lemonlatte · July 9, 2012 03:22 · Jul 9, 2012
diff --git a/addUser.sh b/addUser.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+dn='dc=math,dc=nccu,dc=edu,dc=tw'
+username='jim.yeh'
+uid='jim.yeh'
+gid='student'
+
+cat << EOF > user_example.ldif
+
+dn: cn=$username,ou=users,ou=login,$dn
+uid: $username
+cn: $username
+objectClass: account
+objectClass: posixAccount
+objectClass: shadowAccount
+shadowMax: 99999
+shadowWarning: 7
+shadowFlag: 0
+loginShell: /bin/bash
+uidNumber: 500
+gidNumber: 500
+homeDirectory: /home/$username
+EOF
+
+ldapadd -c -x -D cn=admin,$dn -W -f user_example.ldif
+ldappasswd -x -D cn=admin,$dn -W -S cn=$username,ou=users,ou=login,$dn
+mkdir -p /home/$username
+#chown $username:student /home/$username
diff --git a/client_install.sh b/client_install.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+password='root123'
+dn='dc=math,dc=nccu,dc=edu,dc=tw'
+ldap_ip=192.168.11.6
+
+cat << EOF | sudo debconf-set-selections
+ldap-auth-config ldap-auth-config/dbrootlogin boolean false
+ldap-auth-config ldap-auth-config/pam_password select md5
+ldap-auth-config ldap-auth-config/move-to-debconf boolean true
+ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://$ldap_ip
+ldap-auth-config ldap-auth-config/ldapns/base-dn string ou=login,$dn
+ldap-auth-config ldap-auth-config/override boolean true
+ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
+ldap-auth-config ldap-auth-config/dblogin boolean false
+EOF
+
+apt-get install -y libnss-ldap nscd nfs-common
+auth-client-config -t nss -p lac_ldap
+pam-auth-update
+sed -e's,use_authtok,,g' -i /etc/pam.d/common-password
+/etc/init.d/nscd restart
+echo "$ldap_ip:/home /home nfs defaults 1 1" >> /etc/fstab
diff --git a/ou_struc_add.sh b/ou_struc_add.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+password='root123'
+dn='dc=math,dc=nccu,dc=edu,dc=tw'
+ldap_ip=192.168.11.6
+
+cat << EOF > ou.ldif
+
+# login, dc
+dn: ou=login,$dn
+ou: login
+objectClass: organizationalUnit
+
+# user, login, dc
+dn: ou=users,ou=login,$dn
+ou: users
+objectClass: organizationalUnit
+
+# group, login, dc
+dn: ou=groups,ou=login,$dn
+ou: groups
+objectClass: organizationalUnit
+
+dn: ou=mounts,ou=login,$dn
+ou: mounts
+objectClass: organizationalUnit
+
+# admin, group, login, dc
+dn: cn=admin,ou=groups,ou=login,$dn
+objectClass: posixGroup
+cn: admin
+gidNumber: 500
+memberUid: jim.yeh
+
+# teacher, group, login, dc
+dn: cn=teacher,ou=groups,ou=login,$dn
+objectClass: posixGroup
+cn: teacher
+gidNumber: 501
+
+# student, group, login, dc
+dn: cn=student,ou=groups,ou=login,$dn
+objectClass: posixGroup
+cn: student
+gidNumber: 502
+memberUid: jim.yeh
+EOF
+
+/etc/init.d/slapd stop
+slapadd -c -v -l ou.ldif
+/etc/init.d/slapd start
diff --git a/server_install.sh b/server_install.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+password='root123'
+dn='dc=math,dc=nccu,dc=edu,dc=tw'
+ldap_ip=192.168.11.6
+
+cat << EOF | sudo debconf-set-selections
+slapd slapd/internal/adminpw password root123
+slapd slapd/internal/generated_adminpw password root123
+slapd slapd/password2 password root123
+slapd slapd/password1 password root123
+slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+slapd slapd/domain string math.nccu.edu.tw
+slapd shared/organization string NCCU Mathematics
+slapd slapd/backend string HDB
+slapd slapd/purge_database boolean true
+slapd slapd/move_old_database boolean true
+slapd slapd/allow_ldap_v2 boolean false
+slapd slapd/no_configuration boolean false
+slapd slapd/dump_database string when needed
+EOF
+
+apt-get install -y slapd ldap-utils nfs-common nfs-kernel-server
+
+hash_pw=`slappasswd -s $password`
+
+cat << EOF > /etc/ldap/ldap.conf
+BASE    $dn
+URI     ldap://$ldap_ip
+SSL     no
+pam_password    md5
+TLS_CACERT      /etc/ssl/certs/ca-certificates.crt
+nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm
+EOF
+
+dpkg-reconfigure -f noninteractive slapd
+
+ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
+ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif 
+ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif 
+ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif 
+
+cat << EOF > database.ldif
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+replace: olcRootPW
+olcRootPW: $hash_pw
+
+dn: olcDatabase={1}hdb,cn=config
+add: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,$dn" write by anonymous auth by self write by * none
+olcAccess: {1}to dn.subtree="" by * read
+olcAccess: {2}to * by dn="cn=admin,$dn" write by * read
+
+dn: olcDatabase={1}hdb,cn=config
+add: olcDbIndex
+olcDbIndex: uid,gidNumber,uidNumber pres,eq
+olcDbIndex: cn,sn,mail,givenName,memberUid pres,eq,approx,sub
+
+dn: olcDatabase={-1}frontend,cn=config
+changetype: modify
+delete: olcAccess
+
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcRootDN
+olcRootDN: cn=admin,cn=config
+
+dn: olcDatabase={0}config,cn=config
+changetype: modify
+add: olcRootPW
+olcRootPW: $hash_pw
+EOF
+ldapmodify -Y EXTERNAL -H ldapi:/// -f database.ldif
+
+echo '/home 140.119.66.0/24(rw),140.119.175.0/24(rw)' >> /etc/exports
+mkdir -p /etc/exports.d
+/etc/init.d/nfs-kernel-server restart