diff options
| author | root <root@mail.bitbase.dk> | 2009-05-22 15:49:22 +0200 |
|---|---|---|
| committer | root <root@mail.bitbase.dk> | 2009-05-22 15:49:22 +0200 |
| commit | ddc0cd8da4a4a6c7607bf4f680e3283797c8872a (patch) | |
| tree | 4bd4fcf1ec123bd2105782062d42b58a3f812595 /ldap | |
| parent | fd39155673473cde65f10c12098392680b62d452 (diff) | |
| parent | 37f949dc3927dd3f24fd03f45e80de776ec2868e (diff) | |
Merge branch 'master' of git://source.jones.dk/local-COMMON
Diffstat (limited to 'ldap')
| -rw-r--r-- | ldap/README.dit | 99 | ||||
| -rw-r--r-- | ldap/db/cipux_rolegroup.ldif.in | 2 | ||||
| -rw-r--r-- | ldap/db/cipux_roleuser.ldif.in | 2 | ||||
| -rwxr-xr-x | ldap/mkldapdb | 115 |
4 files changed, 202 insertions, 16 deletions
diff --git a/ldap/README.dit b/ldap/README.dit index 6077a57..72e7e0b 100644 --- a/ldap/README.dit +++ b/ldap/README.dit @@ -22,6 +22,97 @@ dc=example,dc=com `-- cn=admin +Default Skolelinux DIT +---------------------- + +dc=skole,dc=skolelinux,dc=no +|-- ou=Attic +|-- ou=Machines +|-- ou=People +| |-- ou=Machines +| | `-- uid=win01$ +| |-- cn=Admin +| |-- cn=smbadmin +| `-- uid=root +|-- ou=Pam +|-- ou=Domains +|-- ou=Group +| |-- cn=Admins +| |-- cn=jradmins +| |-- cn=teachers +| |-- cn=students +| |-- cn=none +| `-- cn=machines +|-- ou=Netgroup +| |-- cn=all-hosts +| |-- cn=server-hosts +| |-- cn=ltsp-server-hosts +| |-- cn=workstation-hosts +| |-- cn=printer-hosts +| |-- cn=shutdown-at-night-hosts +| `-- cn=fsautoresize-hosts +|-- ou=Variables +| |-- cn=nextID +| `-- cn=capabilities +|-- sambaDomainName=SKOLELINUX +|-- ou=Automount +| |-- ou=auto.master +| | `-- cn=/skole +| `-- ou=skole +| |-- cn=tjener +| `-- ou=tjener +| `-- cn=home0 +|-- cn=dhcp +`-- cn=DHCP Config + |-- cn=INTERNAL + | |-- cn=10.0.2.0 + | `-- cn=group1 + | |-- cn=ltspserver00 + | |-- cn=ltspserver01 + | |-- cn=printer00 + | |-- cn=printer01 + | |-- cn=printer02 + | |-- cn=printer03 + | |-- cn=static00 + | |-- cn=static01 + | |-- cn=static02 + | `-- cn=static03 + `-- cn=THINCLIENTS + |-- cn=192.168.0.0 + `-- cn=group1 + |-- cn=ltsp010 + |-- cn=ltsp011 + |-- cn=ltsp012 + |-- cn=ltsp013 + |-- cn=ltsp014 + |-- cn=ltsp015 + |-- cn=ltsp016 + |-- cn=ltsp017 + |-- cn=ltsp018 + `-- cn=ltsp019 + + +Default CipUX DIT +----------------- + +ou=example org,dc=example,dc=org +|-- cn=cipuxadm +|-- ou=CipUX + |-- ou=User + | `-- uid=username + |-- ou=Group + | `-- cn=groupname + |-- ou=Task + |-- ou=CAT + |-- ou=Image + |-- ou=Machine + | `-- uid=win01$ + |-- ou=Room + |-- ou=HardwareType + |-- ou=ImageSlot + `-- ou=Configuration + + Simple DIT ---------- @@ -68,10 +159,10 @@ dc=example,dc=com | |-- ou=Services | |-- ou=idMap | |-- ou=Entities -| |-- ou=System -| |-- ou=People -| |--cn=jonas -| `--cn=christian +| |-- ou=System +| `-- ou=People +| |--cn=jonas +| `--cn=christian `-- ou=Access Control |-- ou=Groups | `-- ou=Administrators diff --git a/ldap/db/cipux_rolegroup.ldif.in b/ldap/db/cipux_rolegroup.ldif.in index d6d3a9d..e974caf 100644 --- a/ldap/db/cipux_rolegroup.ldif.in +++ b/ldap/db/cipux_rolegroup.ldif.in @@ -17,4 +17,4 @@ objectClass: top objectClass: posixGroup objectClass: cipuxGroup structuralObjectClass: posixGroup -userPassword:: {crypt}x +userPassword: {crypt}x diff --git a/ldap/db/cipux_roleuser.ldif.in b/ldap/db/cipux_roleuser.ldif.in index 9a4fef8..c97e660 100644 --- a/ldap/db/cipux_roleuser.ldif.in +++ b/ldap/db/cipux_roleuser.ldif.in @@ -26,5 +26,5 @@ objectClass: imapUser objectClass: cipuxAccount uid: @ROLE@ uidNumber: @UID@ -userPassword:: {crypt}x +userPassword: {crypt}x structuralObjectClass: imapUser diff --git a/ldap/mkldapdb b/ldap/mkldapdb index 77cb6d5..fbbdb09 100755 --- a/ldap/mkldapdb +++ b/ldap/mkldapdb @@ -1,25 +1,120 @@ #!/bin/sh +# +# /etc/local-COMMON/ldap/mkldapdb +# Copyright 2008 Jonas Smedegaard <dr@jones.dk> +# +# Setup LDAP database from skeleton files set -e umask 066 -# Resolve some defaults from other system config -basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//' -e 's/,[[:space:]]\+/,/g'`" -dnsdomain="`dnsdomainname`" -orgname="" -if [ -r /etc/local-ORG/orgname ]; then - orgname="$(head -n 1 /etc/local-ORG/orgname)" -fi +PRG=$(basename "$0") + +TEMP=$(getopt -s sh -o b:e:d:fh -l basedn:,enable:,disable:,force,help -n "$PRG" -- "$@") +if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi +eval set -- "$TEMP" + +getbasedn() { + grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//' -e 's/,[[:space:]]\+/,/g' +} +getdnsdomain() { + dnsdomainname +} +getorgname() { + if [ -r /etc/local-ORG/orgname ]; then + head -n 1 /etc/local-ORG/orgname + fi +} # config defaults as of slapd 2.4.10-3 backend="hdb" +# extension default states (enabled/disabled) +cipux=1 +horde= + +# strings above, and either functions above or strings right below, +# can be overrided locally through this config file +if [ -f /etc/local/mkldapdb.cfg ]; then + . /etc/local/mkldapdb.cfg +fi + +basedn="${basedn:-$(getbasedn)}" +dnsdomain="${dnsdomain:-$(getdnsdomain)}" +orgname="${orgname:-$(getorgname)}" + +showhelp() { + cat <<EOF +Usage: $PRG [opts...] [PHASE [PHASE...]] +Setup LDAP database from skeleton files + +Options: + -b, --basedn LDAP Base DN (Distinguished Name) to use + (default: ${basedn}) + -e, --enable Include this optional extension + -d, --disable Exclude this optional extension + -t, --tempdir Skip prep phase and use content of provided dir + -c, --config Include config phase + -i, --init Include init phase + -f, --force Update without asking for confirmation + -h, --help Show this help text + +The following extensions are available: + cipux CipUX admin framework ${cipux:+(enabled by default)} + horde HORDE web-app framework ${horde:+(enabled by default)} + +The following phases are possible: + prep Assemble slapd.conf and LDIF files with DIT parts + config Add/update LDAP server configuration file + init Purge any existing ldap data and initialize new core DIT + main Add general DIT for use with POSIX accounts + mainpw Apply/Change main admin password + opt Add optional DIT extensions + optpw Apply/Change passwords for accounts of optional extensions + +When no phases are supplied, all but config and init are applied + +Examples: + $PRG + $PRG --basedn dc=example,dc=org --enable horde prep +EOF +} + +exit1() { + echo >&2 "Error: $1" + echo >&2 "Exiting..." + exit 1 +} + +while true ; do + case "$1" in + -b|--basedn) basedn="$2"; shift 2;; + -e|--enable-extension) + case "$2" in + cipux|horde) eval "$2=1";; + *) exit1 "Unknown extension \"$2\"" + esac + shift 2 + ;; + -d|--disable-extension) + case "$2" in + cipux|horde) eval "$2=";; + *) exit1 "Unknown extension \"$2\"" + esac + shift 2 + ;; + -f|--force) force="1"; shift;; + -h|--help) showhelp; exit 0;; + --) shift; break;; + *) exit1 "Internal error!";; + esac +done + # Ensure all required values are properly resolved for var in basedn dnsdomain orgname backend; do if [ -z "`eval echo '$'$var`" ]; then - echo 1>&2 "ERROR: Required variable '$var' missing. Exiting...!" - exit 1 + exit1 "Required variable '$var' missing. Exiting...!" fi done @@ -55,7 +150,7 @@ spacecat $snippets | sed >>"$tempdir/slapd.conf" \ -e "s/@SUFFIX@/$basedn/g" \ -e "s/@ADMIN@/cn=admin,$basedn/g" -# TODO: Better separate core from normal lif files than "below 100"... +# TODO: Better separate core from normal ldif files than "below 100"... file=99 for section in core base cipux horde; do sed <"$masterdir/db/$section.ldif.in" >"$tempdir/${file}_$section.ldif" \ |