From c6cdbcdb3a4504a245c1ba51a59e9fa902348177 Mon Sep 17 00:00:00 2001
From: pebles <pebles@sindominio.net>
Date: Tue, 2 Mar 2021 00:59:08 +0100
Subject: [PATCH] Prepare openldap to work with lowry (lastbind module and
 password format) and setup demo users to don't be locked or deleted on
 testing.

---
 Makefile                             | 4 ++++
 examples/data.ldif                   | 4 ++--
 examples/lastbind-module-enable.ldif | 6 ++++++
 examples/lastbind-module-load.ldif   | 6 ++++++
 examples/passwd-format.ldif          | 8 ++++++++
 examples/sample-users-first-login.sh | 5 +++++
 6 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 examples/lastbind-module-enable.ldif
 create mode 100644 examples/lastbind-module-load.ldif
 create mode 100644 examples/passwd-format.ldif
 create mode 100644 examples/sample-users-first-login.sh

diff --git a/Makefile b/Makefile
index 4695d2c..c05fcd7 100644
--- a/Makefile
+++ b/Makefile
@@ -22,7 +22,11 @@ deps:
 fixtures:
 	sudo cp examples/sindominio.* /etc/ldap/schema/
 	sudo ldapadd -Y EXTERNAL -H ldapi:// -f /etc/ldap/schema/sindominio.ldif
+	sudo ldapmodify -Y EXTERNAL -H ldapi:// -f examples/passwd-format.ldif
+	sudo ldapmodify -Y EXTERNAL -H ldapi:// -f examples/lastbind-module-enable.ldif
+	sudo ldapadd -Y EXTERNAL -H ldapi:// -f examples/lastbind-module-load.ldif
 	sudo slapadd -n 1 -l examples/data.ldif
+	sudo $(shell examples/sample-users-first-login.sh)
 
 demo:
 	./lowry -config examples/lowry.conf
diff --git a/examples/data.ldif b/examples/data.ldif
index c94e801..213e123 100644
--- a/examples/data.ldif
+++ b/examples/data.ldif
@@ -12,7 +12,7 @@ objectClass: shadowAccount
 objectClass: sdPerson
 objectClass: top
 sdRole: amiga
-userPassword: {SSHA}FHqod3gytvH9MDGhpMV1DKjyU7eO1EDG
+userPassword: {CRYPT}$6$$p0Hh2EoSEDPBIwNrVnlnl4hs2B8uY76fu87IXlC2CFoPwJlzY8nA1Hv/n5ykGE1oYlTg.LKjtUcbkHkkwA4ny/
 loginShell: /bin/bash
 uidNumber: 1000
 gidNumber: 1000
@@ -29,7 +29,7 @@ objectClass: shadowAccount
 objectClass: sdPerson
 objectClass: top
 sdRole: sindominante
-userPassword: {SSHA}FHqod3gytvH9MDGhpMV1DKjyU7eO1EDG
+userPassword: {CRYPT}$6$$p0Hh2EoSEDPBIwNrVnlnl4hs2B8uY76fu87IXlC2CFoPwJlzY8nA1Hv/n5ykGE1oYlTg.LKjtUcbkHkkwA4ny/
 loginShell: /bin/bash
 uidNumber: 1001
 gidNumber: 1001
diff --git a/examples/lastbind-module-enable.ldif b/examples/lastbind-module-enable.ldif
new file mode 100644
index 0000000..8a6dbd4
--- /dev/null
+++ b/examples/lastbind-module-enable.ldif
@@ -0,0 +1,6 @@
+# Enable module lastbind
+# ldapmodify -Y EXTERNAL -H ldapi:/// 
+dn: cn=module{0},cn=config
+add: olcModuleLoad
+olcModuleLoad: {0}lastbind
+
diff --git a/examples/lastbind-module-load.ldif b/examples/lastbind-module-load.ldif
new file mode 100644
index 0000000..e2a5c6b
--- /dev/null
+++ b/examples/lastbind-module-load.ldif
@@ -0,0 +1,6 @@
+# Config slapd to use lastbind overlay:
+# ldapadd -Y EXTERNAL -H ldapi:/// 
+dn: olcOverlay={0}lastbind, olcDatabase={1}mdb,cn=config
+objectClass: olcLastBindConfig
+olcOverlay: {0}lastbind
+
diff --git a/examples/passwd-format.ldif b/examples/passwd-format.ldif
new file mode 100644
index 0000000..da652a2
--- /dev/null
+++ b/examples/passwd-format.ldif
@@ -0,0 +1,8 @@
+# ldapmodify -Y EXTERNAL -H ldapi:/// 
+dn: cn=config
+add: olcPasswordHash
+olcPasswordHash: {CRYPT}
+-
+add: olcPasswordCryptSaltFormat
+olcPasswordCryptSaltFormat: $6$%.16s
+
diff --git a/examples/sample-users-first-login.sh b/examples/sample-users-first-login.sh
new file mode 100644
index 0000000..3751db0
--- /dev/null
+++ b/examples/sample-users-first-login.sh
@@ -0,0 +1,5 @@
+# Login to ldap so authTimestamp exists before first run.
+ldapsearch -D 'uid=user,ou=People,dc=nodomain'      -w foobar -b 'uid=user,ou=People,dc=nodomain' 
+ldapsearch -D 'uid=superuser,ou=People,dc=nodomain' -w foobar -b 'uid=superuser,ou=People,dc=nodomain' 
+ldapsearch -D 'uid=pebles,ou=People,dc=nodomain'    -w foobar -b 'uid=pebles,ou=pebles,dc=nodomain' 
+