Created
July 9, 2012 03:22
-
-
Save lemonlatte/3074054 to your computer and use it in GitHub Desktop.
Login authentication from a LDAP server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| dn='dc=math,dc=nccu,dc=edu,dc=tw' | |
| username='jim.yeh' | |
| uid='jim.yeh' | |
| gid='student' | |
| cat << EOF > user_example.ldif | |
| dn: cn=$username,ou=users,ou=login,$dn | |
| uid: $username | |
| cn: $username | |
| objectClass: account | |
| objectClass: posixAccount | |
| objectClass: shadowAccount | |
| shadowMax: 99999 | |
| shadowWarning: 7 | |
| shadowFlag: 0 | |
| loginShell: /bin/bash | |
| uidNumber: 500 | |
| gidNumber: 500 | |
| homeDirectory: /home/$username | |
| EOF | |
| ldapadd -c -x -D cn=admin,$dn -W -f user_example.ldif | |
| ldappasswd -x -D cn=admin,$dn -W -S cn=$username,ou=users,ou=login,$dn | |
| mkdir -p /home/$username | |
| #chown $username:student /home/$username |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| password='root123' | |
| dn='dc=math,dc=nccu,dc=edu,dc=tw' | |
| ldap_ip=192.168.11.6 | |
| cat << EOF | sudo debconf-set-selections | |
| ldap-auth-config ldap-auth-config/dbrootlogin boolean false | |
| ldap-auth-config ldap-auth-config/pam_password select md5 | |
| ldap-auth-config ldap-auth-config/move-to-debconf boolean true | |
| ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$ldap_ip | |
| ldap-auth-config ldap-auth-config/ldapns/base-dn string ou=login,$dn | |
| ldap-auth-config ldap-auth-config/override boolean true | |
| ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3 | |
| ldap-auth-config ldap-auth-config/dblogin boolean false | |
| EOF | |
| apt-get install -y libnss-ldap nscd nfs-common | |
| auth-client-config -t nss -p lac_ldap | |
| pam-auth-update | |
| sed -e's,use_authtok,,g' -i /etc/pam.d/common-password | |
| /etc/init.d/nscd restart | |
| echo "$ldap_ip:/home /home nfs defaults 1 1" >> /etc/fstab |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| password='root123' | |
| dn='dc=math,dc=nccu,dc=edu,dc=tw' | |
| ldap_ip=192.168.11.6 | |
| cat << EOF > ou.ldif | |
| # login, dc | |
| dn: ou=login,$dn | |
| ou: login | |
| objectClass: organizationalUnit | |
| # user, login, dc | |
| dn: ou=users,ou=login,$dn | |
| ou: users | |
| objectClass: organizationalUnit | |
| # group, login, dc | |
| dn: ou=groups,ou=login,$dn | |
| ou: groups | |
| objectClass: organizationalUnit | |
| dn: ou=mounts,ou=login,$dn | |
| ou: mounts | |
| objectClass: organizationalUnit | |
| # admin, group, login, dc | |
| dn: cn=admin,ou=groups,ou=login,$dn | |
| objectClass: posixGroup | |
| cn: admin | |
| gidNumber: 500 | |
| memberUid: jim.yeh | |
| # teacher, group, login, dc | |
| dn: cn=teacher,ou=groups,ou=login,$dn | |
| objectClass: posixGroup | |
| cn: teacher | |
| gidNumber: 501 | |
| # student, group, login, dc | |
| dn: cn=student,ou=groups,ou=login,$dn | |
| objectClass: posixGroup | |
| cn: student | |
| gidNumber: 502 | |
| memberUid: jim.yeh | |
| EOF | |
| /etc/init.d/slapd stop | |
| slapadd -c -v -l ou.ldif | |
| /etc/init.d/slapd start |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| password='root123' | |
| dn='dc=math,dc=nccu,dc=edu,dc=tw' | |
| ldap_ip=192.168.11.6 | |
| cat << EOF | sudo debconf-set-selections | |
| slapd slapd/internal/adminpw password root123 | |
| slapd slapd/internal/generated_adminpw password root123 | |
| slapd slapd/password2 password root123 | |
| slapd slapd/password1 password root123 | |
| slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION | |
| slapd slapd/domain string math.nccu.edu.tw | |
| slapd shared/organization string NCCU Mathematics | |
| slapd slapd/backend string HDB | |
| slapd slapd/purge_database boolean true | |
| slapd slapd/move_old_database boolean true | |
| slapd slapd/allow_ldap_v2 boolean false | |
| slapd slapd/no_configuration boolean false | |
| slapd slapd/dump_database string when needed | |
| EOF | |
| apt-get install -y slapd ldap-utils nfs-common nfs-kernel-server | |
| hash_pw=`slappasswd -s $password` | |
| cat << EOF > /etc/ldap/ldap.conf | |
| BASE $dn | |
| URI ldap://$ldap_ip | |
| SSL no | |
| pam_password md5 | |
| TLS_CACERT /etc/ssl/certs/ca-certificates.crt | |
| nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm | |
| EOF | |
| dpkg-reconfigure -f noninteractive slapd | |
| ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif | |
| ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif | |
| ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif | |
| ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif | |
| cat << EOF > database.ldif | |
| dn: olcDatabase={1}hdb,cn=config | |
| changetype: modify | |
| replace: olcRootPW | |
| olcRootPW: $hash_pw | |
| dn: olcDatabase={1}hdb,cn=config | |
| add: olcAccess | |
| olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,$dn" write by anonymous auth by self write by * none | |
| olcAccess: {1}to dn.subtree="" by * read | |
| olcAccess: {2}to * by dn="cn=admin,$dn" write by * read | |
| dn: olcDatabase={1}hdb,cn=config | |
| add: olcDbIndex | |
| olcDbIndex: uid,gidNumber,uidNumber pres,eq | |
| olcDbIndex: cn,sn,mail,givenName,memberUid pres,eq,approx,sub | |
| dn: olcDatabase={-1}frontend,cn=config | |
| changetype: modify | |
| delete: olcAccess | |
| dn: olcDatabase={0}config,cn=config | |
| changetype: modify | |
| add: olcRootDN | |
| olcRootDN: cn=admin,cn=config | |
| dn: olcDatabase={0}config,cn=config | |
| changetype: modify | |
| add: olcRootPW | |
| olcRootPW: $hash_pw | |
| EOF | |
| ldapmodify -Y EXTERNAL -H ldapi:/// -f database.ldif | |
| echo '/home 140.119.66.0/24(rw),140.119.175.0/24(rw)' >> /etc/exports | |
| mkdir -p /etc/exports.d | |
| /etc/init.d/nfs-kernel-server restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment