89 lines
2.6 KiB
Bash
89 lines
2.6 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
. /scripts/utils.sh
|
|
|
|
log_info "Configuring overlays..."
|
|
|
|
# Socket URL for ldapi - must use URL-encoded path
|
|
LDAPI_SOCKET="ldapi://%2Frun%2Fopenldap%2Fldapi"
|
|
|
|
# Start slapd temporarily to add overlays via LDAP
|
|
log_info "Starting slapd temporarily for overlay configuration..."
|
|
/usr/sbin/slapd -h "$LDAPI_SOCKET" -F /etc/openldap/slapd.d -u ldap -g ldap
|
|
sleep 2
|
|
|
|
# Wait for slapd
|
|
wait_for_slapd 30 "$LDAPI_SOCKET"
|
|
|
|
# 1. memberof overlay
|
|
log_info "Configuring memberof overlay..."
|
|
cat > /tmp/overlay-memberof.ldif << EOF
|
|
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcMemberOf
|
|
olcOverlay: memberof
|
|
olcMemberOfRefInt: TRUE
|
|
olcMemberOfGroupOC: groupOfMembers
|
|
olcMemberOfMemberAD: member
|
|
olcMemberOfMemberOfAD: memberOf
|
|
EOF
|
|
|
|
ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-memberof.ldif 2>/dev/null || \
|
|
log_warn "memberof overlay may already exist"
|
|
|
|
# 2. refint (Referential Integrity) overlay
|
|
log_info "Configuring refint overlay..."
|
|
cat > /tmp/overlay-refint.ldif << EOF
|
|
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcRefintConfig
|
|
olcOverlay: refint
|
|
olcRefintAttribute: member
|
|
olcRefintAttribute: memberOf
|
|
EOF
|
|
|
|
ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-refint.ldif 2>/dev/null || \
|
|
log_warn "refint overlay may already exist"
|
|
|
|
# 3. unique (Attribute Uniqueness) overlay
|
|
log_info "Configuring unique overlay..."
|
|
cat > /tmp/overlay-unique.ldif << EOF
|
|
dn: olcOverlay=unique,olcDatabase={1}mdb,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcUniqueConfig
|
|
olcOverlay: unique
|
|
olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?uid?sub
|
|
olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?mail?sub
|
|
olcUniqueURI: ldap:///ou=People,${LDAP_BASE_DN}?uidNumber?sub
|
|
olcUniqueURI: ldap:///ou=Groups,${LDAP_BASE_DN}?gidNumber?sub
|
|
EOF
|
|
|
|
ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-unique.ldif 2>/dev/null || \
|
|
log_warn "unique overlay may already exist"
|
|
|
|
# 4. ppolicy (Password Policy) overlay
|
|
log_info "Configuring ppolicy overlay..."
|
|
cat > /tmp/overlay-ppolicy.ldif << EOF
|
|
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
|
|
objectClass: olcOverlayConfig
|
|
objectClass: olcPPolicyConfig
|
|
olcOverlay: ppolicy
|
|
olcPPolicyDefault: cn=default,ou=Policies,${LDAP_BASE_DN}
|
|
olcPPolicyHashCleartext: TRUE
|
|
olcPPolicyUseLockout: TRUE
|
|
EOF
|
|
|
|
ldapadd -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/overlay-ppolicy.ldif 2>/dev/null || \
|
|
log_warn "ppolicy overlay may already exist"
|
|
|
|
# Stop the temporary slapd
|
|
log_info "Stopping temporary slapd..."
|
|
pkill slapd || true
|
|
sleep 2
|
|
|
|
# Cleanup
|
|
rm -f /tmp/overlay-*.ldif
|
|
|
|
log_info "Overlay configuration complete"
|