저는 slapd와 phpldapadmin 설치를 자동화하는 스크립트를 작성 중입니다.
스크립트:
#!/bin/bash
# make sure to run script as sudo
# LDAP
# update first
apt-get -q -y update
# install maven
apt-get install -y maven
# Install php dependencies
apt-get -y install php php-cgi libapache2-mod-php php-common php-pear php-mbstring
a2enconf php7.0-cgi
service apache2 restart
# Pre-seed the slapd passwords
export DEBIAN_FRONTEND='non-interactive'
echo -e "slapd slapd/root_password password KappaRoss" |debconf-set-selections
echo -e "slapd slapd/root_password_again password KappaRoss" |debconf-set-selections
echo -e "slapd slapd/internal/adminpw password test" |debconf-set-selections
echo -e "slapd slapd/internal/generated_adminpw password test" |debconf-set-selections
echo -e "slapd slapd/password2 password test" |debconf-set-selections
echo -e "slapd slapd/password1 password test" |debconf-set-selections
echo -e "slapd slapd/domain string acu.local" |debconf-set-selections
echo -e "slapd shared/organization string IT410" |debconf-set-selections
echo -e "slapd slapd/backend string HDB" |debconf-set-selections
echo -e "slapd slapd/purge_database boolean true" |debconf-set-selections
echo -e "slapd slapd/move_old_database boolean true" |debconf-set-selections
echo -e "slapd slapd/allow_ldap_v2 boolean false" |debconf-set-selections
echo -e "slapd slapd/no_configuration boolean false" |debconf-set-selections
# Grab slapd and ldap-utils (pre-seeded)
apt-get install -y slapd ldap-utils phpldapadmin
# Must reconfigure slapd for it to work properly
sudo dpkg-reconfigure slapd
# Gotta replace the ldap.conf file, it comments out stuff we need set by default - first open it for writing
chmod 777 /etc/ldap/ldap.conf
cat <<'EOF' > /etc/ldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
BASE dc=acu,dc=local
URI ldap://104.219.54.109 ldap://104.219.54.109:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
EOF
# Be safe again
chmod 744 /etc/ldap/ldap.conf
# Now change all values in /etc/phpldapadmin/config.php to their actual values from example, or .com or localhost (I use sed)
# Line 286
sed -i "s@$servers->setValue('server','name','My LDAP Server');.*@$servers->setValue('server','name','Nathans_LDAP');@" /etc/phpldapadmin/config.php
# Line 293
sed -i "s@$servers->setValue('server','host','127.0.0.1');.*@$servers->setValue('server','host','104.219.54.109');@" /etc/phpldapadmin/config.php
# Line 300
sed -i "s@$servers->setValue('server','base',array('dc=example,dc=com'));.*@$servers->setValue('server','base',array('dc=acu,dc=local'));@" /etc/phpldapadmin/config.php
# Line 326
sed -i "s@$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');.*@$servers->setValue('login','bind_id','cn=admin,dc=acu,dc=local');@" /etc/phpldapadmin/config.php
# Prevent error when creating users
sed -i "s@$default = $this->getServer()->getValue('appearance','password_hash');.*@$default = $this->getServer()->getValue('appearance','password_hash_custom');@g" /usr/share/phpldapadmin/lib/TemplateRender.php
service apache2 restart
echo ------------------------#
echo 'PHPldapadmin installed.'
echo ------------------------#
echo ""
echo ------------------------------------------------------------#
echo 'Can now access phpldapadmin at http://your-ip/phpldapadmin.'
echo ------------------------------------------------------------#
echo ""
echo ------------------------------------------------------------------------#
echo 'Username should be acu.local, password is the adminpw set during setup.'
echo ------------------------------------------------------------------------# S
# Logging
echo -e 'Maven installed -done by' $USER 'at time\n' $DATE '\n' >> /var/log/installs/log.txt
echo -e 'slapd and ldap-utils configured and installed -done by' $USER 'at time\n' $DATE '\n' >> /var/log/installs/log.txt
echo -e 'phpldapadmin install configured -done by' $USER 'at time\n' $DATE '\n' >> /var/log/installs/log.txt
echo -e 'LDAP installed completed by' $USER 'at time\n' $DATE '\n' >> /var/log/installs/log.txt
"dpkg-reconfigure slapd" 섹션을 미리 설정하기 위한 debconf 설정 선택이 완전히 적용되지 않은 것 외에는 모든 것이 잘 작동합니다. 특히 미리 설정된 관리자 비밀번호를 사용하여 phpldapadmin에 로그인하려고 하면 실패합니다. 터미널에서 "dpkg-reconfigure slapd"를 다시 실행하고(이번에는 수동으로) 다른 관리자 비밀번호를 설정해야 했습니다. 그러면 phpldapadmin에 제대로 로그인할 수 있었고 모든 것이 잘 작동했습니다. 도움을 주셔서 감사합니다. 최종 시험을 완전히 자동화하려면 이 앱이 필요하며 곧 다가옵니다.
답변1
내 debconf 미리 설정은 약간 다르게 보이지만 여기 있습니다 stretch
:
cat > /root/debconf-slapd.conf << 'EOF'
slapd slapd/password1 password admin
slapd slapd/internal/adminpw password admin
slapd slapd/internal/generated_adminpw password admin
slapd slapd/password2 password admin
slapd slapd/unsafe_selfwrite_acl note
slapd slapd/purge_database boolean false
slapd slapd/domain string phys.ethz.ch
slapd slapd/ppolicy_schema_needs_update select abort installation
slapd slapd/invalid_config boolean true
slapd slapd/move_old_database boolean false
slapd slapd/backend select MDB
slapd shared/organization string ETH Zurich
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/no_configuration boolean false
slapd slapd/dump_database select when needed
slapd slapd/password_mismatch note
EOF
export DEBIAN_FRONTEND=noninteractive
cat /root/debconf-slapd.conf | debconf-set-selections
apt install ldap-utils slapd -y
ldapmodify
그 후 나는 즉시 비밀번호를 업데이트 하곤 했습니다 . 이는 해시 값을 ldap에 저장하여 수행되므로 일반 텍스트 비밀번호는 스크립트에 표시되지 않습니다.
cat > /root/admin_pw_config_dit.ldif << 'EOF'
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {CRYPT}<sha-512_hash_here>
EOF
cat > /root/admin_pw_normal_dit.ldif << 'EOF'
dn: cn=admin,dc=phys,dc=ethz,dc=ch
changetype: modify
replace: userPassword
userPassword: {CRYPT}<sha-512_hash_here>
ldapmodify -H ldapi:/// -x -D cn=admin,dc=phys,dc=ethz,dc=ch -w admin -f /root/admin_pw_normal_dit.ldif
ldapmodify -H ldapi:/// -f /root/admin_pw_config_dit.ldif
# verify
ldapsearch -H ldapi:/// -x -D cn=admin,dc=phys,dc=ethz,dc=ch -W -b dc=phys,dc=ethz,dc=ch cn=admin | grep 'userPassword'
<sha-512_hash_here>
비밀번호의 해시로 바꾸세요 .
다음 스크립트를 사용하여 이러한 해시를 생성할 수 있습니다.https://github.com/rda0/mkpw
또는 다음을 사용할 수 있습니다.slappasswd -h <hashing-algorithm> -s <new_password>