OpenLDAP
Zur Navigation springen
Zur Suche springen
OpenLDAP installieren
Voraussetzung: Das Debian-Paket "slapd" ist auf dem Managed Server vorinstalliert.
#!/bin/sh
BASE_DIR="${HOME}/slapd2"
BASE_DN="dc=example,dc=com"
INITIAL_PASSWORD="myInitialPassword"
BIND_IP_ADDR="127.0.0.1"
BIND_IP_PORT="12345"
############################################################################
# Fail, if base directory already exists
if test -e ${BASE_DIR}; then
echo "Initialization failed." >&2
echo "Base directory already exists." >&2
exit 1
fi
# Create directory
mkdir -p -m 700 ${BASE_DIR}
mkdir ${BASE_DIR}/etc
mkdir ${BASE_DIR}/run
mkdir ${BASE_DIR}/var
# create initial configuration:
# cd ~/slapd2/etc && tar -cz . | base64
# see also /etc/ldap/slapd.d on a clean bookworm install, with apt-install slapd
# need to insert BASE_DIR, BASE_DN, and INITIAL_PASSWORD
# Unpack initital configuration
cd ${BASE_DIR}/etc
cat <<EOF |base64 -d |tar -xz
H4sIAAAAAAAAA+xdW3PbOJbOM38FppIqO1WJmnfJ6doHtexktevbWHZvet4oEpY4oUgNSSX2dPV/
3wOAuPACiraV7FZ1qyttSYTE7+AcnDug0U+vvvvDhMfY816Zjmf69hj+2mPPdun71eOV5Vn22DX9
sWu9Mi3L9+xXyPv+0F692hVlkCP06uHx3yf++2yL0yQKtu1x9PqPAPRjH6OfwvQ/wiy9j1ffTRIY
/80B/Lcsy4ZxluNZzl/8/xEPlf/wrAjXeBMcWBKG8990HN8H/nugCf7i/494dPMfnv1u/hFmOR4l
UXz/wnsQBvumjv+OD6u9zn/btMfWK2QehMI9jz85/1+j6d3t1ftPZ5dnN9Pbs1P0cX5+ht6j0yt0
eXWLzk7nt3/7G7orMCLTsslAGh5Hxms0u5k5Nhrfh2a0NH0jSj8gKTRGtvwnDstZEhTFB5Ql4YKK
1YyKmRHCWDEwCadlmcfLXYlvH7e4oJeOkT3yRu7IRpfTizN09CXNviU4WuF5ep/lm6CMs/QInZ4t
Zujo5uPMtj3/A4JBBmLDUKyOO/v73fR8fvsbCoMCz1cp3PciKMM1Wvx2eTv9jKyRM/JHFtzPGlmu
D08tb2TZ1siAS5b3O0irP/kDve0EawmwLgN7jI4KuOlRscvTYIOP0NsmUJiVEh3fGyjYxMnjW0SG
HRdvEUBG39YxACvXGOG0jMtHFBeEsG8pWj4eocXdNR2twWILLF41cQXO4yC53G2WOG9NGLuIUrhq
IJyj7F65cd+03f2yuL1R3l7slgVASVdFNcBAe2YW3nJ/913dpDqCEF9MaghzGma7tMwfL5vz6nrW
yQdUfsveGyjBZQnEzBdX7x3L91H1GfgbYWUG9/Ee/rMIIfPLT+dn73+dnt+dacC6AuxYgE0AbJKF
QQIz2UJbSUEWggSQAYLpwGu2cFCOizjCBcjxXqZ74vYTKYAlEcAyKPFVfp1nX+M0xG0YBmJiQMYh
kL1tNfJleHyB50TBk2PMMJEn0yiCLyyak2IgioaMQAEbwmRS4HiSUBqoKZb7We79btnapT4WlFmm
IC0DqrJ8FaTxv6m66eS2gUALKoNqc7vESQYYUZntnduJRGBJBLsGhCC5S+OyDsRAQvDqQ9EOxj4X
z4nEw1U16I4Et1QNfReBNcjCGKQtQqCp43Jd0zd77mVJs2C5Qr0Febj+tIuj9i3ZNbTaxQaK8Dv4
t81xSG++fISbrgMQ9WihfsN+AbE9HTppByyufJe7Ik5BiGdw01WWP7Yg0gGgekHOQzHmBWqXwDfQ
CyTckhbEqjTv0TYDBZGIJdsggV1FAcxxNaAD/3lclBoayKUOOgy0z3xYOhKk7bDGNRJmWYeUVPiJ
cTDQiydfhUydh9bku6Z27qUdsSYK8Kv7+zjEv2QPLezXcBXBZQPBAERHHAK/gXqEpwe/NETWCce/
fixisIKnOIm/4vyR0cI0U8sOXVeDER+N2HDExg8mDRbUXuY8dV1Io2abXNHhBG/XWYo13tUtvW4g
GIH4EEFD48M1QhrXarQYaBA1nglOq5YYacdsSyHmoYeQB0oC8RKHaEnP1t1aGjDbVm5d4odbnG9i
sEfziNiD+7gBxEAcCoxFfDBSRw/ApVUa0pDZjjCs90FYxOCi49smq+HSA7OtBqrN1Uf+EXT8MXh4
i8QnhQj0o6RKg8yNxsFXQiNuAx+ANp12/kwIR+QqtTKKAILTD95/uKCSVRO/2hXdQgIdoZ1lxye6
QEeBtJM2t5NxCg57Wvkj8eL0slMQiQ9VGwku/ukljV5qS2sgZcC4JysJQpmvpUzaTpvbzhyvwL7h
HEc6DpERBmJjhDHlY4lHVDO/AzC6wBsdQmkabW4awakvYzaj8zQC9VtmbQ0QEenhw4AJYtwzzc1A
LQYhYo9OtqW9tIW9zPE9zmEquQm5wOU6izokSYwEv7CyNptq7ABj4aKFjAsNpIsMbWkS7RMJsQCd
RadS61TR5cpHSXkQ093xJb0yDMtVmVZHRa/FLk2ew01esdtusxw86Ol2mxAZgNvPMliTD6VCA5hz
5oDz0SiQw8HTqsYLYljYITV5gxID6dfjRAdemjiHm7gN7rRu7G0SZwZolWcQNG7ZwotiIvIQPhRr
HF32JF2kTXO4Tcu+pR23ou+i4yrNkoE5JYS/feLtpKlyHK5msgRfheFuG6Rl+67VBQi54M5k6NNu
6Eib43C9titwPsM54RcJXDrsjmeewA3JOBTKge/IO+jnJaiSeqgjh5w9BGHZKcwG6hABnQQ40s44
XNeF0/2YZxBAHQyxS1EPRSzth8P1WbADlZRDdHyDv2ZsAZGAqUOfMfRiPNgV/gGUwCcaZPSqOFi/
BOeJDqe0Ig5Xasps9CBlPhxDqnziuVhhZvmcarFKG+FyJRbmGYTk8vbXQdxeqp9BY1KYZHAN7BaG
P2U2mcEwkKmDKG2EawvXcwUmqUolHa3SjuzhfZwTt+FwuWNH6nvXEY5ZXMZB0jZQ/ALRKAXolQ3N
HwZJQt4gNyneIfhylGYlxVPlwgHoaD8Qqbtd7uOuMGhOKiF/34GL2IoOCKY0MECZo3/xAdxPAR1H
VLv4hv0ApEJ3uYv64JnmXRr/a4c18YkUGpNk1GAgipWRQm8s47LmmQ5YiL4Op7QELlfMUc8EgbNc
TQ6L47TO29XN6dkNeAjKhas8wi1/ml820IB0SId3p8unS4PjctXdma5r0IdTA7FRSu5vYFpPFxi6
SnlHOplZmYVZ0leLIh4cG6UpRXV8yRM8OF186CoVIK7vmDRedHs/lahuMKwd1Q0iTpDAqn7DQO6S
+FDLX2lAPO6crTPQqD1Li14Hh6JzTT0312XsSQj11v1caVo8u+UfJytihtebtuosdgYSfrEybMCC
0Vk5V5oQzxFxXVIGvV4DhHXAdRjVtL8/P9W6aXFJk+JxTR5tomb6r9LexIbco9OL0yNSdutX0a60
ET5X0dsC76Isfdzw7wZHwzaP3XL9FtYjvwjeHTGVzAFnJaU95sAl5sAcnYxsx7VH1oltmo5pjizy
bySTRZsgJkW//D6c2PYFvFiCXnyoWW7S4PCB1GFgBGJDYADqEuT51GOiiqQ0g72XV5sijYZoOR8i
Um3+wj3poZPnaoDQiBRiowzohdhvs81SkCISdjQI/cm23THIGB0IUR8dmXZX8AS1lFYD3dSvPd22
2L4McQ2kD3I9s4+33PjIstUppeZIzfsxplZkKgUuWt7qqVp+D5o1RBIbBtdHExfIshzPPSGLdiQr
iLgSXvpXJCWOtgb6EhYn1VWFv449MT+gBK+C8BEF/H50YdHBPGNBC8bgd1SpC+BE3xw8dQY6Ciwg
4TJjdCV7UGptJb5oK6laA1rKKEDiClEOJazkLQKAd7Pbu5vpObq4W9yiEF1Mf4PZU2qQ6A3o1CLM
4y1Vpm+7cVgCB1fWvFOgA4i8RJAYgKWOhEFgNfM3gAVPkyKjz1RUBbmYtOAZ3QBtAZBrbbVk3AaZ
ypIyWGjuYTeRkjnLKsAkL3ANt/uW5VEbrCBiSTIItRIqvKnku+FVK8PKiGzlNOFtmlXrSg/CNaX+
Ub3qLElU16paQOUzvUGaBDZcQboaAmVKxbWqykfLeL9kD9U7rGApXkjy9EW1GqdJCnGfKDqC014H
p1kfgYbfBmo2EfSwfbeX72CXa5x/Id8NVOf8C/lO0ZUtDur53s92YI3K+Jeync1d9xLvZLsr2C6K
/DgvupY24hc4a40Wc0H9pHDbkNytk8vteZN8NobA9QTccaeUXmvAg5xCaFprdlHJYc/b2pT1qnQK
HOjfgapmkMAB4waqmkGKBhzEgapmkMQBul5VA6taiJ2Gc77g3KSTczdZR69Ql36Raesu/QKyx1in
1xEgaAdhWcUwcO1fzDJFR5CuRd0SUZP7vTglkw10GMVSMRkE4SnaZSyYztPDNKFwdU++sh0QV/kG
mjkkLbHgNB6Dy/hWz+5jXrSpaZ0Ok2Eo08iKL5XUZsMomQhKeMPfEWuETEn2U692YBBPVezXOYSi
RE8DE2kpvk9yeHSiYjzP4dGJtIGGGL4hkkvl1kCHkFyhmTRe7olkLs9CKXXK6zwLu0qzwN0A1pes
Z275wL3KSZHFXW01wdf1xgsycBFdlgrSs6p9ch9Qtc2ye1V1VJXrS8xAPRXgmtISq2ygzrBkUGSJ
FNZi2qEsojiHT5K1UTzCOtgAqGAFqNFxQBraQQwqzdGaoqal79pUoEEnIyLRehrhryBrXQCrCz2R
o5QI2Z1fn76msuLTCP7MnomULr3oQ4XllaWr6a5cExlgU3JXdDbYBIgNppVEOZq6dFJ0pnef5+fz
6c1vjJ5GNVgDTDqdorVU1tWIxPHaZWtODRKQK98fyJEaRMdIUzkl8kyqH93VSnJ1WqOEMqqrYqgh
Urqqovm0Mn6seqQ3gWCzmRGsUvIpt4SwkiPEPq20u/WaR/gKA4mU/V4zOcBI0rheK3PSzROdq0Qm
FjjcERb0FErAtQhYl0BRDa7XSzr4y1ZOO9OuRTdWBE+mfjpF7/2vNrsnu0wi8vqAFpCOPLsWiOJO
iML5zflpXLAEGrE6WZx2xdEGErxVWKmtugPj9PIPiMH8D8UsraRofI02UZ/wVRl+YnafmO3pjflp
kHsQ54e6PorLcogQDPTy3qj/CRGYdPcGJnv2W1hbSX9yf2f7JW7aAW8yJvro+r/nUueTMLW1Bgcp
fVuaddHvCzedTVu3JDes6XgD9Wp5Klg9Sr65NEDkdUr+jUbBa0iSvoBdK7bNbs4VqlzPdnivC72M
ZjewinW0dKqRzts7NJkvqwC2Z8IrYeuTYAmyF93dzK+q2oPal2eOTz7wbT7lOihpN14QpwUtiMGH
lGx++bgFL4ZNtPxWmJaKApAKSUM3VldbXVH2CMCK2SaY24oKNXx5o2zGhkkzoVbvND6J0Dnd6LzG
TNJagiN6TqKwNYO8pGWgelFrH5go1EDwFQjkL1+YoBvbN3fGcHO4Qu9moD7iY0IzqJxdWO7yIFHu
296Ni0mh4+5ufvoBLZcTZxKG4fvxPXbeW6Zrvp+Ydvg+Wi4t9yQ8CZ1lYIQ5Jiq2IDqI7vkNItCb
78QucjYA38bgv5TBZvsBxM72Tcscm2P4Sv8f7I6zxWXzysgdu77j/eM12xf+uvoHD4PuOwaVrL8r
25ncc9f/643W/08f+v3/9h9pXBxi+/+e/f+W63lec/+/5fh/7f//EY8X7v+PIheHeCn2/1OhGbD9
vxqn2f0vdSKt6oouwDATwdMtGKxPZ7OrBQK9kEQ/gwWDwI7o5A04Qaluy9gTSs4Gemqrgb7RwGoR
xX2HdbbBpzynoRIXLIss2ZWEqG1Atspm1EiT8TIJ0qCRtiJLEjvAG+g58O0WfFeUrldxuljjJFGx
S8AEPh2DCjboiXgbaA00CK/TwityIesgyr6dB0U5WwfpShUS4tmvSHJgMJrxECxuC4tfw3IRp00Q
FQRjUFPPIBBeC8S4DiJ4+P4g/BaISQ3E/wR5CouvA4iBDsqScQvISQ3IPAWxhHCrjcRAhxWOSQuJ
qDQwKGcPW1jr339KTtpArBqQj0nQxZnBm7mGwbDa2l/kvFnR5y6OOpWIgTo0O9cvT++mgmBJ109l
tZW5yFkzjJdxcYnLZhst6+BrqLyXYDXQ3t4vq625RQY7lShv83grK7H0XZaPLKsLDRDkP3Ok29Jg
tdWviE/j7QLnJEF+neVlS54MdGDla7W1r8g+SyhVL/b+IyjaalSkeeMt/5rWZm+gDczK6tCGxWrr
U5F+zdLwZht2IfkeWsxqK1QR3sfb/8yKsr6jd37NOwQ1Zy48xSXwezfutxWsyGPGWxD0b1n+pQUu
hfdB/vMvhwK3APW0fxbbOlhk6ijWTVB0Yt2ALSh+LFa7w0sXejoIGxtbL6YzsYnV6O93finD7bZy
Fmm6ZZaV10EO67uUU5hvwxG5sIVJhEsR+K5iRKfW020VsduqVuzRJzf4GEsN+wu8RvEmWNE6DyiH
l/rFOv1vt1Wx2JwO+v8i2LJu/H0Hi7XVqNhBzr7mjLXLtqgw0IGMnTyRjQiACYg6NFNXy68K2x7x
xb/NivhhGtI+X86VKcFCPL+Mdo7d0xo6G8Laua+vFvPPMkVa9NQfQ9ITR/Jw9P9Kr+iKvKqe12I/
XblERljk0yQEHto311wK9qju0jXJj6K4arci6XJOJG3rZh+AtcFg6SknJLfJYB2KjdBLvAURkHwe
PIjnVTwgXnO3HKjnbzH3WLwkTurAckhrbmxVMj4x361DLu5pOVq0LFXy0dP/UcmC5HuDz+AUVpwW
Du4wEppL2xY5BeHZdFEAQj0nOzZwDqYDcaeF9k4ofQtaOmoOXPUa3DbVj6oorJGga0OtE+C2nCk9
D4CMa7GNbgDsuntWn2JyZMYwzE0P0Jad09Tl0uAFtFdgVmc/3VzP0JLsTCVx7h7MqhPXEgkIAIfg
bfqI9sivOWY6vKCbyP7id9U815tadPpO9fWEmLdbV0DSgxRsn7bG1nQn7dG46bPpcINko8qDo6P2
ikXNBxSgub9loC9i/puF1r1kNH1PW+Q7UjVA7CKE9kWkYsje3rJWLCfUCY1FQZ0zjTVIsTT9UFuk
R5itF5DZruo4JLlKBp4cd8Xk53K+gPnpwS7dj2Err5UasGWuBL6rXi+b0n63nHSTABZjP5pKHhRn
RrxiZ2MoIEW/nraTrQFTePEY44lpn9Zax6bV4kIQchAnI0Cqu6ypF0sfu6djrYHCVpzRYJlgDYzq
ZEYySvrCWiDHiPu2pINDdbCpdD2vBhkFrl2vQeIfWIP0fWvy56lB6ut/zh8xaKAsX7Gm5RdUAvvr
f6bnjpvnf9u2+9f53z/k8bL638RfBlY0MUX9ryE0AyqBrU9oTwS3fLaFlWxiHTu07UVENGGQn4P2
SotaS+74xECTD+grXschaKiEjSBnlbBOsrzq4U7ogUADDhSAUH3g8Z+tGN3SHh2rJY5r7AiDIi43
oLPq6R92qO/4BEgUByMUtAWZj6e6PE5rezS1Z6LzksKTjzodTqutp9XlrIziAhjy2DgmwECMUHlw
G81XlBlaYhJKRejbGqeo+jAJG4mKj3H3ibSHpXVQyszRks7DNrzZJtkjbh0oaqCKydUBhkGSPNYY
Ds5O9dEh/JbnCDz3aNvaHLAjK+ksDDwqvWsO3MYc3NLuM/WMWDoDpCmN+JdsGJVwkp6Q+xQHHgpC
sruHlGuv5xwBn3up/9zi1fU6I+dqtwgL0H9dn31iOcFBJ9bojhHz9WKmHEHIltB5kK529IYED8Qc
R0KfyGX2LY/LEhN5QsU2+wLPkupj/VMPkdihRIwV5IaJ2FgvYuJEHNKbfjG/OKsfB2cgxW5MSEvq
bPF6jBbxKsXRaVAGTM2Axqm6z9HiJ/ItGnYZqH72bO+R7p0a0VKP2yNoLLtDctj0B0mlEeod9O9o
L+9sgV6D+3/98fOw49S8vgMU2lBl7oxY8qt81d4ZV2Gd87TTVX1b7rWyRa5rb29z645Bm3+jWNM2
Lp0BGvDWjSd5S1oYeIU3ZJuUVLz0LamFaO6uOo2tytle0xN9q+eNPWkx2XvBDkd7g8SKJ+kD2UNL
MgdxoiQQ4Fm2ZDEUGbqt3tzSj5JsZ55lG2WfEIQ34LQ+yhRzoxn7DSIHlu0aB5axrngD1Rd/9fHm
gqjeZmL3glgO3y/deix3/wNjubHlj/88sdxzHvr4z/ojzMjSenkLaH/8Z/uW7zT7P33b/iv++xGP
l8V/2Ly3fNubiPiPC82AwE8O1UR82sOoxMnxD+VZSn66Ibq6ESVn45A/4tBxfqvl9Z2iZfXgFtUN
sM+KcWT7G0jnITmiUndg4FNpGdS3R2gxXX0xvYcY5UAwuOkXeib+14zszcCnJEVK3mqdfUaGkBGo
+sxQ6p53wmQ/p5w+l10crMzNrsovEooCMeRi+/j57/JjWf2U6LfZyDbPbSPuYPwwKhfj+JMDvHl4
OyjycAALqG0dmr5QSN0dSlVDDRE4iYCJ/xIO3QtbvGBuBzYm9s+t30MNj6fWWe1wRTa1a3oIB90j
tCsPcFzl/t/16aFi3EOFKKJUzmidEgO59ORYYIa4LihpHSG+d2WSY0wZXt0Rpn2nLYpCSpSFO+LR
104MlfEb40DrGF5CBP/kfn4YL8wK9fGj76hFUafhUG/VX9SiKT9GHzun6Ek0tSgCPX0omqw+ky0P
daiw/gq+N98PbiCVbV/ZlecTZqDDMsvqs+nyPIgKK9sqXsuoMLrYImJbVjXE7VlPfT+6ol1PVp8R
F225HMx5tQG144jLhJ8Rq2CHYD1ekU3TAzhEmhS/03Ky+my5LX+rT8TuR+x56+ClDpeF7rcR28Db
9r62Q1zZPbL/t5z2E060JTnIuae3WUu1aPXiyYJaLl0VSWXE8zS7gYZJYp9nILpHs3JN5rA6HJfd
ENZR36/y6M4ftvqMt2iDDG5wmOWRJkV+iCZMq8/8ij7KzWkbiLJmDgKkz7iKH9HZfP7+QP63vWvr
bduGwn3WryD60q1rEt0dB8hD2nSDh1yMKEX3Vujm1qsiu760yYb+9/GQIkVRIqXYilF05ksckRIp
kTw3nvMdLdYw9zYJnnwgthYAmIfiXJ/VRiKKB72MRMdleBKbGP5IY8H6Q99j0fGMMjkJBzsuj+oa
OB71w5GRkZMCSVlPcbqFYCopjq3jC04pvktW3AZZknABOT1X90yX9CxEkety00yXGngF4bCDHQ+I
UqQhvBk/PigSt26gpmBq2Q8ft3Ucwi3xqqmx/AX7cQuINi1svLCvd2TkWITsk5HTI1IlI7d1fEpI
CjOn6hf9SyBm8P7QvTQ9R+gqvAhxQX0ILyQJhPqddTzRLWH1Y8ivPFlM0zzJHt6Aq7WBGhKAF+al
oh3P+a0MAy/f00BP5uug47YcZkQ+pGmQvKuKrN6W0OEksmUP6liz2wwTHazC1ZrEckkTIqWaXpJ2
HWmMgZ5EV3B0HJ/n0fk7zNMVl0JrqvefUE0O8SJF1t12nAHwh34UvL/2rbR2Zy5i4gGPycF+msfp
deH6Xps1cjg55+3QbF6AsXUIF1Qmn3R0MgXPrROtpxn4xovOP8J3Z1lCWLNN2BVeV30tJZ144TLx
IgnOSE4mEdjQQExECs4Qr+0wnmEn9AOdYMDzAi3x98vSi/RrmvERGPJSCEgjRFo9aqAkx6SBWoeq
4/g8O9ByHQF82uU0n96t7+gwDPRQW7gBbYeKho8ZMGbRndJiOjpeLSQCogMO7zsOmDZ8kgHrGC1P
F8SkQHB2wTR6kTbIwGMmKfJGjzo3MJDt6DKuKcfILWyj25uUIp/wD2kgrmyMblFZvaGJupJlS6lW
ODoW6TEWSfxTpBknEKvEb+WX9UEWfuv04Vz9eYurY2ieLxn4xusog2/RZDCfs7rNbK+bHtKpnY1U
2HFuKRJPs9mKeQ+9yNNvY3zBQPzSr1qkfzhemlJIyPpJMnjdkGROBsvVRBAeyzPO/LPsmMOPtQrf
oDoMJL6KVRXZZ0h06Knoa1ocS+r4hJUv0fVJFFzAm0iwpnEvowZo7kaNAu5vkPMK9yVZkBDGXhII
QxebqppevoNYfGo1aMdAZdhOMYMMi1UMziqBRVkOHQZpL7zTFYm+rr0o5D3h/l5qdFS1SOMeyhtP
egusdpRvUT/OYgivBM2qGInu9QykfkHt61UOmfj/EB9anNAIbejRhnCBnRYIlzh90UWtqr4Zk1Nh
U+lQcIXPQr9TZReqvpOM5apcmzrYyqE0rUFKfcxLUMxajJ482Nbx5Tzi0EDapauZWU0qFSUiZ3lG
R21z6m1XSf+Wrxgca8Ug2Dxc/vIkUrDRe1OVxKoWFy9+GpKjAj/jejFezL5OcwEjF4B3O+YM4AkG
gJfR5jI8r4jdKz9bif9rIAk4eCQmAqmDDLdAEmOSVeZuUDMIBTJyDUSZROeLqVM02VyUi4dJaTS9
IZmccbgoyF4COYIBMrXGgisUrkgT3L6HMX0SmFenGdXNp4EePaO6+TQeP6O6+cTyx2NntNt8qjUD
VzgZvgrOBXpQJDo06jNZHJHgri/Py59/8Z9XAf8ZXJeN30A3WMWn/2siqZUjHVTI1k0KwVwlfK4s
5EJkDAVAXtCW4NCPL8pET4pwZ7QNb70iC6Q6dlo5UmblqNgzWZbBGBC3iNVS5iBS8yuO09IYIq3q
neMeEZn5uhIdFLwz0BjPoUiwG3kLCNTViRctNpqIaOWoLHFU55DygyyzZQgdYZ4jdFVaUjRBz8qO
mG7+hT7iAtzxMxrYAYYPFXTzMmR9sswDdVsE4Vqiym8gXrO553wUTaQo6GSHnvPesWvtPed//iL6
/+MFCdshwgo9eHLfJdFRL33Awhl4yvhvKIX/v4WXCb5uDSzPf4a8XnpvKf9z/39p/l+H8WfMbE7/
NWH6e0H/LuI/XFc5/77js/gPz3NNmH/fc/bxH7so28V/xAnmsQPTIvEfteVTCwIpqgt+V14g9j64
Qc0pq7cKrNL0BkmSRPGB6w5TzCqd+GCYTJyDIcCIOL6FRYB0M1Zpm46Dl6LnWDKrFGoOPXvoDcz+
WGWl16effyX9P7C+TxaQ2i1PtiUDLfgflm3L+B+W5e7x/3dSttv/Voy3GN54bP83Lp8aGWCtGB2Q
qn8v7ivJBLsB04nKc7P4LIbsi4R+YD3uJYoeUJIfpgAvecoh907N39blb9h/8zRd4C2fwO/0nijy
mYHgP3DQLkId4GH4iZgyfK50ZUFXvJfnz2k73Kw6IrtoRr7Hc/xoOBwh8r50RzD9J72Y3k1XJ8jD
ZENNA6XvJukLA9OU9IVhi77Qg5rgHA87giXttYMfskjxv3h61lmKd1NPoh8pLfQfz71fpf+WP3D3
8t9Oynb0f2LHtj+JLRb/y5dPjahfkhpwgSXRv0JDVjcOV59O0NF6uTjKptERdFdWXsxCKiVGWA78
oBcVha4kEjkZmmGFRDrmLsEIXNP/4UwqjfH/fW7+Z+3737dcef/bWF3c7/8dlC3j/6PE8YduyPY/
XT7twf9Fu80Mo4OJbBiNdpmizvkBd/HmRW//64cQtOl/Prf/mb7veYD/gVXA/f7fRdlu/3uuF0Z+
6NT1P6vRANSi+V0mUaPSVzwMX4s4Xv4Jen0WvP1wPro5+houiB61nkym9+z6VV09BOT+5WnFjwAr
Yss0mxCUM6Lwhfksf7ibrZckVJcqavhSWtcA6dNqqPa1J6pUw5fVSngEllxO0O3Nu7dw4WY2W51f
CZREeC+oG78/QaOr0e3o7OLD+CwI3l/fnNNv9OZTGn+eQy5prFFaNnJMen2UJ+k9SwBLHdXSL5Wq
OH8FiFLSVa48vypR7KUmFGz6VQlhz+ovw3vQb08QpnPOwLWObVcnuvEFUKX5rhVZZlVys3ZI84/t
wc8KI6Wk/+Z3erUHFtBG//HKYOc/pjswgf57lren/7so29F/14nj2HLdOv1ny6eVBVQIfXnXTk17
NVJbbmAdsd3YUheGUo7l8Oktda41sPeWun2RikD/e9b6y9Jq/3NsLv/jdYr1f9fxB3v6v4uyJf1P
3MSyJ0Om/yto/h/ZLMJUGDR/gb4vPi4hcYQgyC/W+dEyC+fJYYgriVQ8+0iCz064ED6eJsq75lMi
St/OZtntJxCscfeWhkwX45LIs39spVXyfLyDgxTf7pj5fk+e92Vf9qWf8h+KyuNkAMgAAA==
EOF
# Patch configuration files
sed -e"s%BASE_DIR%${BASE_DIR}%" -i $(find -name \*.ldif)
sed -e"s%BASE_DN%${BASE_DN}%" -i $(find -name \*.ldif)
sed -e"s%INITIAL_PASSWORD%${INITIAL_PASSWORD}%" -i $(find -name \*.ldif)
# Fix CRC32 checksums on configuration files
for FILE in $(find -name \*.ldif); do
CRC32=$(tail -n +3 ${FILE} |crc32 /dev/stdin)
sed -e"s/^# CRC32 [0-9a-f]*$/# CRC32 ${CRC32}/" -i ${FILE}
done
# Add Root DSE
DC=$(echo ${BASE_DN} |cut -d "," -f1 |cut -d "=" -f2)
cat <<EOF |/usr/sbin/slapadd -F "${BASE_DIR}/etc" -b ${BASE_DN}
dn: ${BASE_DN}
dc: ${DC}
objectClass: domain
objectClass: top
structuralObjectClass: domain
EOF
# Print instructions
cat <<EOF
Instructions
============
Launch slapd (debug level 0 - foreground mode)
$ /usr/sbin/slapd -h "ldap://${BIND_IP_ADDR}:${BIND_IP_PORT}/" -F "${BASE_DIR}/etc" -d 0
LDAPvi on cn=config
$ ldapvi -h "ldap://${BIND_IP_ADDR}:${BIND_IP_PORT}/" -D "cn=admin,cn=config" -b "cn=config"
LDAPvi on ${BASE_DN}
$ ldapvi -h "ldap://${BIND_IP_ADDR}:${BIND_IP_PORT}/" -D "cn=admin,${BASE_DN}" -b "${BASE_DN}"
Do not forget to update the intitial passwords for both identities:
cn=admin,cn=config
cn=admin,${BASE_DN}
EOF
Basis-Struktur ergänzen
Organizational Units
Für viele Anwendungsfälle – wie eine Synchronisation mit Keycloak – wird empfohlen noch zwei Organizational Units zu ergänzen:
Editor starten mit:
ldapvi -h "ldap://127.0.0.1:12345/" -D "cn=admin,dc=example,dc=com" -b "dc=example,dc=com"
Oben die folgenden Zeilen ergänzen:
add ou=users,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: users
add ou=groups,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: groups
Nun den Editor schließen und noch mit y bestätigen.
memberof Overlay
Um Gruppenmitgliedschaften auch beim User anzuzeigen (mit ldapsearch ... memberof), müssen die Overlays memberof und refint installiert werden.
export LDAP_PORT=12345
mkdir -p ~/ldif
cat > ~/ldif/add-memberof-modules.ldif << FINISH
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
olcModuleLoad: refint.la
FINISH
ldapadd -H ldap://127.0.0.1:$LDAP_PORT -D "cn=admin,cn=config" -f ~/ldif/add-memberof-modules.ldif -W
cat > ~/ldif/add-memberof-overlay.ldif << FINISH
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass: olcMemberOfConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: error
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
olcMemberOfMemberOfAD: memberOf
FINISH
ldapadd -H ldap://127.0.0.1:$LDAP_PORT -D "cn=admin,cn=config" -f ~/ldif/add-memberof-overlay.ldif -W
cat > ~/ldif/add-refint-overlay.ldif << FINISH
dn: olcOverlay=refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: memberof
olcRefintAttribute: member
olcRefintAttribute: uniqueMember
olcRefintAttribute: manager
olcRefintAttribute: owner
FINISH
ldapadd -H ldap://127.0.0.1:$LDAP_PORT -D "cn=admin,cn=config" -f ~/ldif/add-refint-overlay.ldif -W
Autostart
Um den neuen LDAP-Dienst dauerhaft laufen zu lassen, sollte Systemd genutzt werden. Hier ein Beispiel dafür:
mkdir -p .config/systemd/user
In das Verzeichnis die Datei slapd.service legen und mit beispielsweise den folgenden Inhalten befüllen:
[Unit]
Description=Slapd2 Server
[Service]
Type=forking
Restart=always
WorkingDirectory=%h/ldap/
# eg -d 255 for higher loglevel; but even with -d 0, it won't fork anymore
ExecStart=/usr/sbin/slapd -h ldap://127.0.0.1:12345/ -F %h/slapd2/etc
PIDFile=%h/slapd2/run/slapd.pid
[Install]
WantedBy=default.target
Im Anschluss:
systemctl enable --user slapd
systemctl start --user slapd
Hinweis: unter Umständen muss ein Administator diese Funktionalität erst für Sie freischalten. Ihr User benötigt womöglich außerdem die folgende Umgebungsvariable um die Befehle ausführen zu können:
export XDG_RUNTIME_DIR=/run/user/$UID
Pflege der LDAP Daten über die Kommandozeile
Benutzer anlegen
Datei adduser.ldif (entsprechende Werte ersetzen):
dn: uid=mmustermann,ou=users,dc=example,dc=org
objectClass: inetOrgPerson
cn: Max
sn: Mustermann
uid: mmustermann
userPassword: TopSecret1234
mail: mmustermann@example.org
Dann ausführen:
ldapadd -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f adduser.ldif
Passwort von Benutzer ändern
export PORT=30389
export BASE_DN="dc=example,dc=org"
ldappasswd -H ldap://127.0.0.1:$PORT -x -D "cn=admin,$BASE_DN" -W -S "uid=mmustermann,ou=users,$BASE_DN"
Nach Benutzern suchen
export PORT=30389
export BASE_DN="dc=example,dc=org"
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT # geht sogar ohne Benutzer
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT -D "cn=admin,cn=config" -W
Was kann der normale Benutzer sehen:
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT -D "uid=mmustermann,ou=users,$BASE_DN" -W
nach Personen mit bestimmter Klasse suchen:
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W "objectClass=inetOrgPerson"
Eigenschaften aktualisieren
Datei modify_email.ldif:
dn: uid=mmustermann,ou=users,dc=example,dc=org
changetype: modify
replace: mail
mail: mmustermann2@example.orgDann ausführen:
ldapmodify -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f modify_email.ldif
Neue Gruppe anlegen
Siehe oben, das Overlay memberof sollte installiert sein.
Datei addgroup.ldif (entsprechende Werte ersetzen):
dn: cn=admins,ou=groups,dc=example,dc=org
cn: admins
objectclass: groupOfUniqueNames
uniqueMember: uid=mmustermann,ou=users,dc=example,dc=org
Dann ausführen:
ldapadd -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f addgroup.ldif
Benutzer zu einer Gruppe hinzufügen
Datei addmember.ldif (entsprechende Werte ersetzen):
dn: cn=admins,ou=groups,dc=example,dc=org
changetype: modify
add: uniqueMember
uniqueMember: uid=mmustermann,ou=users,dc=example,dc=org
Dann ausführen:
ldapmodify -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f addmember.ldif
Liste alle Benutzer einer Gruppe
export FILTER="(&(objectClass=inetOrgPerson)(memberof=CN=admins,OU=groups,DC=example,DC=org))"
ldapsearch -x -b "$BASE_DN" -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W $FILTER
Benutzer aus einer Gruppe entfernen
Datei dropmember.ldif (entsprechende Werte ersetzen):
dn: cn=admins,ou=groups,dc=example,dc=org
changetype: modify
delete: uniqueMember
uniqueMember: uid=mmustermann,ou=users,dc=example,dc=orgDann ausführen:
ldapmodify -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f dropmember.ldif
Benutzer löschen
ldapdelete -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W "uid=mmustermann,ou=users,$BASE_DN"
Gruppe löschen
Datei delete_group.ldif:
dn: cn=Test,ou=groups,dc=example,dc=org
changetype: deleteDann ausführen:
ldapmodify -H ldap://127.0.0.1:$PORT -D "cn=admin,$BASE_DN" -W -f delete_group.ldif