From c6cdbcdb3a4504a245c1ba51a59e9fa902348177 Mon Sep 17 00:00:00 2001 From: pebles Date: Tue, 2 Mar 2021 00:59:08 +0100 Subject: [PATCH] Prepare openldap to work with lowry (lastbind module and password format) and setup demo users to don't be locked or deleted on testing. --- Makefile | 4 ++++ examples/data.ldif | 4 ++-- examples/lastbind-module-enable.ldif | 6 ++++++ examples/lastbind-module-load.ldif | 6 ++++++ examples/passwd-format.ldif | 8 ++++++++ examples/sample-users-first-login.sh | 5 +++++ 6 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 examples/lastbind-module-enable.ldif create mode 100644 examples/lastbind-module-load.ldif create mode 100644 examples/passwd-format.ldif create mode 100644 examples/sample-users-first-login.sh diff --git a/Makefile b/Makefile index 4695d2c..c05fcd7 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,11 @@ deps: fixtures: sudo cp examples/sindominio.* /etc/ldap/schema/ sudo ldapadd -Y EXTERNAL -H ldapi:// -f /etc/ldap/schema/sindominio.ldif + sudo ldapmodify -Y EXTERNAL -H ldapi:// -f examples/passwd-format.ldif + sudo ldapmodify -Y EXTERNAL -H ldapi:// -f examples/lastbind-module-enable.ldif + sudo ldapadd -Y EXTERNAL -H ldapi:// -f examples/lastbind-module-load.ldif sudo slapadd -n 1 -l examples/data.ldif + sudo $(shell examples/sample-users-first-login.sh) demo: ./lowry -config examples/lowry.conf diff --git a/examples/data.ldif b/examples/data.ldif index c94e801..213e123 100644 --- a/examples/data.ldif +++ b/examples/data.ldif @@ -12,7 +12,7 @@ objectClass: shadowAccount objectClass: sdPerson objectClass: top sdRole: amiga -userPassword: {SSHA}FHqod3gytvH9MDGhpMV1DKjyU7eO1EDG +userPassword: {CRYPT}$6$$p0Hh2EoSEDPBIwNrVnlnl4hs2B8uY76fu87IXlC2CFoPwJlzY8nA1Hv/n5ykGE1oYlTg.LKjtUcbkHkkwA4ny/ loginShell: /bin/bash uidNumber: 1000 gidNumber: 1000 @@ -29,7 +29,7 @@ objectClass: shadowAccount objectClass: sdPerson objectClass: top sdRole: sindominante -userPassword: {SSHA}FHqod3gytvH9MDGhpMV1DKjyU7eO1EDG +userPassword: {CRYPT}$6$$p0Hh2EoSEDPBIwNrVnlnl4hs2B8uY76fu87IXlC2CFoPwJlzY8nA1Hv/n5ykGE1oYlTg.LKjtUcbkHkkwA4ny/ loginShell: /bin/bash uidNumber: 1001 gidNumber: 1001 diff --git a/examples/lastbind-module-enable.ldif b/examples/lastbind-module-enable.ldif new file mode 100644 index 0000000..8a6dbd4 --- /dev/null +++ b/examples/lastbind-module-enable.ldif @@ -0,0 +1,6 @@ +# Enable module lastbind +# ldapmodify -Y EXTERNAL -H ldapi:/// +dn: cn=module{0},cn=config +add: olcModuleLoad +olcModuleLoad: {0}lastbind + diff --git a/examples/lastbind-module-load.ldif b/examples/lastbind-module-load.ldif new file mode 100644 index 0000000..e2a5c6b --- /dev/null +++ b/examples/lastbind-module-load.ldif @@ -0,0 +1,6 @@ +# Config slapd to use lastbind overlay: +# ldapadd -Y EXTERNAL -H ldapi:/// +dn: olcOverlay={0}lastbind, olcDatabase={1}mdb,cn=config +objectClass: olcLastBindConfig +olcOverlay: {0}lastbind + diff --git a/examples/passwd-format.ldif b/examples/passwd-format.ldif new file mode 100644 index 0000000..da652a2 --- /dev/null +++ b/examples/passwd-format.ldif @@ -0,0 +1,8 @@ +# ldapmodify -Y EXTERNAL -H ldapi:/// +dn: cn=config +add: olcPasswordHash +olcPasswordHash: {CRYPT} +- +add: olcPasswordCryptSaltFormat +olcPasswordCryptSaltFormat: $6$%.16s + diff --git a/examples/sample-users-first-login.sh b/examples/sample-users-first-login.sh new file mode 100644 index 0000000..3751db0 --- /dev/null +++ b/examples/sample-users-first-login.sh @@ -0,0 +1,5 @@ +# Login to ldap so authTimestamp exists before first run. +ldapsearch -D 'uid=user,ou=People,dc=nodomain' -w foobar -b 'uid=user,ou=People,dc=nodomain' +ldapsearch -D 'uid=superuser,ou=People,dc=nodomain' -w foobar -b 'uid=superuser,ou=People,dc=nodomain' +ldapsearch -D 'uid=pebles,ou=People,dc=nodomain' -w foobar -b 'uid=pebles,ou=pebles,dc=nodomain' +