summaryrefslogtreecommitdiff
path: root/ldap/mkldapdb
blob: a1b0742e3d160fff8326d1547a4b55fc1c693642 (plain)
  1. #!/bin/sh
  2. set -e
  3. umask 066
  4. # Resolve some defaults from other system config
  5. basedn="`grep '^BASE\b' /etc/ldap/ldap.conf | sed -e 's/^BASE[[:space:]]\+//'`"
  6. dnsdomain="`dnsdomainname`"
  7. orgname=""
  8. if [ -r /etc/local-ORG/orgname ]; then
  9. orgname="$(head -n 1 /etc/local-ORG/orgname)"
  10. fi
  11. # config defaults as of slapd 2.4.10-3
  12. backend="hdb"
  13. # Ensure all required values are properly resolved
  14. for var in basedn dnsdomain orgname backend; do
  15. if [ -z "`eval echo '$'$var`" ]; then
  16. echo 1>&2 "ERROR: Required variable '$var' missing. Exiting...!"
  17. exit 1
  18. fi
  19. done
  20. masterdir=/etc/local-COMMON/ldap/db
  21. tempdir=`mktemp -dt slapd.XXXXXX`
  22. snippets="$(LANG=C find "$masterdir" -type f -name '*.conf.in' | sort)"
  23. # concatenate files with an additional newline in between
  24. # (perl could replace sed too, but multiline perl inside shell is ugly)
  25. perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' $snippets \
  26. | sed >>"$tempdir/slapd.conf" \
  27. -e "s/@BACKEND@/$backend/g" \
  28. -e "s/@SUFFIX@/$basedn/g" \
  29. -e "s/@ADMIN@/cn=admin,$basedn/g"
  30. for section in core base cipux horde; do
  31. sed <"$masterdir/$section.ldif.in" >"$tempdir/$section.ldif" \
  32. -e "s/@SUFFIX@/$basedn/g" \
  33. -e "s/@DOMAIN@/$dnsdomain/g" \
  34. -e "s/@ORG@/$orgname/g"
  35. done
  36. for db in passwd group; do
  37. getent $db >"$tempdir/$db.dump"
  38. ( cd /usr/share/migrationtools && ./migrate_passwd.pl "$tempdir/$db.dump" >"$tempdir/$db.ldif" )
  39. done
  40. #invoke-rc.d slapd stop
  41. #slapadd -l "$tempdir/core.ldif"
  42. #invoke-rc.d slapd start
  43. #ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -w supersecretpassword "cn=admin,$basedn"
  44. for section in base cipux horde; do
  45. ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$tempdir/$section.ldif" -W
  46. done
  47. for role in cipux horde; do
  48. echo "Securing $role..."
  49. ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -W "cn=$role,ou=Entities,ou=Access Control,$basedn"
  50. done
  51. # TODO: Write as function, and create group if not existing
  52. ldapmodify -x -h localhost -D "cn=admin,$basedn" -W <<EOF
  53. dn: cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,$basedn
  54. changetype: modify
  55. add: uniqueMember
  56. uniqueMember: cn=cipux,ou=Entities,ou=Access Control,$basedn
  57. EOF