#!/bin/sh set -e umask 066 # Resolve some defaults from other system config basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//'`" dnsdomain="`dnsdomainname`" orgname="" if [ -r /etc/local-ORG/orgname ]; then orgname="$(head -n 1 /etc/local-ORG/orgname)" fi # config defaults as of slapd 2.4.10-3 backend="hdb" # Ensure all required values are properly resolved for var in basedn dnsdomain orgname backend; do if [ -z "`eval echo '$'$var`" ]; then echo 1>&2 "ERROR: Required variable '$var' missing. Exiting...!" exit 1 fi done masterdir=/etc/local-COMMON/ldap/db tempdir=`mktemp -dt slapd.XXXXXX` snippets="$(LANG=C find "$masterdir" -type f -name '*.conf.in' | sort)" # concatenate files with an additional newline in between # (perl could replace sed too, but multiline perl inside shell is ugly) perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(); close FH;}' $snippets \ | sed >>"$tempdir/slapd.conf" \ -e "s/@BACKEND@/$backend/g" \ -e "s/@SUFFIX@/$basedn/g" \ -e "s/@ADMIN@/cn=admin,$basedn/g" for section in core base cipux horde; do sed <"$masterdir/$section.ldif.in" >"$tempdir/$section.ldif" \ -e "s/@SUFFIX@/$basedn/g" \ -e "s/@DOMAIN@/$dnsdomain/g" \ -e "s/@ORG@/$orgname/g" done for db in passwd group; do getent $db >"$tempdir/$db.dump" ( cd /usr/share/migrationtools && ./migrate_passwd.pl "$tempdir/$db.dump" >"$tempdir/$db.ldif" ) done #invoke-rc.d slapd stop #slapadd -l "$tempdir/core.ldif" #invoke-rc.d slapd start #ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -w supersecretpassword "cn=admin,$basedn" for section in base cipux horde; do ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$tempdir/$section.ldif" -W done for role in cipux horde; do echo "Securing $role..." ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -W "cn=$role,ou=Entities,ou=Access Control,$basedn" done # TODO: Write as function, and create group if not existing ldapmodify -x -h localhost -D "cn=admin,$basedn" -W <