From 6d1442ace4813bcc19d69c7b532469b84e5ee1b5 Mon Sep 17 00:00:00 2001
From: sergiomt <sergiom@knowgate.com>
Date: Mon, 21 Jan 2019 11:20:19 +0000
Subject: [PATCH] Add ppolicy

---
 README.md                              |  86 +++++++++++++++++++------
 vagrant-setup/ldap/auth.ldif           |   8 +--
 vagrant-setup/ldap/ppolicymodule.ldif  | Bin 0 -> 188 bytes
 vagrant-setup/ldap/ppolicyoverlay.ldif |   8 +++
 vagrant-setup/ldap/slapd.ldif          |   5 ++
 vagrant-setup/openldap24.sh            |  33 ++++++----
 6 files changed, 105 insertions(+), 35 deletions(-)
 create mode 100644 vagrant-setup/ldap/ppolicymodule.ldif
 create mode 100644 vagrant-setup/ldap/ppolicyoverlay.ldif

diff --git a/README.md b/README.md
index 9bf7201..c4c8767 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,7 @@ Then it is possible to install selectively the following applications.
 - [OpenLDAP 2.4 + phpLDAPAdmin](#openldap-24)
 - [Openshift 3.7.1](#openshift-371)
 - [Oracle Express 11g2](#oracle-11g)
+- [Oracle 12c](#oracle-12c)
 - [phpPgAdmin 5.1.2](#phppgadmin)
 - [Play Framework 2.2.6](#play-framework-226)
 - [PostgreSQL 9.3 or 9.6 + PostGIS 2.0 or 2.4](#postgresql-93-or-96)
@@ -204,6 +205,38 @@ Read more on Vagrant provisioners [here](https://www.packer.io/docs/provisioners
 
 -------------------------------------------------------------------------------
 
+# HOW TO ADD SWAP SPACE
+
+Some applications, i.e. Oracle need a swap space bigger than the default of 1279 Mb.
+
+If you need to increase the swap space do the following:
+
+With the VM halted, you must add a new virtual hard disk from Virtualbox by right clicking on the machine and then Configuration -> Storage.
+Click on the icon of a hard drive with a + sign and add a new disk of 2Gb fixed size.
+
+After adding the new hard disk do `vagrant up machine_name`
+
+Once logged in type:
+
+`sudo vgdisplay`
+this will display the volume group information showing something like:
+VG Name **cl**
+
+Then execute
+`sudo fdisk -l`
+to list the available drives.
+You should get in the list **/dev/hdb** or **/dev/sdb** depending on whether you are using spinning or solid states physical drives.
+
+Now execute:
+`
+sudo pvcreate /dev/sdb
+sudo vgextend cl /dev/sdb
+sudo lvextend -L+2G /dev/cl/swap
+`
+this will add 2Gb to the swap space.
+
+-------------------------------------------------------------------------------
+
 # CENTOS 7.3
 
 The password for **root** and **vagrant** users is **vagrant**
@@ -865,36 +898,49 @@ Before running the install script you must have an Oracle OTN account to downloa
 http://download.oracle.com/otn/linux/oracle11g/xe/oracle-xe-11.2.0-1.0.x86_64.rpm.zip
 and save it at `/vagrant/vagrant-setup/cache`
 
+You can also fully automate the download by adding an `?AuthParam=XXXXXXXXXX_HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH` to the URL.
+The `AuthParam` value can be seen in the download URL used after you authenticate in Oracle OTN.
+
 Oracle Database needs a swap space of at least 2048 Mb which is more that the default of 1279 Mb that comes out of the box. 
-So before you begin and with the VM halted, you must add a new virtual hard disk from Virtualbox by right clicking on the machine and then Configuration -> Storage.
-Click on the icon of a hard drive with a + sign and add a new disk of 2Gb fixed size.
+To increase the swap space follow these [instructions](#how-to-add-swap-space).
 
-After adding the new hard disk do `vagrant up machine_name`
+After increasing the swap space you can start installation by running the Bash script provided.
 
-Once logged in type:
+## Install
 
-`sudo vgdisplay`
-this will display the volume group information showing something like:
-VG Name **cl**
+[Installation Script](vagrant-setup/oracle11g2.sh)
 
-Then execute
-`sudo fdisk -l`
-to list the available drives.
-You should get in the list **/dev/hdb** or **/dev/sdb** depending on whether you are using spinning or solid states physical drives.
+## Post installation configuration
 
-Now execute:
-`
-sudo pvcreate /dev/sdb
-sudo vgextend cl /dev/sdb
-sudo lvextend -L+2G /dev/cl/swap
-`
-this will add 2Gb to the swap space.
+As part of the installation process, the script will automatically initiate oracle-xe configure which will interactively ask you questions about which ports must be used and whether Oracle must start on boot or not.
+
+If you are using a GUI like Cinnamon then you can also install **SQL Developer**.
+As for the database, you need an OTN account to download SQL Developer from
+http://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/index.html
+Then install it with
+`rpm -Uhv sqldeveloper-(build number)-1.noarch.rpm`
 
-Now you can start installation by running the provided Bash script.
+-------------------------------------------------------------------------------
+
+# ORACLE 12C
+
+## Prerequisites
+
+Before running the install script you must have an Oracle OTN account to download
+https://download.oracle.com/otn/linux/oracle12c/122010/linux_zser64_12201_database.zip
+and save it at `/vagrant/vagrant-setup/cache`
+
+You can also fully automate the download by adding an `?AuthParam=XXXXXXXXXX_HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH` to the URL.
+The `AuthParam` value can be seen in the download URL used after you authenticate in Oracle OTN.
+
+Oracle Database needs a swap space of at least 2048 Mb which is more that the default of 1279 Mb that comes out of the box. 
+To increase the swap space follow these [instructions](#how-to-add-swap-space).
+
+After increasing the swap space you can start installation by running the Bash script provided.
 
 ## Install
 
-[Installation Script](vagrant-setup/oracle11g2.sh)
+[Installation Script](vagrant-setup/oracle12c2.sh)
 
 ## Post installation configuration
 
diff --git a/vagrant-setup/ldap/auth.ldif b/vagrant-setup/ldap/auth.ldif
index 256607b..e38e975 100644
--- a/vagrant-setup/ldap/auth.ldif
+++ b/vagrant-setup/ldap/auth.ldif
@@ -11,7 +11,7 @@ description: All users in Clocial
 objectClass: organizationalUnit
 
 # Password policy
-# http://www.zytrax.com/books/ldap/ch6/ppolicy.html
+# see http://www.zytrax.com/books/ldap/ch6/ppolicy.html
 dn: cn=default,ou=Users,dc=auth,dc=com
 objectClass: top
 objectClass: device
@@ -21,9 +21,9 @@ pwdAttribute: userPassword
 pwdMaxAge: 0
 pwdExpireWarning: 0
 pwdInHistory: 0
-pwdCheckQuality: 1
-pwdMinLength: 4
-pwdMaxFailure: 5
+pwdCheckQuality: 0
+pwdMinLength: 0
+pwdMaxFailure: 0
 pwdLockout: FALSE
 pwdLockoutDuration: 86400
 pwdGraceAuthNLimit: 0
diff --git a/vagrant-setup/ldap/ppolicymodule.ldif b/vagrant-setup/ldap/ppolicymodule.ldif
new file mode 100644
index 0000000000000000000000000000000000000000..603d6ca714a068951a34bf0dfc8ca20dc1e63b31
GIT binary patch
literal 188
zcmZXNK?;K~5JlhGQ}h5LT^G7?TMwa$m6SFK#4e=t>a9P)g&?z-8UC9$|DVNk;e=7Y
z@*-e)^JL`1nJ@L07$u%Nj)_Y1z(b5-rWM_jRM``>8M>Y4rkf<LDyGaFzhvX_F34+(
NH4+Qq<XC9R#}(*zBn<!n

literal 0
HcmV?d00001

diff --git a/vagrant-setup/ldap/ppolicyoverlay.ldif b/vagrant-setup/ldap/ppolicyoverlay.ldif
new file mode 100644
index 0000000..162f22b
--- /dev/null
+++ b/vagrant-setup/ldap/ppolicyoverlay.ldif
@@ -0,0 +1,8 @@
+dn: olcOverlay=ppolicy,olcDatabase={1}bdb,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: ppolicy
+olcPPolicyDefault: cn=default,ou=Policies,dc=auth,dc=com
+olcPPolicyHashCleartext: FALSE
+olcPPolicyUseLockout: FALSE
+olcPPolicyForwardUpdates: FALSE
diff --git a/vagrant-setup/ldap/slapd.ldif b/vagrant-setup/ldap/slapd.ldif
index ed65dc9..9627a63 100644
--- a/vagrant-setup/ldap/slapd.ldif
+++ b/vagrant-setup/ldap/slapd.ldif
@@ -39,6 +39,7 @@ objectClass: olcSchemaConfig
 cn: schema
 
 include: file:///usr/local/etc/openldap/schema/core.ldif
+include: file:///usr/local/etc/openldap/schema/ppolicy.ldif
 
 # Global settings applied to all the other databases
 dn: olcDatabase=frontend,cn=config
@@ -112,3 +113,7 @@ olcAccess: to *
 	by self write
 	by dn.base="cn=Admin,dc=auth,dc=com" write
 	by * read
+
+#-- Load overlay
+overlay ppolicy
+ppolicy_default "cn=default,ou=Policies,dc=auth,dc=com"
\ No newline at end of file
diff --git a/vagrant-setup/openldap24.sh b/vagrant-setup/openldap24.sh
index b676883..c17a1e3 100644
--- a/vagrant-setup/openldap24.sh
+++ b/vagrant-setup/openldap24.sh
@@ -31,33 +31,33 @@ else
 			export CPPFLAGS="-D_REENTRANT -I/usr/share/$BDB/build_unix"
 			export LDFLAGS="-L/usr/share/$BDB/build_unix/.libs"
 			export LD_LIBRARY_PATH="/usr/share/$BDB/build_unix/.libs"
-	
+
 			./configure --enable-wrappers --enable-ppolicy
 			make depend
 			make
 			make install
-	
+
 			mkdir -p /usr/local/etc/openldap/slapd.d
 			mkdir -p /usr/local/var/auth-data/logs
-		
+
 			# Create slapd.ldif file for auth.com
 			echo -e "# http://docs.oracle.com/cd/E17076_04/html/api_reference/C/configuration_reference.html\n# http://sepp.oetiker.ch/subversion-1.4.6-rp/ref/toc.html\n\n# Cache 5Mb\nset_cachesize 0 5242880 1\n\n# Transaction Log settings\nset_lg_regionmax 262144\nset_lg_bsize 2097152\nset_lk_detect DB_LOCK_DEFAULT\nset_flags DB_TXN_NOSYNC\nset_lg_dir logs" > /usr/local/var/auth-data/DB_CONFIG
 			cp $SETUP/ldap/slapd2.ldif /usr/local/etc/openldap/slapd.ldif
 			/usr/local/sbin/slapadd -d -1 -F /usr/local/etc/openldap/slapd.d -n 0 -l /usr/local/etc/openldap/slapd.ldif
 			/usr/local/sbin/slapadd -d -1 -F /usr/local/etc/openldap/slapd.d -n 0 -l /usr/local/etc/openldap/schema/cosine.ldif
 			/usr/local/sbin/slapadd -d -1 -F /usr/local/etc/openldap/slapd.d -n 0 -l /usr/local/etc/openldap/schema/inetorgperson.ldif
-	
+
 			# Create /etc/init.d/slapd [start|stop|restart]
 			cp $SETUP/ldap/init.d/slapd /etc/init.d/slapd
 			chmod 755 /etc/init.d/slapd
 			# Start slapd at boot
 			chkconfig --level 234 slapd on
-	
+
 			# Install PHP LDAP Admin
 			HTTPD=`which httpd`
 			if [[ $HTTPD == "*no httpd*" ]]
 				then
-		  	echo "No httpd service found, skipping phpldapadmin setup"
+				echo "No httpd service found, skipping phpldapadmin setup"
 			else
 				yum install -y phpldapadmin
 				perl -pi -e "s/(\x2F\x2F)?\s*\x24servers->setValue\x28'login','base',array\x28\x29\x29/\x24servers->setValue\x28'login','base',array\x28'dc=auth,dc=com'\x29\x29/g" /etc/phpldapadmin/config.php
@@ -67,20 +67,31 @@ else
 				perl -pi -e "s/Allow from 127\x2E0\x2E0\x2E1/Allow from all/g" /etc/httpd/conf.d/phpldapadmin.conf
 				systemctl restart httpd.service
 		fi
-	
+
 			iptables -A INPUT -p tcp --dport 389 -j ACCEPT
 			service iptables save
 			systemctl restart iptables
-	
+
 			# Start slapd server
 			/etc/init.d/slapd start
 			/usr/local/bin/ldapadd -x -w secret -D "cn=Manager,dc=auth,dc=com" -f /vagrant/vagrant-setup/ldap/auth.ldif
 			/usr/local/bin/ldapadd -x -w secret -D "cn=Manager,dc=auth,dc=com" -f /vagrant/vagrant-setup/ldap/admin.ldif
-		
-		  # Verify access to the LDAP server
+
+			# # Add password policy overlay
+			# # already included in slapd.ldif
+			# # https://tobru.ch/openldap-password-policy-overlay/
+			# # Load the ppolicy schema into OLC
+			# /usr/local/bin/ldapmodify -w secret -D "cn=root,cn=config" -W -a -f /usr/local/etc/openldap/schema/ppolicy.ldif
+			# # Load the module
+			# /usr/local/bin/ldapmodify -w secret -D "cn=root,cn=config" -W -a -f /vagrant/vagrant-setup/ppolicymodule.ldif
+			# # Configure ppolicy overlay
+			# /usr/local/bin/ldapmodify -D "cn=root,cn=config" -W -a -f /vagrant/vagrant-setup/ppolicyoverlay.ldif
+			# # The policy itself has already been loaded by auth.ldif
+
+			# Verify access to the LDAP server
 			/usr/local/bin/ldapsearch -x -b "" -s base "(objectclass=*)" namingContexts
 			/usr/local/bin/ldapsearch -x -h localhost -b "dc=auth,dc=com"
-	
+
 		else
 			echo "OpenLDAP setup must be installed as root. Type 'sudo ./openldap24.sh' for executing the script."
 		fi