-
Notifications
You must be signed in to change notification settings - Fork 155
/
configure-openldap.sh
40 lines (40 loc) · 1.83 KB
/
configure-openldap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
set -e # exit on error
currentUser="$(whoami)"
echo $currentUser
echo "slapd status"
sudo apt-get install apparmor-utils -y
sudo service slapd stop
if grep -qEi "(microsoft|WSL)" /proc/version &> /dev/null ; then
# running under WSL/WSL2
# apparmor doesnt seem to be active
echo "Running under WSL"
else
# disable apparmor for slapd
sudo aa-disable slapd
fi
# work folder for slapd
mkdir /tmp/slapd
# start setup ssl
# prepare folders
mkdir -p /tmp/ssl/private
mkdir -p /tmp/ssl/certs
# generate certs/keys
sudo certtool -p --outfile /tmp/ssl/private/ca_server.key
sudo certtool -s --load-privkey /tmp/ssl/private/ca_server.key --template test/conf/cert_template.conf --outfile /tmp/ssl/certs/ca_server.pem
sudo certtool -p --sec-param low --outfile /tmp/ssl/private/ldap_server.key
sudo certtool -c --load-privkey /tmp/ssl/private/ldap_server.key --load-ca-certificate /tmp/ssl/certs/ca_server.pem --load-ca-privkey /tmp/ssl/private/ca_server.key --template test/conf/cert_template.conf --outfile /tmp/ssl/certs/ldap_server.pem
# # permissions
sudo usermod -aG ssl-cert $currentUser
sudo chown $currentUser:ssl-cert /tmp/ssl/private/ldap_server.key /tmp/ssl/certs/ldap_server.pem /tmp/ssl/certs/ca_server.pem
sudo chmod 640 /tmp/ssl/private/ldap_server.key /tmp/ssl/certs/ldap_server.pem /tmp/ssl/certs/ca_server.pem
# # end setup ssl
sudo chown -R $currentUser:$currentUser test/conf
echo "start slapd"
# slapd -f test/conf/slapd.conf -h "ldap://localhost:5389 ldaps://localhost:5636" -d -1 &
slapd -f test/conf/slapd.conf -h "ldap://localhost:5389 ldaps://localhost:5636" &
# give openldap enough time to start
sleep 5
# test to see that is running
echo "test slapd is running"
ldapwhoami -H ldap://localhost:5389 -D "cn=admin,dc=example,dc=com" -w password
ldapadd -h localhost:5389 -D cn=admin,dc=example,dc=com -w password -f test/conf/setupData.ldif