[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
mkconf - generate initial OpenLDAP setup
Hello!
I've had so much fun and success with OpenLDAP, that I'd like to contribute
a tiny little bit :-)
I've created a small script `mkconf' which may help beginners to successfully
start up with OpenLDAP. The script prompts for several values and genereates
all required configuration files.
I hope you'll test this for me and perhaps include it in one of the next
releases of OpenLDAP.
Kind regards,
-JP
#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.2).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 2000-01-12 16:57 CET by <jpmens@bigfoot.com>.
# Source directory was `/home/jpm/usr/ldap/mkconf'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 7131 -rwxr-xr-x mkconf
#
save_IFS="${IFS}"
IFS="${IFS}:"
gettext_dir=FAILED
locale_dir=FAILED
first_param="$1"
for dir in $PATH
do
if test "$gettext_dir" = FAILED && test -f $dir/gettext \
&& ($dir/gettext --version >/dev/null 2>&1)
then
set `$dir/gettext --version 2>&1`
if test "$3" = GNU
then
gettext_dir=$dir
fi
fi
if test "$locale_dir" = FAILED && test -f $dir/shar \
&& ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
then
locale_dir=`$dir/shar --print-text-domain-dir`
fi
done
IFS="$save_IFS"
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
then
echo=echo
else
TEXTDOMAINDIR=$locale_dir
export TEXTDOMAINDIR
TEXTDOMAIN=sharutils
export TEXTDOMAIN
echo="$gettext_dir/gettext -s"
fi
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
shar_touch=touch
else
shar_touch=:
echo
$echo 'WARNING: not restoring timestamps. Consider getting and'
$echo "installing GNU \`touch', distributed in GNU File Utilities..."
echo
fi
rm -f 1231235999 $$.touch
#
if mkdir _sh29663; then
$echo 'x -' 'creating lock directory'
else
$echo 'failed to create lock directory'
exit 1
fi
# ============= mkconf ==============
if test -f 'mkconf' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'mkconf' '(file already exists)'
else
$echo 'x -' extracting 'mkconf' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'mkconf' &&
#!/bin/sh
# by Jan-Piet Mens <jpmens@bigfoot.com>
#
# $Id: mkconf,v 1.1 2000/01/12 15:50:14 jpm Exp jpm $
#
# $Log: mkconf,v $
# Revision 1.1 2000/01/12 15:50:14 jpm
# Initial revision
#
#
X
PROGNAME="mkconf v.1.0"
X
X
function prompt {
X txt="$1";
X def="$2";
X if test -z "$def" ; then
X echo -n "$txt : "
X else
X echo -n "$txt [$def] : ";
X fi
X read ans;
X if test -z "$ans" ; then
X ans="$def";
X fi
}
X
cat <<!
X
X
This program will try and guide you along building an initial configuration
and initial database for OpenLDAP.
X
X
First, enter the name of a temporary directory, which will
be created for you.
!
X
prompt "Temporary directory which will be created for you:" /tmp/buildldap
dir=$ans
test -d "$dir" || mkdir "$dir"
test -d "$dir" || { echo "$dir is not a directory. Exiting." >&2; exit 2; }
X
# Naming convention: $naming = {dc|o}"
cat <<!
X
You have to decide on a naming convention for your directory.
Here you will decide on the so-called search base for your LDAP directory.
There are two general conventions: the first is Organization based
(e.g. o=my-company.com or o=my-company, c=us) and the second is DNS
domain based (e.g. dc=my-company, dc=com). Choose which type you want.
X
Please choose whether you wish a domain naming (dc)
or Organization (o) naming convention.
!
naming=""
while test -z "$naming" -o "$naming" != "dc" -a "$naming" != "o"
do
X prompt "domain naming (dc) or organization (o) naming (o)" ""
X naming=$ans
done
X
X
# Enter organization name or dns domain name
if test $naming = dc; then
X dc1=`hostname | awk -F. '{ printf "%s\n", $(NF-1)}'`
X prompt "Enter your domain name without the .com, .edu, .etc suffix" "$dc1"
X dc1=$ans
X
X dc2=`hostname | awk -F. '{ printf "%s\n", $(NF)}'`
X prompt "Enter the suffix (.com, .de, etc) for your domain name" "$dc2"
X dc2=$ans
X
X base="dc=$dc1, dc=$dc2"
X prompt "Confirm the searchbase of your directory" "$base"
X base="$ans"
X
X cat > ${dir}/ldif.in <<!
dn: dc=$dc1, dc=$dc2
dc: $dc1
o: $dc1.$dc2
objectClass: organization
objectClass: dcObject
objectClass: top
X
!
X
else
X org=`hostname | awk -F. '{ printf "%s.%s\n", $(NF-1), $NF}'`
X prompt "Enter the name of your organization" "$org"
X org=$ans
X
X base="o=$org"
X prompt "Confirm the searchbase of your directory" "$base"
X base="$ans"
X cat > ${dir}/ldif.in <<!
dn: $base
objectClass: organization
objectClass: top
o: $org
X
!
fi
X
########################################## Add Manager
prompt "Enter a password for the Manager" "secret"
managerpass="$ans"
X
cat >> ${dir}/ldif.in <<!
dn: cn=Manager, $base
cn: Manager
sn: Manager
objectClass: person
userPassword: $managerpass
X
!
X
########################################### Build entry for person
cat <<!
We will now build an entry for a person. Probably yourself :-)
!
X
prompt "Enter your Surname (sn)" "Doe"
sn="$ans"
prompt "Enter your given or firstname (givenname)" "Jane"
givenname=$ans
prompt "Enter your telephonenumber" "555-1234"
telephonenumber=$ans
X
cn="$givenname $sn"
prompt "Confirm your common name (cn)" "$cn"
cn=$ans
X
prompt "Enter a password for yourself" ""
userpw=$ans
X
cat >> ${dir}/ldif.in <<!
dn: cn=$cn, $base
cn: $cn
sn: $sn
userPassword: $userpw
telephoneNumber: $telephonenumber
objectClass: top
objectClass: person
X
!
X
cat <<!
X
X
Please enter paths to the OpenLDAP software.
X
!
prompt "Path to OpenLDAP configuration files " "/usr/local/etc/openldap"
etcdir=$ans
prompt "Path to OpenLDAP sbin programs " "/usr/local/sbin"
sbindir=$ans
X
cat <<!
X
We need a directory to store the database (the LDBM database)
which will be used by slapd. This should be a clean directory
writeable by 'root' only.
X
!
prompt "spool directory where slapd will keep its database:" /usr/tmp
spooldir=$ans
X
########################## create slapd.conf
cat > ${dir}/slapd.conf <<!
#(@)slapd.conf
# built by $PROGNAME
# on `date`
#
include ${etcdir}/slapd.at.conf
include ${etcdir}/slapd.oc.conf
schemacheck on
X
database ldbm
suffix "$base"
directory $spooldir
rootdn "cn=Manager, $base"
sizelimit 500
index cn,sn pres,eq,sub
index objectclass pres,eq
index givenname pres,eq
index ou pres,eq
index default none
X
lastmod on
X
defaultaccess none
access to attr=objectclass
X by * read
access to attr=userpassword
X by self write
X by * compare
access to attr=member
X by dnattr=member selfwrite
X by * read
access to dn=".*"
X by self write
X by dn="Manager, $base" write
X by * read
access to * by * read
X
!
X
X
########################## create ldap.conf
cat > ${dir}/ldap.conf <<!
#(@)ldap.conf
# built by $PROGNAME
# on `date`
# See ldap.conf(5) for details
X
BASE $base
HOST localhost
PORT 389
SIZELIMIT 100
TIMELIMIT 0
DEREF never
X
!
X
########################## create Makefile
cat > ${dir}/Makefile <<!
ETCDIR=$etcdir
SBINDIR=$sbindir
X
all:
X @echo "Use one of"
X @echo " make install to copy files to target directory"
X @echo " make load to load directory from ldif.in"
X
install: slapd.conf ldap.conf
X install -o root -m 0600 slapd.conf \$(ETCDIR)/slapd.conf
X install -o root -m 0644 ldap.conf \$(ETCDIR)/ldap.conf
X
load: ldif.in
X \$(SBINDIR)/ldif2ldbm -f \$(ETCDIR)/slapd.conf -i ldif.in
!
X
X
###################### build README
cat > ${dir}/README <<!
The following files have been created for you
X README this file
X ldap.conf for client programs
X slapd.conf for SLAPD
X ldif.in your initial LDIF file
X add.sh Script for testing ldapadd
X
Please follow these steps:
X
1. Install slapd.conf and ldap.conf in $etcdir
X This must be done as user 'root'
X
X # make install
X
2. Load the SLAPD database with data for your
X LDAP server
X
X # make load
X
3. Start the Standalone LDAP server (slapd)
X
X # /usr/local/libexec/slapd
X
4. Test the server
X
X $ ldapsearch -b "$base" objectclass=*
X
5. If the client configuration file is ok, you should
X be able to do
X
X $ ldapsearch cn=manager
X or even
X $ ldapsearch sn="$sn"
X
6. See if you can access the LDAP server as manager.
X This also tests the password you specified when
X running $PROGNAME.
X
X $ ldapsearch -D "cn=manager, $base" -W cn=manager
X
X should show you the 'userPassword' attribute, which you
X didn't see in step 5!
X
7. Try adding an entry to your directory. Run the 'add.sh'
X script in $dir
X
X $ sh $dir/add.sh
X
8. Now try once again to search for people with a surname
X of 'Doe'
X
X $ ldapsearch sn=doe
X
X You should see two entries!
X
9. Congratulations. Finished. Everything seems to be
X working.
!
X
X
#################### build add.sh
cat > ${dir}/add.sh <<!
#!/bin/sh
ldapadd -D "cn=Manager, $base" -W <<EOF
dn=cn=John Doe, $base
cn=John Doe
cn=John S. Doe
sn=Doe
objectclass=top
objectclass=person
EOF
!
X
cat <<!
X
X
We have finished! Congratulations.
Now change to the temporary directory ($dir) and check the files
that were created there. Consult the README in $dir.
X
To install the configuration files, you can run 'make install'
(you will need to do that as root). Afterwards, you can run
'make load' to load the SLAPD database with initial data.
X
!
SHAR_EOF
$shar_touch -am 01121657100 'mkconf' &&
chmod 0755 'mkconf' ||
$echo 'restore of' 'mkconf' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'mkconf:' 'MD5 check failed'
36ad38181945e4f50b19b1c5fd1192d7 mkconf
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'mkconf'`"
test 7131 -eq "$shar_count" ||
$echo 'mkconf:' 'original size' '7131,' 'current size' "$shar_count!"
fi
fi
rm -fr _sh29663
exit 0