#!/bin/sh set -e . /scripts/utils.sh log_info "Configuring overlays..." # Socket URL for ldapi - must use URL-encoded path LDAPI_SOCKET="ldapi://%2Frun%2Fopenldap%2Fldapi" # Start slapd temporarily to add overlays via LDAP log_info "Starting slapd temporarily for overlay configuration..." /usr/sbin/slapd -h "$LDAPI_SOCKET" -F /etc/openldap/slapd.d -u ldap -g ldap sleep 2 # Wait for slapd wait_for_slapd 30 "$LDAPI_SOCKET" # 1. memberof overlay log_info "Configuring memberof overlay..." cat > /tmp/overlay-memberof.ldif << EOF dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcMemberOf olcOverlay: memberof olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfMembers olcMemberOfMemberAD: member olcMemberOfMemberOfAD: memberOf EOF ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-memberof.ldif 2>/dev/null || \ log_warn "memberof overlay may already exist" # 2. refint (Referential Integrity) overlay log_info "Configuring refint overlay..." cat > /tmp/overlay-refint.ldif << EOF dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcRefintConfig olcOverlay: refint olcRefintAttribute: member olcRefintAttribute: memberOf EOF ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-refint.ldif 2>/dev/null || \ log_warn "refint overlay may already exist" # 3. unique (Attribute Uniqueness) overlay log_info "Configuring unique overlay..." cat > /tmp/overlay-unique.ldif << EOF dn: olcOverlay=unique,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcUniqueConfig olcOverlay: unique olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?uid?sub olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?mail?sub olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?uidNumber?sub olcUniqueURI: ldap:///ou=Groups,${LDAP_BASE_DN}?gidNumber?sub EOF ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-unique.ldif 2>/dev/null || \ log_warn "unique overlay may already exist" # 4. ppolicy (Password Policy) overlay log_info "Configuring ppolicy overlay..." cat > /tmp/overlay-ppolicy.ldif << EOF dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyDefault: cn=default,ou=Policies,${LDAP_BASE_DN} olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: TRUE EOF ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-ppolicy.ldif 2>/dev/null || \ log_warn "ppolicy overlay may already exist" # Stop the temporary slapd log_info "Stopping temporary slapd..." pkill slapd || true sleep 2 # Cleanup rm -f /tmp/overlay-*.ldif log_info "Overlay configuration complete"