#! /bin/bash

echo 关闭防火墙 安全linux
service iptables stop &> /dev/null
/usr/sbin/setenforce 0 &> /dev/null
sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/gp’ /etc/selinux/config &> /dev/null
[ $? -ne 0 ] && echo “失败”

echo “配置初始化信息”
cat >/etc/sysconfig/network-scripts/ifcfg-eth0 << EOT DEVICE=eth0 TYPE=Ethernet ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=none IPADDR=192.168.1.254 NETMASK=255.255.255.0 GATEWAY=192.168.1.2 EOT echo “NETWORKING=yes” > /etc/sysconfig/network
echo “HOSTNAME=openldap-server.uplooking” >>/etc/sysconfig/network
nisdomainname openldap-server.uplooking &> /dev/null
service network restart &> /dev/null

echo “192.168.1.254 openldap-server.uplooking” >>/etc/hosts
echo “192.168.1.100 STARCL” >>/etc/hosts

echo “安装ldap服务端软件包”

yum -y install openldap openldap-devel openldap-clients openldap-servers migrationtools &> /dev/null

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

mv /etc/openldap/slapd.d/ /etc/openldap/slapd.d.bak

cp /usr/share/openldap-servers/DB_CONFIG.example /etc/openldap/DB_CONFIG

chown -R ldap.ldap /var/lib/ldap/

cat >/etc/openldap/slapd.conf <<EOF
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificatePath /etc/openldap/certs/ca.crt
TLSCertificateFile /etc/openldap/certs/ldap.crt
TLSCertificateKeyFile /etc/openldap/certs/ldap.key
database config
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” manage
by * none
database monitor
access to *
by dn.exact=”gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth” read
by dn.exact=”cn=Manager,dc=my-domain,dc=com” read
by * none
database bdb
suffix “dc=STAR,dc=com”
checkpoint 1024 15
rootdn “cn=Manager,dc=STAR,dc=com”
rootpw 123456
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

EOF

service slapd start
chkconfig slapd on

sed -i ‘s/\$DEFAULT_MAIL_DOMAIN = “padl.com”;/\$DEFAULT_MAIL_DOMAIN = “STAR.com”;/’ /usr/share/migrationtools/migrate_common.ph
sed -i ‘s/\$DEFAULT_BASE = “dc=padl,dc=com”;/\$DEFAULT_BASE = “dc=STAR,dc=com”;/’ /usr/share/migrationtools/migrate_common.ph
sed -i ‘s/\$EXTENDED_SCHEMA = 0;/\$EXTENDED_SCHEMA = 1;/’ /usr/share/migrationtools/migrate_common.ph

cd /usr/share/migrationtools/
./migrate_base.pl > /tmp/base.ldif

echo “BASE dc=STAR,dc=com “>> /etc/openldap/ldap.conf
echo “URL ldap://127.0.0.1 ” >> /etc/openldap/ldap.conf

mkdir /rhome

for i in {01..10}
do
useradd ldapuser$i -d /rhome/ldapuser$i
echo “123” |passwd –stdin ldapuser$i
done &> /dev/null

egrep ‘ldapuser[0-9]+’ /etc/passwd > /root/user.txt
egrep ‘ldapuser[0-9]+’ /etc/group > /root/group.txt

/usr/share/migrationtools/migrate_passwd.pl /root/user.txt > /tmp/user.ldif
/usr/share/migrationtools/migrate_group.pl /root/group.txt > /tmp/group.ldif