Created
August 6, 2015 20:31
-
-
Save wstrange/c6b76177dfb2189511dc to your computer and use it in GitHub Desktop.
Modified version of CTS config script for OpenAM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# Prepare CTS. A variant of the script that is in the Admin guide | |
# | |
# copyright (C) 2014 ForgeRock AS | |
# | |
# cts-setup.sh: This script installs and configures an external CTS data store. | |
# It assumes that you have downloaded the OpenDJ zip file to a local | |
# folder. | |
# Reset the tmp folder | |
T=/tmp/ldif | |
rm -rf $T | |
mkdir $T | |
# Define variables used in this script. Make them specific to your deployment. | |
#LDIF_DIR=/usr/local/tomcat/webapps/openam/WEB-INF/template/ldif/sfha | |
LDIF_DIR=~/openam/ldif/sfha | |
USER="cn=Directory Manager" | |
PASS="password" | |
PORT=2444 | |
CTS_DN="dc=cts,dc=example,dc=com" | |
# Make sure to download the OpenDJ Zip file and place it in the same folder as | |
# this script | |
#DS="OpenDJ-2.6.2.zip" | |
DS=~/Dropbox/Public/OpenDJ-2.6.2.zip | |
# Sanity Check | |
#[ ! -d "$LDIF_DIR" ] && echo "TOMCAT OPENAM WEBAPP folder inaccessible" \ | |
# && exit 1 | |
#[ ! -f "$DS" ] && echo "$DS is not present" && exit 1 | |
# Create a properties file for the OpenDJ install | |
cat > $T/setup.props <<EOF | |
# Sample properties file to set up the OpenDJ directory server | |
hostname = opendj.example.com | |
ldapPort = 2389 | |
generateSelfSignedCertificate = true | |
enableStartTLS = true | |
ldapsPort = 2636 | |
jmxPort = 2689 | |
adminConnectorPort = $PORT | |
rootUserDN = $USER | |
rootUserPassword = $PASS | |
##baseDN = dc=example,dc=com | |
##ldifFile = /path/to/Example.ldif | |
##sampleData = | |
EOF | |
# Create the CTS base dn and ACIs entries and write them to a file | |
# Linefeeds have been added for publication purposes. | |
cat > $T/add-cts-entries.ldif <<EOF | |
dn: $CTS_DN | |
objectclass: top | |
objectclass: domain | |
dc: cts | |
aci: (targetattr="*")(version 3.0;acl "Allow entry search"; | |
allow (search, read)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");) | |
aci: (targetattr="*")(version 3.0;acl "Modify config entry"; | |
allow (write)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");) | |
aci: (targetcontrol="2.16.840.1.113730.3.4.3") | |
(version 3.0;acl "Allow persistent search"; | |
allow (search, read)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");) | |
aci: (version 3.0;acl "Add config entry"; allow (add)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");) | |
aci: (version 3.0;acl "Delete config entry"; allow (delete)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");) | |
dn: ou=admins,$CTS_DN | |
objectclass: top | |
objectclass: organizationalUnit | |
ou: admins | |
dn: uid=openam,ou=admins,$CTS_DN | |
objectclass: top | |
objectclass: person | |
objectclass: organizationalPerson | |
objectclass: inetOrgPerson | |
cn: openam | |
sn: openam | |
uid: openam | |
userPassword: secret12 | |
ds-privilege-name: subentry-write | |
ds-privilege-name: update-schema | |
EOF | |
# Unzip and install OpenDJ using the properties file | |
echo "" | |
echo "... Unpacking OpenDJ and installing ..." | |
unzip "$DS" && cd opendj | |
./setup --cli --propertiesFilePath $T/setup.props --acceptLicense --no-prompt | |
#cd opendj | |
# Create the CTS Backend | |
echo "" | |
echo "... Creating backend ..." | |
echo "" | |
bin/dsconfig create-backend \ | |
--backend-name cts-store \ | |
--set base-dn:"$CTS_DN" \ | |
--set enabled:true \ | |
--type local-db \ | |
--port $PORT \ | |
--bindDN "$USER" \ | |
--bindPassword $PASS \ | |
--trustAll \ | |
--no-prompt | |
echo "Backend created" | |
# Verify Backend | |
#bin/dsconfig list-backends \ | |
#--port $PORT \ | |
#--bindDN "$USER" \ | |
#--bindPassword $PASS \ | |
#--trustAll \ | |
#--no-prompt | |
# Add the Base DN and ACIs | |
echo "" | |
echo "...Adding Base DN and ACIs..." | |
echo "" | |
bin/ldapmodify \ | |
--port $PORT \ | |
--bindDN "$USER" \ | |
--bindPassword $PASS \ | |
--defaultAdd \ | |
--filename $T/add-cts-entries.ldif \ | |
--useSSL \ | |
--trustAll | |
echo "BaseDN and ACIs added." | |
# Verify BaseDN and ACIs | |
bin/ldapsearch --port $PORT --bindDN "$USER" --bindPassword $PASS \ | |
--baseDN "$CTS_DN" --searchscope sub --useSSL --trustAll "(objectclass=*)" | |
# Add the Admin Global ACI | |
echo "" | |
echo "...Adding Admin Global ACIs..." | |
echo "" | |
bin/dsconfig set-access-control-handler-prop \ | |
--add global-aci:'(target = "ldap:///cn=schema")(targetattr = "attributeTypes || objectClasses")(version 3.0; acl "Modify schema"; allow (write) userdn = "ldap:///uid=openam,ou=admins,dc=cts,dc=example,dc=com";)' \ | |
--port $PORT \ | |
--bindDN "$USER" \ | |
--bindPassword $PASS \ | |
--trustAll \ | |
--no-prompt | |
echo "Global ACI added." | |
# Verify Global ACI | |
bin/dsconfig get-access-control-handler-prop --property global-aci --port $PORT \ | |
--bindDN "$USER" --bindPassword $PASS -X -n | |
# Copy the Schema, Indexes, and Container files for CTS | |
echo "" | |
echo "... Begin copying schema, indexes, and container ..." | |
cp $LDIF_DIR/cts-add-schema.ldif $T/cts-add-schema.ldif | |
cat $LDIF_DIR/cts-indices.ldif | sed -e 's/@DB_NAME@/cts-store/' > $T/cts-indices.ldif | |
cat $LDIF_DIR/cts-container.ldif | sed -e \ | |
"s/@SM_CONFIG_ROOT_SUFFIX@/$CTS_DN/" > $T/cts-container.ldif | |
echo "Schema, index, and container files copied." | |
# Add the Schema Files | |
echo "" | |
echo "... Adding CTS Schema ..." | |
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword $PASS \ | |
--fileName $T/cts-add-schema.ldif --useSSL --trustAll | |
# Add the CTS Indexes | |
echo "" | |
echo "... Adding CTS Indexes ..." | |
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword $PASS --defaultAdd \ | |
--fileName $T/cts-indices.ldif --useSSL --trustAll | |
# Add the CTS Container Files | |
echo "" | |
echo "... Adding CTS Container ..." | |
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword "$PASS" --defaultAdd \ | |
--fileName $T/cts-container.ldif --useSSL --trustAll | |
# Rebuild the Indexes | |
echo "" | |
echo "... Rebuilding Index ..." | |
bin/rebuild-index --port $PORT --bindDN "$USER" --bindPassword "$PASS" \ | |
--baseDN "$CTS_DN" --rebuildALL --start 0 --trustAll | |
# Verify the Indexes | |
echo "" | |
echo "... Verifying Index ..." | |
bin/verify-index --baseDN "$CTS_DN" | |
echo "" | |
echo "Your CTS External Store has been successfully installed and configured." | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment