Commits

Andriy Kornatskyy committed 6d51b64

Added few more scripts for LDAP management

  • Participants
  • Parent commits e55308a

Comments (0)

Files changed (6)

+#!/bin/sh
+
+ldapmodify -QY EXTERNAL -H ldapi:/// -f $1

ldif/access-noadmin.ldif

+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+#
+# Revoke admin write rights to the directory
+delete: olcAccess
+olcAccess: {3}to *
+  by self write
+  by dn="cn=admin,dc=dev,dc=local" write
+  by * read
+-
+# Move admin account to people unit
+replace: olcRootDN
+olcRootDN: uid=admin,ou=people,dc=dev,dc=local
+-
+# Remove admin password
+delete: olcRootPW
+

ldif/access-passwd.ldif

+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+#
+# Delete default user access to password
+delete: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange
+  by self write
+  by anonymous auth
+  by dn="cn=admin,dc=dev,dc=local" write
+  by * none
+-
+# Prohibit access to password
+add: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange
+  by * none
+-
+# Only authenticated users have read access 
+# Anonymous users have no access. 
+add: olcAccess
+olcAccess: {1}to *
+  by users read
+  by * none
+

ldif/add-group.ldif

+dn: cn=jsmith,ou=groups,dc=dev,dc=local
+cn: jsmith
+objectClass: top
+objectClass: posixGroup
+gidNumber: 10000
+

ldif/add-user.ldif

+dn: uid=jsmith,ou=people,dc=dev,dc=local
+cn: John Smith
+givenName: John
+sn: Smith
+uid: jsmith
+uidNumber: 10000
+gidNumber: 10000
+homeDirectory: /home/jsmith
+mail: jsmith@dev.local
+# 
+loginShell: /bin/bash
+userPassword: {CRYPT}*
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+

ldif/auth-kerberos.ldif

+dn: cn=config
+changetype: modify
+#
+# Regular expression that match a simple user name
+# provided by SASL and map it to ldap entry
+add: olcAuthzRegexp
+olcAuthzRegexp: uid=([^,]+),cn=dev.local,cn=gssapi,cn=auth
+  uid=$1,ou=people,dc=dev,dc=local
+-
+# Specify SASL Kerberos realm
+add: olcSaslRealm
+olcSaslRealm: DEV.LOCAL
+