ldap (389ds)

1. installation

yum -y install 389-ds-base 389-admin

2. configuration

source /etc/cid.conf
wget -nv http://${rdsserver}/sharel/skl/ldap/389-ds.skl -O /tmp/389-ds.rsp

cube /tmp/389-ds.rsp "%pwsname%" with "$(hostname -s)"
cube /tmp/389-ds.rsp "%dnsdomainname%" with "${dnsdomain}"
cube /tmp/389-ds.rsp "%ldapdesc%" with "${dnsdomain}"
cube /tmp/389-ds.rsp "%ldaprootpw%" with "$(cid-xpwd ${ldaprootpw})"
cube /tmp/389-ds.rsp "%ldapbasedn%" with "${ldapbasedn}"
cube /tmp/389-ds.rsp "%ldaprootdn%" with "${ldaprootdn}"

/usr/sbin/setup-ds.pl -s -f /tmp/389-ds.rsp

wget -nv http://${rdsserver}/sharel/etc/ldapschema/389-ds/samba.ldif -O /etc/dirsrv/slapd-$(hostname -s)/schema/95samba.ldif
chown "nobody:nobody" /etc/dirsrv/slapd-$(hostname -s)/schema/*
chmod 440 /etc/dirsrv/slapd-$(hostname -s)/schema/*

systemctl restart dirsrv.target

wget -N -nv http://${rdsserver}/sharel/img/389-ds/cid-setupssl2 -P /tmp/
wget -N -nv http://${rdsserver}/sharel/img/389-ds/setupssl2.sh -P /tmp/
sh /tmp/cid-setupssl2

3. configuration smbldap-tools

source /etc/cid.conf
source /bin/cid-functions
cid_yum_add "authconfig samba-common smbldap-tools perl-Crypt-PasswdMD5 perl-Digest-SHA1"

wget -N -nv http://${rdsserver}/sharel/img/smbldap/cid-mksmbsid -P /usr/sbin/
wget -N -nv http://${rdsserver}/sharel/img/smbldap/genpasswd -P /usr/sbin/
wget -N -nv http://${rdsserver}/sharel/img/smbldap/mkntpwd-$(uname -i) -P /usr/sbin/
wget -N -nv http://${rdsserver}/sharel/img/smbldap/rnet -P /usr/sbin/
wget -N -nv http://${rdsserver}/sharel/img/smbldap/smbldap-passwd2 -P /usr/sbin/
wget -N -nv http://${rdsserver}/sharel/img/smbldap/smbldap-populate2 -P /usr/sbin/
cd /usr/sbin/; chmod +x cid-mksmbsid genpasswd mkntpwd-$(uname -i) rnet smbldap-passwd2 smbldap-populate2; cd

wget -nv http://${rdsserver}/sharel/skl/ldap/smbldap_bind.conf -O /etc/smbldap-tools/smbldap_bind.conf
cube /etc/smbldap-tools/smbldap_bind.conf "%ldaprootdn%" with "${ldaprootdn}"
cube /etc/smbldap-tools/smbldap_bind.conf "%ldaprootpw%" with "$(cid-xpwd ${ldaprootpw})"

wget -nv http://${rdsserver}/sharel/skl/ldap/smbldap.conf -O /etc/smbldap-tools/smbldap.conf
cube /etc/smbldap-tools/smbldap.conf "%ldapserver%" with "localhost"
cube /etc/smbldap-tools/smbldap.conf "%ldapbasedn%" with "${ldapbasedn}"
cube /etc/smbldap-tools/smbldap.conf "%dnsdomainname%" with "${dnsdomain}"
cube /etc/smbldap-tools/smbldap.conf "%smbdomainname%" with "${smbdomain}"
cube /etc/smbldap-tools/smbldap.conf "%smbsid%" with "$(cid-mksmbsid ${smbdomain})"

cube /etc/samba/smb.conf "workgroup = MYGROUP" with "workgroup = ${smbdomain}"
cube /etc/samba/smb.conf "workgroup = SAMBA" with "workgroup = ${smbdomain}"

/usr/sbin/smbldap-populate2 -b "guest" -a "ldapadm" -p "Passw0rd" -u 100001 -g 100001 -r 100001

smbldap-groupadd -a -g "100001" "admgroup"
smbldap-groupadd -a -g "100002" "cidgroup"
smbldap-useradd -a -u "100001" -d "/var/home/cidadm" "cidadm"
smbldap-passwd2 "cidadm" "Passw0rd"
smbldap-useradd -a -u "100002" -d "/data1/shareb" "cidusr"
smbldap-passwd2 "cidusr" "Passw0rd"
smbldap-groupmod -m "cidadm" "admgroup"
smbldap-groupmod -m "cidadm,cidusr" "cidgroup"

4. services

systemctl enable httpd.service
systemctl start httpd.service
systemctl enable dirsrv.target
systemctl restart dirsrv.target
rpm -q --quiet "nscd" && systemctl disable nscd.service
systemctl disable dirsrv-admin.service

5. authconfig

cid-authconfig off del
cid-authconfig on

6. uninstallation

systemctl stop dirsrv.target
yum -y remove 389*
rm -frv /etc/dirsrv/ /etc/ldapschema/ /etc/sysconfig/dirsrv* /usr/lib64/dirsrv/ /var/lib/dirsrv/ /var/lock/dirsrv/ /var/log/dirsrv/ /var/run/dirsrv/