Compare commits
5 Commits
6296504eed
...
2b1dae6ed0
Author | SHA1 | Date |
---|---|---|
vfebvre | 2b1dae6ed0 | |
Arnaud Fornerot | 362e1e3e17 | |
Philippe Caseiro | bb9ed1d3b6 | |
Philippe Caseiro | 2baabd3c80 | |
Philippe Caseiro | 5f5274025f |
|
@ -6,24 +6,39 @@
|
||||||
|
|
||||||
<variables>
|
<variables>
|
||||||
<family name='CADOLES LDAP'>
|
<family name='CADOLES LDAP'>
|
||||||
<variable name="activer_admin_passfile" redefine='True' hidden='True'><value>oui</value></variable>
|
<variable name="activer_admin_passfile" exists='True' redefine='True' hidden='True'><value>oui</value></variable>
|
||||||
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
|
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
|
||||||
<value>oui</value>
|
<value>oui</value>
|
||||||
</variable>
|
</variable>
|
||||||
|
|
||||||
<variable type='string' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
|
<variable type='string' name='cadolesldap_basedn' description="Base DN de l'annuaire" mandatory='True'/>
|
||||||
|
<variable type='password' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
|
||||||
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/>
|
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/>
|
||||||
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable>
|
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable>
|
||||||
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable>
|
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable>
|
||||||
|
|
||||||
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/>
|
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/>
|
||||||
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/>
|
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/>
|
||||||
|
<variable type='oui/non' name='cadolesldap_create_reader' description="Créer un utilisateur de lecture dans l'annuaire">
|
||||||
|
<value>oui</value>
|
||||||
|
</variable>
|
||||||
|
<variable type='string' name='cadolesldap_reader' description="Nom de l'utilisateur de lecture">
|
||||||
|
<value>cadoles-reader</value>
|
||||||
|
</variable>
|
||||||
|
<variable type='password' name='cadolesldap_reader_pass' description="Mot de passe de l'utilisateur de lecture"/>
|
||||||
|
<variable type='oui/non' name='cadolesldap_create_writer' description="Créer un utilisateur avec des droits d'écriture dans l'annuaire">
|
||||||
|
<value>non</value>
|
||||||
|
</variable>
|
||||||
|
<variable type='string' name='cadolesldap_writer' description="Nom de l'utilisateur d'écriture">
|
||||||
|
<value>cadoles-writer</value>
|
||||||
|
</variable>
|
||||||
|
<variable type='password' name='cadolesldap_writer_pass' description="Mot de passe de l'utilisateur d'écriture"/>
|
||||||
|
|
||||||
</family>
|
</family>
|
||||||
</variables>
|
</variables>
|
||||||
|
|
||||||
<constraints>
|
<constraints>
|
||||||
<condition name='hidden_if_in' source='activer_cadolesldap'>
|
<condition name='disabled_if_in' source='activer_cadolesldap'>
|
||||||
<param>non</param>
|
<param>non</param>
|
||||||
<target type='filelist'>cadolesldap</target>
|
<target type='filelist'>cadolesldap</target>
|
||||||
<target type='variable'>cadolesldap_pwdadmin</target>
|
<target type='variable'>cadolesldap_pwdadmin</target>
|
||||||
|
@ -35,6 +50,18 @@
|
||||||
|
|
||||||
</condition>
|
</condition>
|
||||||
|
|
||||||
|
<condition name='disabled_if_in' source="cadolesldap_create_reader">
|
||||||
|
<param>non</param>
|
||||||
|
<target type='variable'>cadolesldap_reader</target>
|
||||||
|
<target type='variable'>cadolesldap_reader_pass</target>
|
||||||
|
</condition>
|
||||||
|
|
||||||
|
<condition name='disabled_if_in' source="cadolesldap_create_writer">
|
||||||
|
<param>non</param>
|
||||||
|
<target type='variable'>cadolesldap_writer</target>
|
||||||
|
<target type='variable'>cadolesldap_writer_pass</target>
|
||||||
|
</condition>
|
||||||
|
|
||||||
<fill name='concat' target='cadolesldap_organization'>
|
<fill name='concat' target='cadolesldap_organization'>
|
||||||
<param type='eole'>libelle_etab</param>
|
<param type='eole'>libelle_etab</param>
|
||||||
</fill>
|
</fill>
|
||||||
|
|
|
@ -1,14 +1,26 @@
|
||||||
--- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200
|
--- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200
|
||||||
+++ modif/slapd.conf 2020-03-24 09:10:44.724586266 +0100
|
+++ modif/slapd.conf 2021-01-12 11:06:19.496162295 +0100
|
||||||
@@ -23,6 +23,7 @@
|
@@ -23,11 +23,19 @@
|
||||||
%elif %%ldap_schema == 'zephir'
|
%elif %%ldap_schema == 'zephir'
|
||||||
include /etc/ldap/schema/openldap.schema
|
include /etc/ldap/schema/openldap.schema
|
||||||
%end if
|
%end if
|
||||||
+include /etc/ldap/schema/cadoles.schema
|
+include /etc/ldap/schema/cadoles.schema
|
||||||
|
|
||||||
## Support du TLS
|
## Support du TLS
|
||||||
|
+%if %%cert_type == "manuel"
|
||||||
|
+TLSCertificateFile %%server_cert
|
||||||
|
+TLSCertificateKeyFile %%server_key
|
||||||
|
+TLSCACertificateFile %%server_pem
|
||||||
|
+%else
|
||||||
TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt
|
TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt
|
||||||
@@ -46,6 +47,7 @@
|
TLSCertificateKeyFile /etc/ldap/ssl/private/openldap.key
|
||||||
|
TLSCACertificateFile /etc/ssl/certs/ca.crt
|
||||||
|
+%end if
|
||||||
|
+
|
||||||
|
TLSVerifyClient never
|
||||||
|
TLSCipherSuite SECURE256:+SIGN-ALL:-VERS-SSL3.0:!AES-128-CBC:!3DES-CBC:!DES-CBC:!ARCFOUR-128:!ARCFOUR-40:!RC2-40:!CAMELLIA-128-CBC:!NULL
|
||||||
|
|
||||||
|
@@ -46,6 +54,7 @@
|
||||||
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
|
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
|
||||||
moduleload syncprov
|
moduleload syncprov
|
||||||
%end if
|
%end if
|
||||||
|
@ -16,11 +28,23 @@
|
||||||
|
|
||||||
# Sample security restrictions
|
# Sample security restrictions
|
||||||
# Require integrity protection (prevent hijacking)
|
# Require integrity protection (prevent hijacking)
|
||||||
@@ -219,3 +221,7 @@
|
@@ -80,6 +89,7 @@
|
||||||
%if %%ldap_replication_client == 'oui'
|
|
||||||
include /etc/ldap/replication.conf
|
# compatibilite EAD1 et appli PHP
|
||||||
|
allow bind_v2
|
||||||
|
+allow bind_anon_dn
|
||||||
|
|
||||||
|
database bdb
|
||||||
|
# The base of your directory
|
||||||
|
@@ -216,6 +226,10 @@
|
||||||
|
syncprov-sessionlog 100
|
||||||
%end if
|
%end if
|
||||||
+
|
|
||||||
+overlay memberof
|
+overlay memberof
|
||||||
+memberof-group-oc cadolesGroup
|
+memberof-group-oc cadolesGroup
|
||||||
+memberof-member-ad cadolesMember
|
+memberof-member-ad cadolesMember
|
||||||
|
+
|
||||||
|
%if %%ldap_replication_client == 'oui'
|
||||||
|
include /etc/ldap/replication.conf
|
||||||
|
%end if
|
||||||
|
|
||||||
|
|
|
@ -131,5 +131,6 @@ objectclass ( 2.16.840.1.113732.3.1.4
|
||||||
NAME 'cadolesGroup'
|
NAME 'cadolesGroup'
|
||||||
DESC 'Descirption Groupe Cadoles'
|
DESC 'Descirption Groupe Cadoles'
|
||||||
SUP top AUXILIARY
|
SUP top AUXILIARY
|
||||||
MAY ( cadolesMember
|
MAY ( cadolesMember $
|
||||||
|
mail
|
||||||
) )
|
) )
|
||||||
|
|
|
@ -0,0 +1,396 @@
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=givensName,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.101
|
||||||
|
schemaIdGuid:: Jlbt5wmATVMcWKBhHjDO6Q==
|
||||||
|
cn: givensName
|
||||||
|
name: givensName
|
||||||
|
lDAPDisplayName: givensName
|
||||||
|
description:: UHLDqW5vbXMgQWdlbnQ=
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=usualname,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.102
|
||||||
|
schemaIdGuid:: ZHr974ZZzNma8pHl9aaLKA==
|
||||||
|
cn: usualname
|
||||||
|
name: usualname
|
||||||
|
lDAPDisplayName: usualname
|
||||||
|
description: Nom Usage
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=birthdate,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.103
|
||||||
|
schemaIdGuid:: wkZpNuM104JsF2zMxq3fnw==
|
||||||
|
cn: birthdate
|
||||||
|
name: birthdate
|
||||||
|
lDAPDisplayName: birthdate
|
||||||
|
description: Date de Naissance
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=birthcountry,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.104
|
||||||
|
schemaIdGuid:: +ReayhtKgycw+f1WmyUFjA==
|
||||||
|
cn: birthcountry
|
||||||
|
name: birthcountry
|
||||||
|
lDAPDisplayName: birthcountry
|
||||||
|
description: Code INSEE Pays de Naissance
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=birthplace,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.105
|
||||||
|
schemaIdGuid:: PWA2lFufaLT7V426mHUTEA==
|
||||||
|
cn: birthplace
|
||||||
|
name: birthplace
|
||||||
|
lDAPDisplayName: birthplace
|
||||||
|
description: Code INSEE Lieu de Naissance
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=gender,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.106
|
||||||
|
schemaIdGuid:: SLktEEb4rGlIyy5Eo9Shjg==
|
||||||
|
cn: gender
|
||||||
|
name: gender
|
||||||
|
lDAPDisplayName: gender
|
||||||
|
description: Sexe de la Personne
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=job,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.107
|
||||||
|
schemaIdGuid:: nhVCGzIC/Fdk2uAMDGHfFA==
|
||||||
|
cn: job
|
||||||
|
name: job
|
||||||
|
lDAPDisplayName: job
|
||||||
|
description:: TcOpdGllcg==
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=position,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.108
|
||||||
|
schemaIdGuid:: j0OPKDBf7J/iPToHdwF0ZQ==
|
||||||
|
cn: position
|
||||||
|
name: position
|
||||||
|
lDAPDisplayName: position
|
||||||
|
description:: Rm9uY3Rpb24gcmVsYXRpdmUgw6AgVW5pdMOpIE9yZ2FuaXNhdGlvbm5lbGxl
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=belongingpopulation,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.109
|
||||||
|
schemaIdGuid:: KVMi+GCSzkYHccfbRnCmaQ==
|
||||||
|
cn: belongingpopulation
|
||||||
|
name: belongingpopulation
|
||||||
|
lDAPDisplayName: belongingpopulation
|
||||||
|
description: Population Appartenance
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=authlevel,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.110
|
||||||
|
schemaIdGuid:: i7mCIv1VtoKwDOwX8hHs4A==
|
||||||
|
cn: authlevel
|
||||||
|
name: authlevel
|
||||||
|
lDAPDisplayName: authlevel
|
||||||
|
description:: Tml2ZWF1IEF1dGhlbnRpZmljYXRpb24gRGVtYW5kw6k=
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=siren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.111
|
||||||
|
schemaIdGuid:: yWAVXrzf61bqVFmttTCMoQ==
|
||||||
|
cn: siren
|
||||||
|
name: siren
|
||||||
|
lDAPDisplayName: siren
|
||||||
|
description: Identifiant Entreprise
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=siret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.112
|
||||||
|
schemaIdGuid:: xuETMsIWjPkNn9PP6XH2Hw==
|
||||||
|
cn: siret
|
||||||
|
name: siret
|
||||||
|
lDAPDisplayName: siret
|
||||||
|
description: Identifiant Etablissement
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=cadolesMember,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.113
|
||||||
|
schemaIdGuid:: jKgWUFwz5KWM4Fkbbiuw6Q==
|
||||||
|
cn: cadolesMember
|
||||||
|
name: cadolesMember
|
||||||
|
lDAPDisplayName: cadolesMember
|
||||||
|
description: Membres du groupe
|
||||||
|
attributeSyntax: 2.5.5.1
|
||||||
|
oMSyntax: 127
|
||||||
|
isSingleValued: FALSE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=niveau01,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.114
|
||||||
|
schemaIdGuid:: ax677pNcedcU/lJbaV61rg==
|
||||||
|
cn: niveau01
|
||||||
|
name: niveau01
|
||||||
|
lDAPDisplayName: niveau01
|
||||||
|
description: Label Entreprise
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=niveau02,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: attributeSchema
|
||||||
|
attributeID: 2.16.840.1.113732.3.1.115
|
||||||
|
schemaIdGuid:: caUDcwXPL7LKxotwqD4LsQ==
|
||||||
|
cn: niveau02
|
||||||
|
name: niveau02
|
||||||
|
lDAPDisplayName: niveau02
|
||||||
|
description: Label Etablissement
|
||||||
|
attributeSyntax: 2.5.5.12
|
||||||
|
oMSyntax: 64
|
||||||
|
isSingleValued: TRUE
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: classSchema
|
||||||
|
governsID: 2.16.840.1.113732.3.1.1
|
||||||
|
schemaIdGuid:: BS9z8eJKvYZ+lS8OJgeC1g==
|
||||||
|
cn: cadolesPerson
|
||||||
|
name: cadolesPerson
|
||||||
|
lDAPDisplayName: cadolesPerson
|
||||||
|
description: Description Personne Cadoles
|
||||||
|
subClassOf: top
|
||||||
|
objectClassCategory: 3
|
||||||
|
mayContain: givensName
|
||||||
|
mayContain: usualname
|
||||||
|
mayContain: birthdate
|
||||||
|
mayContain: birthcountry
|
||||||
|
mayContain: birthplace
|
||||||
|
mayContain: gender
|
||||||
|
mayContain: job
|
||||||
|
mayContain: position
|
||||||
|
mayContain: belongingpopulation
|
||||||
|
mayContain: authlevel
|
||||||
|
defaultObjectCategory: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: classSchema
|
||||||
|
governsID: 2.16.840.1.113732.3.1.2
|
||||||
|
schemaIdGuid:: 7pJbNueSjwpq7TsL2aiW1w==
|
||||||
|
cn: cadolesSiren
|
||||||
|
name: cadolesSiren
|
||||||
|
lDAPDisplayName: cadolesSiren
|
||||||
|
description: Siren
|
||||||
|
subClassOf: top
|
||||||
|
objectClassCategory: 3
|
||||||
|
mayContain: siren
|
||||||
|
mayContain: niveau01
|
||||||
|
defaultObjectCategory: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: classSchema
|
||||||
|
governsID: 2.16.840.1.113732.3.1.3
|
||||||
|
schemaIdGuid:: BOOf/nwBuCFehtpsyYrLjA==
|
||||||
|
cn: cadolesSiret
|
||||||
|
name: cadolesSiret
|
||||||
|
lDAPDisplayName: cadolesSiret
|
||||||
|
description: Siret
|
||||||
|
subClassOf: top
|
||||||
|
objectClassCategory: 3
|
||||||
|
mayContain: siret
|
||||||
|
mayContain: postalAddress
|
||||||
|
mayContain: niveau02
|
||||||
|
defaultObjectCategory: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
|
||||||
|
DN:
|
||||||
|
changeType: modify
|
||||||
|
add: schemaUpdateNow
|
||||||
|
schemaUpdateNow: 1
|
||||||
|
-
|
||||||
|
|
||||||
|
dn: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
changeType: add
|
||||||
|
objectClass: top
|
||||||
|
objectClass: classSchema
|
||||||
|
governsID: 2.16.840.1.113732.3.1.4
|
||||||
|
schemaIdGuid:: IPc/rPzhpAjekHrvXgdI8w==
|
||||||
|
cn: cadolesGroup
|
||||||
|
name: cadolesGroup
|
||||||
|
lDAPDisplayName: cadolesGroup
|
||||||
|
description: Descirption Groupe Cadoles
|
||||||
|
subClassOf: top
|
||||||
|
objectClassCategory: 3
|
||||||
|
mayContain: cadolesMember
|
||||||
|
defaultObjectCategory: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
|
||||||
|
|
|
@ -17,15 +17,8 @@ function runAs() {
|
||||||
return ${?}
|
return ${?}
|
||||||
}
|
}
|
||||||
|
|
||||||
function main()
|
function addLDAPschema()
|
||||||
{
|
{
|
||||||
MODE=${1}
|
|
||||||
|
|
||||||
result=0
|
|
||||||
|
|
||||||
|
|
||||||
if [[ ${MODE} == "instance" ]]
|
|
||||||
then
|
|
||||||
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
|
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
|
||||||
USER="openldap"
|
USER="openldap"
|
||||||
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
|
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
|
||||||
|
@ -35,6 +28,30 @@ function main()
|
||||||
result=$((result+${?}))
|
result=$((result+${?}))
|
||||||
service slapd start
|
service slapd start
|
||||||
return ${result}
|
return ${result}
|
||||||
|
}
|
||||||
|
|
||||||
|
function addADSchema()
|
||||||
|
{
|
||||||
|
/usr/share/eole/sbin/cadoles_add_schema.sh
|
||||||
|
return ${?}
|
||||||
|
}
|
||||||
|
|
||||||
|
function main()
|
||||||
|
{
|
||||||
|
MODE=${1}
|
||||||
|
result=0
|
||||||
|
|
||||||
|
|
||||||
|
if [[ ${MODE} == "instance" ]]
|
||||||
|
then
|
||||||
|
if [[ $(CreoleGet eole_module) == "seth" ]]
|
||||||
|
then
|
||||||
|
addADSchema
|
||||||
|
return ${?}
|
||||||
|
else
|
||||||
|
addLDAPschema
|
||||||
|
return ${?}
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,93 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [[ ! -e /etc/eole/samba4-vars.conf ]]
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
. /etc/eole/samba4-vars.conf
|
||||||
|
|
||||||
|
function updateSchemaDN()
|
||||||
|
{
|
||||||
|
STR=${1}
|
||||||
|
DN=${2}
|
||||||
|
FILE=${3}
|
||||||
|
|
||||||
|
sed -i -e "s/${STR}/${DN}/g" ${FILE}
|
||||||
|
return ${?}
|
||||||
|
}
|
||||||
|
|
||||||
|
function user_exists() {
|
||||||
|
local username="${1}"
|
||||||
|
samba-tool user show "${username}" > /dev/null 2>&1
|
||||||
|
return ${?}
|
||||||
|
}
|
||||||
|
|
||||||
|
DN="$(CreoleGet cadolesldap_basedn)"
|
||||||
|
BASEDN="CN=Schema,CN=Configuration,${DN}"
|
||||||
|
INITDIR="/etc/cadolesldap/init"
|
||||||
|
|
||||||
|
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $BASEDN CN=siren CN | grep "returned.*records")
|
||||||
|
|
||||||
|
if [ "$RETURNED" = "# returned 0 records" ]; then
|
||||||
|
# Import schema
|
||||||
|
SCHEMAS="cadoles.schema"
|
||||||
|
PRIVATE_DIR=/etc/eole/private
|
||||||
|
|
||||||
|
for schema in $SCHEMAS
|
||||||
|
do
|
||||||
|
updateSchemaDN "{DNCONFIG}" "${DN}" /etc/ldap/schema/eole/${schema}.ldif
|
||||||
|
if [[ $? -ne 0 ]]
|
||||||
|
then
|
||||||
|
echo "Error updating DN for ${schema}"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
ldbmodify -H /var/lib/samba/private/sam.ldb /etc/ldap/schema/eole/${schema}.ldif --option="dsdb:schema update allowed"=true
|
||||||
|
if [[ $? -ne 0 ]]
|
||||||
|
then
|
||||||
|
echo "Error updating Schema ${schema} !!"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
lv1=$(CreoleGet cadolesldap_niveau01name )
|
||||||
|
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $DN OU=${lv1} OU | grep "#.* entries")
|
||||||
|
if [ "$RETURNED" = "# 0 entries" ]; then
|
||||||
|
ldbmodify -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesldap.ldif
|
||||||
|
if [[ -e ${INITDIR}/cadolesindex.ldif ]]
|
||||||
|
then
|
||||||
|
ldbmodify --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesindex.ldif
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $(CreoleGet cadolesldap_create_reader non) == "oui" ]]
|
||||||
|
then
|
||||||
|
user=$(CreoleGet cadolesldap_reader)
|
||||||
|
password=$(CreoleGet cadolesldap_reader_pass)
|
||||||
|
if ! user_exists ${user}
|
||||||
|
then
|
||||||
|
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
|
||||||
|
samba-tool user create --random-password $user
|
||||||
|
samba-tool user setexpiry $user --noexpiry
|
||||||
|
samba-tool user setpassword $user --newpassword="${password}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $(CreoleGet cadolesldap_create_writer non) == "oui" ]]
|
||||||
|
then
|
||||||
|
user=$(CreoleGet cadolesldap_writer)
|
||||||
|
password=$(CreoleGet cadolesldap_writer_pass)
|
||||||
|
if ! user_exists ${user}
|
||||||
|
then
|
||||||
|
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
|
||||||
|
samba-tool user create --random-password $user
|
||||||
|
samba-tool user setexpiry $user --noexpiry
|
||||||
|
samba-tool group addmembers 'Domain Admins' $user
|
||||||
|
samba-tool user setpassword $user --newpassword="${password}"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
|
@ -1,66 +1,121 @@
|
||||||
%import pyeole.ssha
|
%import pyeole.ssha
|
||||||
|
|
||||||
# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 3: ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: organizationalUnit
|
objectclass: organizationalUnit
|
||||||
objectclass: top
|
objectclass: top
|
||||||
ou: %%cadolesldap_organization
|
ou: %%cadolesldap_organization
|
||||||
|
|
||||||
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: organizationalUnit
|
objectclass: organizationalUnit
|
||||||
objectclass: top
|
objectclass: top
|
||||||
ou: %%cadolesldap_niveau01branche
|
ou: %%cadolesldap_niveau01branche
|
||||||
|
|
||||||
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: posixGroup
|
objectclass: posixGroup
|
||||||
objectclass: top
|
objectclass: top
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
objectclass: group
|
||||||
|
%else
|
||||||
objectclass: sambaGroupMapping
|
objectclass: sambaGroupMapping
|
||||||
|
%end if
|
||||||
objectclass: cadolesGroup
|
objectclass: cadolesGroup
|
||||||
objectclass: cadolesSiren
|
objectclass: cadolesSiren
|
||||||
cn: %%cadolesldap_niveau01name
|
cn: %%cadolesldap_niveau01name
|
||||||
gidnumber: 1
|
gidnumber: 1
|
||||||
memberuid: admin
|
memberuid: admin
|
||||||
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
%if %%eole_module != "seth"
|
||||||
|
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%end if
|
||||||
|
%if %%eole_module != "seth"
|
||||||
sambagrouptype: 2
|
sambagrouptype: 2
|
||||||
sambasid: 1
|
sambasid: 1
|
||||||
|
%end if
|
||||||
|
%if not %%is_empty(%%cadolesldap_niveau01siren)
|
||||||
siren: %%cadolesldap_niveau01siren
|
siren: %%cadolesldap_niveau01siren
|
||||||
|
%else
|
||||||
|
siren: %%cadolesldap_niveau01name
|
||||||
|
%end if
|
||||||
|
|
||||||
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: organizationalUnit
|
objectclass: organizationalUnit
|
||||||
objectclass: top
|
objectclass: top
|
||||||
ou: %%%%cadolesldap_niveau02branche
|
ou: %%cadolesldap_niveau02branche
|
||||||
|
|
||||||
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: organizationalUnit
|
objectclass: organizationalUnit
|
||||||
objectclass: top
|
objectclass: top
|
||||||
ou: groups
|
ou: groups
|
||||||
|
|
||||||
# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 8: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
dn: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: organizationalUnit
|
objectclass: organizationalUnit
|
||||||
objectclass: top
|
objectclass: top
|
||||||
ou: users
|
ou: users
|
||||||
|
|
||||||
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
%if %%eole_module == "seth"
|
||||||
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr
|
# Entrée 9: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
dn: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%else
|
||||||
|
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%end if
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
changetype: add
|
||||||
|
%end if
|
||||||
objectclass: top
|
objectclass: top
|
||||||
objectclass: person
|
objectclass: person
|
||||||
objectclass: organizationalPerson
|
objectclass: organizationalPerson
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
objectclass: user
|
||||||
|
%end if
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
objectclass: cadolesPerson
|
objectclass: cadolesPerson
|
||||||
objectclass: cadolesSiren
|
objectclass: cadolesSiren
|
||||||
objectclass: cadolesSiret
|
objectclass: cadolesSiret
|
||||||
authlevel: simple
|
authlevel: simple
|
||||||
uid: admin
|
uid: admin
|
||||||
cn: %%cadolesldap_organization
|
cn: admin
|
||||||
sn: %%cadolesldap_organization
|
sn: %%cadolesldap_organization
|
||||||
displayname: Administrateur %%cadolesldap_organization
|
displayname: Administrateur %%cadolesldap_organization
|
||||||
givenname: Administrateur
|
givenname: Administrateur
|
||||||
|
%if not %%is_empty(%%system_mail_to)
|
||||||
mail: %%system_mail_to
|
mail: %%system_mail_to
|
||||||
|
%end if
|
||||||
|
%if not %%is_empty(%%cadolesldap_niveau01siren)
|
||||||
siren: %%cadolesldap_niveau01siren
|
siren: %%cadolesldap_niveau01siren
|
||||||
|
%else
|
||||||
|
siren: %%cadolesldap_niveau01name
|
||||||
|
%end if
|
||||||
niveau01: %%cadolesldap_niveau01name
|
niveau01: %%cadolesldap_niveau01name
|
||||||
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)
|
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)
|
||||||
|
|
||||||
|
%if %%eole_module == "seth"
|
||||||
|
# FIXME CadolesMember ...
|
||||||
|
# Entrée 9bis: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
#dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
#changetype: add
|
||||||
|
#cadolesMember: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
|
||||||
|
%end if
|
Loading…
Reference in New Issue