+- Hackonology Forums (https://hackonology.com/forum)
+-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3)
+--- Forum: System Configuration (https://hackonology.com/forum/forumdisplay.php?fid=4)
+--- Thread: LDAP Configuration Script (/showthread.php?tid=39)
LDAP Configuration Script - SysAdmin - 08-29-2020
ping google.com
hostnamectl set-hostname server.com
vim /etc/hosts
#192.168.117.134 server.com
yum update -y
yum -y install openldap* migrationtools
cd /etc/openldap/slapd.d/cn=config
vim olcDatabase={2}hdb.ldif
:'
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 516a7b44
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=server,dc=com
olcRootDN: cn=Manager,dc=server,dc=com
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
structuralObjectClass: olcHdbConfig
entryUUID: 2a2d6652-f88b-1039-81a6-bddf24b198a7
creatorsName: cn=config
createTimestamp: 20200312085653Z
entryCSN: 20200312085653.926831Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20200312085653Z
olcRootPW: {SSHA}iG/I25bZ7ZAbCNvA15WRrh9WxDUkCEA+
olcTLSCertificateFile: /etc/pki/tls/certs/server.pem
olcTLSCertificateKeyFile: /etc/pki/tls/certs/serverkey.pem
'
vim olcDatabase={1}monitor.ldif
:'
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 bab298af
dn: olcDatabase={1}monitor
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern
al,cn=auth" read by dn.base="cn=Manager,dc=server,dc=com" read by * none
structuralObjectClass: olcDatabaseConfig
entryUUID: 2a2d5c3e-f88b-1039-81a5-bddf24b198a7
creatorsName: cn=config
createTimestamp: 20200312085653Z
entryCSN: 20200312085653.926572Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20200312085653Z
'
slaptest -u
systemctl start slapd
systemctl enable slapd
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown -R ldap:ldap /var/lib/ldap/
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
openssl req -new -x509 -nodes -out /etc/pki/tls/certs/server.pem -keyout /etc/pki/tls/certs/serverkey.pem -days 365
cd /usr/share/migrationtools/
vim migrate_common.ph
:'
$EXTENDED_SCHEMA = 1;
$DEFAULT_MAIL_DOMAIN = "server.com";
$DEFAULT_BASE = "dc=server,dc=com";
'
vim /root/base.ldif
:'
dn: dc=server,dc=com
dc: server
objectClass: top
objectClass: domain
dn: cn=ldapadm,dc=server,dc=com
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager
dn: ou=People,dc=server,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Group,dc=server,dc=com
objectClass: organizationalUnit
ou: Group
'
useradd ldapuser1
useradd ldapuser2
echo "redhat" | passwd --stdin ldapuser1
echo "redhat" | passwd --stdin ldapuser2
grep ":10[0-9][0-9]" /etc/passwd > /root/passwd
grep ":10[0-9][0-9]" /etc/group > /root/group
./migrate_passwd.pl /root/passwd /root/users.ldif
./migrate_group.pl /root/group /root/groups.ldif
ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/base.ldif
ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/users.ldif
ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/groups.ldif
ldapsearch -x cn=ldapuser1 -b dc=server,dc=com
ldapsearch -x -b 'dc=server,dc=com' '(objectclass=*)'
firewall-cmd --permanent --add-service=ldap
firewall-cmd --permanent --add-port=389/tcp
firewall-cmd --reload
vim /etc/exports
:'
/home *(rw,sync)
'
yum -y install rpcbind nfs-utils
systemctl start rpcbind
systemctl start nfs
systemctl enable rpcbind
systemctl enable nfs