Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- ######!/bin/bash
- ####systemctl stop slapd
- ####rm -rf /var/lib/ldap/*
- ####rm -rf /etc/openldap/*
- ####cp -r /opt/openldap/* /etc/openldap/
- ####/opt/openldap 目录中保存的刚安装openldap服务后目录中备份文件
- ####chown -R ldap:ldap /etc/openldap
- yum install -y openldap openldap-servers openldap-clients
- cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
- chown -R ldap:ldap /etc/openldap
- chown -R ldap:ldap /var/lib/ldap
- systemctl start slapd
- systemctl enable slapd
- ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn
- mkdir -p /root/openldap
- ls /etc/openldap/schema/*.ldif | while read f; do ldapadd -Y EXTERNAL -H ldapi:/// -f $f; done
- ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
- LDAP_Root_DN='cn=root,dc=gwmedc,dc=com'
- LDAP_Root_PW=`slappasswd -s root@pw`
- cat <<EOF > /root/openldap/rootpw.ldif
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- add: olcRootPW
- olcRootPW: ${LDAP_Root_PW}
- -
- replace: olcRootDN
- olcRootDN: ${LDAP_Root_DN}
- EOF
- ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/rootpw.ldif
- ldapsearch -H ldapi:// -LLL -Q -Y EXTERNAL -b "cn=config" "(olcRootDN=*)" dn olcRootDN olcRootPW
- LDAP_BASE_DN='dc=gwmedc,dc=com'
- cat <<EOF > /root/openldap/dc.ldif
- dn: olcDatabase={1}monitor,cn=config
- changetype: modify
- replace: olcAccess
- olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external
- ,cn=auth" read by dn.base="${LDAP_Root_DN}" read by * none
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- replace: olcSuffix
- olcSuffix: ${LDAP_BASE_DN}
- EOF
- ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/dc.ldif
- cat <<EOF > /root/openldap/acl.ldif
- dn: olcDatabase={2}hdb,cn=config
- changetype: modify
- add: olcAccess
- olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=root,${LDAP_BASE_DN}" write by anonymous auth by * none
- olcAccess: to * by self read by dn="cn=root,${LDAP_BASE_DN}" write by * none
- EOF
- ldapadd -Y EXTERNAL -H ldapi:/// -f /root/openldap/acl.ldif
- cat <<EOF > /root/openldap/memberof.ldif
- # Load memberof module
- dn: cn=module{0},cn=config
- objectClass: olcModuleList
- objectclass: top
- olcModuleLoad: memberof
- # Backend memberOf overlay
- dn: olcOverlay={0}memberof,olcDatabase={2}hdb,cn=config
- objectClass: olcOverlayConfig
- objectClass: olcMemberOf
- olcOverlay: {0}memberof
- olcMemberOfDangling: ignore
- olcMemberOfRefInt: TRUE
- olcMemberOfGroupOC: groupofnames
- olcMemberOfMemberAD: member
- #olcMemberOfGroupOC: groupOfUniqueNames
- #olcMemberOfMemberAD: uniqueMember
- olcMemberOfMemberOfAD: memberof
- EOF
- ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /root/openldap/memberof.ldif
- slapcat -n 0 | grep olcModuleLoad
- cat <<EOF > /root/openldap/organization.ldif
- dn: ${LDAP_BASE_DN}
- objectClass: top
- objectClass: dcObject
- objectClass: organization
- o: Gwm
- dn: ou=people,${LDAP_BASE_DN}
- objectClass: organizationalUnit
- ou: People
- dn: ou=group,${LDAP_BASE_DN}
- objectClass: organizationalUnit
- ou: Group
- EOF
- ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/organization.ldif
- LDAP_USER_PW=`slappasswd -s sdj`
- #Base DN
- cat <<EOF > /root/openldap/user.ldif
- dn: uid=sdj,ou=people,${LDAP_BASE_DN}
- cn: sdj
- givenName: sdj
- sn: sdj
- uid: sdj
- uidNumber: 10001
- gidNumber: 10001
- homeDirectory: /home/sdj
- mail: sdj@gwmedc.com
- objectClass: top
- objectClass: posixAccount
- objectClass: shadowAccount
- objectClass: inetOrgPerson
- objectClass: organizationalPerson
- objectClass: person
- loginShell: /bin/bash
- userPassword: ${LDAP_USER_PW}
- EOF
- ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/user.ldif
- cat <<EOF > /root/openldap/group.ldif
- dn: cn=user,ou=group,${LDAP_BASE_DN}
- #objectClass: groupOfUniqueNames
- objectClass: groupofnames
- cn: user
- description: All users
- member: uid=sdj,ou=people,${LDAP_BASE_DN}
- EOF
- ldapadd -x -D cn=root,dc=gwmedc,dc=com -w root@pw -f /root/openldap/group.ldif
- ldapsearch -x -LLL -D cn=root,dc=gwmedc,dc=com -w root@pw -b uid=sdj,ou=people,dc=gwmedc,dc=com dn memberof
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement