ${LDAP_USER_PW}
  137. EOF
  138.  
  139. ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/user.ldif
  140.  
  141. cat <<EOF > /root/openldap/group.ldif
  142. dn: cn=user,ou=group,${LDAP_BASE_DN}
  143. #objectClass: groupOfUniqueNames
  144. objectClass: groupofnames
  145. cn: user
  146. description: All users
  147. member: uid=sdj,ou=people,${LDAP_BASE_DN}
  148. EOF
  149.  
  150. ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/group.ldif
  151.  
  152. ldapsearch -x -LLL -D cn=root,dc=gwmedc,dc=com -w root@pw -b uid=sdj,ou=people,dc=gwmedc,dc=com dn memberof
  153.  
RAW Paste Data