diff --git a/README.md b/README.md index c4c8767..a1380c0 100644 --- a/README.md +++ b/README.md @@ -854,7 +854,11 @@ server are both running on the same machine. [Installation Script](vagrant-setup/openldap24.sh) -OpenLDAP is compiled with TCP Wrappers and using Berkeley DB 6.2 as database. +OpenLDAP is compiled with TCP Wrappers and using MDB as database. + +Berkeley DB 6.2 (HDB) can also be used by editing [slapd2.ldif](vagrant-setup/ldap/slapd2.ldif) and [ppolicyoverlay.ldif](vagrant-setup/ldap/ppolicyoverlay.ldif). + +A password policy is set with an SSHA password hashing scheme. If HTTPD is installed then OpenLDAP script installs phpLDAPAdmin as well which can be accessed through: diff --git a/vagrant-setup/ldap/init.d/slapd b/vagrant-setup/ldap/init.d/slapd index 8929547..1f93687 100644 --- a/vagrant-setup/ldap/init.d/slapd +++ b/vagrant-setup/ldap/init.d/slapd @@ -13,11 +13,21 @@ echo "starting slapd server" ;; stop) echo "stopping slapd server" -kill -INT `cat /usr/local/var/run/slapd.pid` +if [ -f "cat /usr/local/var/run/slapd.pid" ] +then + kill -INT `cat /usr/local/var/run/slapd.pid` +else + kill -9 `pidof slapd` +fi ;; restart) echo "stopping slapd server" -kill -INT `cat /usr/local/var/run/slapd.pid` +if [ -f "cat /usr/local/var/run/slapd.pid" ] +then + kill -INT `cat /usr/local/var/run/slapd.pid` +else + kill -9 `pidof slapd` +fi echo "starting slapd server" /usr/local/libexec/slapd -F /usr/local/etc/openldap/slapd.d ;; diff --git a/vagrant-setup/ldap/ppolicyoverlay.ldif b/vagrant-setup/ldap/ppolicyoverlay.ldif index 162f22b..eaa7efb 100644 --- a/vagrant-setup/ldap/ppolicyoverlay.ldif +++ b/vagrant-setup/ldap/ppolicyoverlay.ldif @@ -1,8 +1,8 @@ -dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config +dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyDefault: cn=default,ou=Policies,dc=auth,dc=com -olcPPolicyHashCleartext: FALSE +olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE diff --git a/vagrant-setup/ldap/slapd2.ldif b/vagrant-setup/ldap/slapd2.ldif index cc54fb7..2a067c9 100644 --- a/vagrant-setup/ldap/slapd2.ldif +++ b/vagrant-setup/ldap/slapd2.ldif @@ -26,33 +26,66 @@ include: file:///usr/local/etc/openldap/schema/core.ldif include: file:///usr/local/etc/openldap/schema/ppolicy.ldif ####################################################################### -# BDB database definitions +# BDB/HDB database definitions ####################################################################### -dn: olcDatabase=bdb,cn=config -objectClass: olcDatabaseConfig -objectClass: olcBdbConfig -olcDatabase: bdb -olcSuffix: dc=auth,dc=com -olcRootDN: cn=Manager,dc=auth,dc=com -olcRootPW: secret -olcDbDirectory: /usr/local/var/auth-data -olcDbCachesize: 1000 -olcDbIDLcacheSize: 3000 -olcDbSearchStack: 8 -olcDbIndex: objectClass,ou,cn,sn,uid,email eq -olcAccess: to attrs=userPassword - by self write - by anonymous auth - by dn.base="cn=Manager,dc=auth,dc=com" write - by * none +# dn: olcDatabase=bdb,cn=config +# objectClass: olcDatabaseConfig +# objectClass: olcBdbConfig +# olcDatabase: bdb +# olcSuffix: dc=auth,dc=com +# olcRootDN: cn=Manager,dc=auth,dc=com +# olcRootPW: secret +# olcDbDirectory: /usr/local/var/auth-data +# olcDbCachesize: 1000 +# olcDbIDLcacheSize: 3000 +# olcDbSearchStack: 8 +# olcDbIndex: objectClass,ou,cn,sn,uid,email eq +# olcAccess: to attrs=userPassword +# by self write +# by anonymous auth +# by dn.base="cn=Manager,dc=auth,dc=com" write +# by * none +# olcAccess: to * +# by self write +# by anonymous search +# by dn.base="cn=Manager,dc=auth,dc=com" write +# by * read + +# dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config +# objectclass: olcPPolicyConfig +# olcOverlay: ppolicy +# olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com + +####################################################################### +# MDB database definitions +####################################################################### + +dn: olcDatabase=mdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcMdbConfig +olcDatabase: mdb +olcSuffix: dc=auth,dc=com +olcDbDirectory: /usr/local/var/auth-data +olcRootDN: cn=Manager,dc=auth,dc=com +olcRootPW: secret +olcDbIndex: objectClass eq +olcLastMod: TRUE +olcMonitoring: TRUE +olcDbEnvFlags: writemap +olcDBNoSync: TRUE olcAccess: to * by self write by anonymous search by dn.base="cn=Manager,dc=auth,dc=com" write - by * read + by * read +olcAccess: to attrs=userPassword + by dn="cn=Manager,dc=auth,dc=com" write + by anonymous auth + by self write + by * none -dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config +dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config objectclass: olcPPolicyConfig olcOverlay: ppolicy olcPPolicyDefault: cn=passwordDefault,ou=Policies,dc=auth,dc=com diff --git a/vagrant-setup/openldap24.sh b/vagrant-setup/openldap24.sh index da45149..6f728b7 100644 --- a/vagrant-setup/openldap24.sh +++ b/vagrant-setup/openldap24.sh @@ -38,7 +38,7 @@ else export LD_LIBRARY_PATH="/usr/share/$BDB/build_unix/.libs" # ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libexecdir=/usr/lib --disable-static --disable-debug --with-tls=openssl --with-cyrus-sasl --enable-dynamic --enable-crypt --enable-spasswd --enable-slapd --enable-modules --enable-rlookups --enable-backends=mod --disable-ndb --disable-sql --disable-shell --disable-bdb --disable-hdb --enable-overlays=mod - ./configure --enable-wrappers --enable-ppolicy --disable-hdb --disable-mdb --disable-ndb --disable-sql + ./configure --enable-wrappers --enable-ppolicy --enable-mdb --disable-bdb --disable-hdb --disable-sql make depend make make install