From 741b05c67d70357d47093b85f532cf5d5289b223 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 23 Jun 2012 20:00:59 +0000 Subject: [PATCH 1/1] Initial import. --- .gitignore | 1 + Makefile | 44 +++++++++++++++ install.sh | 103 +++++++++++++++++++++++++++++++++++ templates/000-header.ldif | 29 ++++++++++ templates/010-root.ldif | 8 +++ templates/011-manager.ldif | 4 ++ templates/021-dn-Group.ldif | 5 ++ templates/022-dn-People.ldif | 5 ++ 8 files changed, 199 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 install.sh create mode 100644 templates/000-header.ldif create mode 100644 templates/010-root.ldif create mode 100644 templates/011-manager.ldif create mode 100644 templates/021-dn-Group.ldif create mode 100644 templates/022-dn-People.ldif diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4a99d28 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +./template.ldif diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..2018ea6 --- /dev/null +++ b/Makefile @@ -0,0 +1,44 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +LDIFS = $(sort $(wildcard templates/*.ldif)) +TEMPLATE = template.ldif + +PREFIX = /usr +DATADIR = $(PREFIX)/share/ipfire-dit + +.PHONY: all +all: $(TEMPLATE) + +$(TEMPLATE): $(LDIFS) + for ldif in $^; do \ + echo -e "# Source: $${ldif}"; \ + cat $${ldif}; echo ""; \ + done > $@ + +.PHONY: install +install: $(TEMPLATE) + # Install all of the templates. + -mkdir -pv $(DATADIR) + cp -vf $(TEMPLATE) $(DATADIR) + +.PHONY: clean +clean: + rm -f $(TEMPLATE) diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..b4f7fca --- /dev/null +++ b/install.sh @@ -0,0 +1,103 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +BASEDIR="/usr/share/ipfire-dit" +TEMPLATE="${BASEDIR}/template.ldif" + +DOMAIN=${HOSTNAME#*.} +PASSWORD= + +function parse_cli() { + while [ $# -gt 0 ]; do + case "${1}" in + -p) + PASSWORD=${2} + shift + ;; + *) + DOMAIN=${1} + ;; + esac + shift + done + + while [ -z "${PASSWORD}" ]; do + echo -n "Enter password: " + read -s PASSWORD + echo + done + + # Check for valid input data. + + if [ ${#PASSWORD} -lt 8 ]; then + echo "Using weak password. Must at least have 8 characters!" >&2 + exit 1 + fi + + if [ -z "${DOMAIN}" ]; then + echo "Domain is empty." >&2 + exit 1 + fi + + # XXX check domain for invalid characters +} + +function substitude_ldif() { + local output=${1} + + local suffix bit dc + for bit in ${DOMAIN//./ }; do + if [ -n "${suffix}" ]; then + suffix="${suffix},dc=${bit}" + else + dc="${bit}" + suffix="dc=${bit}" + fi + done + + sed \ + -e "s/@DC@/${dc}/g" \ + -e "s/@SUFFIX@/${suffix}/g" \ + < ${TEMPLATE} > ${output} +} + +function load_database() { + local new_ldif=$(mktemp) + trap "rm -f ${new_ldif}" EXIT KILL TERM + + substitude_ldif ${new_ldif} + + slapadd < ${new_ldif} +} + +function generate_pwhash() { + local password="${PASSWORD}" + + slappasswd -h "{SSHA}" -s "${password}" +} + +# Hello to this wonderful script. +# Firstly, let's see what we need to do. +parse_cli $@ + +# Now, we got all the information we need, we +# can load the database. +load_database diff --git a/templates/000-header.ldif b/templates/000-header.ldif new file mode 100644 index 0000000..14c6605 --- /dev/null +++ b/templates/000-header.ldif @@ -0,0 +1,29 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +# These files contain an initial layout of the IPFire LDAP DIT. + +# The following variables will be substituted: +# +# @SUFFIX@ +# The domain suffix of the base dn (e.g. dc=ipfire,dc=site). +# +# @DC@ +# The first dc part of @SUFFIX@ (e.g. ipfire). diff --git a/templates/010-root.ldif b/templates/010-root.ldif new file mode 100644 index 0000000..a37e8f7 --- /dev/null +++ b/templates/010-root.ldif @@ -0,0 +1,8 @@ +dn: @SUFFIX@ +objectClass: top +objectClass: dcObject +objectClass: organization +dc: @DC@ +o: @DC@ + +# XXX possibly, we could remove objectClass=organization from here diff --git a/templates/011-manager.ldif b/templates/011-manager.ldif new file mode 100644 index 0000000..d07f4ea --- /dev/null +++ b/templates/011-manager.ldif @@ -0,0 +1,4 @@ +dn: cn=root,@SUFFIX@ +objectClass: organizationalRole +cn: root +description: LDAP root account diff --git a/templates/021-dn-Group.ldif b/templates/021-dn-Group.ldif new file mode 100644 index 0000000..9b8c79d --- /dev/null +++ b/templates/021-dn-Group.ldif @@ -0,0 +1,5 @@ +dn: ou=Group,@SUFFIX@ +objectClass: top +objectClass: organizationalUnit +ou: Group +description: Organizational unit for user groups diff --git a/templates/022-dn-People.ldif b/templates/022-dn-People.ldif new file mode 100644 index 0000000..9ef3d23 --- /dev/null +++ b/templates/022-dn-People.ldif @@ -0,0 +1,5 @@ +dn: ou=People,@SUFFIX@ +objectClass: top +objectClass: organizationalUnit +ou: People +description: Organizational unit for user accounts -- 2.39.2