Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Login authentication from a LDAP server
#!/bin/sh
dn='dc=math,dc=nccu,dc=edu,dc=tw'
username='jim.yeh'
uid='jim.yeh'
gid='student'
cat << EOF > user_example.ldif
dn: cn=$username,ou=users,ou=login,$dn
uid: $username
cn: $username
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
shadowMax: 99999
shadowWarning: 7
shadowFlag: 0
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/$username
EOF
ldapadd -c -x -D cn=admin,$dn -W -f user_example.ldif
ldappasswd -x -D cn=admin,$dn -W -S cn=$username,ou=users,ou=login,$dn
mkdir -p /home/$username
#chown $username:student /home/$username
#!/bin/sh
password='root123'
dn='dc=math,dc=nccu,dc=edu,dc=tw'
ldap_ip=192.168.11.6
cat << EOF | sudo debconf-set-selections
ldap-auth-config ldap-auth-config/dbrootlogin boolean false
ldap-auth-config ldap-auth-config/pam_password select md5
ldap-auth-config ldap-auth-config/move-to-debconf boolean true
ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$ldap_ip
ldap-auth-config ldap-auth-config/ldapns/base-dn string ou=login,$dn
ldap-auth-config ldap-auth-config/override boolean true
ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
ldap-auth-config ldap-auth-config/dblogin boolean false
EOF
apt-get install -y libnss-ldap nscd nfs-common
auth-client-config -t nss -p lac_ldap
pam-auth-update
sed -e's,use_authtok,,g' -i /etc/pam.d/common-password
/etc/init.d/nscd restart
echo "$ldap_ip:/home /home nfs defaults 1 1" >> /etc/fstab
#!/bin/sh
password='root123'
dn='dc=math,dc=nccu,dc=edu,dc=tw'
ldap_ip=192.168.11.6
cat << EOF > ou.ldif
# login, dc
dn: ou=login,$dn
ou: login
objectClass: organizationalUnit
# user, login, dc
dn: ou=users,ou=login,$dn
ou: users
objectClass: organizationalUnit
# group, login, dc
dn: ou=groups,ou=login,$dn
ou: groups
objectClass: organizationalUnit
dn: ou=mounts,ou=login,$dn
ou: mounts
objectClass: organizationalUnit
# admin, group, login, dc
dn: cn=admin,ou=groups,ou=login,$dn
objectClass: posixGroup
cn: admin
gidNumber: 500
memberUid: jim.yeh
# teacher, group, login, dc
dn: cn=teacher,ou=groups,ou=login,$dn
objectClass: posixGroup
cn: teacher
gidNumber: 501
# student, group, login, dc
dn: cn=student,ou=groups,ou=login,$dn
objectClass: posixGroup
cn: student
gidNumber: 502
memberUid: jim.yeh
EOF
/etc/init.d/slapd stop
slapadd -c -v -l ou.ldif
/etc/init.d/slapd start
#!/bin/sh
password='root123'
dn='dc=math,dc=nccu,dc=edu,dc=tw'
ldap_ip=192.168.11.6
cat << EOF | sudo debconf-set-selections
slapd slapd/internal/adminpw password root123
slapd slapd/internal/generated_adminpw password root123
slapd slapd/password2 password root123
slapd slapd/password1 password root123
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string math.nccu.edu.tw
slapd shared/organization string NCCU Mathematics
slapd slapd/backend string HDB
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/no_configuration boolean false
slapd slapd/dump_database string when needed
EOF
apt-get install -y slapd ldap-utils nfs-common nfs-kernel-server
hash_pw=`slappasswd -s $password`
cat << EOF > /etc/ldap/ldap.conf
BASE $dn
URI ldap://$ldap_ip
SSL no
pam_password md5
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
EOF
dpkg-reconfigure -f noninteractive slapd
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
cat << EOF > database.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: $hash_pw
dn: olcDatabase={1}hdb,cn=config
add: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,$dn" write by anonymous auth by self write by * none
olcAccess: {1}to dn.subtree="" by * read
olcAccess: {2}to * by dn="cn=admin,$dn" write by * read
dn: olcDatabase={1}hdb,cn=config
add: olcDbIndex
olcDbIndex: uid,gidNumber,uidNumber pres,eq
olcDbIndex: cn,sn,mail,givenName,memberUid pres,eq,approx,sub
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
delete: olcAccess
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootDN
olcRootDN: cn=admin,cn=config
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: $hash_pw
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f database.ldif
echo '/home 140.119.66.0/24(rw),140.119.175.0/24(rw)' >> /etc/exports
mkdir -p /etc/exports.d
/etc/init.d/nfs-kernel-server restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.