[Date Prev][Date Next] [Chronological] [Thread] [Top]

mkconf - generate initial OpenLDAP setup



Hello!

I've had so much fun and success with OpenLDAP, that I'd like to contribute 
a tiny little bit :-)

I've created a small script `mkconf' which may help beginners to successfully
start up with OpenLDAP. The script prompts for several values and genereates
all required configuration files.

I hope you'll test this for me and perhaps include it in one of the next
releases of OpenLDAP.

Kind regards,
        -JP


#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.2).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 2000-01-12 16:57 CET by <jpmens@bigfoot.com>.
# Source directory was `/home/jpm/usr/ldap/mkconf'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode       name
# ------ ---------- ------------------------------------------
#   7131 -rwxr-xr-x mkconf
#
save_IFS="${IFS}"
IFS="${IFS}:"
gettext_dir=FAILED
locale_dir=FAILED
first_param="$1"
for dir in $PATH
do
  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
     && ($dir/gettext --version >/dev/null 2>&1)
  then
    set `$dir/gettext --version 2>&1`
    if test "$3" = GNU
    then
      gettext_dir=$dir
    fi
  fi
  if test "$locale_dir" = FAILED && test -f $dir/shar \
     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
  then
    locale_dir=`$dir/shar --print-text-domain-dir`
  fi
done
IFS="$save_IFS"
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
then
  echo=echo
else
  TEXTDOMAINDIR=$locale_dir
  export TEXTDOMAINDIR
  TEXTDOMAIN=sharutils
  export TEXTDOMAIN
  echo="$gettext_dir/gettext -s"
fi
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
  shar_touch=touch
else
  shar_touch=:
  echo
  $echo 'WARNING: not restoring timestamps.  Consider getting and'
  $echo "installing GNU \`touch', distributed in GNU File Utilities..."
  echo
fi
rm -f 1231235999 $$.touch
#
if mkdir _sh29663; then
  $echo 'x -' 'creating lock directory'
else
  $echo 'failed to create lock directory'
  exit 1
fi
# ============= mkconf ==============
if test -f 'mkconf' && test "$first_param" != -c; then
  $echo 'x -' SKIPPING 'mkconf' '(file already exists)'
else
  $echo 'x -' extracting 'mkconf' '(text)'
  sed 's/^X//' << 'SHAR_EOF' > 'mkconf' &&
#!/bin/sh
#  by Jan-Piet Mens <jpmens@bigfoot.com>
#
# $Id: mkconf,v 1.1 2000/01/12 15:50:14 jpm Exp jpm $
#
# $Log: mkconf,v $
# Revision 1.1  2000/01/12 15:50:14  jpm
# Initial revision
#
#
X
PROGNAME="mkconf v.1.0"
X
X
function prompt {
X	txt="$1";
X	def="$2";
X	if test -z "$def" ; then
X		echo -n "$txt : "
X	else 
X		echo -n "$txt [$def] : ";
X	fi
X	read ans;
X	if test -z "$ans" ; then
X		ans="$def";
X	fi
}
X
cat <<!
X
X
This program will try and guide you along building an initial configuration
and initial database for OpenLDAP.
X
X
First, enter the name of a temporary directory, which will
be created for you.
!
X
prompt "Temporary directory which will be created for you:" /tmp/buildldap
dir=$ans
test -d "$dir" || mkdir "$dir"
test -d "$dir" || { echo "$dir is not a directory. Exiting." >&2; exit 2; }
X
# Naming convention: $naming = {dc|o}"
cat <<!
X
You have to decide on a naming convention for your directory. 
Here you will decide on the so-called search base for your LDAP directory.
There are two general conventions: the first is Organization based
(e.g. o=my-company.com or o=my-company, c=us) and the second is DNS
domain based (e.g. dc=my-company, dc=com). Choose which type you want.
X
Please choose whether you wish a domain naming (dc)
or Organization (o) naming convention.
!
naming=""
while test -z "$naming" -o "$naming" != "dc" -a "$naming" != "o"
do 
X	prompt "domain naming (dc) or organization (o) naming (o)" ""
X	naming=$ans
done
X
X
# Enter organization name or dns domain name
if test $naming = dc; then
X	dc1=`hostname | awk -F. '{ printf "%s\n",  $(NF-1)}'`
X	prompt "Enter your domain name without the .com, .edu, .etc suffix" "$dc1"
X	dc1=$ans
X
X	dc2=`hostname | awk -F. '{ printf "%s\n",  $(NF)}'`
X	prompt "Enter the suffix (.com, .de, etc) for your domain name" "$dc2"
X	dc2=$ans
X
X	base="dc=$dc1, dc=$dc2"
X	prompt "Confirm the searchbase of your directory" "$base"
X	base="$ans"
X
X	cat > ${dir}/ldif.in <<!
dn: dc=$dc1, dc=$dc2
dc: $dc1
o: $dc1.$dc2
objectClass: organization
objectClass: dcObject
objectClass: top
X
!
X
else 
X	org=`hostname | awk -F. '{ printf "%s.%s\n",  $(NF-1), $NF}'`
X	prompt "Enter the name of your organization" "$org"
X	org=$ans
X
X	base="o=$org"
X	prompt "Confirm the searchbase of your directory" "$base"
X	base="$ans"
X	cat > ${dir}/ldif.in <<!
dn: $base
objectClass: organization
objectClass: top
o: $org
X
!
fi
X
##########################################  Add Manager
prompt "Enter a password for the Manager" "secret"
managerpass="$ans"
X
cat >> ${dir}/ldif.in <<!
dn: cn=Manager, $base
cn: Manager
sn: Manager
objectClass: person
userPassword: $managerpass
X
!
X
########################################### Build entry for person
cat <<!
We will now build an entry for a person. Probably yourself :-)
!
X
prompt "Enter your Surname (sn)" "Doe"
sn="$ans"
prompt "Enter your given or firstname (givenname)" "Jane"
givenname=$ans
prompt "Enter your telephonenumber" "555-1234"
telephonenumber=$ans
X
cn="$givenname $sn"
prompt "Confirm your common name (cn)" "$cn"
cn=$ans
X
prompt "Enter a password for yourself" ""
userpw=$ans
X
cat >> ${dir}/ldif.in <<!
dn: cn=$cn, $base
cn: $cn
sn: $sn
userPassword: $userpw
telephoneNumber: $telephonenumber
objectClass: top
objectClass: person
X
!
X
cat <<!
X
X
Please enter paths to the OpenLDAP software.
X
!
prompt "Path to OpenLDAP configuration files " "/usr/local/etc/openldap"
etcdir=$ans
prompt "Path to OpenLDAP sbin programs " "/usr/local/sbin"
sbindir=$ans
X
cat <<!
X
We need a directory to store the database (the LDBM database)
which will be used by slapd. This should be a clean directory
writeable by 'root' only.
X
!
prompt "spool directory where slapd will keep its database:" /usr/tmp
spooldir=$ans
X
########################## create slapd.conf
cat > ${dir}/slapd.conf <<!
#(@)slapd.conf
#   built by $PROGNAME
#   on `date`
#
include ${etcdir}/slapd.at.conf
include ${etcdir}/slapd.oc.conf
schemacheck on
X
database ldbm
suffix		"$base"
directory	$spooldir
rootdn		"cn=Manager, $base"
sizelimit	500
index           cn,sn		pres,eq,sub
index           objectclass     pres,eq
index           givenname       pres,eq
index           ou		pres,eq
index           default         none
X
lastmod		on
X
defaultaccess none
access          to attr=objectclass
X                by * read
access          to attr=userpassword
X                by self write
X                by * compare
access          to attr=member
X                by dnattr=member selfwrite
X                by * read
access          to dn=".*"
X                by self write
X                by dn="Manager, $base" write
X                by * read
access          to * by * read
X
!
X
X
########################## create ldap.conf
cat > ${dir}/ldap.conf <<!
#(@)ldap.conf
#   built by $PROGNAME
#   on `date`
#   See ldap.conf(5) for details
X
BASE		$base
HOST		localhost
PORT		389
SIZELIMIT	100
TIMELIMIT	0
DEREF		never
X
!
X
########################## create Makefile
cat > ${dir}/Makefile <<!
ETCDIR=$etcdir
SBINDIR=$sbindir
X
all:
X	@echo "Use one of"
X	@echo "	make install		to copy files to target directory"
X	@echo "	make load		to load directory from ldif.in"
X
install: slapd.conf ldap.conf
X	install -o root -m 0600 slapd.conf \$(ETCDIR)/slapd.conf
X	install -o root -m 0644 ldap.conf \$(ETCDIR)/ldap.conf
X
load: ldif.in
X	\$(SBINDIR)/ldif2ldbm -f \$(ETCDIR)/slapd.conf -i ldif.in
!
X
X
###################### build README
cat > ${dir}/README <<!
The following files have been created for you
X	README		this file
X	ldap.conf	for client programs
X	slapd.conf	for SLAPD
X	ldif.in		your initial LDIF file
X	add.sh		Script for testing ldapadd
X
Please follow these steps:
X
1.	Install slapd.conf and ldap.conf in $etcdir
X	This must be done as user 'root'
X
X		# make install
X
2. 	Load the SLAPD database with data for your
X	LDAP server
X
X		# make load
X
3. 	Start the Standalone LDAP server (slapd)
X
X		# /usr/local/libexec/slapd
X
4. 	Test the server
X
X		$ ldapsearch -b "$base" objectclass=*
X
5. 	If the client configuration file is ok, you should
X	be able to do
X
X		$ ldapsearch cn=manager
X	or even
X		$ ldapsearch sn="$sn"
X
6. 	See if you can access the LDAP server as manager.
X	This also tests the password you specified when
X	running $PROGNAME.
X
X		$ ldapsearch -D "cn=manager, $base" -W cn=manager
X
X	should show you the 'userPassword' attribute, which you
X	didn't see in step 5! 
X
7.	Try adding an entry to your directory.  Run the 'add.sh'
X	script in $dir
X
X		$ sh $dir/add.sh
X
8.	Now try once again to search for people with a surname
X	of 'Doe'
X
X		$ ldapsearch sn=doe
X
X	You should see two entries!
X
9. 	Congratulations. Finished. Everything seems to be 
X	working.
!
X
X
#################### build add.sh
cat > ${dir}/add.sh <<!
#!/bin/sh
ldapadd -D "cn=Manager, $base" -W <<EOF
dn=cn=John Doe, $base
cn=John Doe
cn=John S. Doe
sn=Doe
objectclass=top
objectclass=person
EOF
!
X
cat <<!
X
X
We have finished! Congratulations.
Now change to the temporary directory ($dir) and check the files
that were created there. Consult the README in $dir.
X
To install the configuration files, you can run 'make install'
(you will need to do that as root). Afterwards, you can run
'make load' to load the SLAPD database with initial data.
X
!
SHAR_EOF
  $shar_touch -am 01121657100 'mkconf' &&
  chmod 0755 'mkconf' ||
  $echo 'restore of' 'mkconf' 'failed'
  if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
  && ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
    md5sum -c << SHAR_EOF >/dev/null 2>&1 \
    || $echo 'mkconf:' 'MD5 check failed'
36ad38181945e4f50b19b1c5fd1192d7  mkconf
SHAR_EOF
  else
    shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'mkconf'`"
    test 7131 -eq "$shar_count" ||
    $echo 'mkconf:' 'original size' '7131,' 'current size' "$shar_count!"
  fi
fi
rm -fr _sh29663
exit 0