Compare commits

..

5 Commits

Author SHA1 Message Date
vfebvre 2b1dae6ed0 Merge branch 'master' into dist/eole/2.7.2/master 2021-01-20 13:38:41 +01:00
Arnaud Fornerot 362e1e3e17 ajout de l'attribut mail pour l'objectclass cadolesGroup 2021-01-13 10:37:08 +01:00
Philippe Caseiro bb9ed1d3b6 Fix patch 2021-01-12 11:13:40 +01:00
Philippe Caseiro 2baabd3c80 Update patch for cert management 2021-01-12 11:07:46 +01:00
Philippe Caseiro 5f5274025f Adding first ActiveDirectory support
Need to be fixed : admin user membership FIXME note added
2020-12-16 18:01:04 +01:00
7 changed files with 658 additions and 45 deletions

View File

@ -6,24 +6,39 @@
<variables> <variables>
<family name='CADOLES LDAP'> <family name='CADOLES LDAP'>
<variable name="activer_admin_passfile" redefine='True' hidden='True'><value>oui</value></variable> <variable name="activer_admin_passfile" exists='True' redefine='True' hidden='True'><value>oui</value></variable>
<variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'> <variable name='activer_cadolesldap' type='oui/non' description='Activer Annuaire Cadoles'>
<value>oui</value> <value>oui</value>
</variable> </variable>
<variable type='string' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/> <variable type='string' name='cadolesldap_basedn' description="Base DN de l'annuaire" mandatory='True'/>
<variable type='password' name='cadolesldap_pwdadmin' description="Mot de passe du compte admin durant l'instance" mandatory='True'/>
<variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/> <variable type='string' name='cadolesldap_organization' description="Nom de l'organisation principale" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable> <variable type='string' name='cadolesldap_niveau01branche' description="Nom de la branche de Niveau 01" mandatory='True'><value>niveau01</value></variable>
<variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable> <variable type='string' name='cadolesldap_niveau02branche' description="Nom de la branche de Niveau 02" mandatory='True'><value>niveau02</value></variable>
<variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/> <variable type='string' name='cadolesldap_niveau01name' description="Nom de la première orgranisation de Niveau 01" mandatory='True'/>
<variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/> <variable type='string' name='cadolesldap_niveau01siren' description="SIREN de la première orgranisation de Niveau 01" mandatory='False'/>
<variable type='oui/non' name='cadolesldap_create_reader' description="Créer un utilisateur de lecture dans l'annuaire">
<value>oui</value>
</variable>
<variable type='string' name='cadolesldap_reader' description="Nom de l'utilisateur de lecture">
<value>cadoles-reader</value>
</variable>
<variable type='password' name='cadolesldap_reader_pass' description="Mot de passe de l'utilisateur de lecture"/>
<variable type='oui/non' name='cadolesldap_create_writer' description="Créer un utilisateur avec des droits d'écriture dans l'annuaire">
<value>non</value>
</variable>
<variable type='string' name='cadolesldap_writer' description="Nom de l'utilisateur d'écriture">
<value>cadoles-writer</value>
</variable>
<variable type='password' name='cadolesldap_writer_pass' description="Mot de passe de l'utilisateur d'écriture"/>
</family> </family>
</variables> </variables>
<constraints> <constraints>
<condition name='hidden_if_in' source='activer_cadolesldap'> <condition name='disabled_if_in' source='activer_cadolesldap'>
<param>non</param> <param>non</param>
<target type='filelist'>cadolesldap</target> <target type='filelist'>cadolesldap</target>
<target type='variable'>cadolesldap_pwdadmin</target> <target type='variable'>cadolesldap_pwdadmin</target>
@ -35,6 +50,18 @@
</condition> </condition>
<condition name='disabled_if_in' source="cadolesldap_create_reader">
<param>non</param>
<target type='variable'>cadolesldap_reader</target>
<target type='variable'>cadolesldap_reader_pass</target>
</condition>
<condition name='disabled_if_in' source="cadolesldap_create_writer">
<param>non</param>
<target type='variable'>cadolesldap_writer</target>
<target type='variable'>cadolesldap_writer_pass</target>
</condition>
<fill name='concat' target='cadolesldap_organization'> <fill name='concat' target='cadolesldap_organization'>
<param type='eole'>libelle_etab</param> <param type='eole'>libelle_etab</param>
</fill> </fill>

View File

@ -1,26 +1,50 @@
--- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200 --- distrib/slapd.conf 2019-06-04 11:18:04.000000000 +0200
+++ modif/slapd.conf 2020-03-24 09:10:44.724586266 +0100 +++ modif/slapd.conf 2021-01-12 11:06:19.496162295 +0100
@@ -23,6 +23,7 @@ @@ -23,11 +23,19 @@
%elif %%ldap_schema == 'zephir' %elif %%ldap_schema == 'zephir'
include /etc/ldap/schema/openldap.schema include /etc/ldap/schema/openldap.schema
%end if %end if
+include /etc/ldap/schema/cadoles.schema +include /etc/ldap/schema/cadoles.schema
## Support du TLS ## Support du TLS
+%if %%cert_type == "manuel"
+TLSCertificateFile %%server_cert
+TLSCertificateKeyFile %%server_key
+TLSCACertificateFile %%server_pem
+%else
TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt TLSCertificateFile /etc/ldap/ssl/certs/openldap.crt
@@ -46,6 +47,7 @@ TLSCertificateKeyFile /etc/ldap/ssl/private/openldap.key
TLSCACertificateFile /etc/ssl/certs/ca.crt
+%end if
+
TLSVerifyClient never
TLSCipherSuite SECURE256:+SIGN-ALL:-VERS-SSL3.0:!AES-128-CBC:!3DES-CBC:!DES-CBC:!ARCFOUR-128:!ARCFOUR-40:!RC2-40:!CAMELLIA-128-CBC:!NULL
@@ -46,6 +54,7 @@
%if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui' %if %%ldap_replication == 'oui' or %%ldap_replication_client == 'oui'
moduleload syncprov moduleload syncprov
%end if %end if
+moduleload memberof +moduleload memberof
# Sample security restrictions # Sample security restrictions
# Require integrity protection (prevent hijacking) # Require integrity protection (prevent hijacking)
@@ -219,3 +221,7 @@ @@ -80,6 +89,7 @@
%if %%ldap_replication_client == 'oui'
include /etc/ldap/replication.conf # compatibilite EAD1 et appli PHP
allow bind_v2
+allow bind_anon_dn
database bdb
# The base of your directory
@@ -216,6 +226,10 @@
syncprov-sessionlog 100
%end if %end if
+
+overlay memberof +overlay memberof
+memberof-group-oc cadolesGroup +memberof-group-oc cadolesGroup
+memberof-member-ad cadolesMember +memberof-member-ad cadolesMember
+
%if %%ldap_replication_client == 'oui'
include /etc/ldap/replication.conf
%end if

View File

@ -131,5 +131,6 @@ objectclass ( 2.16.840.1.113732.3.1.4
NAME 'cadolesGroup' NAME 'cadolesGroup'
DESC 'Descirption Groupe Cadoles' DESC 'Descirption Groupe Cadoles'
SUP top AUXILIARY SUP top AUXILIARY
MAY ( cadolesMember MAY ( cadolesMember $
mail
) ) ) )

View File

@ -0,0 +1,396 @@
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=givensName,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.101
schemaIdGuid:: Jlbt5wmATVMcWKBhHjDO6Q==
cn: givensName
name: givensName
lDAPDisplayName: givensName
description:: UHLDqW5vbXMgQWdlbnQ=
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=usualname,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.102
schemaIdGuid:: ZHr974ZZzNma8pHl9aaLKA==
cn: usualname
name: usualname
lDAPDisplayName: usualname
description: Nom Usage
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthdate,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.103
schemaIdGuid:: wkZpNuM104JsF2zMxq3fnw==
cn: birthdate
name: birthdate
lDAPDisplayName: birthdate
description: Date de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthcountry,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.104
schemaIdGuid:: +ReayhtKgycw+f1WmyUFjA==
cn: birthcountry
name: birthcountry
lDAPDisplayName: birthcountry
description: Code INSEE Pays de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=birthplace,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.105
schemaIdGuid:: PWA2lFufaLT7V426mHUTEA==
cn: birthplace
name: birthplace
lDAPDisplayName: birthplace
description: Code INSEE Lieu de Naissance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=gender,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.106
schemaIdGuid:: SLktEEb4rGlIyy5Eo9Shjg==
cn: gender
name: gender
lDAPDisplayName: gender
description: Sexe de la Personne
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=job,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.107
schemaIdGuid:: nhVCGzIC/Fdk2uAMDGHfFA==
cn: job
name: job
lDAPDisplayName: job
description:: TcOpdGllcg==
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=position,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.108
schemaIdGuid:: j0OPKDBf7J/iPToHdwF0ZQ==
cn: position
name: position
lDAPDisplayName: position
description:: Rm9uY3Rpb24gcmVsYXRpdmUgw6AgVW5pdMOpIE9yZ2FuaXNhdGlvbm5lbGxl
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=belongingpopulation,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.109
schemaIdGuid:: KVMi+GCSzkYHccfbRnCmaQ==
cn: belongingpopulation
name: belongingpopulation
lDAPDisplayName: belongingpopulation
description: Population Appartenance
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=authlevel,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.110
schemaIdGuid:: i7mCIv1VtoKwDOwX8hHs4A==
cn: authlevel
name: authlevel
lDAPDisplayName: authlevel
description:: Tml2ZWF1IEF1dGhlbnRpZmljYXRpb24gRGVtYW5kw6k=
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=siren,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.111
schemaIdGuid:: yWAVXrzf61bqVFmttTCMoQ==
cn: siren
name: siren
lDAPDisplayName: siren
description: Identifiant Entreprise
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=siret,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.112
schemaIdGuid:: xuETMsIWjPkNn9PP6XH2Hw==
cn: siret
name: siret
lDAPDisplayName: siret
description: Identifiant Etablissement
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesMember,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.113
schemaIdGuid:: jKgWUFwz5KWM4Fkbbiuw6Q==
cn: cadolesMember
name: cadolesMember
lDAPDisplayName: cadolesMember
description: Membres du groupe
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: FALSE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=niveau01,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.114
schemaIdGuid:: ax677pNcedcU/lJbaV61rg==
cn: niveau01
name: niveau01
lDAPDisplayName: niveau01
description: Label Entreprise
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=niveau02,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: attributeSchema
attributeID: 2.16.840.1.113732.3.1.115
schemaIdGuid:: caUDcwXPL7LKxotwqD4LsQ==
cn: niveau02
name: niveau02
lDAPDisplayName: niveau02
description: Label Etablissement
attributeSyntax: 2.5.5.12
oMSyntax: 64
isSingleValued: TRUE
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.1
schemaIdGuid:: BS9z8eJKvYZ+lS8OJgeC1g==
cn: cadolesPerson
name: cadolesPerson
lDAPDisplayName: cadolesPerson
description: Description Personne Cadoles
subClassOf: top
objectClassCategory: 3
mayContain: givensName
mayContain: usualname
mayContain: birthdate
mayContain: birthcountry
mayContain: birthplace
mayContain: gender
mayContain: job
mayContain: position
mayContain: belongingpopulation
mayContain: authlevel
defaultObjectCategory: CN=cadolesPerson,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.2
schemaIdGuid:: 7pJbNueSjwpq7TsL2aiW1w==
cn: cadolesSiren
name: cadolesSiren
lDAPDisplayName: cadolesSiren
description: Siren
subClassOf: top
objectClassCategory: 3
mayContain: siren
mayContain: niveau01
defaultObjectCategory: CN=cadolesSiren,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.3
schemaIdGuid:: BOOf/nwBuCFehtpsyYrLjA==
cn: cadolesSiret
name: cadolesSiret
lDAPDisplayName: cadolesSiret
description: Siret
subClassOf: top
objectClassCategory: 3
mayContain: siret
mayContain: postalAddress
mayContain: niveau02
defaultObjectCategory: CN=cadolesSiret,CN=Schema,CN=Configuration,{DNCONFIG}
DN:
changeType: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-
dn: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}
changeType: add
objectClass: top
objectClass: classSchema
governsID: 2.16.840.1.113732.3.1.4
schemaIdGuid:: IPc/rPzhpAjekHrvXgdI8w==
cn: cadolesGroup
name: cadolesGroup
lDAPDisplayName: cadolesGroup
description: Descirption Groupe Cadoles
subClassOf: top
objectClassCategory: 3
mayContain: cadolesMember
defaultObjectCategory: CN=cadolesGroup,CN=Schema,CN=Configuration,{DNCONFIG}

View File

@ -17,25 +17,42 @@ function runAs() {
return ${?} return ${?}
} }
function addLDAPschema()
{
LDIF="/etc/cadolesldap/init/cadolesldap.ldif"
USER="openldap"
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\""
service slapd stop
runAs ${USER} ${CMD}
result=$((result+${?}))
service slapd start
return ${result}
}
function addADSchema()
{
/usr/share/eole/sbin/cadoles_add_schema.sh
return ${?}
}
function main() function main()
{ {
MODE=${1} MODE=${1}
result=0
result=0
if [[ ${MODE} == "instance" ]] if [[ ${MODE} == "instance" ]]
then then
LDIF="/etc/cadolesldap/init/cadolesldap.ldif" if [[ $(CreoleGet eole_module) == "seth" ]]
USER="openldap" then
CMD="\"slapadd -l ${LDIF} -f \"/etc/ldap/slapd.conf\"\"" addADSchema
return ${?}
service slapd stop else
runAs ${USER} ${CMD} addLDAPschema
result=$((result+${?})) return ${?}
service slapd start fi
return ${result} fi
fi
} }
if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]] if [[ $(CreoleGet activer_cadolesldap non) == "oui" ]]

93
scripts/cadoles_add_schema.sh Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash
set -e
if [[ ! -e /etc/eole/samba4-vars.conf ]]
then
exit 0
fi
. /etc/eole/samba4-vars.conf
function updateSchemaDN()
{
STR=${1}
DN=${2}
FILE=${3}
sed -i -e "s/${STR}/${DN}/g" ${FILE}
return ${?}
}
function user_exists() {
local username="${1}"
samba-tool user show "${username}" > /dev/null 2>&1
return ${?}
}
DN="$(CreoleGet cadolesldap_basedn)"
BASEDN="CN=Schema,CN=Configuration,${DN}"
INITDIR="/etc/cadolesldap/init"
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $BASEDN CN=siren CN | grep "returned.*records")
if [ "$RETURNED" = "# returned 0 records" ]; then
# Import schema
SCHEMAS="cadoles.schema"
PRIVATE_DIR=/etc/eole/private
for schema in $SCHEMAS
do
updateSchemaDN "{DNCONFIG}" "${DN}" /etc/ldap/schema/eole/${schema}.ldif
if [[ $? -ne 0 ]]
then
echo "Error updating DN for ${schema}"
break
fi
ldbmodify -H /var/lib/samba/private/sam.ldb /etc/ldap/schema/eole/${schema}.ldif --option="dsdb:schema update allowed"=true
if [[ $? -ne 0 ]]
then
echo "Error updating Schema ${schema} !!"
break
fi
done
fi
lv1=$(CreoleGet cadolesldap_niveau01name )
RETURNED=$(ldbsearch --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb -b $DN OU=${lv1} OU | grep "#.* entries")
if [ "$RETURNED" = "# 0 entries" ]; then
ldbmodify -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesldap.ldif
if [[ -e ${INITDIR}/cadolesindex.ldif ]]
then
ldbmodify --option="dsdb:schema update allowed"=true -H /var/lib/samba/private/sam.ldb ${INITDIR}/cadolesindex.ldif
fi
if [[ $(CreoleGet cadolesldap_create_reader non) == "oui" ]]
then
user=$(CreoleGet cadolesldap_reader)
password=$(CreoleGet cadolesldap_reader_pass)
if ! user_exists ${user}
then
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
samba-tool user create --random-password $user
samba-tool user setexpiry $user --noexpiry
samba-tool user setpassword $user --newpassword="${password}"
fi
fi
if [[ $(CreoleGet cadolesldap_create_writer non) == "oui" ]]
then
user=$(CreoleGet cadolesldap_writer)
password=$(CreoleGet cadolesldap_writer_pass)
if ! user_exists ${user}
then
echo "Ajout du compte d'écriture dans l'annuaire '$user'... "
samba-tool user create --random-password $user
samba-tool user setexpiry $user --noexpiry
samba-tool group addmembers 'Domain Admins' $user
samba-tool user setpassword $user --newpassword="${password}"
fi
fi
fi
exit 0

View File

@ -1,66 +1,121 @@
%import pyeole.ssha %import pyeole.ssha
# Entrée 3: ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 3: ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_organization,o=gouv,c=fr dn: ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: %%cadolesldap_organization ou: %%cadolesldap_organization
# Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 4: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr dn: ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: %%cadolesldap_niveau01branche ou: %%cadolesldap_niveau01branche
# Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 5: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,o=gouv,c=fr dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: posixGroup objectclass: posixGroup
objectclass: top objectclass: top
%if %%eole_module == "seth"
objectclass: group
%else
objectclass: sambaGroupMapping objectclass: sambaGroupMapping
%end if
objectclass: cadolesGroup objectclass: cadolesGroup
objectclass: cadolesSiren objectclass: cadolesSiren
cn: %%cadolesldap_niveau01name cn: %%cadolesldap_niveau01name
gidnumber: 1 gidnumber: 1
memberuid: admin memberuid: admin
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr %if %%eole_module != "seth"
cadolesMember: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if
%if %%eole_module != "seth"
sambagrouptype: 2 sambagrouptype: 2
sambasid: 1 sambasid: 1
%end if
%if not %%is_empty(%%cadolesldap_niveau01siren)
siren: %%cadolesldap_niveau01siren siren: %%cadolesldap_niveau01siren
%else
siren: %%cadolesldap_niveau01name
%end if
# Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 6: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,o=gouv,c=fr dn: ou=%%cadolesldap_niveau02branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: %%%%cadolesldap_niveau02branche ou: %%cadolesldap_niveau02branche
# Entrée 7: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 7: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=groups,ou=%%cadolesldap_organization,o=gouv,c=fr dn: ou=groups,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: groups ou: groups
# Entrée 8: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 8: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr dn: ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: organizationalUnit objectclass: organizationalUnit
objectclass: top objectclass: top
ou: users ou: users
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr %if %%eole_module == "seth"
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,o=gouv,c=fr # Entrée 9: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%else
# Entrée 9: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
dn: uid=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if
%if %%eole_module == "seth"
changetype: add
%end if
objectclass: top objectclass: top
objectclass: person objectclass: person
objectclass: organizationalPerson objectclass: organizationalPerson
%if %%eole_module == "seth"
objectclass: user
%end if
objectclass: inetOrgPerson objectclass: inetOrgPerson
objectclass: cadolesPerson objectclass: cadolesPerson
objectclass: cadolesSiren objectclass: cadolesSiren
objectclass: cadolesSiret objectclass: cadolesSiret
authlevel: simple authlevel: simple
uid: admin uid: admin
cn: %%cadolesldap_organization cn: admin
sn: %%cadolesldap_organization sn: %%cadolesldap_organization
displayname: Administrateur %%cadolesldap_organization displayname: Administrateur %%cadolesldap_organization
givenname: Administrateur givenname: Administrateur
%if not %%is_empty(%%system_mail_to)
mail: %%system_mail_to mail: %%system_mail_to
%end if
%if not %%is_empty(%%cadolesldap_niveau01siren)
siren: %%cadolesldap_niveau01siren siren: %%cadolesldap_niveau01siren
%else
siren: %%cadolesldap_niveau01name
%end if
niveau01: %%cadolesldap_niveau01name niveau01: %%cadolesldap_niveau01name
userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin) userpassword: %%pyeole.ssha.ssha_encode(%%cadolesldap_pwdadmin)
%if %%eole_module == "seth"
# FIXME CadolesMember ...
# Entrée 9bis: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
#dn: cn=%%cadolesldap_niveau01name,ou=%%cadolesldap_niveau01branche,ou=%%cadolesldap_organization,%%cadolesldap_basedn
#changetype: add
#cadolesMember: cn=admin,ou=users,ou=%%cadolesldap_organization,%%cadolesldap_basedn
%end if