Modified version of CTS config script for OpenAM

cts-setup.sh

#!/usr/bin/env bash
# Prepare CTS.  A variant of the script that is in the Admin guide
# 
# copyright (C) 2014 ForgeRock AS
#
# cts-setup.sh: This script installs and configures an external CTS data store.
# It assumes that you have downloaded the OpenDJ zip file to a local
# folder.

# Reset the tmp folder
T=/tmp/ldif
rm -rf $T
mkdir $T

# Define variables used in this script. Make them specific to your deployment.

#LDIF_DIR=/usr/local/tomcat/webapps/openam/WEB-INF/template/ldif/sfha
LDIF_DIR=~/openam/ldif/sfha

USER="cn=Directory Manager"
PASS="password"
PORT=2444
CTS_DN="dc=cts,dc=example,dc=com"

# Make sure to download the OpenDJ Zip file and place it in the same folder as
# this script
#DS="OpenDJ-2.6.2.zip"
DS=~/Dropbox/Public/OpenDJ-2.6.2.zip

# Sanity Check
#[ ! -d "$LDIF_DIR" ] && echo "TOMCAT OPENAM WEBAPP folder inaccessible" \
# && exit 1
#[ ! -f "$DS" ] && echo "$DS is not present" && exit 1

# Create a properties file for the OpenDJ install
cat > $T/setup.props <<EOF
# Sample properties file to set up the OpenDJ directory server
hostname                      = opendj.example.com
ldapPort                      = 2389
generateSelfSignedCertificate = true
enableStartTLS                = true
ldapsPort                     = 2636
jmxPort                       = 2689
adminConnectorPort            = $PORT
rootUserDN                    = $USER
rootUserPassword              = $PASS
##baseDN                      = dc=example,dc=com
##ldifFile                    = /path/to/Example.ldif
##sampleData                  =

EOF


# Create the CTS base dn and ACIs entries and write them to a file
# Linefeeds have been added for publication purposes.
cat > $T/add-cts-entries.ldif <<EOF
dn: $CTS_DN
objectclass: top
objectclass: domain
dc: cts
aci: (targetattr="*")(version 3.0;acl "Allow entry search";
 allow (search, read)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");)
aci: (targetattr="*")(version 3.0;acl "Modify config entry";
 allow (write)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");)
aci: (targetcontrol="2.16.840.1.113730.3.4.3")
 (version 3.0;acl "Allow persistent search";
 allow (search, read)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");)
aci: (version 3.0;acl "Add config entry"; allow (add)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");)
aci: (version 3.0;acl "Delete config entry"; allow (delete)(userdn = "ldap:///uid=openam,ou=admins,$CTS_DN");)

dn: ou=admins,$CTS_DN
objectclass: top
objectclass: organizationalUnit
ou: admins

dn: uid=openam,ou=admins,$CTS_DN
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: openam
sn: openam
uid: openam
userPassword: secret12
ds-privilege-name: subentry-write
ds-privilege-name: update-schema
EOF

# Unzip and install OpenDJ using the properties file


echo ""
echo "... Unpacking OpenDJ and installing ..."
unzip "$DS" && cd opendj
./setup --cli --propertiesFilePath $T/setup.props --acceptLicense --no-prompt

#cd opendj

# Create the CTS Backend
echo ""
echo "... Creating backend ..."
echo ""
bin/dsconfig create-backend \
--backend-name cts-store \
--set base-dn:"$CTS_DN" \
--set enabled:true \
--type local-db \
--port $PORT \
--bindDN "$USER" \
--bindPassword $PASS \
--trustAll \
--no-prompt
echo "Backend created"

# Verify Backend
#bin/dsconfig list-backends \
#--port $PORT \
#--bindDN "$USER" \
#--bindPassword $PASS \
#--trustAll \
#--no-prompt

# Add the Base DN and ACIs
echo ""
echo "...Adding Base DN and ACIs..."
echo ""
bin/ldapmodify \
--port $PORT \
--bindDN "$USER" \
--bindPassword $PASS \
--defaultAdd \
--filename $T/add-cts-entries.ldif \
--useSSL \
--trustAll
echo "BaseDN and ACIs added."

# Verify BaseDN and ACIs
bin/ldapsearch --port $PORT --bindDN "$USER" --bindPassword $PASS \
 --baseDN "$CTS_DN" --searchscope sub --useSSL --trustAll  "(objectclass=*)"



# Add the Admin Global ACI
echo ""
echo "...Adding Admin Global ACIs..."
echo ""
bin/dsconfig set-access-control-handler-prop \
--add global-aci:'(target = "ldap:///cn=schema")(targetattr = "attributeTypes || objectClasses")(version 3.0; acl "Modify schema"; allow (write) userdn = "ldap:///uid=openam,ou=admins,dc=cts,dc=example,dc=com";)' \
--port $PORT \
--bindDN "$USER" \
--bindPassword $PASS \
--trustAll \
--no-prompt
echo "Global ACI added."


# Verify Global ACI
bin/dsconfig get-access-control-handler-prop --property global-aci --port $PORT \
 --bindDN "$USER" --bindPassword $PASS -X -n

# Copy the Schema, Indexes, and Container files for CTS
echo ""
echo "... Begin copying schema, indexes, and container ..."
cp $LDIF_DIR/cts-add-schema.ldif $T/cts-add-schema.ldif
cat $LDIF_DIR/cts-indices.ldif | sed -e 's/@DB_NAME@/cts-store/' > $T/cts-indices.ldif
cat $LDIF_DIR/cts-container.ldif | sed -e \
 "s/@SM_CONFIG_ROOT_SUFFIX@/$CTS_DN/" > $T/cts-container.ldif
echo "Schema, index, and container files copied."

# Add the Schema Files
echo ""
echo "... Adding CTS Schema ..."
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword $PASS \
 --fileName $T/cts-add-schema.ldif --useSSL --trustAll

# Add the CTS Indexes
echo ""
echo "... Adding CTS Indexes ..."
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword $PASS --defaultAdd \
 --fileName $T/cts-indices.ldif --useSSL --trustAll

# Add the CTS Container Files
echo ""
echo "... Adding CTS Container ..."
bin/ldapmodify --port $PORT --bindDN "$USER" --bindPassword "$PASS" --defaultAdd \
 --fileName $T/cts-container.ldif --useSSL --trustAll

# Rebuild the Indexes
echo ""
echo "... Rebuilding Index ..."
bin/rebuild-index --port $PORT --bindDN "$USER" --bindPassword "$PASS" \
 --baseDN "$CTS_DN" --rebuildALL --start 0 --trustAll

# Verify the Indexes
echo ""
echo "... Verifying Index ..."
bin/verify-index --baseDN "$CTS_DN"

echo ""
echo "Your CTS External Store has been successfully installed and configured."
exit 0