mirror of
https://github.com/samba-team/samba.git
synced 2025-01-13 13:18:06 +03:00
r21069: Try to split up the mktestsetup.sh script into parts to deal with each
LDAP implementation, and another to hold the key blobs. Also fix the OpenLDAP test. Andrew Bartlett
This commit is contained in:
parent
bd564da6b9
commit
ec511c592b
73
source/script/tests/mk-fedora-ds.sh
Normal file
73
source/script/tests/mk-fedora-ds.sh
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
FEDORA_DS_INF=$LDAPDIR/fedorads.inf
|
||||||
|
export FEDORA_DS_INF
|
||||||
|
FEDORA_DS_INITIAL_LDIF=$LDAPDIR/fedorads-initial-ldif.inf
|
||||||
|
FEDORA_DS_LDAP_PORT=3389
|
||||||
|
|
||||||
|
LDAP_URI="ldap://127.0.0.1:$FEDORA_DS_LDAP_PORT"
|
||||||
|
|
||||||
|
$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $LDAPDIR/99_ad.ldif >&2
|
||||||
|
|
||||||
|
cat >$FEDORA_DS_INF <<EOF
|
||||||
|
|
||||||
|
[General]
|
||||||
|
SuiteSpotUserID = $ROOT
|
||||||
|
FullMachineName= localhost
|
||||||
|
ServerRoot= $LDAPDIR
|
||||||
|
ConfigDirectoryLdapURL= $FEDORA_DS_LDAP_URI/o=NetscapeRoot
|
||||||
|
ConfigDirectoryAdminID= $USERNAME
|
||||||
|
AdminDomain= localdomain
|
||||||
|
ConfigDirectoryAdminPwd= $PASSWORD
|
||||||
|
|
||||||
|
Components= svrcore,base,slapd
|
||||||
|
|
||||||
|
[slapd]
|
||||||
|
ServerPort= $FEDORA_DS_LDAP_PORT
|
||||||
|
Suffix= $BASEDN
|
||||||
|
RootDN= cn=Manager,$BASEDN
|
||||||
|
RootDNPwd= $PASSWORD
|
||||||
|
Components= slapd
|
||||||
|
ServerIdentifier= samba4
|
||||||
|
InstallLdifFile=$FEDORA_DS_INITIAL_LDIF
|
||||||
|
|
||||||
|
inst_dir= $LDAPDIR/slapd-samba4
|
||||||
|
config_dir= $LDAPDIR/slapd-samba4
|
||||||
|
schema_dir= $LDAPDIR/slapd-samba4/schema
|
||||||
|
lock_dir= $LDAPDIR/slapd-samba4/lock
|
||||||
|
log_dir= $LDAPDIR/slapd-samba4/logs
|
||||||
|
run_dir= $LDAPDIR/slapd-samba4/logs
|
||||||
|
db_dir= $LDAPDIR/slapd-samba4/db
|
||||||
|
bak_dir= $LDAPDIR/slapd-samba4/bak
|
||||||
|
tmp_dir= $LDAPDIR/slapd-samba4/tmp
|
||||||
|
ldif_dir= $LDAPDIR/slapd-samba4/ldif
|
||||||
|
cert_dir= $LDAPDIR/slapd-samba4
|
||||||
|
|
||||||
|
[base]
|
||||||
|
Components= base
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat >$FEDORA_DS_INITIAL_LDIF<<EOF
|
||||||
|
# These entries need to be added to get the container for the
|
||||||
|
# provision to be aimed at.
|
||||||
|
|
||||||
|
dn: cn="dc=$BASEDN",cn=mapping tree,cn=config
|
||||||
|
objectclass: top
|
||||||
|
objectclass: extensibleObject
|
||||||
|
objectclass: nsMappingTree
|
||||||
|
nsslapd-state: backend
|
||||||
|
nsslapd-backend: UserData
|
||||||
|
cn: $BASEDN
|
||||||
|
|
||||||
|
dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config
|
||||||
|
objectclass: extensibleObject
|
||||||
|
objectclass: nsBackendInstance
|
||||||
|
nsslapd-suffix: $BASEDN
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
LDAP_URI_ESCAPE=$LDAP_URI;
|
||||||
|
PROVISION_OPTIONS="$PROVISION_OPTIONS --ldap-module=nsuniqueid"
|
||||||
|
#it is easier to base64 encode this than correctly escape it:
|
||||||
|
# (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)
|
||||||
|
PROVISION_ACI="--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK"
|
||||||
|
|
155
source/script/tests/mk-keyblobs.sh
Normal file
155
source/script/tests/mk-keyblobs.sh
Normal file
@ -0,0 +1,155 @@
|
|||||||
|
#TLS and PKINIT crypto blobs
|
||||||
|
TLSDIR=$PRIVATEDIR/tls
|
||||||
|
DHFILE=$TLSDIR/dhparms.pem
|
||||||
|
CAFILE=$TLSDIR/ca.pem
|
||||||
|
CERTFILE=$TLSDIR/cert.pem
|
||||||
|
REQKDC=$TLSDIR/req-kdc.der
|
||||||
|
KDCCERTFILE=$TLSDIR/kdc.pem
|
||||||
|
KEYFILE=$TLSDIR/key.pem
|
||||||
|
ADMINKEYFILE=$TLSDIR/adminkey.pem
|
||||||
|
REQADMIN=$TLSDIR/req-admin.der
|
||||||
|
ADMINKEYFILE=$TLSDIR/adminkey.pem
|
||||||
|
ADMINCERTFILE=$TLSDIR/admincert.pem
|
||||||
|
|
||||||
|
#This is specified here to avoid draining entropy on every run
|
||||||
|
cat >$DHFILE<<EOF
|
||||||
|
-----BEGIN DH PARAMETERS-----
|
||||||
|
MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
|
||||||
|
svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
|
||||||
|
YX70obsCAQI=
|
||||||
|
-----END DH PARAMETERS-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#Likewise, we pregenerate the key material. This allows the
|
||||||
|
#other certificates to be pre-generated
|
||||||
|
cat >$KEYFILE<<EOF
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
|
||||||
|
ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
|
||||||
|
6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
|
||||||
|
AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
|
||||||
|
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
|
||||||
|
szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
|
||||||
|
9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
|
||||||
|
8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
|
||||||
|
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
|
||||||
|
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
|
||||||
|
jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
|
||||||
|
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
|
||||||
|
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat >$ADMINKEYFILE<<EOF
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
|
||||||
|
5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
|
||||||
|
XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
|
||||||
|
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
|
||||||
|
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
|
||||||
|
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
|
||||||
|
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
|
||||||
|
eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
|
||||||
|
I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
|
||||||
|
ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
|
||||||
|
OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
|
||||||
|
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
|
||||||
|
+cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#generated with
|
||||||
|
#hxtool issue-certificate --self-signed --issue-ca --ca-private-key=FILE:$KEYFILE \
|
||||||
|
# --subject="CN=CA,$BASEDN" --certificate="FILE:$CAFILE"
|
||||||
|
|
||||||
|
cat >$CAFILE<<EOF
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIChTCCAe6gAwIBAgIUFZoF6jt0R+hQBdF7cWPy0tT3fGwwCwYJKoZIhvcNAQEFMFIxEzAR
|
||||||
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
||||||
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDU1MzA5WhgPMjAwODAxMjQw
|
||||||
|
NTUzMDlaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
||||||
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
|
||||||
|
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
|
||||||
|
I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
|
||||||
|
ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo1YwVDAOBgNVHQ8BAf8EBAMC
|
||||||
|
AqQwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIw
|
||||||
|
DwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQBgzh5uLDmESGYv60iUdEfuk/T9
|
||||||
|
VCpzb1z3VJVWt3uJoQYbcpR00SKeyMdlfTTLzO6tSPMmlk4hwqfvLkPzGCSObR4DRRYa0BtY
|
||||||
|
2laBVlg9X59bGpMUvpFQfpvxjvFWNJDL+377ELCVpLNdoR23I9TKXlalj0bY5Ks46CVIrm6W
|
||||||
|
EA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#generated with GNUTLS internally in Samba.
|
||||||
|
|
||||||
|
cat >$CERTFILE<<EOF
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
|
||||||
|
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
|
||||||
|
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
|
||||||
|
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
|
||||||
|
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
|
||||||
|
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
|
||||||
|
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
|
||||||
|
S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
|
||||||
|
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
|
||||||
|
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
|
||||||
|
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
|
||||||
|
LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
|
||||||
|
nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#KDC certificate
|
||||||
|
# hxtool request-create --subject="CN=krbtgt,cn=users,$basedn" --key=FILE:$KEYFILE $KDCREQ
|
||||||
|
|
||||||
|
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-kdc" --pk-init-principal="krbtgt/$RELAM@$REALM" --req="$KDCREQ" --certificate="FILE:$KDCCERTFILE"
|
||||||
|
|
||||||
|
cat >$KDCCERTFILE<<EOF
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDDDCCAnWgAwIBAgIUDEhjaOT1ZjHjHHEn+l5eYO05oK8wCwYJKoZIhvcNAQEFMFIxEzAR
|
||||||
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
||||||
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcwNzA4WhgPMjAwODAxMjQw
|
||||||
|
NzA3MDhaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
||||||
|
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
|
||||||
|
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
|
||||||
|
yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
|
||||||
|
PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
|
||||||
|
AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
|
||||||
|
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
|
||||||
|
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
|
||||||
|
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
|
||||||
|
AQUFAAOBgQCMSgLkIv9RobE0a95H2ECA+5YABBwKXIt4AyN/HpV7iJdRx7B9PE6vM+nboVKY
|
||||||
|
E7i7ECUc3bu6NgrLu7CKHelNclHWWMiZzSUwhkXyvG/LE9qtr/onNu9NfLt1OV+dwQwyLdEP
|
||||||
|
n63FxSmsKg3dfi3ryQI/DIKeisvipwDtLqOn9g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
#hxtool request-create --subject="CN=Administrator,cn=users,$basedn" --key=FILE:$ADMINKEYFILE $ADMINREQFILE
|
||||||
|
#hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-client" --pk-init-principal="administrator@$REALM" --req="$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE"
|
||||||
|
|
||||||
|
cat >$ADMINCERTFILE<<EOF
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICwjCCAiugAwIBAgIUXyECoq4im33ByZDWZMGhtpvHYWEwCwYJKoZIhvcNAQEFMFIxEzAR
|
||||||
|
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
||||||
|
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcyMzE2WhgPMjAwODAxMjQw
|
||||||
|
NzIzMTZaMCgxDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1pbmlzdHJhdG9yMIGfMA0G
|
||||||
|
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHE
|
||||||
|
si5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
|
||||||
|
XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQABo4G8MIG5
|
||||||
|
MA4GA1UdDwEB/wQEAwIFoDASBgNVHSUECzAJBgcrBgEFAgMEMEgGA1UdEQRBMD+gPQYGKwYB
|
||||||
|
BQICoDMwMaATGxFTQU1CQS5FWEFNUExFLkNPTaEaMBigAwIBAaERMA8bDWFkbWluaXN0cmF0
|
||||||
|
b3IwHwYDVR0jBBgwFoAUwtm596AMotmzRU7IVdgrUvozyjIwHQYDVR0OBBYEFCDzVsvJ8IDz
|
||||||
|
wLYH8EONeUa5oVrGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbTCnaPTieVZPV3bH
|
||||||
|
UmAMbnF9+YN1mCbe2xZJ0xzve+Yw1XO82iv/9kZaZkcRkaQt2qcwsBK/aSPOgfqGx+mJ7hXQ
|
||||||
|
AGWvAJhnWi25PawNaRysCN8WC6+nWKR4d2O2m5rpj3T9kH5WE7QbG0bCu92dGaS29FvWDCP3
|
||||||
|
q9pRtDOoAZc=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
EOF
|
122
source/script/tests/mk-openldap.sh
Normal file
122
source/script/tests/mk-openldap.sh
Normal file
@ -0,0 +1,122 @@
|
|||||||
|
SLAPD_CONF=$LDAPDIR/slapd.conf
|
||||||
|
export SLAPD_CONF
|
||||||
|
|
||||||
|
cat >$SLAPD_CONF <<EOF
|
||||||
|
loglevel 0
|
||||||
|
|
||||||
|
include $LDAPDIR/ad.schema
|
||||||
|
|
||||||
|
pidfile $PIDDIR/slapd.pid
|
||||||
|
argsfile $LDAPDIR/slapd.args
|
||||||
|
sasl-realm $DNSNAME
|
||||||
|
access to * by * write
|
||||||
|
|
||||||
|
allow update_anon
|
||||||
|
|
||||||
|
authz-regexp
|
||||||
|
uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth
|
||||||
|
ldap:///$BASEDN??sub?(samAccountName=\$1)
|
||||||
|
|
||||||
|
authz-regexp
|
||||||
|
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
||||||
|
ldap:///$BASEDN??sub?(samAccountName=\$1)
|
||||||
|
|
||||||
|
include $LDAPDIR/modules.conf
|
||||||
|
|
||||||
|
defaultsearchbase "$BASEDN"
|
||||||
|
|
||||||
|
backend bdb
|
||||||
|
database bdb
|
||||||
|
suffix "$BASEDN"
|
||||||
|
rootdn "cn=Manager,$BASEDN"
|
||||||
|
rootpw $PASSWORD
|
||||||
|
directory $LDAPDIR/db
|
||||||
|
index objectClass eq
|
||||||
|
index samAccountName eq
|
||||||
|
index name eq
|
||||||
|
index objectSid eq
|
||||||
|
index objectCategory eq
|
||||||
|
index member eq
|
||||||
|
index uidNumber eq
|
||||||
|
index gidNumber eq
|
||||||
|
index unixName eq
|
||||||
|
index privilege eq
|
||||||
|
index nCName eq pres
|
||||||
|
index lDAPDisplayName eq
|
||||||
|
index subClassOf eq
|
||||||
|
index dnsRoot eq
|
||||||
|
index nETBIOSName eq pres
|
||||||
|
|
||||||
|
overlay syncprov
|
||||||
|
syncprov-checkpoint 100 10
|
||||||
|
syncprov-sessionlog 100
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > $LDAPDIR/db/DB_CONFIG <<EOF
|
||||||
|
#
|
||||||
|
# Set the database in memory cache size.
|
||||||
|
#
|
||||||
|
set_cachesize 0 524288 0
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set database flags (this is a test environment, we don't need to fsync()).
|
||||||
|
#
|
||||||
|
set_flags DB_TXN_NOSYNC
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set log values.
|
||||||
|
#
|
||||||
|
set_lg_regionmax 104857
|
||||||
|
set_lg_max 1048576
|
||||||
|
set_lg_bsize 209715
|
||||||
|
set_lg_dir $LDAPDIR/db/bdb-logs
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Set temporary file creation directory.
|
||||||
|
#
|
||||||
|
set_tmp_dir $LDAPDIR/db/tmp
|
||||||
|
EOF
|
||||||
|
|
||||||
|
LDAP_URI="ldapi://$LDAPDIR/ldapi"
|
||||||
|
LDAP_URI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'`
|
||||||
|
export LDAP_URI
|
||||||
|
export LDAP_URI_ESCAPE
|
||||||
|
|
||||||
|
#This uses the provision we just did, to read out the schema
|
||||||
|
$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2
|
||||||
|
|
||||||
|
#Now create an LDAP baseDN
|
||||||
|
$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-base >&2
|
||||||
|
|
||||||
|
OLDPATH=$PATH
|
||||||
|
PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
|
||||||
|
export PATH
|
||||||
|
|
||||||
|
MODCONF=$LDAPDIR/modules.conf
|
||||||
|
rm -f $MODCONF
|
||||||
|
touch $MODCONF
|
||||||
|
|
||||||
|
slaptest -u -f $SLAPD_CONF >&2 || {
|
||||||
|
echo "enabling slapd modules" >&2
|
||||||
|
cat > $MODCONF <<EOF
|
||||||
|
modulepath /usr/lib/ldap
|
||||||
|
moduleload back_bdb
|
||||||
|
EOF
|
||||||
|
}
|
||||||
|
|
||||||
|
if slaptest -u -f $SLAPD_CONF; then
|
||||||
|
slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || {
|
||||||
|
echo "slapadd failed" >&2
|
||||||
|
}
|
||||||
|
|
||||||
|
slaptest -f $SLAPD_CONF >/dev/null || {
|
||||||
|
echo "slaptest after database load failed" >&2
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
PATH=$OLDPATH
|
||||||
|
export PATH
|
||||||
|
|
@ -74,14 +74,9 @@ ADMINCERTFILE=$TLSDIR/admincert.pem
|
|||||||
WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
|
WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
|
||||||
CONFIGURATION="--configfile=$CONFFILE"
|
CONFIGURATION="--configfile=$CONFFILE"
|
||||||
LDAPDIR=$PREFIX_ABS/ldap
|
LDAPDIR=$PREFIX_ABS/ldap
|
||||||
SLAPD_CONF=$LDAPDIR/slapd.conf
|
|
||||||
FEDORA_DS_INF=$LDAPDIR/fedorads.inf
|
|
||||||
FEDORA_DS_INITIAL_LDIF=$LDAPDIR/fedorads-initial-ldif.inf
|
|
||||||
FEDORA_DS_LDAP_PORT=3389
|
|
||||||
|
|
||||||
export CONFIGURATION
|
export CONFIGURATION
|
||||||
export CONFFILE
|
export CONFFILE
|
||||||
export SLAPD_CONF
|
|
||||||
export PIDDIR
|
export PIDDIR
|
||||||
export AUTH
|
export AUTH
|
||||||
export SERVER
|
export SERVER
|
||||||
@ -158,7 +153,7 @@ cat >$CONFFILE<<EOF
|
|||||||
path = $TMPDIR
|
path = $TMPDIR
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
## Override default srahes_config.ldb file
|
## Override default share.ldb file
|
||||||
rm -f $PRIVATEDIR/share.ldb
|
rm -f $PRIVATEDIR/share.ldb
|
||||||
cat >$PRIVATEDIR/share.ldif<<EOF
|
cat >$PRIVATEDIR/share.ldif<<EOF
|
||||||
### Shares basedn
|
### Shares basedn
|
||||||
@ -265,287 +260,7 @@ cat >$KRB5_CONFIG<<EOF
|
|||||||
EOF
|
EOF
|
||||||
export KRB5_CONFIG
|
export KRB5_CONFIG
|
||||||
|
|
||||||
#This is specified here to avoid draining entropy on every run
|
. `dirname $0`/mk-keyblobs.sh
|
||||||
cat >$DHFILE<<EOF
|
|
||||||
-----BEGIN DH PARAMETERS-----
|
|
||||||
MGYCYQC/eWD2xkb7uELmqLi+ygPMKyVcpHUo2yCluwnbPutEueuxrG/Cys8j8wLO
|
|
||||||
svCN/jYNyR2NszOmg7ZWcOC/4z/4pWDVPUZr8qrkhj5MRKJc52MncfaDglvEdJrv
|
|
||||||
YX70obsCAQI=
|
|
||||||
-----END DH PARAMETERS-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#Likewise, we pregenerate the key material. This allows the
|
|
||||||
#other certificates to be pre-generated
|
|
||||||
cat >$KEYFILE<<EOF
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpc
|
|
||||||
ol3+S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H
|
|
||||||
6H+pPqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQAB
|
|
||||||
AoGAAqDLzFRR/BF1kpsiUfL4WFvTarCe9duhwj7ORc6fs785qAXuwUYAJ0Uvzmy6
|
|
||||||
HqoGv3t3RfmeHDmjcpPHsbOKnsOQn2MgmthidQlPBMWtQMff5zdoYNUFiPS0XQBq
|
|
||||||
szNW4PRjaA9KkLQVTwnzdXGkBSkn/nGxkaVu7OR3vJOBoo0CQQDO4upypesnbe6p
|
|
||||||
9/xqfZ2uim8IwV1fLlFClV7WlCaER8tsQF4lEi0XSzRdXGUD/dilpY88Nb+xok/X
|
|
||||||
8Z8OvgAXAkEA+pcLsx1gN7kxnARxv54jdzQjC31uesJgMKQXjJ0h75aUZwTNHmZQ
|
|
||||||
vPxi6u62YiObrN5oivkixwFNncT9MxTxVQJBAMaWUm2SjlLe10UX4Zdm1MEB6OsC
|
|
||||||
kVoX37CGKO7YbtBzCfTzJGt5Mwc1DSLA2cYnGJqIfSFShptALlwedot0HikCQAJu
|
|
||||||
jNKEKnbf+TdGY8Q0SKvTebOW2Aeg80YFkaTvsXCdyXrmdQcifw4WdO9KucJiDhSz
|
|
||||||
Y9hVapz7ykEJtFtWjLECQQDIlfc63I5ZpXfg4/nN4IJXUW6AmPVOYIA5215itgki
|
|
||||||
cSlMYli1H9MEXH0pQMGv5Qyd0OYIx2DDg96mZ+aFvqSG
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat >$ADMINKEYFILE<<EOF
|
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIICXQIBAAKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHEsi5owhZF
|
|
||||||
5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
|
|
||||||
XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQAB
|
|
||||||
AoGAP8mjCP628Ebc2eACQzOWjgEvwYCPK4qPmYOf1zJkArzG2t5XAGJ5WGrENRuB
|
|
||||||
cm3XFh1lpmaADl982UdW3gul4gXUy6w4XjKK4vVfhyHj0kZ/LgaXUK9BAGhroJ2L
|
|
||||||
osIOUsaC6jdx9EwSRctwdlF3wWJ8NK0g28AkvIk+FlolW4ECQQD7w5ouCDnf58CN
|
|
||||||
u4nARx4xv5XJXekBvOomkCQAmuOsdOb6b9wn3mm2E3au9fueITjb3soMR31AF6O4
|
|
||||||
eAY126rXAkEA+RgHzybzZEP8jCuznMqoN2fq/Vrs6+W3M8/G9mzGEMgLLpaf2Jiz
|
|
||||||
I9tLZ0+OFk9tkRaoCHPfUOCrVWJZ7Y53QQJBAMhoA6rw0WDyUcyApD5yXg6rusf4
|
|
||||||
ASpo/tqDkqUIpoL464Qe1tjFqtBM3gSXuhs9xsz+o0bzATirmJ+WqxrkKTECQHt2
|
|
||||||
OLCpKqwAspU7N+w32kaUADoRLisCEdrhWklbwpQgwsIVsCaoEOpt0CLloJRYTANE
|
|
||||||
yoZeAErTALjyZYZEPcECQQDlUi0N8DFxQ/lOwWyR3Hailft+mPqoPCa8QHlQZnlG
|
|
||||||
+cfgNl57YHMTZFwgUVFRdJNpjH/WdZ5QxDcIVli0q+Ko
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#generated with
|
|
||||||
#hxtool issue-certificate --self-signed --issue-ca --ca-private-key=FILE:$KEYFILE \
|
|
||||||
# --subject="CN=CA,$BASEDN" --certificate="FILE:$CAFILE"
|
|
||||||
|
|
||||||
cat >$CAFILE<<EOF
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIChTCCAe6gAwIBAgIUFZoF6jt0R+hQBdF7cWPy0tT3fGwwCwYJKoZIhvcNAQEFMFIxEzAR
|
|
||||||
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
||||||
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDU1MzA5WhgPMjAwODAxMjQw
|
|
||||||
NTUzMDlaMFIxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
||||||
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMIGfMA0GCSqGSIb3DQEBAQUA
|
|
||||||
A4GNADCBiQKBgQDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+S9/6
|
|
||||||
I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+pPqVIRLOmrWIm
|
|
||||||
ai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABo1YwVDAOBgNVHQ8BAf8EBAMC
|
|
||||||
AqQwEgYDVR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIw
|
|
||||||
DwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQBgzh5uLDmESGYv60iUdEfuk/T9
|
|
||||||
VCpzb1z3VJVWt3uJoQYbcpR00SKeyMdlfTTLzO6tSPMmlk4hwqfvLkPzGCSObR4DRRYa0BtY
|
|
||||||
2laBVlg9X59bGpMUvpFQfpvxjvFWNJDL+377ELCVpLNdoR23I9TKXlalj0bY5Ks46CVIrm6W
|
|
||||||
EA==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#generated with GNUTLS internally in Samba.
|
|
||||||
|
|
||||||
cat >$CERTFILE<<EOF
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICYTCCAcygAwIBAgIE5M7SRDALBgkqhkiG9w0BAQUwZTEdMBsGA1UEChMUU2Ft
|
|
||||||
YmEgQWRtaW5pc3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1
|
|
||||||
dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMB4XDTA2MDgw
|
|
||||||
NDA0MzY1MloXDTA4MDcwNDA0MzY1MlowZTEdMBsGA1UEChMUU2FtYmEgQWRtaW5p
|
|
||||||
c3RyYXRpb24xNDAyBgNVBAsTK1NhbWJhIC0gdGVtcG9yYXJ5IGF1dG9nZW5lcmF0
|
|
||||||
ZWQgY2VydGlmaWNhdGUxDjAMBgNVBAMTBVNhbWJhMIGcMAsGCSqGSIb3DQEBAQOB
|
|
||||||
jAAwgYgCgYDKg6pAwCHUMA1DfHDmWhZfd+F0C+9Jxcqvpw9ii9En3E1uflpcol3+
|
|
||||||
S9/6I/uaTmJHZre+DF3dTzb/UOZo0Zem8N+IzzkgoGkFafjXuT3BL5UPY2/H6H+p
|
|
||||||
PqVIRLOmrWImai359YyoKhFyo37Y6HPeU8QcZ+u2rS9geapIWfeuowIDAQABoyUw
|
|
||||||
IzAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGCSqGSIb3DQEB
|
|
||||||
BQOBgQAmkN6XxvDnoMkGcWLCTwzxGfNNSVcYr7TtL2aJh285Xw9zaxcm/SAZBFyG
|
|
||||||
LYOChvh6hPU7joMdDwGfbiLrBnMag+BtGlmPLWwp/Kt1wNmrRhduyTQFhN3PP6fz
|
|
||||||
nBr9vVny2FewB2gHmelaPS//tXdxivSXKz3NFqqXLDJjq7P8wA==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#KDC certificate
|
|
||||||
# hxtool request-create --subject="CN=krbtgt,cn=users,$basedn" --key=FILE:$KEYFILE $KDCREQ
|
|
||||||
|
|
||||||
# hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-kdc" --pk-init-principal="krbtgt/$RELAM@$REALM" --req="$KDCREQ" --certificate="FILE:$KDCCERTFILE"
|
|
||||||
|
|
||||||
cat >$KDCCERTFILE<<EOF
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIDDDCCAnWgAwIBAgIUDEhjaOT1ZjHjHHEn+l5eYO05oK8wCwYJKoZIhvcNAQEFMFIxEzAR
|
|
||||||
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
||||||
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcwNzA4WhgPMjAwODAxMjQw
|
|
||||||
NzA3MDhaMGYxEzARBgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxl
|
|
||||||
MRUwEwYKCZImiZPyLGQBGQwFc2FtYmExDjAMBgNVBAMMBXVzZXJzMQ8wDQYDVQQDDAZrcmJ0
|
|
||||||
Z3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqDqkDAIdQwDUN8cOZaFl934XQL70nF
|
|
||||||
yq+nD2KL0SfcTW5+WlyiXf5L3/oj+5pOYkdmt74MXd1PNv9Q5mjRl6bw34jPOSCgaQVp+Ne5
|
|
||||||
PcEvlQ9jb8fof6k+pUhEs6atYiZqLfn1jKgqEXKjftjoc95TxBxn67atL2B5qkhZ966jAgMB
|
|
||||||
AAGjgcgwgcUwDgYDVR0PAQH/BAQDAgWgMBIGA1UdJQQLMAkGBysGAQUCAwUwVAYDVR0RBE0w
|
|
||||||
S6BJBgYrBgEFAgKgPzA9oBMbEVNBTUJBLkVYQU1QTEUuQ09NoSYwJKADAgEBoR0wGxsGa3Ji
|
|
||||||
dGd0GxFTQU1CQS5FWEFNUExFLkNPTTAfBgNVHSMEGDAWgBTC2bn3oAyi2bNFTshV2CtS+jPK
|
|
||||||
MjAdBgNVHQ4EFgQUwtm596AMotmzRU7IVdgrUvozyjIwCQYDVR0TBAIwADANBgkqhkiG9w0B
|
|
||||||
AQUFAAOBgQCMSgLkIv9RobE0a95H2ECA+5YABBwKXIt4AyN/HpV7iJdRx7B9PE6vM+nboVKY
|
|
||||||
E7i7ECUc3bu6NgrLu7CKHelNclHWWMiZzSUwhkXyvG/LE9qtr/onNu9NfLt1OV+dwQwyLdEP
|
|
||||||
n63FxSmsKg3dfi3ryQI/DIKeisvipwDtLqOn9g==
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
#hxtool request-create --subject="CN=Administrator,cn=users,$basedn" --key=FILE:$ADMINKEYFILE $ADMINREQFILE
|
|
||||||
#hxtool issue-certificate --ca-certificate=FILE:$CAFILE,$KEYFILE --type="pkinit-client" --pk-init-principal="administrator@$REALM" --req="$ADMINREQFILE" --certificate="FILE:$ADMINCERTFILE"
|
|
||||||
|
|
||||||
cat >$ADMINCERTFILE<<EOF
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICwjCCAiugAwIBAgIUXyECoq4im33ByZDWZMGhtpvHYWEwCwYJKoZIhvcNAQEFMFIxEzAR
|
|
||||||
BgoJkiaJk/IsZAEZDANjb20xFzAVBgoJkiaJk/IsZAEZDAdleGFtcGxlMRUwEwYKCZImiZPy
|
|
||||||
LGQBGQwFc2FtYmExCzAJBgNVBAMMAkNBMCIYDzIwMDcwMTIzMDcyMzE2WhgPMjAwODAxMjQw
|
|
||||||
NzIzMTZaMCgxDjAMBgNVBAMMBXVzZXJzMRYwFAYDVQQDDA1BZG1pbmlzdHJhdG9yMIGfMA0G
|
|
||||||
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQD0+OL7TQBj0RejbIH1+g5GeRaWaM9xF43uE5y7jUHE
|
|
||||||
si5owhZF5iIoHZeeL6cpDF5y1BZRs0JlA1VqMry1jjKlzFYVEMMFxB6esnXhl0Jpip1JkUMM
|
|
||||||
XLOP1m/0dqayuHBWozj9f/cdyCJr0wJIX1Z8Pr+EjYRGPn/MF0xdl3JRlwIDAQABo4G8MIG5
|
|
||||||
MA4GA1UdDwEB/wQEAwIFoDASBgNVHSUECzAJBgcrBgEFAgMEMEgGA1UdEQRBMD+gPQYGKwYB
|
|
||||||
BQICoDMwMaATGxFTQU1CQS5FWEFNUExFLkNPTaEaMBigAwIBAaERMA8bDWFkbWluaXN0cmF0
|
|
||||||
b3IwHwYDVR0jBBgwFoAUwtm596AMotmzRU7IVdgrUvozyjIwHQYDVR0OBBYEFCDzVsvJ8IDz
|
|
||||||
wLYH8EONeUa5oVrGMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAbTCnaPTieVZPV3bH
|
|
||||||
UmAMbnF9+YN1mCbe2xZJ0xzve+Yw1XO82iv/9kZaZkcRkaQt2qcwsBK/aSPOgfqGx+mJ7hXQ
|
|
||||||
AGWvAJhnWi25PawNaRysCN8WC6+nWKR4d2O2m5rpj3T9kH5WE7QbG0bCu92dGaS29FvWDCP3
|
|
||||||
q9pRtDOoAZc=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat >$SLAPD_CONF <<EOF
|
|
||||||
loglevel 0
|
|
||||||
|
|
||||||
include $LDAPDIR/ad.schema
|
|
||||||
|
|
||||||
pidfile $PIDDIR/slapd.pid
|
|
||||||
argsfile $LDAPDIR/slapd.args
|
|
||||||
sasl-realm $DNSNAME
|
|
||||||
access to * by * write
|
|
||||||
|
|
||||||
allow update_anon
|
|
||||||
|
|
||||||
authz-regexp
|
|
||||||
uid=([^,]*),cn=$DNSNAME,cn=digest-md5,cn=auth
|
|
||||||
ldap:///$BASEDN??sub?(samAccountName=\$1)
|
|
||||||
|
|
||||||
authz-regexp
|
|
||||||
uid=([^,]*),cn=([^,]*),cn=digest-md5,cn=auth
|
|
||||||
ldap:///$BASEDN??sub?(samAccountName=\$1)
|
|
||||||
|
|
||||||
include $LDAPDIR/modules.conf
|
|
||||||
|
|
||||||
defaultsearchbase "$BASEDN"
|
|
||||||
|
|
||||||
backend bdb
|
|
||||||
database bdb
|
|
||||||
suffix "$BASEDN"
|
|
||||||
rootdn "cn=Manager,$BASEDN"
|
|
||||||
rootpw $PASSWORD
|
|
||||||
directory $LDAPDIR/db
|
|
||||||
index objectClass eq
|
|
||||||
index samAccountName eq
|
|
||||||
index name eq
|
|
||||||
index objectSid eq
|
|
||||||
index objectCategory eq
|
|
||||||
index member eq
|
|
||||||
index uidNumber eq
|
|
||||||
index gidNumber eq
|
|
||||||
index unixName eq
|
|
||||||
index privilege eq
|
|
||||||
index nCName eq pres
|
|
||||||
index lDAPDisplayName eq
|
|
||||||
index subClassOf eq
|
|
||||||
index dnsRoot eq
|
|
||||||
index nETBIOSName eq pres
|
|
||||||
|
|
||||||
overlay syncprov
|
|
||||||
syncprov-checkpoint 100 10
|
|
||||||
syncprov-sessionlog 100
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat > $LDAPDIR/db/DB_CONFIG <<EOF
|
|
||||||
#
|
|
||||||
# Set the database in memory cache size.
|
|
||||||
#
|
|
||||||
set_cachesize 0 524288 0
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Set database flags (this is a test environment, we don't need to fsync()).
|
|
||||||
#
|
|
||||||
set_flags DB_TXN_NOSYNC
|
|
||||||
|
|
||||||
#
|
|
||||||
# Set log values.
|
|
||||||
#
|
|
||||||
set_lg_regionmax 104857
|
|
||||||
set_lg_max 1048576
|
|
||||||
set_lg_bsize 209715
|
|
||||||
set_lg_dir $LDAPDIR/db/bdb-logs
|
|
||||||
|
|
||||||
|
|
||||||
#
|
|
||||||
# Set temporary file creation directory.
|
|
||||||
#
|
|
||||||
set_tmp_dir $LDAPDIR/db/tmp
|
|
||||||
EOF
|
|
||||||
|
|
||||||
FEDORA_DS_LDAP_URI="ldap://127.0.0.1:$FEDORA_DS_LDAP_PORT"
|
|
||||||
|
|
||||||
cat >$FEDORA_DS_INF <<EOF
|
|
||||||
|
|
||||||
[General]
|
|
||||||
SuiteSpotUserID = $ROOT
|
|
||||||
FullMachineName= localhost
|
|
||||||
ServerRoot= $LDAPDIR
|
|
||||||
ConfigDirectoryLdapURL= $FEDORA_DS_LDAP_URI/o=NetscapeRoot
|
|
||||||
ConfigDirectoryAdminID= $USERNAME
|
|
||||||
AdminDomain= localdomain
|
|
||||||
ConfigDirectoryAdminPwd= $PASSWORD
|
|
||||||
|
|
||||||
Components= svrcore,base,slapd
|
|
||||||
|
|
||||||
[slapd]
|
|
||||||
ServerPort= $FEDORA_DS_LDAP_PORT
|
|
||||||
Suffix= $BASEDN
|
|
||||||
RootDN= cn=Manager,$BASEDN
|
|
||||||
RootDNPwd= $PASSWORD
|
|
||||||
Components= slapd
|
|
||||||
ServerIdentifier= samba4
|
|
||||||
InstallLdifFile=$FEDORA_DS_INITIAL_LDIF
|
|
||||||
|
|
||||||
inst_dir= $LDAPDIR/slapd-samba4
|
|
||||||
config_dir= $LDAPDIR/slapd-samba4
|
|
||||||
schema_dir= $LDAPDIR/slapd-samba4/schema
|
|
||||||
lock_dir= $LDAPDIR/slapd-samba4/lock
|
|
||||||
log_dir= $LDAPDIR/slapd-samba4/logs
|
|
||||||
run_dir= $LDAPDIR/slapd-samba4/logs
|
|
||||||
db_dir= $LDAPDIR/slapd-samba4/db
|
|
||||||
bak_dir= $LDAPDIR/slapd-samba4/bak
|
|
||||||
tmp_dir= $LDAPDIR/slapd-samba4/tmp
|
|
||||||
ldif_dir= $LDAPDIR/slapd-samba4/ldif
|
|
||||||
cert_dir= $LDAPDIR/slapd-samba4
|
|
||||||
|
|
||||||
[base]
|
|
||||||
Components= base
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat >$FEDORA_DS_INITIAL_LDIF<<EOF
|
|
||||||
# These entries need to be added to get the container for the
|
|
||||||
# provision to be aimed at.
|
|
||||||
|
|
||||||
dn: cn="dc=$BASEDN",cn=mapping tree,cn=config
|
|
||||||
objectclass: top
|
|
||||||
objectclass: extensibleObject
|
|
||||||
objectclass: nsMappingTree
|
|
||||||
nsslapd-state: backend
|
|
||||||
nsslapd-backend: UserData
|
|
||||||
cn: $BASEDN
|
|
||||||
|
|
||||||
dn: cn=UserData,cn=ldbm database,cn=plugins,cn=config
|
|
||||||
objectclass: extensibleObject
|
|
||||||
objectclass: nsBackendInstance
|
|
||||||
nsslapd-suffix: $BASEDN
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1"
|
PROVISION_OPTIONS="$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1"
|
||||||
PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM"
|
PROVISION_OPTIONS="$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM"
|
||||||
@ -553,57 +268,12 @@ PROVISION_OPTIONS="$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT"
|
|||||||
PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT"
|
PROVISION_OPTIONS="$PROVISION_OPTIONS --simple-bind-dn=cn=Manager,$BASEDN --password=$PASSWORD --root=$ROOT"
|
||||||
$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS >&2
|
$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS >&2
|
||||||
|
|
||||||
if test -z "$FEDORA_DS_PREFIX"; then
|
. `dirname $0`/mk-openldap.sh
|
||||||
LDAP_URI="ldapi://$LDAPDIR/ldapi"
|
|
||||||
LDAP_URI_ESCAPE="ldapi://"`echo $LDAPDIR/ldapi | sed 's|/|%2F|g'`
|
|
||||||
export LDAPI
|
|
||||||
export LDAPI_ESCAPE
|
|
||||||
else
|
|
||||||
LDAP_URI=$FEDORA_DS_LDAP_URI;
|
|
||||||
LDAP_URI_ESCAPE=$FEDORA_DS_LDAP_URI;
|
|
||||||
PROVISION_OPTIONS="$PROVISION_OPTIONS --ldap-module=nsuniqueid"
|
|
||||||
#it is easier to base64 encode this than correctly escape it:
|
|
||||||
# (targetattr = "*") (version 3.0;acl "full access to all by all";allow (all)(userdn = "ldap:///anyone");)
|
|
||||||
PROVISION_ACI="--aci=aci:: KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
test -z "$FEDORA_DS_PREFIX" || {
|
||||||
#This uses the provision we just did, to read out the schema
|
. `dirname $0`/mk-fedora-ds.sh
|
||||||
$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb -I $srcdir/setup/schema-map-openldap-2.3 -O $LDAPDIR/ad.schema >&2
|
|
||||||
$srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $LDAPDIR/99_ad.ldif >&2
|
|
||||||
|
|
||||||
#Now create an LDAP baseDN
|
|
||||||
$srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS "$PROVISION_ACI" --ldap-base >&2
|
|
||||||
|
|
||||||
OLDPATH=$PATH
|
|
||||||
PATH=/usr/local/sbin:/usr/sbin:/sbin:$PATH
|
|
||||||
export PATH
|
|
||||||
|
|
||||||
MODCONF=$LDAPDIR/modules.conf
|
|
||||||
rm -f $MODCONF
|
|
||||||
touch $MODCONF
|
|
||||||
|
|
||||||
slaptest -u -f $SLAPD_CONF >&2 || {
|
|
||||||
echo "enabling slapd modules" >&2
|
|
||||||
cat > $MODCONF <<EOF
|
|
||||||
modulepath /usr/lib/ldap
|
|
||||||
moduleload back_bdb
|
|
||||||
EOF
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if slaptest -u -f $SLAPD_CONF; then
|
|
||||||
slapadd -f $SLAPD_CONF < $PRIVATEDIR/$DNSNAME.ldif >/dev/null || {
|
|
||||||
echo "slapadd failed" >&2
|
|
||||||
}
|
|
||||||
|
|
||||||
slaptest -f $SLAPD_CONF >/dev/null || {
|
|
||||||
echo "slaptest after database load failed" >&2
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
|
|
||||||
PATH=$OLDPATH
|
|
||||||
export PATH
|
|
||||||
|
|
||||||
cat >$PRIVATEDIR/wins_config.ldif<<EOF
|
cat >$PRIVATEDIR/wins_config.ldif<<EOF
|
||||||
dn: name=TORTURE_6,CN=PARTNERS
|
dn: name=TORTURE_6,CN=PARTNERS
|
||||||
objectClass: wreplPartner
|
objectClass: wreplPartner
|
||||||
@ -629,7 +299,6 @@ echo "NETBIOSNAME=$NETBIOSNAME"
|
|||||||
echo "LDAP_URI=$LDAP_URI"
|
echo "LDAP_URI=$LDAP_URI"
|
||||||
echo "LDAP_URI_ESCAPE=$LDAP_URI_ESCAPE"
|
echo "LDAP_URI_ESCAPE=$LDAP_URI_ESCAPE"
|
||||||
echo "FEDORA_DS_INF=$FEDORA_DS_INF"
|
echo "FEDORA_DS_INF=$FEDORA_DS_INF"
|
||||||
echo "FEDORA_DS_LDAP_URI=$FEDORA_DS_LDAP_URI"
|
|
||||||
echo "DOMAIN=$DOMAIN"
|
echo "DOMAIN=$DOMAIN"
|
||||||
echo "USERNAME=$USERNAME"
|
echo "USERNAME=$USERNAME"
|
||||||
echo "REALM=$REALM"
|
echo "REALM=$REALM"
|
||||||
|
@ -71,7 +71,7 @@ slapd_start() {
|
|||||||
export PATH
|
export PATH
|
||||||
# running slapd in the background means it stays in the same process group, so it can be
|
# running slapd in the background means it stays in the same process group, so it can be
|
||||||
# killed by timelimit
|
# killed by timelimit
|
||||||
slapd -d0 -f $SLAPD_CONF -h $LDAPI_ESCAPE &
|
slapd -d0 -f $SLAPD_CONF -h $LDAP_URI_ESCAPE &
|
||||||
PATH=$OLDPATH
|
PATH=$OLDPATH
|
||||||
export PATH
|
export PATH
|
||||||
return $?;
|
return $?;
|
||||||
|
Loading…
Reference in New Issue
Block a user