Home - Projects - Publications - Partners - Contact Us

S90ldap

Synopsys

#
# Simple ldap Client configuration
#
# We don't want to have to start the ldap daemon during the kickstart
# This means that scripts that require you to do an "su -l xxx"
# have to find the "xxx" account for authentication in the /etc/passwd
# one such account that requires this is "postgres"
# 

Script

set +x
echo "%Post: /etc/ldap.conf  build"
mv /etc/ldap.conf /etc/ldap.conf-$VERSION
mv /etc/openldap/ldap.conf /etc/openldap/ldap.conf-$VERSION

# decide type of host: primary or secondary server or client
# primary and secondary servers should look at their local ldap servers
# clients should be looking at the primary or secondary

# Check for an SRV record
SRV=`host -t SRV _ldap._tcp.$DOMAINNAME | grep $NODENAME`
# if we have a valid match we get
# on FC3: SRV=_ldap._tcp.$DOMAINNAME SRV 5 0 389 $NODENAME.
# on FC4: SRV=_ldap._tcp.$DOMAINNAME has SRV record 5 0 389 $NODENAME.

# Recover the priority field
if [ "$OS" == "fc4" ]; then
    PRIORITY=`echo $SRV | cut -d" " -f5`
else
    PRIORITY=`echo $SRV | cut -d" " -f3`
fi

if [ "$PRIORITY" == "5" -o "$PRIORITY" == "10" ]; then
    LDAPHOST="127.0.0.1"
else
    LDAPHOST="ldap.$DOMAINNAME"
fi

#                                        enable client Authentication via ldap
echo "%Post: authconfig to ldap  build"
authconfig --enableshadow --enablemd5 --enableldap --enableldapauth --ldapserver=$LDAPHOST   --ldapbasedn=$DITNAME --enablecache --kickstart
echo "%Post: authconfig can't find runlevel but ignore this"
#                                        create a new LDAP.CONF
cat >/etc/openldap/ldap.conf <<EOF
base $DITNAME
host $LDAPHOST
port 389
ldap_version 3
ssl no
SASL_REALM $DOMAINNAME 
SASL_SECPROPS none
DREF always
pam_password md5
pam_login_attribute uid
pam_member_attribute uniquemember
base $DITNAME
nss_base_passwd ou=People,$DITNAME
nss_base_shadow ou=People,$DITNAME
nss_base_group  ou=Groups,$DITNAME
nss_base_netgroup  ou=netgroup,$DITNAME
EOF

# This line breaks LDAP completely in FC4
if [ "$OS" != "fc4" ]; then
  echo rootbinddn cn=Directory Manager,$DITNAME >> /etc/openldap/ldap.conf
fi

echo "%Post: /etc/openldap/ldap.conf build"
#                                        synchronize the  LDAP.CONFs
rm -f /etc/ldap.conf
ln -s /etc/openldap/ldap.conf /etc/ldap.conf
chmod 644 /etc/openldap/ldap.conf
echo "%Post: Synchronized ldap.confs build"
#                                        put the rootdn secret for passwords
echo $PASSWD >/etc/ldap.secret
chmod 600 /etc/ldap.secret
echo "%Post: ldap.secret creation"
set -x

Examples and Testing

Marked up in XHTML - ©2005 Thoughtful Solutions Ltd.