openldap_openmember.sh

#!/bin/bash
######!/bin/bash
####systemctl stop slapd
####rm -rf /var/lib/ldap/*
####rm -rf /etc/openldap/*
####cp -r /opt/openldap/* /etc/openldap/
####/opt/openldap 目录中保存的刚安装openldap服务后目录中备份文件
####chown -R ldap:ldap /etc/openldap


yum install -y openldap openldap-servers openldap-clients

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

chown -R ldap:ldap /etc/openldap
chown -R ldap:ldap /var/lib/ldap

systemctl start slapd
systemctl enable slapd

ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn

mkdir -p /root/openldap
ls /etc/openldap/schema/*.ldif | while read f; do ldapadd -Y EXTERNAL -H ldapi:/// -f $f; done

ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW

LDAP_Root_DN='cn=root,dc=gwmedc,dc=com'
LDAP_Root_PW=`slappasswd -s root@pw`
cat <<EOF > /root/openldap/rootpw.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${LDAP_Root_PW}
-
replace: olcRootDN
olcRootDN: ${LDAP_Root_DN}
EOF


ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/rootpw.ldif

ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW

LDAP_BASE_DN='dc=gwmedc,dc=com'
cat <<EOF > /root/openldap/dc.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
 ,cn=auth" read by dn.base="${LDAP_Root_DN}" read by * none


dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: ${LDAP_BASE_DN}
EOF

ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/dc.ldif

cat <<EOF > /root/openldap/acl.ldif
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=root,${LDAP_BASE_DN}" write by anonymous auth by * none
olcAccess: to * by self read by dn="cn=root,${LDAP_BASE_DN}" write by * none
EOF

ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/acl.ldif


cat <<EOF > /root/openldap/memberof.ldif
# Load memberof module
dn: cn=module{0},cn=config
objectClass: olcModuleList
objectclass: top
olcModuleLoad: memberof

# Backend memberOf overlay
dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: {0}memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupofnames
olcMemberOfMemberAD: member
#olcMemberOfGroupOC: groupOfUniqueNames
#olcMemberOfMemberAD: uniqueMember
olcMemberOfMemberOfAD: memberof
EOF

ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /root/openldap/memberof.ldif

slapcat -n 0 | grep olcModuleLoad

cat <<EOF > /root/openldap/organization.ldif
dn: ${LDAP_BASE_DN}
objectClass: top
objectClass: dcObject
objectClass: organization
o: Gwm

dn: ou=people,${LDAP_BASE_DN}
objectClass: organizationalUnit
ou: People

dn: ou=group,${LDAP_BASE_DN}
objectClass: organizationalUnit
ou: Group
EOF

ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/organization.ldif

LDAP_USER_PW=`slappasswd -s sdj`
#Base DN
cat <<EOF > /root/openldap/user.ldif
dn: uid=sdj,ou=people,${LDAP_BASE_DN}
cn: sdj
givenName: sdj
sn: sdj
uid: sdj
uidNumber: 10001
gidNumber: 10001
homeDirectory: /home/sdj
mail: sdj@gwmedc.com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
userPassword: ${LDAP_USER_PW}
EOF

ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/user.ldif

cat <<EOF > /root/openldap/group.ldif
dn: cn=user,ou=group,${LDAP_BASE_DN}
#objectClass: groupOfUniqueNames
objectClass: groupofnames
cn: user
description: All users
member: uid=sdj,ou=people,${LDAP_BASE_DN}
EOF

ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/group.ldif

ldapsearch -x -LLL -D cn=root,dc=gwmedc,dc=com -w root@pw -b uid=sdj,ou=people,dc=gwmedc,dc=com dn memberof