Commit 1d4ea12f authored by Alexandre Iooss's avatar Alexandre Iooss Committed by Alexandre IOOSS

Cleanup of LDAP installer

This commit rewrites LDAP installer with the following changes :

 - LDIF file now ends with the correct extension ".ldif",

 - Rather than dumping an old LDAP schema, now only samba and freeradius
   schema are added. This improves future proofness with freeradius
   schema evolving,

 - LDIF files now have licence header according to where it was taken,

 - install_re2o.sh no longer dump the new database with slapadd but uses
   generic LDAP commands to populate the new database,

 - install_re2o.sh no longer restart slapd service and installs all
   needed dependencies.

Compared to the old method, nothing should be different after the
install (other than creation date and uuid).

Needed for further development with openldap in a Docker container.
parent 064ec73c
......@@ -6,8 +6,9 @@ SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py'
APT_REQ_FILE="apt_requirements.txt"
PIP_REQ_FILE="pip_requirements.txt"
LDIF_DB_FILE="install_utils/db.ldiff"
LDIF_SCHEMA_FILE="install_utils/schema.ldiff"
LDIF_DB_FILE="install_utils/ldap/db.ldif"
LDIF_SCHEMA_RADIUS_FILE="install_utils/ldap/schema_radius.ldif"
LDIF_SCHEMA_SAMBA_FILE="install_utils/ldap/schema_samba.ldif"
VALUE= # global value used to return values by some functions
......@@ -155,7 +156,7 @@ install_database() {
install_ldap() {
### Usage: install_ldap <local_setup> <password> <domain>
### Usage: install_ldap <local_setup> <password> <domain> <extension>
#
# This function will install the LDAP
#
......@@ -172,44 +173,32 @@ install_ldap() {
local_setup="$1"
password="$2"
domain="$3"
extension_locale="$4"
if [ "$local_setup" == 1 ]; then
echo "Installing slapd package ..."
apt-get -y install slapd
echo "Installing slapd package: Done"
echo "Preconfiguring slapd package ..."
echo slapd slapd/domain string $extension_locale | debconf-set-selections -v
echo slapd slapd/password1 password $password | debconf-set-selections -v
echo slapd slapd/password2 password $password | debconf-set-selections -v
echo "Preconfiguring slapd package: Done"
echo "Hashing the LDAP password ..."
hashed_ldap_passwd="$(slappasswd -s $password)"
echo "Hash of the password: $hashed_ldap_passwd"
echo "Installing openldap packages ..."
DEBIAN_FRONTEND=noninteractive apt-get -y install slapd ldap-utils
echo "Installing openldap packages: Done"
echo "Building the LDAP config files ..."
sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_DB_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_SCHEMA_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema
echo "Building the LDAP config files: Done"
echo "Stopping slapd service ..."
service slapd stop
echo "Stopping slapd service: Done"
echo "Adding freeradius and samba schema to LDAP ..."
ldapadd -Y EXTERNAL -H ldapi:/// -f "$LDIF_SCHEMA_RADIUS_FILE"
ldapadd -Y EXTERNAL -H ldapi:/// -f "$LDIF_SCHEMA_SAMBA_FILE"
echo "Adding freeradius and samba schema to LDAP: Done"
echo "Deleting exisitng LDAP configuration ..."
rm -rf /etc/ldap/slapd.d/*
rm -rf /var/lib/ldap/*
echo "Deleting existing LDAP configuration: Done"
echo "Setting up the new LDAP configuration ..."
slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
slapadd -n 1 -l /tmp/db
echo "Setting up the new LDAP configuration: Done"
echo "Fixing the LDAP files permissions ..."
chown -R openldap:openldap /etc/ldap/slapd.d
chown -R openldap:openldap /var/lib/ldap
echo "Fixing the LDAP files permissions: Done"
echo "Starting slapd service ..."
service slapd start
echo "Starting slapd service: Done"
echo "Creating re2o LDAP database ..."
ldapadd -H ldap:// -x -D "cn=admin,$domain" -w "$password" -f "/tmp/db"
echo "Creating re2o LDAP database: Done"
else
......@@ -665,7 +654,7 @@ interactive_guide() {
install_database "$sql_bdd_type" "$sql_is_local" "$sql_name" "$sql_login" "$sql_password"
install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn"
install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn" "$extension_locale"
write_settings_file "$sql_bdd_type" "$sql_host" "$sql_name" "$sql_login" "$sql_password" \
......
dn: dc=example,dc=net
o: rezo
structuralObjectClass: organization
entryUUID: fc97a0fe-514b-1034-9e4d-59675b32507b
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20150225150906Z
description: ldap
objectClass: top
objectClass: dcObject
objectClass: organization
entryCSN: 20151003212702.245118Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20151003212702Z
contextCSN: 20161004233332.689769Z#000000#000#000000
dn: cn=admin,dc=example,dc=net
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
structuralObjectClass: organizationalRole
entryUUID: fc97fa72-514b-1034-9e4e-59675b32507b
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20150225150906Z
description:: TERBUCBhZG1pbmlzdHJhdG9yDQo=
userPassword: FILL_IT
entryCSN: 20160604005945.576566Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160604005945Z
dn: cn=Utilisateurs,dc=example,dc=net
gidNumber: 500
cn: Utilisateurs
structuralObjectClass: posixGroup
entryUUID: 5d53854e-5204-1034-8c61-8da535cabdfc
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20150226130856Z
sambaSID: 500
uid: Users
objectClass: posixGroup
objectClass: top
objectClass: sambaSamAccount
objectClass: radiusprofile
entryCSN: 20150226130950.194154Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20150226130950Z
dn: ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes d'utilisateurs
ou: groups
structuralObjectClass: organizationalUnit
entryUUID: 986aa1b6-bb86-1035-9a4c-2ff0c800ec24
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160531142039Z
entryCSN: 20160531142039.780151Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160531142039Z
dn: ou=services,ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes de comptes techniques
ou: services
structuralObjectClass: organizationalUnit
entryUUID: cbb56904-bc6a-1035-9fbb-3dc3850d88ba
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160601173411Z
entryCSN: 20160601173411.088359Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160601173411Z
dn: ou=service-users,dc=example,dc=net
objectClass: organizationalUnit
description: Utilisateurs techniques de l'annuaire
ou: service-users
structuralObjectClass: organizationalUnit
entryUUID: 0e397270-bc6b-1035-9fbd-3dc3850d88ba
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160601173602Z
entryCSN: 20160601173602.683304Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160601173602Z
dn: cn=freeradius,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: freeradius
userPassword: FILL_IT
structuralObjectClass: applicationProcess
entryUUID: 8596e4ec-bc6b-1035-9fbf-3dc3850d88ba
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160601173922Z
entryCSN: 20160601173922.944598Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160601173922Z
dn: cn=nssauth,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: nssauth
structuralObjectClass: applicationProcess
entryUUID: cfbdadc6-bc6b-1035-9fc4-3dc3850d88ba
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160601174127Z
userPassword: FILL_IT
entryCSN: 20160603093724.770069Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160603093724Z
dn: cn=auth,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: auth
member: cn=nssauth,ou=service-users,dc=example,dc=net
structuralObjectClass: groupOfNames
entryUUID: 98524836-bc6d-1035-9fc7-3dc3850d88ba
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160601175413Z
entryCSN: 20160620005705.309928Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160620005705Z
dn: ou=posix,ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes de comptes POSIX
ou: posix
structuralObjectClass: organizationalUnit
entryUUID: fbd89c4a-bdb5-1035-9045-d5a09894d93e
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160603090455Z
entryCSN: 20160603090455.267192Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160603090455Z
dn: cn=wifi,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: wifi
structuralObjectClass: applicationProcess
entryUUID: 8cc2d1a6-bdc2-1035-9051-d5a09894d93e
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160603103452Z
userPassword: FILL_IT
entryCSN: 20160603103638.682210Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160603103638Z
dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: usermgmt
structuralObjectClass: groupOfNames
entryUUID: ec01e206-bdc2-1035-9054-d5a09894d93e
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160603103732Z
member: cn=wifi,ou=service-users,dc=example,dc=net
entryCSN: 20160603103746.897151Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160603103746Z
dn: cn=replica,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: replica
structuralObjectClass: applicationProcess
entryUUID: caef5c54-c0e4-1035-948f-dfe369fe3d4f
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160607101733Z
userPassword: FILL_IT
entryCSN: 20160607101829.424643Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160607101829Z
dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: readonly
structuralObjectClass: groupOfNames
entryUUID: f6bd2366-c0e4-1035-9492-dfe369fe3d4f
creatorsName: cn=admin,dc=example,dc=net
createTimestamp: 20160607101846Z
member: cn=replica,ou=service-users,dc=example,dc=net
member: cn=freeradius,ou=service-users,dc=example,dc=net
entryCSN: 20160619214628.287369Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=net
modifyTimestamp: 20160619214628Z
# coding:utf-8
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017 Gabriel Détraz
# Copyright © 2018 Maël Kervella
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
# Pré-remplissage
dn: cn=Utilisateurs,dc=example,dc=net
gidNumber: 500
cn: Utilisateurs
sambaSID: 500
uid: Users
objectClass: posixGroup
objectClass: top
objectClass: sambaSamAccount
objectClass: radiusprofile
dn: ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes d'utilisateurs
ou: groups
dn: ou=posix,ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes de comptes POSIX
ou: posix
dn: ou=services,ou=groups,dc=example,dc=net
objectClass: organizationalUnit
description: Groupes de comptes techniques
ou: services
dn: cn=auth,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: auth
member: cn=nssauth,ou=service-users
dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: usermgmt
member: cn=wifi,ou=service-users
dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net
objectClass: groupOfNames
cn: readonly
member: cn=replica,ou=service-users
member: cn=freeradius,ou=service-users
dn: ou=service-users,dc=example,dc=net
objectClass: organizationalUnit
description: Utilisateurs techniques de l'annuaire
ou: service-users
dn: cn=freeradius,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: freeradius
userPassword: FILL_IT
dn: cn=nssauth,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: nssauth
userPassword: FILL_IT
dn: cn=wifi,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: wifi
userPassword: FILL_IT
dn: cn=replica,ou=service-users,dc=example,dc=net
objectClass: applicationProcess
objectClass: simpleSecurityObject
cn: replica
userPassword: FILL_IT
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment