From: Zoltán Felleg Date: Tue, 6 Nov 2018 13:53:07 +0000 (+0100) Subject: Added ldap.usr.f29. X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=77d1b951e9e876602af0f11af0dd7204bd9f6787;p=user-lxc.git Added ldap.usr.f29. --- diff --git a/sources/ins.usr.f29/firstboot/01_setupnetworking.sh b/sources/ins.usr.f29/firstboot/01_setupnetworking.sh index f66caeb..e8b53db 100755 --- a/sources/ins.usr.f29/firstboot/01_setupnetworking.sh +++ b/sources/ins.usr.f29/firstboot/01_setupnetworking.sh @@ -2,6 +2,19 @@ sleep 1 +systemctl --quiet is-active NetworkManager.service +NM_RC=$? +WAITED=0 +while [ $NM_RC -ne 0 ] +do + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active NetworkManager.service + NM_RC=$? +done +[ $WAITED -ne 0 ] && echo + CONNECTIONS=$(nmcli connection show | grep -v '^NAME' | wc -l) if [ $CONNECTIONS -ne 1 ] then diff --git a/sources/ldap.usr.f29/config b/sources/ldap.usr.f29/config new file mode 100644 index 0000000..e9ae221 --- /dev/null +++ b/sources/ldap.usr.f29/config @@ -0,0 +1,18 @@ +lxc.include = /usr/share/lxc/config/common.conf + +lxc.arch = x86_64 +lxc.uts.name = ldap.usr.user.hu +lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.mount.auto = proc:rw sys:ro + +lxc.net.0.type = phys +lxc.net.0.flags = up +lxc.net.0.link = ldap + +lxc.autodev = 1 + +lxc.signal.halt = SIGRTMIN+4 + +lxc.start.auto = 1 +lxc.start.order = 12 +lxc.start.delay = 10 diff --git a/sources/ldap.usr.f29/envvars b/sources/ldap.usr.f29/envvars new file mode 100644 index 0000000..8bfcea4 --- /dev/null +++ b/sources/ldap.usr.f29/envvars @@ -0,0 +1,2 @@ +BASE_PACKAGES="NetworkManager initscripts openssh-server openssh-clients openssh-ldap rootfiles rsyslog sudo tar vim-minimal" +SPEC_PACKAGES="authselect openldap-servers openldap-clients nss-pam-ldapd oddjob-mkhomedir pam_ssh passwd python3 sssd-ldap" diff --git a/sources/ldap.usr.f29/firstboot/01_setupnetworking.sh b/sources/ldap.usr.f29/firstboot/01_setupnetworking.sh new file mode 100755 index 0000000..31cd82c --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/01_setupnetworking.sh @@ -0,0 +1,54 @@ +#!/bin/sh + + +sleep 1 +systemctl --quiet is-active NetworkManager.service +NM_RC=$? +WAITED=0 +while [ $NM_RC -ne 0 ] +do + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active NetworkManager.service + NM_RC=$? +done +[ $WAITED -ne 0 ] && echo + +CONNECTIONS=$(nmcli connection show | grep -v '^NAME' | wc -l) +if [ $CONNECTIONS -ne 1 ] +then + echo "Number of connections: $CONNECTIONS" >&2 + exit 1 +fi + +CONNECTION_LINE=$(nmcli connection show | grep -v '^NAME') +CONNECTION_TOKENS=$(echo $CONNECTION_LINE | wc -w) +#CONNECTION_NAME_POS=$(( $CONNECTION_TOKENS - 3 )) +CONNECTION_UUID_POS=$(( $CONNECTION_TOKENS - 2 )) +#CONNECTION_TYPE_POS=$(( $CONNECTION_TOKENS - 1 )) +CONNECTION_DEVICE_POS=$CONNECTION_TOKENS +#CONNECTION_NAME=$(echo $CONNECTION_LINE \ +# | cut -f -$CONNECTION_NAME_POS -d ' ') +CONNECTION_UUID=$(echo $CONNECTION_LINE \ + | cut -f $CONNECTION_UUID_POS -d ' ') +#CONNECTION_TYPE=$(echo $CONNECTION_LINE \ +# | cut -f $CONNECTION_TYPE_POS -d ' ') +CONNECTION_DEVICE=$(echo $CONNECTION_LINE \ + | cut -f $CONNECTION_DEVICE_POS -d ' ') + +nmcli connection delete uuid "$CONNECTION_UUID" + +nmcli connection add \ + type 802-3-ethernet \ + ifname $CONNECTION_DEVICE \ + con-name internal \ + autoconnect yes \ + save yes \ + ipv4.addresses "10.228.109.252/16" \ + ipv4.dns "10.228.109.104, 10.228.109.253" \ + ipv4.dns-search "usr.user.hu" \ + ipv4.gateway "10.228.109.254" \ + ipv4.method "manual" \ + ipv6.method "ignore" +nmcli connection show diff --git a/sources/ldap.usr.f29/firstboot/02_settimezone.sh b/sources/ldap.usr.f29/firstboot/02_settimezone.sh new file mode 100755 index 0000000..20b2a71 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/02_settimezone.sh @@ -0,0 +1,21 @@ +#!/bin/sh + + +sleep 1 +systemctl --quiet is-active dbus.service +DBUS_RC=$? +WAITED=0 +while [ $DBUS_RC -ne 0 ] +do + if [ $WAITED -eq 0 ] + then + echo -n "Waiting for dbus.service" + fi + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active dbus.service + DBUS_RC=$? +done +[ $WAITED -ne 0 ] && echo +timedatectl set-timezone Europe/Budapest diff --git a/sources/ldap.usr.f29/firstboot/10_createldapcert.sh b/sources/ldap.usr.f29/firstboot/10_createldapcert.sh new file mode 100755 index 0000000..3ad9be8 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/10_createldapcert.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -x + +read -n 1 -p "Recreate ldap certificate? y/[n] " -t 5 RECREATE +if [ "$RECREATE" = "y" ] +then + cd /etc/pki/tls/certs + openssl genrsa -aes128 2048 >tmp.key + openssl rsa -in tmp.key -out slapd.key + openssl req -utf8 -new -key slapd.key -out slapd.csr + openssl x509 -in slapd.csr -out slapd.crt -req -signkey slapd.key -days 3650 + chmod 600 slapd.key + rm -f slapd.csr tmp.key +fi + +cp -p /etc/pki/tls/certs/slapd.key \ + /etc/pki/tls/certs/slapd.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /etc/openldap/certs/ + +chown ldap.ldap /etc/openldap/certs/slapd.key \ + /etc/openldap/certs/slapd.crt \ + /etc/openldap/certs/ca-bundle.crt diff --git a/sources/ldap.usr.f29/firstboot/11_createusers.sh b/sources/ldap.usr.f29/firstboot/11_createusers.sh new file mode 100755 index 0000000..99eb9c7 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/11_createusers.sh @@ -0,0 +1,59 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) + + +>$REAL_PATH/SEED.txt +>$REAL_PATH/UIDS.txt +cat $REAL_PATH/USERS.txt | while read LINE +do + COMPACT_LINE=$(echo $LINE | sed 's/, /,/g') + LOGIN=$(echo $COMPACT_LINE | cut -f 1 -d ',') + LOGIN_MD5SUM=$(echo $LOGIN | md5sum | awk '{print $1}') + UID_POSITION=30 + UID_IS_UNIQUE=0 + while [ $UID_IS_UNIQUE -eq 0 ] + do + LOGIN_UID=$(echo $LOGIN_MD5SUM | cut -c ${UID_POSITION}- | cut -c 1-3) + grep $LOGIN_UID $REAL_PATH/SEED.txt >/dev/null 2>&1 + if [ $? -eq 1 ] + then + INT_UID=$(python3 -c "print(10000 + int('$LOGIN_UID', 16))") + HEX_UID=$(python3 -c "print(hex($INT_UID))") + #echo $LOGIN $LOGIN_MD5SUM $LOGIN_UID $INT_UID $HEX_UID + echo $LOGIN_UID >>$REAL_PATH/SEED.txt + echo "${INT_UID},${HEX_UID},$COMPACT_LINE" >>$REAL_PATH/UIDS.txt + UID_IS_UNIQUE=1 + else + UID_POSITION=$(( $UID_POSITION - 1 )) + echo "shifted $LOGIN to $UID_POSITION" + if [ $UID_POSITION -eq 0 ] + then + echo "Cannot generate unique uid for $LOGIN" >&2 + exit 1 + fi + fi + done + #echo $LOGIN $LOGIN_UID $INT_UID $LOGIN_MD5SUM +done + +>$REAL_PATH/setupusers.ldif +cat $REAL_PATH/UIDS.txt | while read LINE +do + INT_UID=$(echo $LINE | cut -f 1 -d ',') + HEX_UID=$(echo $LINE | cut -f 2 -d ',') + LOGIN=$(echo $LINE | cut -f 3 -d ',') + FIRSTNAME=$(echo $LINE | cut -f 4 -d ',') + LASTNAME=$(echo $LINE | cut -f 5 -d ',') + MAIL_ADDRESS=$(echo $LINE | cut -f 6 -d ',') + MOBILE_NUMBER=$(echo $LINE | cut -f 7 -d ',') + sed -e "s/__UID__/$INT_UID/" \ + -e "s/__LOGIN__/$LOGIN/" \ + -e "s/__FIRSTNAME__/$FIRSTNAME/" \ + -e "s/__LASTNAME__/$LASTNAME/" \ + -e "s/__MAIL__/$MAIL_ADDRESS/" \ + -e "s/__MOBILE__/$MOBILE_NUMBER/" \ + <$REAL_PATH/user_template.ldif \ + >>$REAL_PATH/setupusers.ldif +done diff --git a/sources/ldap.usr.f29/firstboot/20_setupldap.sh b/sources/ldap.usr.f29/firstboot/20_setupldap.sh new file mode 100755 index 0000000..d177823 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/20_setupldap.sh @@ -0,0 +1,54 @@ +#!/bin/sh +set -x + +REAL_PATH=$(realpath $(dirname $0)) +SLAPD_RUNNING=0 + + +while [ $SLAPD_RUNNING -ne 1 ] +do + echo -n '.' + sleep 1 + systemctl --quiet is-active slapd.service + SLAPD_RUNNING=$(( $? + 1 )) +done + +read -n 1 -p "Recreate ldap database? y/[n] " -t 5 RECREATE + +ldapadd -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup0config.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif +ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/doc/openssh-ldap/openssh-lpk-openldap.ldif +ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup1monitor.ldif +ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setup2mdb.ldif +ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/setuptls.ldif +if [ "$RECREATE" = "y" ] +then + ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupdomain.ldif + ldapadd -x -D cn=Manager,dc=user,dc=hu -w pwd -f $REAL_PATH/setupusers.ldif +fi +ldapmodify -Y EXTERNAL -H ldapi:/// -f $REAL_PATH/replacerootpw.ldif + +if [ "$RECREATE" != "y" ] +then + systemctl stop slapd.service + slapadd -n 2 -l $REAL_PATH/data.ldif + chown -R ldap.ldap /var/lib/ldap + systemctl start slapd.service +fi + +authselect select sssd with-mkhomedir --force +systemctl restart oddjobd.service +systemctl restart sssd.service + +# back up passwords +#ldapsearch -x -D cn=Manager,dc=user,dc=hu -W -b "ou=People,dc=user,dc=hu" "objectClass=*" userPassword shadowLastChange + +# back up openldap +#slapcat -n 0 >/tmp/config.ldif +#slapcat -n 2 >/tmp/data.ldif + +# restore openldap +#slapadd -n 0 -F /etc/openldap/slapd.d -l /tmp/config.ldif +#slapadd -n 2 -F /etc/openldap/slapd.d -l /tmp/data.ldif diff --git a/sources/ldap.usr.f29/firstboot/99_cleanup.sh b/sources/ldap.usr.f29/firstboot/99_cleanup.sh new file mode 100755 index 0000000..b87f2f4 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/99_cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo rm -Rf $REAL_PATH diff --git a/sources/ldap.usr.f29/firstboot/USERS.txt b/sources/ldap.usr.f29/firstboot/USERS.txt new file mode 100644 index 0000000..200f5bb --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/USERS.txt @@ -0,0 +1,20 @@ +acsiba, Ábel, Csiba, abel.csiba@userrendszerhaz.hu, +36 30 866 6318 +akosztolanyi, Árpád, Kosztolányi, arpad.kosztolanyi@userrendszerhaz.hu, +36 20 583 7539 +azsamboki, Attila, Zsámboki, attila.zsamboki@userrendszerhaz.hu, +36 20 980 6592 +bcsoka, Barnabás, Csóka, barnabas.csoka@userrendszerhaz.hu, +36 30 939 7023 +csgulyas, Csaba, Gulyás, csaba.gulyas@userrendszerhaz.hu, +36 30 374 4065 +cslevai, Csilla, Lévai, csilla.levai@userrendszerhaz.hu, +36 30 280 8517 +dhorvath, Dénes, Horváth, denes.horvath@userrendszerhaz.hu, +36 30 971 8563 +dvasary, Dániel, Vásáry, daniel.vasary@userrendszerhaz.hu, +36 30 515 9417 +fritter, Ferenc, Ritter, ferenc.ritter@userrendszerhaz.hu, +36 20 937 8022 +fschnell, Ferenc, Schnellbach, ferenc.schnellbach@userrendszerhaz.hu, +36 30 950 2529 +ibartakovics, István, Bartakovics, istvan.bartakovics@userrendszerhaz.hu, +36 30 630 4920 +ifabian, Ildikó, Fábián, ildiko.fabian@userrendszerhaz.hu, +36 30 239 9891 +khorvath, Kálmán, Horváth, kalman.horvath@userrendszerhaz.hu, +36 20 444 8693 +kkele, Károly, Kele, karoly.kele@userrendszerhaz.hu, +36 70 942 2450 +mszabo, Marcell, Szabó, marcell.szabo@userrendszerhaz.hu, +36 70 458 1234 +rrendek, Róbert, Rendek, robert.rendek@userrendszerhaz.hu, +36 30 977 5888 +tlevai, Tibor, Lévai, tibor.levai@userrendszerhaz.hu, +36 30 297 6481 +zbak, Zoltán, Bak, zoltan.bak@userrendszerhaz.hu, +36 70 420 7156 +zbartakovics, Zoltán, Bartakovics, zoltan.bartakovics@userrendszerhaz.hu, +36 30 944 0299 +zfelleg, Zoltán, Felleg, zoltan.felleg@userrendszerhaz.hu, +36 20 954 1513 diff --git a/sources/ldap.usr.f29/firstboot/pwd.txt b/sources/ldap.usr.f29/firstboot/pwd.txt new file mode 100644 index 0000000..d096bb7 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/pwd.txt @@ -0,0 +1,2 @@ +temp (pwd): {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc +final : {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.usr.f29/firstboot/replacerootpw.ldif b/sources/ldap.usr.f29/firstboot/replacerootpw.ldif new file mode 100644 index 0000000..275d24c --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/replacerootpw.ldif @@ -0,0 +1,4 @@ +dn: olcDatabase={2}mdb,cn=config +changetype: modify +replace: olcRootPW +olcRootPW: {SSHA}RWEH1A6dxFFVufJrFI5BchIyq3AIAq4I diff --git a/sources/ldap.usr.f29/firstboot/setup0config.ldif b/sources/ldap.usr.f29/firstboot/setup0config.ldif new file mode 100644 index 0000000..15347ac --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/setup0config.ldif @@ -0,0 +1,9 @@ +dn: olcDatabase={0}config,cn=config +changetype: modify +add: olcRootPW +olcRootPW: {SSHA}Qta8GXQLA1k8WpxRd9FQ2qzi3jcJBfob + +#dn: cn=config +#changetype: modify +#replace: olcLogLevel +#olcLogLevel: Conns ACL diff --git a/sources/ldap.usr.f29/firstboot/setup1monitor.ldif b/sources/ldap.usr.f29/firstboot/setup1monitor.ldif new file mode 100644 index 0000000..4f225c2 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/setup1monitor.ldif @@ -0,0 +1,7 @@ +dn: olcDatabase={1}monitor,cn=config +changetype: modify +replace: olcAccess +olcAccess: {0}to * + by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read + by dn.base="cn=Manager,dc=user,dc=hu" read + by * none diff --git a/sources/ldap.usr.f29/firstboot/setup2mdb.ldif b/sources/ldap.usr.f29/firstboot/setup2mdb.ldif new file mode 100644 index 0000000..690f1da --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/setup2mdb.ldif @@ -0,0 +1,32 @@ +dn: olcDatabase={2}mdb,cn=config +changetype: modify +replace: olcSuffix +olcSuffix: dc=user,dc=hu + +dn: olcDatabase={2}mdb,cn=config +changetype: modify +replace: olcRootDN +olcRootDN: cn=Manager,dc=user,dc=hu + +dn: olcDatabase={2}mdb,cn=config +changetype: modify +add: olcRootPW +olcRootPW: {SSHA}PaJYPlbWfzdt301XlzPy7PhfJkIDohyc + +dn: olcDatabase={2}mdb,cn=config +changetype: modify +add: olcAccess +olcAccess: {0}to attrs=userPassword + by dn="cn=Manager,dc=user,dc=hu" write + by anonymous auth + by self write + by * none +olcAccess: {1}to attrs=shadowLastChange + by dn="cn=Manager,dc=user,dc=hu" write + by self write + by * read +olcAccess: {2}to dn.base="" + by * read +olcAccess: {3}to * + by dn="cn=Manager,dc=user,dc=hu" write + by * read diff --git a/sources/ldap.usr.f29/firstboot/setupdomain.ldif b/sources/ldap.usr.f29/firstboot/setupdomain.ldif new file mode 100644 index 0000000..aaa0ccc --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/setupdomain.ldif @@ -0,0 +1,19 @@ +dn: dc=user,dc=hu +objectClass: top +objectClass: dcObject +objectclass: organization +o: USER Sytemhouse +dc: user + +dn: cn=Manager,dc=user,dc=hu +objectClass: organizationalRole +cn: Manager +description: Directory Manager + +dn: ou=People,dc=user,dc=hu +objectClass: organizationalUnit +ou: People + +dn: ou=Group,dc=user,dc=hu +objectClass: organizationalUnit +ou: Group diff --git a/sources/ldap.usr.f29/firstboot/setuptls.ldif b/sources/ldap.usr.f29/firstboot/setuptls.ldif new file mode 100644 index 0000000..141428c --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/setuptls.ldif @@ -0,0 +1,10 @@ +dn: cn=config +changetype: modify +add: olcTLSCACertificateFile +olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt +- +replace: olcTLSCertificateFile +olcTLSCertificateFile: /etc/openldap/certs/slapd.crt +- +replace: olcTLSCertificateKeyFile +olcTLSCertificateKeyFile: /etc/openldap/certs/slapd.key diff --git a/sources/ldap.usr.f29/firstboot/user_template.ldif b/sources/ldap.usr.f29/firstboot/user_template.ldif new file mode 100644 index 0000000..5ba1f24 --- /dev/null +++ b/sources/ldap.usr.f29/firstboot/user_template.ldif @@ -0,0 +1,24 @@ +# __LOGIN__ +dn: uid=__LOGIN__,ou=People,dc=user,dc=hu +objectClass: inetOrgPerson +objectClass: posixAccount +objectClass: shadowAccount +cn: __LOGIN__ +gn: __FIRSTNAME__ +sn: __LASTNAME__ +mail: __MAIL__ +mobile: __MOBILE__ +loginShell: /bin/bash +uidNumber: __UID__ +gidNumber: __UID__ +homeDirectory: /home/__LOGIN__ +userPassword: {SSHA}Be0QldINCqu8gM+Fii1cR2fpjCzSqEcO +shadowLastChange: 0 +shadowMax: 3650 + +dn: cn=__LOGIN__,ou=Group,dc=user,dc=hu +objectClass: posixGroup +cn: __LOGIN__ +gidNumber: __UID__ +memberUid: __LOGIN__ + diff --git a/sources/ldap.usr.f29/postinstall/01_setownership.sh b/sources/ldap.usr.f29/postinstall/01_setownership.sh new file mode 100755 index 0000000..0dd1234 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/01_setownership.sh @@ -0,0 +1,11 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) +SOURCE_PATH=$REAL_PATH/install + + +chown -R root.root $SOURCE_PATH +chown -R ldap.ldap $SOURCE_PATH/var/lib/ldap + +chgrp ssh_keys $SOURCE_PATH/etc/ssh/*_key diff --git a/sources/ldap.usr.f29/postinstall/02_setpermissions.sh b/sources/ldap.usr.f29/postinstall/02_setpermissions.sh new file mode 100755 index 0000000..6779033 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/02_setpermissions.sh @@ -0,0 +1,11 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) +SOURCE_PATH=$REAL_PATH/install + + +chmod 600 $SOURCE_PATH/etc/pki/tls/certs/slapd.key +chmod 400 $SOURCE_PATH/etc/ssh/*_key +chmod 444 $SOURCE_PATH/etc/ssh/*.pub +chmod 600 $SOURCE_PATH/etc/sssd/sssd.conf diff --git a/sources/ldap.usr.f29/postinstall/03_installfiles.sh b/sources/ldap.usr.f29/postinstall/03_installfiles.sh new file mode 100755 index 0000000..f190caf --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/03_installfiles.sh @@ -0,0 +1,15 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +tar --create \ + --directory=$REAL_PATH \ + --to-stdout \ + install \ + | tar --extract \ + --backup \ + --directory=/ \ + --no-overwrite-dir \ + --strip-components=1 \ + --suffix=.orig diff --git a/sources/ldap.usr.f29/postinstall/10_setupservices.sh b/sources/ldap.usr.f29/postinstall/10_setupservices.sh new file mode 100755 index 0000000..e8ab8f0 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/10_setupservices.sh @@ -0,0 +1,9 @@ +#!/bin/sh + + +systemctl enable oddjobd.service +systemctl enable slapd.service +systemctl enable sssd.service +systemctl enable NetworkManager-wait-online.service + +systemctl mask wpa_supplicant.service diff --git a/sources/ldap.usr.f29/postinstall/20_setupsshldap.sh b/sources/ldap.usr.f29/postinstall/20_setupsshldap.sh new file mode 100755 index 0000000..177e4db --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/20_setupsshldap.sh @@ -0,0 +1,5 @@ +#!/bin/sh + + +echo "AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper" >>/etc/ssh/sshd_config +echo "AuthorizedKeysCommandUser nobody" >>/etc/ssh/sshd_config diff --git a/sources/ldap.usr.f29/postinstall/99_cleanup.sh b/sources/ldap.usr.f29/postinstall/99_cleanup.sh new file mode 100755 index 0000000..b87f2f4 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/99_cleanup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + + +REAL_PATH=$(dirname $(realpath $0)) + +echo rm -Rf $REAL_PATH diff --git a/sources/ldap.usr.f29/postinstall/install/etc/hosts b/sources/ldap.usr.f29/postinstall/install/etc/hosts new file mode 100644 index 0000000..10caea9 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/hosts @@ -0,0 +1,4 @@ +127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4 +::1 localhost6.localdomain6 localhost6 + +10.228.109.252 ldap.usr.user.hu ldap diff --git a/sources/ldap.usr.f29/postinstall/install/etc/openldap/ldap.conf b/sources/ldap.usr.f29/postinstall/install/etc/openldap/ldap.conf new file mode 100644 index 0000000..cd331f3 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/openldap/ldap.conf @@ -0,0 +1,30 @@ +# +# LDAP Defaults +# + +# See ldap.conf(5) for details +# This file should be world readable but not world writable. + +#BASE dc=example,dc=com +#URI ldap://ldap.example.com ldap://ldap-master.example.com:666 + +#SIZELIMIT 12 +#TIMELIMIT 15 +#DEREF never + +# When no CA certificates are specified the Shared System Certificates +# are in use. In order to have these available along with the ones specified +# by TLS_CACERTDIR one has to include them explicitly: +#TLS_CACERT /etc/pki/tls/cert.pem + +# System-wide Crypto Policies provide up to date cipher suite which should +# be used unless one needs a finer grinded selection of ciphers. Hence, the +# PROFILE=SYSTEM value represents the default behavior which is in place +# when no explicit setting is used. (see openssl-ciphers(1) for more info) +#TLS_CIPHER_SUITE PROFILE=SYSTEM + +# Turning this off breaks GSSAPI used with krb5 when rdns = false +SASL_NOCANON on + +BASE dc=user,dc=hu +URI ldap://ldap.usr.user.hu diff --git a/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.crt b/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.crt new file mode 100644 index 0000000..23e110a --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMjCCAhoCCQC4bVg+Y9rSOjANBgkqhkiG9w0BAQsFADBbMQswCQYDVQQGEwJI +VTERMA8GA1UEBwwIQnVkYXBlc3QxHjAcBgNVBAoMFVVTRVIgU3lzdGVtaG91c2Ug +THRkLjEZMBcGA1UEAwwQbGRhcC51c3IudXNlci5odTAeFw0xODEwMDEwOTU0MjJa +Fw0yODA5MjgwOTU0MjJaMFsxCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVz +dDEeMBwGA1UECgwVVVNFUiBTeXN0ZW1ob3VzZSBMdGQuMRkwFwYDVQQDDBBsZGFw +LnVzci51c2VyLmh1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1g5 +LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZFjlZQlMZURlP3lBntSpz +7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPMw8hi2WD88/jVcigbdQL+ +jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/LDRW9rJzGrUwf1k0IYfnL +/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb38/aPKYVEP4vZavCW/G1 +B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt85httRF+rNOtHg6LqviH6 +ZKsbkjsALnyWj1FnwQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQADOaFtkRiO3pSn +5BGeWYIPu0iE0ADaZDjMIxd+7fQyMb8jx7S114ylWvdpmQAhUPqDgojW4xrSteR+ +fGIY2ai2ZBoVHgFqhDGcg/iAv/BeblspD81AdYy9/OGLkmNi2nvggmNQ5pEATqAO +CavZ6DIZp/i1Y2dxKvlnkKFo9jwpZVIqZdFYLsybq9xIcI5L942I0LVYL0Mgyhr0 +3VF1uwxva0apM7yl0KZ/MNcwsJU1s6ObnWyeybNwTnCKlyIStfhV3e3KJ5bHQLaI +snX6owJIAve99AmVw6aneGu27qlKYbuENYC06K+RuYrbYHRzrjbF5SGEHcLAhFVN +/Cb2K+qe +-----END CERTIFICATE----- diff --git a/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.key b/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.key new file mode 100644 index 0000000..195323b --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/pki/tls/certs/slapd.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAm1g5LJtdXNjzxSonx/FH5Mxo3Jx8pYOSjPfkQGMLn7k9hpaZ +FjlZQlMZURlP3lBntSpz7ZUecEpIP1f5Yompk/zdDrAAToLpFoKwhp2sBwlcqgPM +w8hi2WD88/jVcigbdQL+jhqHtYHXBF4HfwQf5AiJgqnQ+jY8jOKQgwSUsrNKVL/L +DRW9rJzGrUwf1k0IYfnL/eOhwzJj7aCpFY5cf9cMP1SeBq9UL7tzT2tIGneQLhxb +38/aPKYVEP4vZavCW/G1B/p0DOXZ9njyy8sOj02vdZN8CIuOqyIOS79rWRkQlXt8 +5httRF+rNOtHg6LqviH6ZKsbkjsALnyWj1FnwQIDAQABAoIBABvNOUZLc/UW+uGx +frcg7n37O1UoSIKSvpquDtKbJ0xpqaI5t6Irl1bwalqCTjH6b+UTePXvNyhfkviL +NR22h3vtyF5Fj3h9o1uc/hzJgS0tNsFStsXfShmfawX65bBtjyRs6cPi6aDJYQLu +FSddRJvaD0osPDNbm5CXR8e6/SXR+zdDsdOTFnnM6KsNqw0SQgNVBoTHIHMGKU// +SprTYNgP5Jhib4kuUNa+iaNwv/I8BEzooRG+JXJezhtbUecM0poI1izyKhPTlFgx +KTJ0FmzpPtypOGWnPazt710wIUU/O4dODOKB/J6eF578QkHoOZ4Z0Ykes9p6RWMF +oPqb07ECgYEAzJKOf6fNWrWjzZksiP6NB5jvfEF3Fb3IyclH3z0cYLJ40DHYehp7 +Qs2/2BikPd4zsZHLCcp08gjlT8LsZQwYdJK4BsQ80xHVsiZY3Gfqm867EJJlnZ7b +Le1h0iCXmrkh9KeNHeWZdOpttJPo/5kvf9TdNL1dk3VHxXuVy9mBat0CgYEAwmWQ +Xh3egaIPYNdlPAeK8Q67CrQ0CKriwJMUeyMzU+IhbyRQgus5dWOnvdS0Jt8tT7dA +thrfWDQCaeSjsXW8vNdQxK9WMZoCYSI5gayu0WmlX9Vcgp1LSxuRkGpJvqdU4SlU +XGoP7NuIqxvDJ3TiWVV+1nufk74XLhlEKhuG6DUCgYAHQE6iwbzqsTOMLxjABl3T +Xh1nBx8Ee0SpumO8yvq9hrX3kzy8H0ItPQPG0iDIPJ8SdTuALlf02FHggOVGM6aO +Q0EYpE4PoTs05F0T+u769Nn2nWnSq3XTa+2iuBsHlfZZKLM80w2cck7PLsr8fF6N +pmrs2qV9e5O+sUG/BweqVQKBgFfvtaS9gj/F3YsDJMpI5zMwZK/s4HTjSHuwjN0/ +CSLy8gjitoDigzV1BRY8N9o1rruWu/Ekqs+th0H7qYjHJ7+M7v5qCmWZs2XZI4Zj +ZRlZ3vNBAv4axUqOiAR58C4MZ7sLBRxg5h9RF7u/bUJV/2ZF5ICFn6Qnozi5OTqL +BTXZAoGAS8bsX6GVqWd/FkBJCqFVbUQcbawQKy0ZVlEIPg06hPtxRcmNZt+dtOWT +6W/yoer/7oGGUoSHE1y6a5SX0vHOvtkToYy4zUjESaMsa9Wr/DoP9RDkCqUJijxY +zG3XPCj7maygTKSC77ao2bCyQqKYyjIU80CjmI8X8ybAQIkdgAo= +-----END RSA PRIVATE KEY----- diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ldap.conf b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ldap.conf new file mode 100644 index 0000000..30358af --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ldap.conf @@ -0,0 +1,95 @@ +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $ +# +# This is the example configuration file for the OpenSSH +# LDAP backend +# +# see ssh-ldap.conf(5) +# + +# URI with your LDAP server name. This allows to use +# Unix Domain Sockets to connect to a local LDAP Server. +uri ldap://127.0.0.1/ +#uri ldaps://127.0.0.1/ +#uri ldapi://%2fvar%2frun%2fldapi_sock/ +# Note: %2f encodes the '/' used as directory separator + +# Another way to specify your LDAP server is to provide an +# host name and the port of our LDAP server. Host name +# must be resolvable without using LDAP. +# Multiple hosts may be specified, each separated by a +# space. How long nss_ldap takes to failover depends on +# whether your LDAP client library supports configurable +# network or connect timeouts (see bind_timelimit). +#host 127.0.0.1 + +# The port. +# Optional: default is 389. +#port 389 + +# The distinguished name to bind to the server with. +# Optional: default is to bind anonymously. +#binddn cn=openssh_keys,dc=example,dc=org + +# The credentials to bind with. +# Optional: default is no credential. +#bindpw TopSecret + +# The distinguished name of the search base. +#base dc=example,dc=org + +# The LDAP version to use (defaults to 3 +# if supported by client library) +#ldap_version 3 + +# The search scope. +#scope sub +#scope one +#scope base + +# Search timelimit +#timelimit 30 + +# Bind/connect timelimit +#bind_timelimit 30 + +# Reconnect policy: hard (default) will retry connecting to +# the software with exponential backoff, soft will fail +# immediately. +#bind_policy hard + +# SSL setup, may be implied by URI also. +ssl no +#ssl on +#ssl start_tls + +# OpenLDAP SSL options +# Require and verify server certificate (yes/no) +# Default is to use libldap's default behavior, which can be configured in +# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for +# OpenLDAP 2.0 and earlier is "no", for 2.1 and later is "yes". +#tls_checkpeer hard + +# CA certificates for server certificate verification +# At least one of these are required if tls_checkpeer is "yes" +#tls_cacertfile /etc/ssl/ca.cert +#tls_cacertdir /etc/pki/tls/certs + +# Seed the PRNG if /dev/urandom is not provided +#tls_randfile /var/run/egd-pool + +# SSL cipher suite +# See man ciphers for syntax +#tls_ciphers TLSv1 + +# Client certificate and key +# Use these, if your server requires client authentication. +#tls_cert +#tls_key + +# OpenLDAP search_format +# format used to search for users in LDAP directory using substitution +# for %u for user name and %f for SSH_Filter option (optional, empty by default) +#search_format (&(objectclass=%c)(objectclass=ldapPublicKey)(uid=%u)%f) + +#AccountClass posixAccount + diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key new file mode 100644 index 0000000..495ef44 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key @@ -0,0 +1,8 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS +1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRNhyIFsn1XHUZl3cXseM3xVxjVTDL4 +wBFyEQELvVGAEGmxqhETsNPb0xzFGXstoNZkQeBO72huapDROPbs72JXAAAAoLbGMeS2xj +HkAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXd +xex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYl +cAAAAhALkbjaiJrtAkV7WAjDoFzCcjYavVqLSDWyq549QfKliMAAAAAAECAwQFBgc= +-----END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub new file mode 100644 index 0000000..d1e2908 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ecdsa_key.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE2HIgWyfVcdRmXdxex4zfFXGNVMMvjAEXIRAQu9UYAQabGqEROw09vTHMUZey2g1mRB4E7vaG5qkNE49uzvYlc= diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key new file mode 100644 index 0000000..5c432d4 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxwAAAIgiYFM1ImBT +NQAAAAtzc2gtZWQyNTUxOQAAACAPqi+85zTZURcO07ZEkK/+WbPE0jeqbs5ezIefribFxw +AAAEDv3ANgLBg7Rq+8xAZZLTCknzJn4WtmPtyQ9aqJUqFJMQ+qL7znNNlRFw7TtkSQr/5Z +s8TSN6puzl7Mh5+uJsXHAAAAAAECAwQF +-----END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub new file mode 100644 index 0000000..139e2f2 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+qL7znNNlRFw7TtkSQr/5Zs8TSN6puzl7Mh5+uJsXH diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key new file mode 100644 index 0000000..9cf34b0 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key @@ -0,0 +1,27 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn +NhAAAAAwEAAQAAAQEAl33xHJr1IacdKzig31rgBuKL4kfuvLmXPzHgftSlH0q1r0zMizAE +aPcXMRHZ5w/TVUegd3qk2tNVQcJSPoqTjOFC2+tTpYYO6uJ7i5iDvP5v2Akm0VlSL3zwdv +k/TYBwpp3qXtLz4TNhcCjFpup63QgPCVlhZj7WyES4fWstR56ePAyBGydWUkwz1d4pZo8G +ChrSflt3F9nHcfTkgoZPD5GMQnm521rpL+yeuyUOmkO0DTkh00CP8nm9rhXUN99uGlYxDM ++lMcNn/1PV/8/BYMzhgeI1qJz10yXwPKQb5fxXdk/6qa4I9AKzscTV23/QAwgmz4bSYlzz +ypYlt0enEQAAA7h06oRJdOqESQAAAAdzc2gtcnNhAAABAQCXffEcmvUhpx0rOKDfWuAG4o +viR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Ol +hg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRL +h9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6a +Q7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/ +qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cRAAAAAwEAAQAAAQA3Q7aF3PG4CSLW9Z2a +XaiEWnj1X5B0QLAwWZ2wJxrlw3dsL/QegrHZKOrI994qMNfDsJGVhKRHP/lGOAGQ1zTkm/ +isCblGFRW0ElNHpafJdniOsyf6Dz+wG0AN5vd06nouDkXFuedGLFxLclRIhBm2MI5rtrOV +fS8VeBxlhIfMLD2QGy6tZytksdqTIf8egAYv5QGn/LAYmjtiXfyWIGwN4LUKV6jeQUz9mk +P0UzY9VyOwXAthWE43MDM3zllzXF7Yw8vf2EJuOKLzXqbuKzNPAyNrOXMXYHMt2ZlJuy0b +JThk72tmR7aCiyKOsHxWPjwMad9hBvjV7Kg475UD+WkRAAAAgQCPim2W3nzD8i1mq89jr7 +VkQQWsmKmbeS/cufuHoJ23JqNyoO3dxfRT1GHupBYJXvjwQS9Dt/v2+GTVZa6Ldbx9T1Ew +COetJS1ZnrTUPbT6fesSuFZnCBDwGjx02bOcPbhDutTMDqCTPh8J45kIpw8U4UynWTIe9w +ZhObgUeKh2rQAAAIEAyJS2/z7CpwN7gtzRovSuaPFMtxBGlmkHDBa/AA9oCSleoXABMSiI +GE7Mfl6B3q+ryvLJMNj9ILSfPhBORMvO6RhKVV3qR0hUKuqFxy9p8e8e69N1QoYVgBsEtR +q+iij76B1cnwsV6wf4kxHKRHmivHATfKFPgZONmr4E9SST4ncAAACBAMFZHe0EdpReZGw4 +ARCyj6fvGLOu3ApM+PreNyVLXETNxvPIsqn1JTAPsMrX/82HKxD78c6nu1Ki0qJ7BuTEBQ +Rq6SiGjEEaW3skoppOK0md5cj7xNBY7eJFVbVAFmiudQaEbQlorf63jd0ErzIu0xKEi0Kg +l5RXrm5GsNIiwly3AAAAAAEC +-----END OPENSSH PRIVATE KEY----- diff --git a/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key.pub b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key.pub new file mode 100644 index 0000000..7efa1e9 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/ssh/ssh_host_rsa_key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXffEcmvUhpx0rOKDfWuAG4oviR+68uZc/MeB+1KUfSrWvTMyLMARo9xcxEdnnD9NVR6B3eqTa01VBwlI+ipOM4ULb61Olhg7q4nuLmIO8/m/YCSbRWVIvfPB2+T9NgHCmnepe0vPhM2FwKMWm6nrdCA8JWWFmPtbIRLh9ay1Hnp48DIEbJ1ZSTDPV3ilmjwYKGtJ+W3cX2cdx9OSChk8PkYxCebnbWukv7J67JQ6aQ7QNOSHTQI/yeb2uFdQ3324aVjEMz6Uxw2f/U9X/z8FgzOGB4jWonPXTJfA8pBvl/Fd2T/qprgj0ArOxxNXbf9ADCCbPhtJiXPPKliW3R6cR diff --git a/sources/ldap.usr.f29/postinstall/install/etc/sssd/sssd.conf b/sources/ldap.usr.f29/postinstall/install/etc/sssd/sssd.conf new file mode 100644 index 0000000..6f40aa8 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/sssd/sssd.conf @@ -0,0 +1,18 @@ +[domain/default] +id_provider = ldap +autofs_provider = ldap +auth_provider = ldap +chpass_provider = ldap +ldap_uri = ldap://ldap.usr.user.hu/ +ldap_search_base = dc=user,dc=hu +ldap_id_use_start_tls = True +ldap_tls_cacertdir = /etc/openldap/certs +cache_credentials = True +ldap_tls_reqcert = allow + +[sssd] +services = nss, pam, autofs +domains = default + +[nss] +homedir_substring = /home diff --git a/sources/ldap.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf b/sources/ldap.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf new file mode 100644 index 0000000..9b1dfc6 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/etc/sysctl.d/01-ipv6.conf @@ -0,0 +1,2 @@ +net.ipv6.conf.all.disable_ipv6 = 1 +net.ipv6.conf.ldap.disable_ipv6 = 1 diff --git a/sources/ldap.usr.f29/postinstall/install/var/lib/ldap/DB_CONFIG b/sources/ldap.usr.f29/postinstall/install/var/lib/ldap/DB_CONFIG new file mode 100644 index 0000000..d0f2c68 --- /dev/null +++ b/sources/ldap.usr.f29/postinstall/install/var/lib/ldap/DB_CONFIG @@ -0,0 +1,28 @@ +# $OpenLDAP$ +# Example DB_CONFIG file for use with slapd(8) BDB/HDB databases. +# +# See the Oracle Berkeley DB documentation +# +# for detail description of DB_CONFIG syntax and semantics. +# +# Hints can also be found in the OpenLDAP Software FAQ +# +# in particular: +# + +# Note: most DB_CONFIG settings will take effect only upon rebuilding +# the DB environment. + +# one 0.25 GB cache +set_cachesize 0 268435456 1 + +# Data Directory +#set_data_dir db + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 2097152 +#set_lg_dir logs + +# Note: special DB_CONFIG flags are no longer needed for "quick" +# slapadd(8) or slapindex(8) access (see their -q option). diff --git a/sources/ldap.usr.f29/preinstall/01_backupldapdb.sh b/sources/ldap.usr.f29/preinstall/01_backupldapdb.sh new file mode 100755 index 0000000..ee4177e --- /dev/null +++ b/sources/ldap.usr.f29/preinstall/01_backupldapdb.sh @@ -0,0 +1,11 @@ +#!/bin/sh + + +REAL_PATH=$(realpath $(dirname $0)) +CONTAINER_NAME=$1 +CONTAINER_ROOTFS=$2 +CONTAINER_SOURCE_PATH=$3 + +lxc-attach --name=$CONTAINER_NAME -- systemctl stop slapd.service +lxc-attach --name=$CONTAINER_NAME -- slapcat -n 2 \ + >$CONTAINER_SOURCE_PATH/firstboot/data.ldif diff --git a/sources/pns.usr.f29/firstboot/01_setupnetworking.sh b/sources/pns.usr.f29/firstboot/01_setupnetworking.sh index 75f3fd5..baca48d 100755 --- a/sources/pns.usr.f29/firstboot/01_setupnetworking.sh +++ b/sources/pns.usr.f29/firstboot/01_setupnetworking.sh @@ -2,6 +2,19 @@ sleep 1 +systemctl --quiet is-active NetworkManager.service +NM_RC=$? +WAITED=0 +while [ $NM_RC -ne 0 ] +do + echo -n . + sleep 1 + WAITED=1 + systemctl --quiet is-active NetworkManager.service + NM_RC=$? +done +[ $WAITED -ne 0 ] && echo + CONNECTIONS=$(nmcli connection show | grep -v '^NAME' | wc -l) if [ $CONNECTIONS -ne 1 ] then