#!/bin/bash # # Server-Setup v0.1 Paul Matthews (c) 27-10-2005 # # # This software was made with the help of # Squidmanage v0.5 Matt Keadle (c) 02-14-2002 # Released under the terms of the GPL. # found on http://mkeadle.org/ # ################################################################################ # Check for root if ! [ $(whoami) = 'root' ] ; then echo "You must be root to run this program"; exit 1; fi # Check for dialog if type -p dialog; then DIALOG="$(type -p dialog) --aspect 75"; else echo "dialog not found!"; exit 1; fi ############### Variables: ##################################################### TMP="/tmp/smout.$$" TMP2="/tmp/smout2.$$" ############### Main menu: ##################################################### mainmenu(){ if ! $DIALOG --menu\ "Main Menu - SeverSetup-v0.01" 10 40 6\ "S " "Squid with NTLM"\ "J " "Join Windows Domain"\ "L " "LAM & OpenLDAP & Samba PDC"\ "A " "Setup OpenLDAP Server"\ "R " "Realtime monitor"\ 2> $TMP then postprocess fi case $(cat $TMP) in "S ") squidntlm ;; "J ") joindomain ;; "L ") samba ;; "A ") openldap ;; "R ") monitorsub ;; esac } ########## commands: ########### squidntlm(){ /usr/bin/clear echo " *********************************************************************************** **************************Setup kerberos File************************************** ***********************************************************************************" echo "" X=WINDOWS.SERVER.INT echo "Enter the DNS name of your windows domain in capitals:" printf "default DNS name = $X: " read X if [ "$X" = "" ]; then X=WINDOWS.SERVER.INT fi echo "" Y=mc1.windows.server.int echo "Enter the DNS name of your windows domain controller:" printf "default DNS name = $Y: " read Y if [ "$Y" = "" ]; then Y=mc1.windows.server.int fi echo "" Z=windows.server.int echo "Enter the DNS name of your windows domain in lower case:" printf "default DNS name = $Z: " read Z if [ "$Z" = "" ]; then Z=windows.server.int fi echo "" echo " [libdefaults] default_realm = $X [realms] $X = { kdc = $Y default_domain = $X kpasswd_server = $Y admin_server = $Y } [domain_realm] .$Z = $X" > krb5.conf echo " *********************************************************************************** *****************************Setup Samba File************************************** ***********************************************************************************" echo "" B=WINDOWS echo "Enter short domain name of your windows domain in capitals:" printf "default realm = $B: " read B if [ "$B" = "" ]; then B=WINDOWS fi echo "" echo " workgroup = $B security = ads realm = $X encrypt passwords = yes username map = /etc/samba/smbusers winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes" > smb.conf ############################## setup squid file ########################### echo " ********************************************************************************* *******************************configuring Squid********************************* *********************************************************************************" echo "" D=3128 echo "choose the port squid will run on" printf "default port = $D: " read D if [ "$D" = "" ]; then D=3128 fi E=/usr/bin/ntlm_auth echo "Choose the path to ntlm_auth file for your ntlm auth" printf "default path = $E: " read E if [ "$E" = "" ]; then E='/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp' else E=$E' --helper-protocol=squid-2.5-ntlmssp' fi F=/usr/bin/ntlm_auth echo "Choose the path to ntlm_auth file for your basic auth" printf "default path = $F: " read F if [ "$F" = "" ]; then F='/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp' else F=$F' --helper-protocol=squid-2.5-ntlmssp' fi echo " http_port $D acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param ntlm program $E auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param ntlm use_ntlm_negotiate on auth_param basic program $F auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param basic casesensitive off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ntlm_auth proxy_auth REQUIRED http_access allow ntlm_auth http_access allow localhost http_reply_access allow all icp_access allow all cache_effective_user squid cache_effective_group squid" > squid.conf ############################### setup Kerberos ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/krb5.conf echo "Enter the path to your kerberos file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/krb5.conf; fi cp $X $X.backup; cp krb5.conf $X; echo "Your old kerberos file has been backed up to $X.backup"; echo "" ############################### setup Samba ############################# echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" ############################### setup Squid ############################# echo " ********************************************************************************* ******************************configuring Squid******************************* *********************************************************************************" echo "" X=/etc/squid/squid.conf echo "Enter the path to your squid file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/squid/squid.conf; fi cp $X $X.backup; cp squid.conf $X; echo "Your old squid file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************Setting up kerberos******************************** *********************************************************************************" echo"" U=administrator echo "Enter the domain administrator user on your windows domain [default is $U]" printf "The defaul user is [$U]: " read U if [ "$U" = "" ]; then U=administrator; fi echo "" kinit $U echo " ********************************************************************************* ******************************joining the domain********************************* *********************************************************************************" echo "" net join -S $Y -U $U echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/winbind restart /etc/init.d/smb restart /etc/init.d/squid restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig winbind on echo "winbind set to start on boot" /sbin/chkconfig squid on echo "squid set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then squidntlm fi } joindomain(){ /usr/bin/clear echo " *********************************************************************************** **************************Setup kerberos File************************************** ***********************************************************************************" echo "" X=WINDOWS.SERVER.INT echo "Enter the DNS name of your windows domain in capitals:" printf "default_realm = $X: " read X if [ "$X" = "" ]; then X=WINDOWS.SERVER.INT fi echo "" Y=mc1.windows.server.int echo "Enter the DNS name of your windows domain controller:" printf "default_realm = $Y: " read Y if [ "$Y" = "" ]; then Y=mc1.windows.server.int fi echo "" Z=windows.server.int echo "Enter the DNS name of your windows domain in lower case:" printf "default_realm = $Z: " read Z if [ "$Z" = "" ]; then Z=windows.server.int fi echo "" echo " [libdefaults] default_realm = $X [realms] $X = { kdc = $Y default_domain = $X kpasswd_server = $Y admin_server = $Y } [domain_realm] .$Z = $X" > krb5.conf echo " *********************************************************************************** *****************************Setup Samba File************************************** ***********************************************************************************" echo "" B=WINDOWS echo "Enter short domain name of your windows domain in capitals:" printf "default_realm = $B: " read B if [ "$B" = "" ]; then B=WINDOWS fi echo "" echo " workgroup = $B security = ads realm = $X encrypt passwords = yes username map = /etc/samba/smbusers winbind uid = 10000-20000 winbind gid = 10000-20000 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes" > smb.conf ############################### setup Kerberos ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/krb5.conf echo "Enter the path to your kerberos file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/krb5.conf; fi cp $X $X.backup; cp krb5.conf $X; echo "Your old kerberos file has been backed up to $X.backup"; echo "" ############################### setup Samba ############################# echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************Setting up kerberos******************************** *********************************************************************************" echo"" U=administrator echo "Enter the domain administrator user on your windows domain [default is $U]" printf "The defaul user is [$U]: " read U if [ "$U" = "" ]; then U=administrator; fi echo "" kinit pma echo " ********************************************************************************* ******************************joining the domain********************************* *********************************************************************************" echo "" net join -S $Y -U $U echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/winbind restart /etc/init.d/smb restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig winbind on echo "winbind set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" echo "" echo "Now you might want to look into PAM (pluggable authentication Module) found in the /etc/pam.d/ folder. if you want to use winbind to authentication your pop3 e-mail server then edit the /etc/pam.d/pop file." echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then joindomain fi } samba(){ /usr/bin/clear echo " *********************************************************************************** ****************************Setup ldap File**************************************** ***********************************************************************************" echo "" A='dc=fedora,dc=directory,dc=server' echo "Enter the base for your ldap server" printf "the default base = $A: " read A if [ "$A" = "" ]; then A='dc=fedora,dc=directory,dc=server' fi echo "" B=mc1.fedora.directory.server echo "Enter the host for your ldap server" printf "the default host = $B: " read B if [ "$B" = "" ]; then A=mc1.fedora.directory.server fi echo " # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST $A BASE $B TLS_CAiCERTDIR /etc/openldap/cacerts" > ldap.conf echo " *********************************************************************************** ****************************Setup slapd File*************************************** ***********************************************************************************" echo "" Q=/usr/share/doc/samba-3.0.8/LDAP/samba.schema echo "Enter the location of your samba.schema file" printf "the default = $Q: " read Q if [ "$Q" = "" ]; then Q=/usr/share/doc/samba-3.0.8/LDAP/samba.schema fi echo "" R=/etc/openldap/schema/ echo "Enter the location of yuor schema dire" printf "the default = $R: " read R if [ "$R" = "" ]; then R=/etc/openldap/schema/ fi cp $Q $R echo "" C='cn=Manager,dc=fedora,dc=directory,dc=server' echo "Enter the root cn for your ldap server" printf "the default cn = $C: " read C if [ "$C" = "" ]; then C='cn=Manager,dc=fedora,dc=directory,dc=server' fi echo "" echo "Lets set a password for $C" D=`/usr/sbin/slappasswd` echo "" /usr/bin/smbpasswd -w $D echo "" echo " include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix \"$A\" rootdn \"$C\" rootpw $D directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub " > slapd.conf E='Fedora Directory Server' echo "Enter the organization name for your ldap server" printf "the default organization name = $E: " read E if [ "$E" = "" ]; then E='Fedora Directory Server' fi echo "" F=Fedora echo "Enter the DC for your ldap server" printf "the default cn = $F: " read F if [ "$F" = "" ]; then F=Fedora fi echo "" echo " dn: $A objectclass: dcobject objectClass: organization o: $E dc: $F" > /tmp/domain.ldif ############################### setup ldap ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/openldap/ldap.conf echo "Enter the path to your ldap file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/ldap.conf; fi cp $X $X.backup; cp ldap.conf $X; echo "Your old ldap file has been backed up to $X.backup"; echo "" ############################### setup slap ############################# echo " ********************************************************************************* ******************************configuring kerberos******************************* *********************************************************************************" echo "" X=/etc/openldap/slapd.conf echo "Enter the path to your slapd file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/slapd.conf; fi cp $X $X.backup; cp slapd.conf $X; echo "Your old slapd file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************starting ldap server******************************* *********************************************************************************" echo "" /etc/init.d/ldap restart echo "" /usr/bin/ldapadd -x -D 'C$' -W -f /tmp/domain.ldif -H ldap://localhost echo " ********************************************************************************* **********************downloading and installing LAM***************************** *********************************************************************************" echo "make sure your connected to the internet for the next part, LAM will be downloaded for you" echo "" V='wget http://optusnet.dl.sourceforge.net/sourceforge/lam/ldap-account-manager_0.5.1.tar.gz' echo "Enter the URL of the latest LAM file" printf "the default base = $V: " read V if [ "$V" = "" ]; then V='wget http://optusnet.dl.sourceforge.net/sourceforge/lam/ldap-account-manager_0.5.1.tar.gz' fi echo "" gzip -d ldap-account-manager* tar -xf ldap-account-manager* rm ldap-account-manager* -f echo " *********************************************************************************** **********************Setup LAM config.cfg File************************************ ***********************************************************************************" echo "" H=lam echo "Enter the password at access LAM" printf "the default base = $H: " read H if [ "$H" = "" ]; then H=lam fi echo " # password to add/delete/rename configuration profiles password: lam # default profile, without ".conf" default: lam" > config.cfg echo "" echo " *********************************************************************************** ************************Setup LAM lam.conf File************************************ ***********************************************************************************" echo "" I=ldap://localhost:389 echo "Enter the ldap server address" printf "the default address = $I: " read I if [ "$I" = "" ]; then I=ldap://localhost:389 fi J='ou=people,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the ldap users" printf "the default base = $J: " read J if [ "$J" = "" ]; then J='ou=people,dc=fedora,dc=directory,dc=server' fi K='ou=groups,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the ldap groups" printf "the default base = $K: " read K if [ "$K" = "" ]; then K='ou=groups,dc=fedora,dc=directory,dc=server' fi L='ou=machines,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the Samba hosts" printf "the default base = $L: " read L if [ "$L" = "" ]; then L='ou=machines,dc=fedora,dc=directory,dc=server' fi M='ou=domains,dc=fedora,dc=directory,dc=server' echo "please enter the suffix for the Samba domain" printf "the default base = $M: " read M if [ "$M" = "" ]; then M='ou=domains,dc=fedora,dc=directory,dc=server' fi echo " serverURL: $I # list of users who are allowed to use LDAP Account Manager admins: $C # password to change these preferences via webfrontend passwd: $H # suffix of users usersuffix: $J # suffix of groups groupsuffix: $K # suffix of Samba hosts hostsuffix: $L # suffix of Samba 3 domains domainsuffix: $M # list of attributes to show in user list # entries can either be predefined values (e.g. '#cn' or '#uid') # or individual ones (e.g. 'uid:User ID' or 'host:Host Name') # values have to be seperated by semicolons userlistAttributes: #uid;#givenName;#sn;#uidNumber;#gidNumber # list of attributes to show in group list # entries can either be predefined values (e.g. '#cn' or '#gidNumber') # or individual ones (e.g. 'cn:Group Name') # values have to be seperated by semicolons grouplistAttributes: #cn;#gidNumber;#memberUID;#description # list of attributes to show in host list # entries can either be predefined values (e.g. '#cn' or '#uid') # or individual ones (e.g. 'cn:Host Name') # values have to be seperated by semicolons hostlistAttributes: #cn;#description;#uidNumber;#gidNumber # maximum number of rows to show in user/group/host lists maxlistentries: 30 # default language (a line from config/language) defaultLanguage: en_GB:UTF-8:English (Britain) # Path to external Script scriptPath: # Server of external Script scriptServer: # Number of minutes LAM caches LDAP searches. cachetimeout: 5 # List of used user modules usermodules: shadowAccount,inetOrgPerson,posixAccount,sambaSamAccount # List of used group modules groupmodules: posixGroup,sambaGroupMapping # List of used host modules hostmodules: account,sambaSamAccount,posixAccount # Module settings modules: posixAccount_minUID: 00000 modules: posixAccount_maxUID: 30000 modules: posixAccount_minMachine: 50000 modules: posixAccount_maxMachine: 60000 modules: posixGroup_minGID: 00000 modules: posixGroup_maxGID: 20000 modules: posixGroup_pwdHash: SSHA modules: posixAccount_pwdHash: SSHA" > lam.conf #######################making samba share folders################################# mkdir /etc/samba/share/ mkdir /etc/samba/logs/ mkdir /etc/samba/netlogon/ mkdir /etc/samba/profiles/ chmod -R a+rwx /etc/samba/ echo " *********************************************************************************** ****************************Setup Samba******************************************** ***********************************************************************************" echo "" N=fedora echo "Enter the domain name" printf "the default base = $N: " read N if [ "$N" = "" ]; then N=fedora fi echo"" echo " [global] ldap user suffix = $J ldap machine suffix = $L ldap group suffix = $K ldap suffix = $A ldap admin dn = \"$C \" encrypt passwords = yes passdb backend = ldapsam:ldap://127.0.0.1 wins support = true ldap delete dn = no ldap passwd sync = yes os level = 50 security = user ldap replication sleep = 1000 [global] ;Basic server settings workgroup = $N comment = Samba %v Server ;Necessary for PDC to act as the domain and local master encrypt passwords = yes os level = 64 security = user domain logons = yes preferred master = yes domain master = yes local master = yes ;Where user profiles are stored logon path = \\%L\profiles\%U ;Location of user's home directory and where it should be mounted logon drive = H: logon home = \\%L\%U\ ;Sets the printing to CUPS printing = cups printcap = /etc/printcap load printers = yes ;Other global options socket options = TCP_NODELAY map to guest = Bad User ;Acts as a WINS server wins support = yes deadtime = 15 ;Necessary share for domain controller [netlogon] writeable = yes public = yes path = /etc/samba/netlogon write list = admin [profiles] path = /etc/samba/profiles writeable = yes create mask = 0600 directory mask = 0700 ;Home directoy shares (Mounts the user's home directory) [homes] comment = Linux Home directory space path = %H writeable = yes valid users = %S create mode = 0600 directory mode = 0700 locking = no ;A simple share of the /share directory [share] path = /etc/samba/share browseable = yes writeable = yes ;A share for the cdrom mounts at /media/cdrom [cdrom] comment = Linux CD-ROM path = /media/cdrom read only = yes locking = no root preexec = /bin/mount /dev/cdrom /media/cdrom root postexec = /bin/umount /media/cdrom ;Basic printer settings [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes" > smb.conf echo " ********************************************************************************* ******************************Setting up apache********************************** *********************************************************************************" echo "" O='/var/www/html/' echo "Enter the root directory of apache" printf "the default base = $O: " read O if [ "$O" = "" ]; then O='/var/www/html/' fi echo"" mv ldap-acc* ldap echo "go to https://localhost/ldap/ to access the LAM web interface" cp -rf ldap $O echo "" echo " ********************************************************************************* *******************************configuring Samba********************************* *********************************************************************************" echo "" X=/etc/samba/smb.conf echo "Enter the path to your Samba file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/samba/smb.conf; fi cp $X $X.backup; cp smb.conf $X; echo "Your old Samba file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************LAM config.cfg************************************* *********************************************************************************" echo "" X=/var/www/html/ldap/config/ echo "Enter the path to your LAM config.cfg file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/var/www/html/ldap/config/; fi cp config.cfg $X; echo "" echo " ********************************************************************************* *******************************LAM lam.conf************************************** *********************************************************************************" echo "" X=/var/www/html/ldap/config/ echo "Enter the path to your lam.conf file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/var/www/html/ldap/config/; fi cp lam.conf $X; echo "" chown apache:apache -R /var/www/html echo " ********************************************************************************* ****************************Restarting the servers******************************* *********************************************************************************" echo "" /etc/init.d/httpd restart /etc/init.d/ldap restart /etc/init.d/smb restart echo " ********************************************************************************* ********************setting servers to start at boot***************************** *********************************************************************************" echo "" /sbin/chkconfig ldap on echo "ldap set to start on boot" /sbin/chkconfig smb on echo "samba set to start on boot" /sbin/chkconfig httpd on echo "Apache set to start on boot" echo " ********************************************************************************* ****************************LAM Instructions ************************************ *********************************************************************************" echo "" echo "Now go to your web browser and visit https://ip-address-of-lam-machine/ldap/ and finish off your configuration via the LAM web interface, make a root user/group with a UID/GID of 0 and then add your windows machine to the domain useing the root account and add the machine accounts" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then samba fi } openldap(){ /usr/bin/clear echo " *********************************************************************************** ****************************Setup ldap File**************************************** ***********************************************************************************" echo "" A='dc=fedora,dc=directory,dc=server' echo "Enter the base for your ldap server" printf "the default base = $A: " read A if [ "$A" = "" ]; then A='dc=fedora,dc=directory,dc=server' fi echo "" B=mc1.fedora.directory.server echo "Enter the host for your ldap server" printf "the default host = $B: " read B if [ "$B" = "" ]; then A=mc1.fedora.directory.server fi echo " # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never HOST $A BASE $B TLS_CAiCERTDIR /etc/openldap/cacerts" > ldap.conf echo " *********************************************************************************** ****************************Setup slapd File*************************************** ***********************************************************************************" echo "" C='cn=Manager,dc=fedora,dc=directory,dc=server' echo "Enter the root cn for your ldap server" printf "the default cn = $C: " read C if [ "$C" = "" ]; then C='cn=Manager,dc=fedora,dc=directory,dc=server' fi echo "" echo "Lets set a password for $C" D=`/usr/sbin/slappasswd` echo "" echo " include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema allow bind_v2 pidfile /var/run/slapd.pid argsfile /var/run/slapd.args database bdb suffix \"$A\" rootdn \"$C\" rootpw $D directory /var/lib/ldap index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub " > slapd.conf E='Fedora Directory Server' echo "Enter the organization name for your ldap server" printf "the default organization name = $E: " read E if [ "$E" = "" ]; then E='Fedora Directory Server' fi echo "" F=Fedora echo "Enter the DC for your ldap server" printf "the default cn = $F: " read F if [ "$F" = "" ]; then F=Fedora fi echo "" echo " dn: $A objectclass: dcobject objectClass: organization o: $E dc: $F" > /tmp/domain.ldif ############################### setup ldap ############################# echo " ********************************************************************************* ******************************configuring LDAP******************************* *********************************************************************************" echo "" X=/etc/openldap/ldap.conf echo "Enter the path to your ldap file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/ldap.conf; fi cp $X $X.backup; cp ldap.conf $X; echo "Your old ldap file has been backed up to $X.backup"; echo "" ############################### setup slapd ############################# echo " ********************************************************************************* ******************************configuring SLAPD******************************* *********************************************************************************" echo "" X=/etc/openldap/slapd.conf echo "Enter the path to your slapd file [default is $X]" printf "Config file directory [$X]: " read X if [ "$X" = "" ]; then X=/etc/openldap/slapd.conf; fi cp $X $X.backup; cp slapd.conf $X; echo "Your old slapd file has been backed up to $X.backup"; echo "" echo " ********************************************************************************* ******************************starting ldap server******************************* *********************************************************************************" echo "" /etc/init.d/ldap restart echo "" /usr/bin/ldapadd -x -D 'C$' -W -f /tmp/domain.ldif -H ldap://localhost echo "" echo "Now you might want to look into getting a Web or GUI based interface into OpenLDAP like LAM (LDAP Account Manager or phpLDAPadmin and set it up" echo "" W=y echo "Are you happy with that setup?" printf "If you are then type y, if not you can start again by typing n = [$W:] " read W if [ "$W" = "y" ]; then mainmenu fi if [ "$W" = "n" ]; then openldap fi } ############### Postprocess checking: ########################################## postprocess(){ /usr/bin/clear rm -f $TMP exit 0 } ############### Main: ########################################################## mainmenu exit $? ############### ServerSetup END ################################################ # This software was made with the help of # Squidmanage v0.5 Matt Keadle (c) 02-14-2002 # Released under the terms of the GPL. # found on http://mkeadle.org/