#!/bin/bash#------------configuration--------------------------------# the ur

1. #!/bin/bash
2. #------------configuration--------------------------------
3.  
4. # the url of the openldap server
5. server="ldap://localhost:389";
6.  
7. # the static config file of openldap
8. config="/etc/ldap/slapd.conf";
9.  
10. # the LDAP base suffix and admin rootdn
11. # -> this must correspond with /etc/ldap/slapd.conf
12. suffix="dc=localhost";
13. rootdn="cn=admin,$suffix";
14. organisation="LDAP Addressbook Server";
15.  
16. # the addressbook base directory, bind user and password
17. # -> the base/bind_* fields must correspond with config/main.inc.php
18. abook_name="rcabook";
19. abook_user="rcuser";
20. abook_pass="rcpass";
21. base_dn="ou=$abook_name,$suffix";
22. bind_dn="cn=$abook_user,$base_dn";
23. bind_pass="$abook_pass";
24.  
25. subdir_public="public";
26. subdir_private="private";
27.  
28.  
29. #------------execution------------------------------------
30. echo "This script prepares an openLDAP server for a simple
31. addressbook, working \"out of the box\" with Roundcube:
32.  
33. server: $server
34. org : $organisation
35. config: $config
36. suffix: $suffix
37. rootdn: $rootdn
38. ";
39.  
40. # test if the user has read access to the config file
41. slapacl -f $config -D $rootdn -b $suffix ou/write 2>&1 |
42. grep -q "Permission denied" &&
43. {
44. echo "ERROR-you have no read access to the config file: $config
45. please try to run with \"sudo\" or even as root!
46. ";
47. exit 1;
48. }
49.  
50. # test if the openLDAP root suffix exists
51. slapacl -f $config -D $rootdn -b $suffix ou/write 2>&1 |
52. grep -q -E "ALLOWED|DENIED" ||
53. {
54. echo -n "-create the openLDAP base directory: $suffix
55. (as LDAP administator: $rootdn)
56. ";
57. suffix_short=${suffix%,*};
58. echo "
59. dn: $suffix
60. objectClass: top
61. objectClass: dcObject
62. objectClass: organization
63. ${suffix_short%=*}: ${suffix_short#*=}
64. o: $organisation
65. " | ldapadd -x -c -H $server -D $rootdn -W 2> /dev/null ||
66. { echo "ERROR-unable to create suffix!"; exit 1; };
67. }
68.  
69. # test if the openLDAP admin has write permissions
70. slapacl -f $config -D $rootdn -b $suffix ou/write 2>&1 |
71. grep -q "ALLOWED" ||
72. {
73. echo "ERROR-the administrator \"$rootdn\" has no
74. write permissions in the base of \"$suffix\"!
75. Please check the rootdn and suffix, they must correspond
76. with the openLDAP coniguration file, usually /etc/ldap/slapd.conf
77. ";
78. exit 1;
79. }
80.  
81. # test if the addressbook directory exist
82. slapacl -f $config -D $rootdn -b $base_dn ou/write 2>&1 |
83. grep -q "ALLOWED" ||
84. {
85. echo -n "-create addressbook base directory: $base_dn
86. (as LDAP administator: $rootdn)
87. ";
88. echo "
89. dn: $base_dn
90. ou: $abook_name
91. objectClass: top
92. objectClass: organizationalUnit
93. " | ldapadd -x -c -H $server -D $rootdn -W 2> /dev/null ||
94. { echo "ERROR-unable to create base!"; exit 1; };
95. }
96.  
97. # test if the addressbook user exist
98. slapacl -f $config -D $rootdn -b $bind_dn cn/write 2>&1 |
99. grep -q "ALLOWED" ||
100. {
101. echo -n "-create the addressbook user: $bind_dn
102. (as LDAP administator: $rootdn)
103. ";
104. echo "
105. dn: $bind_dn
106. cn: $abook_user
107. userPassword: `slappasswd -s $abook_pass`
108. objectClass: organizationalRole
109. objectClass: simpleSecurityObject
110. " | ldapadd -x -c -H $server -D $rootdn -W 2> /dev/null ||
111. { echo "ERROR-unable to create user!"; exit 1; };
112. }
113.  
114. # test if the addressbook user has write permissions
115. slapacl -f $config -D $bind_dn -b $base_dn ou/write 2>&1 |
116. grep -q "ALLOWED" ||
117. {
118. echo "ERROR-the addressbook user \"$bind_dn\"
119. has no write permissions to \"$base_dn\"!
120. Please check the ACL in the coniguration file,
121. usually /etc/ldap/slapd.conf.
122. Do not forget to restart the server afterwards!
123. ";
124. exit 1;
125. }
126.  
127. # create subdirectory for public contacts
128. slapacl -f $config -D $bind_dn -b "ou=$subdir_public,$base_dn" ou/write 2>&1 |
129. grep -q "ALLOWED" ||
130. {
131. echo "-create subdirectory for public contacts: ou=$subdir_public,$base_dn
132. (as Roundcube user: $bind_dn)";
133. echo "
134. dn: ou=$subdir_public,$base_dn
135. ou: $subdir_public
136. objectClass: top
137. objectClass: organizationalUnit
138. " | ldapadd -x -H $server -D $bind_dn -w $bind_pass 2> /dev/null ||
139. { echo "ERROR-unable to create subdirectory!"; exit 1; };
140. }
141.  
142. # create subdirectory for private addressbooks
143. slapacl -f $config -D $bind_dn -b "ou=$subdir_private,$base_dn" ou/write 2>&1 |
144. grep -q "ALLOWED" ||
145. {
146. echo "-create subdirectory for private addressbooks: ou=$subdir_private,$base_dn
147. (as Roundcube user: $bind_dn)";
148. echo "
149. dn: ou=$subdir_private,$base_dn
150. ou: $subdir_private
151. objectClass: top
152. objectClass: organizationalUnit
153. " | ldapadd -x -H $server -D $bind_dn -w $bind_pass 2> /dev/null ||
154. { echo "ERROR-unable to create subdirectory!"; exit 1; };
155. }
156.  
157. # finally
158. echo "The LDAP addressbook is ready now for using:
159. base_dn: $base_dn
160. bind_dn: $bind_dn
161.  
162. Use the following command for reading and checking your setup:
163. ldapsearch -xLLL -H $server -D $bind_dn -w $bind_pass -b $base_dn";