#!/bin/bash toolName="ldap" toolDaemon="slapd" toolDeps="$toolDaemon ldap-utils" toolUser="openldap" # Get script working directory # (when called from a different directory) WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" CONFIG=0 CONFIG_FILE_NAME="${toolName}.cfg" CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example" step_config() { initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE" if [ $? -eq 0 ] ; then CONFIG=1 fi } step_1_info() { echo "$toolName installation"; } step_1_alias() { ALIAS="install"; } step_1() { exe apt update exe apt install $toolDeps } step_2_info() { echo "Configuration of $toolName"; } step_2() { exe dpkg-reconfigure $toolDaemon } step_3_info() { echo "Load memberof module"; } step_3() { local tempLdif=`eval "echo \"$loadMemberof\""` exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///" } loadMemberof="dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: memberof.la " step_4_info() { echo "Configure memberof module"; } step_4() { local tempLdif=`eval "echo \"$configMemberof\""` exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///" } configMemberof="dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: memberof olcMemberOfRefint: TRUE - dn: olcDatabase={1}mdb,cn=config olcDbIndex: memberOf eq " step_5_info() { echo "Load refint module"; } step_5() { local tempLdif=`eval "echo \"$loadRefint\""` exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///" } loadRefint="dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: refint.la " step_6_info() { echo "Configure refint module"; } step_6() { local tempLdif=`eval "echo \"$configRefint\""` exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///" } configRefint="dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: {1}refint olcRefintAttribute: memberof member manager owner " step_7_info() { echo "Create base DNs for users ($LDAP_OU_USERS) and groups ($LDAP_OU_GROUPS)"; } step_7() { variable2Ldif add "$ldapBase" } ldapBase="dn: \$LDAP_OU_USERS,\$LDAP_DC objectClass: organizationalUnit \${LDAP_OU_USERS/ou=/ou: } dn: \$LDAP_OU_GROUPS,\$LDAP_DC objectClass: organizationalUnit \${LDAP_OU_GROUPS/ou=/ou: } " step_8_info() { echo "Setup SSL secured ldaps:// access"; } step_8() { sudo -u $toolUser test -r "$LDAP_CERT_KEY" >>/dev/null 2>&1 endReturn -o $? "$toolUser cannot access certificate key file: $LDAP_CERT_KEY" sudo -u $toolUser test -r "$LDAP_CERT" >>/dev/null 2>&1 endReturn -o $? "$toolUser cannot access certificate file: $LDAP_CERT" sudo -u $toolUser test -r "$LDAP_CERT_CA" >>/dev/null 2>&1 endReturn -o $? "$toolUser cannot access CA certificate file: $LDAP_CERT_CA" local tempLdif=`eval "echo \"$sslSetup\""` exep "echo \"$tempLdif\" | ldapmodify -Y EXTERNAL -H ldapi:///" exe service $toolDaemon restart } sslSetup="dn: cn=config changetype: modify replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: \$LDAP_CERT_KEY - replace: olcTLSCertificateFile olcTLSCertificateFile: \$LDAP_CERT - replace: olcTLSCACertificateFile olcTLSCACertificateFile: \$LDAP_CERT_CA - replace: olcTLSVerifyClient olcTLSVerifyClient: never " step_9_info() { echo "Finalize SSL configuration (manually)"; } step_9() { echo "/etc/default/$toolDaemon" echo " Add \"ldaps:///\" to line:" echo " SLAPD_SERVICES=\"ldap:/// ldaps:/// ldapi:///\"" echo } step_20_info() { echo "Test plain ldap connection with anonymous access"; } step_20() { exe ldapwhoami -H ldapi:/// -x } step_80_info() { echo -e "Some ldap command notes\n"; } step_80_alias() { ALIAS="notes"; } step_80() { outColor green cat < "; } step_100_alias() { ALIAS="addgroup"; } step_100() { shift local groupName=$1 local memberDn="uid=$2,${LDAP_OU_USERS},${LDAP_DC}" variable2Ldif add "$addGroup" } addGroup="dn: cn=\${groupName},\${LDAP_OU_GROUPS},\${LDAP_DC} objectClass: groupofnames cn: \${groupName} description: Created by $0 member: \${memberDn} " step_102_info() { echo "Add user [USER GID]"; } step_102_alias() { ALIAS="adduser"; } step_102() { shift userId="$1" local userCn="$2 $3" local givenName="$2" local userSn="$3" local uidNumber="$4" local userMail="$5" local userGid=10000 if [ ! -z $6 ] ; then userGid="$6" fi variable2Ldif add "$addUser" endReturn -o $? "Adding user failed" } userId= addUser="dn: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC cn: \$userCn givenName: \$givenName sn: \$userSn uid: \$userId uidNumber: \$uidNumber gidNumber: \$userGid homeDirectory: /home/\$userId mail: \$userMail objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash " step_103_info() { echo "(re)Set passwort for "; } step_103_alias() { ALIAS="passwd"; } step_103() { shift if [ ! -z $1 ] ; then echo " [I] Password operation for $1" userId="$1" elif [ ! -z $userId ] ; then echo " [I] Password operation for $userId" else echoerr " [E] No user id provided" return 1 fi exe ldappasswd -H ldapi:/// -x -D "cn=admin,$LDAP_DC" -W -S "uid=$userId,$LDAP_OU_USERS,$LDAP_DC" } step_105_info() { echo "Adding to existing group "; } step_105_alias() { ALIAS="user2group"; } step_105() { shift if [ ! -z $1 ] ; then userId="$1" echo " [I] User operation for $userId" elif [ ! -z $userId ] ; then echo " [I] User operation for $userId" else echoerr " [E] No user id provided" return 1 fi if [ -z $2 ] ; then echoerr " [E] No group name provided" return 2 fi local groupName="$2" variable2Ldif modify "$removeFromgroup" variable2Ldif modify "$add2group" endReturn -o $? "Adding user to group failed" } #remove empty member add2group="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC changetype: modify add: member member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC changetype: modify delete: member member: " step_107_info() { echo "Removing from existing group "; } step_107_alias() { ALIAS="rmusergroup"; } step_107() { shift if [ ! -z $1 ] ; then userId="$1" echo " [I] User operation for $userId" elif [ ! -z $userId ] ; then echo " [I] User operation for $userId" else echoerr " [E] No user id provided" return 1 fi if [ -z $2 ] ; then echoerr " [E] No group name provided" return 2 fi local groupName="$2" variable2Ldif modify "$removeFromgroup" } # try to delete user entry first to ensure correct memberof status # make sure an empty member entry exists removeFromgroup="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC changetype: modify add: member member: dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC changetype: modify delete: member member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC " step_110_info() { echo "Remove group "; } step_110_alias() { ALIAS="rmgroup"; } step_110() { shift if [ -z $1 ] ; then echoerr " [E] No group name provided" return 1 fi local groupName=$1 variable2Ldif modify "$rmGroup" } rmGroup="dn: cn=\${groupName},\${LDAP_OU_GROUPS},\${LDAP_DC} changetype: delete " step_112_info() { echo "Remove user "; } step_112_alias() { ALIAS="rmuser"; } step_112() { shift if [ -z $1 ] ; then echoerr " [E] No user id provided" return 1 fi local userName=$1 variable2Ldif modify "$rmUser" } rmUser="dn: uid=\${userName},\${LDAP_OU_USERS},\${LDAP_DC} changetype: delete " step_200_info() { echo "List available groups "; } step_200_alias() { ALIAS="listgroups"; } step_200() { shift echo " [I] Available groups:" exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_GROUPS},${LDAP_DC} dn gidNumber $* } step_202_info() { echo "List available users "; } step_202_alias() { ALIAS="listusers"; } step_202() { shift echo " [I] Available user:" exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_USERS},${LDAP_DC} dn uidNumber gidNumber $* } variable2Ldif() { local cmd="ldapmodify" local tempLdif=`eval "echo \"$2\""` case $1 in add) cmd="ldapadd" ;; delete) cmd="ldapdelete" ;; esac exep "echo \"$tempLdif\" | $cmd -x -D cn=admin,${LDAP_DC} -W" } variable2LdifEcho() { local tempLdif=`eval "echo \"$2\""` echo "$tempLdif" } VERSION_SEQREV=10 . /usr/local/bin/sequencer.sh