Cavemanon/enterprise-scripts
7
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
enterprise-scripts/LDAP/deployLDAP.sh
Michael Yick bce3069ec1 Initial Commit
2024-07-04 20:32:09 -05:00

56 lines
3.3 KiB
Bash
Raw Permalink Blame History

#dsctl cavemanon remove --do-it
dscreate from-file ./instance.inf
#Set up CA Certs from Lets Encrypt to avoid doing self-signing schenanigans
#Documentation: https://www.dennogumi.org/2021/10/setting-up-lets-encrypt-certificates-for-the-389-ds-ldap-server/
wget --continue --directory-prefix /tmp/ https://letsencrypt.org/certs/lets-encrypt-r3.pem https://letsencrypt.org/certs/isrgrootx1.pem
dsconf -v -D "cn=Directory Manager" cavemanon security ca-certificate add --file /tmp/isrgrootx1.pem --name "ISRG"
dsconf -v -D "cn=Directory Manager" cavemanon security ca-certificate add --file /tmp/lets-encrypt-r3.pem --name "R3"
dsctl -v cavemanon tls import-server-key-cert /etc/letsencrypt/live/dev.cavemanon.xyz/fullchain.pem /etc/letsencrypt/live/dev.cavemanon.xyz/privkey.pem
#dsconf -v -D "cn=Directory Manager" cavemanon security certificate add --file /etc/letsencrypt/live/dev.cavemanon.xyz/fullchain.pem --primary-cert --name "LetsEncrypt"
dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-securePort=636 nsslapd-security=on
#disable insecure ports
dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-port=0
#disable anonymous logons
#Documentation: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/disabling-anon-binds
dsconf -v -D "cn=Directory Manager" cavemanon config replace nsslapd-allow-anonymous-access=rootdse
systemctl restart dirsrv@cavemanon.service
openssl s_client -connect dev.cavemanon.xyz:636 || exit 1 #verify shit works
# memberOf plugin enable
# https://www.port389.org/docs/389ds/howto/quickstart.html
dsconf cavemanon plugin memberof enable
dsctl cavemanon restart
dsconf cavemanon plugin memberof set --scope dc=dev,dc=cavemanon,dc=xyz
dsidm cavemanon user modify MichaelYick add:objectclass:nsmemberof
dsconf cavemanon plugin memberof fixup dc=dev,dc=cavemanon,dc=xyz
#https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/dna#dna-config-entry
dsconf cavemanon plugin dna enable
#https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/dna#configuring_unique_number_assignments_using_the_command_line
dsconf cavemanon plugin dna config "Account UIDs" add --type uidNumber --filter "(objectclass=posixAccount)" --scope ou=people,dc=dev,dc=cavemanon,dc=xyz --next-value 1000 --max-value 6650 --threshold 100 --range-request-timeout 60 --magic-regen -1
dsconf cavemanon plugin dna config "Account GIDs" add --type gidNumber --filter "(objectclass=posixAccount)" --scope ou=people,dc=dev,dc=cavemanon,dc=xyz --next-value 1000 --max-value 6650 --threshold 100 --range-request-timeout 60 --magic-regen -1
dsctl cavemanon restart
dsidm cavemanon group create --cn TechMaster
dsidm cavemanon group create --cn Administration
dsidm cavemanon group create --cn Exit665
dsidm cavemanon group create --cn Wani
dsidm cavemanon group create --cn SnootGame
dsidm cavemanon group create --cn Shop
dsidm cavemanon service create --cn overwatch --description "Read-only access to the LDAP server"
dsidm cavemanon service modify overwatch add:userPassword:'INSERTPASSWORDHERE'
dsidm -b dc=dev,dc=cavemanon,dc=xyz cavemanon user create --uid MichaelYick --cn MichaelYick --displayName 'Michael Yick' --uidNumber -1 --gidNumber -1 --homeDirectory /home/MichaelYick
Reference in New Issue View Git Blame Copy Permalink