LDAP Configuration Script - Printable Version +- Hackonology Forums (https://hackonology.com/forum) +-- Forum: Technology & Configuration (https://hackonology.com/forum/forumdisplay.php?fid=3) +--- Forum: System Configuration (https://hackonology.com/forum/forumdisplay.php?fid=4) +--- Thread: LDAP Configuration Script (/showthread.php?tid=39) |
LDAP Configuration Script - SysAdmin - 08-29-2020 ping google.com hostnamectl set-hostname server.com vim /etc/hosts #192.168.117.134 server.com yum update -y yum -y install openldap* migrationtools cd /etc/openldap/slapd.d/cn=config vim olcDatabase={2}hdb.ldif :' # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 516a7b44 dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=server,dc=com olcRootDN: cn=Manager,dc=server,dc=com olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub structuralObjectClass: olcHdbConfig entryUUID: 2a2d6652-f88b-1039-81a6-bddf24b198a7 creatorsName: cn=config createTimestamp: 20200312085653Z entryCSN: 20200312085653.926831Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20200312085653Z olcRootPW: {SSHA}iG/I25bZ7ZAbCNvA15WRrh9WxDUkCEA+ olcTLSCertificateFile: /etc/pki/tls/certs/server.pem olcTLSCertificateKeyFile: /etc/pki/tls/certs/serverkey.pem ' vim olcDatabase={1}monitor.ldif :' # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 bab298af dn: olcDatabase={1}monitor objectClass: olcDatabaseConfig olcDatabase: {1}monitor olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=extern al,cn=auth" read by dn.base="cn=Manager,dc=server,dc=com" read by * none structuralObjectClass: olcDatabaseConfig entryUUID: 2a2d5c3e-f88b-1039-81a5-bddf24b198a7 creatorsName: cn=config createTimestamp: 20200312085653Z entryCSN: 20200312085653.926572Z#000000#000#000000 modifiersName: cn=config modifyTimestamp: 20200312085653Z ' slaptest -u systemctl start slapd systemctl enable slapd cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown -R ldap:ldap /var/lib/ldap/ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif openssl req -new -x509 -nodes -out /etc/pki/tls/certs/server.pem -keyout /etc/pki/tls/certs/serverkey.pem -days 365 cd /usr/share/migrationtools/ vim migrate_common.ph :' $EXTENDED_SCHEMA = 1; $DEFAULT_MAIL_DOMAIN = "server.com"; $DEFAULT_BASE = "dc=server,dc=com"; ' vim /root/base.ldif :' dn: dc=server,dc=com dc: server objectClass: top objectClass: domain dn: cn=ldapadm,dc=server,dc=com objectClass: organizationalRole cn: ldapadm description: LDAP Manager dn: ou=People,dc=server,dc=com objectClass: organizationalUnit ou: People dn: ou=Group,dc=server,dc=com objectClass: organizationalUnit ou: Group ' useradd ldapuser1 useradd ldapuser2 echo "redhat" | passwd --stdin ldapuser1 echo "redhat" | passwd --stdin ldapuser2 grep ":10[0-9][0-9]" /etc/passwd > /root/passwd grep ":10[0-9][0-9]" /etc/group > /root/group ./migrate_passwd.pl /root/passwd /root/users.ldif ./migrate_group.pl /root/group /root/groups.ldif ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/base.ldif ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/users.ldif ldapadd -x -W -D "cn=Manager,dc=server,dc=com" -f /root/groups.ldif ldapsearch -x cn=ldapuser1 -b dc=server,dc=com ldapsearch -x -b 'dc=server,dc=com' '(objectclass=*)' firewall-cmd --permanent --add-service=ldap firewall-cmd --permanent --add-port=389/tcp firewall-cmd --reload vim /etc/exports :' /home *(rw,sync) ' yum -y install rpcbind nfs-utils systemctl start rpcbind systemctl start nfs systemctl enable rpcbind systemctl enable nfs |