| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 |
- #!/bin/sh
- # Set the variables
- SERVER=${SERVER:-`hostname --fqdn`}
- DOMAIN=${SERVER#*.}
- LDAP_ROOT=""
- IFS="."
- for DC in ${DOMAIN}
- do
- LDAP_ROOT="${LDAP_ROOT},dc=${DC}"
- done
- LDAP_ROOT="${LDAP_ROOT#,}"
- echo -e "
- \nServer: ${SERVER}
- \nDomain: ${DOMAIN}
- \nLDAP Root: ${LDAP_ROOT}
- "
- # Setup TLS certificate (self-signed) for LDAP
- if [ ! -d 'certs' ]
- then
- mkdir certs
- fi
- CA_KEY="certs/CAself-key.pem"
- CA_INFO="certs/CAself.info"
- CA_CERT="certs/CAself-cert.pem"
- certtool --generate-privkey > "${CA_KEY}"
- cat > "${CA_INFO}" <<EOF
- cn = ${DOMAIN}
- ca
- cert_signing_key
- expiration_days = 8000
- EOF
- certtool \
- --generate-self-signed \
- --load-privkey "${CA_KEY}" \
- --template "${CA_INFO}" \
- --outfile "${CA_CERT}"
- chmod 0640 "${CA_KEY}"
- # Generate private key for LDAP service
- LDAP_TLS_KEY="certs/${SERVER}_slapd_key.pem"
- LDAP_TLS_INFO="certs/${SERVER}.info"
- LDAP_TLS_CERT="certs/${SERVER}_slapd_cert.pem"
- certtool --generate-privkey > "${LDAP_TLS_KEY}"
- cat > "${LDAP_TLS_INFO}" <<EOF
- organization = ${DOMAIN}
- cn = ${SERVER}
- tls_www_server
- encryption_key
- signing_key
- expiration_days = 8000
- EOF
- certtool \
- --generate-certificate \
- --load-privkey "${LDAP_TLS_KEY}" \
- --load-ca-certificate "${CA_CERT}" \
- --load-ca-privkey "${CA_KEY}" \
- --template "${LDAP_TLS_INFO}" \
- --outfile "${LDAP_TLS_CERT}"
- chmod 0640 "${LDAP_TLS_KEY}"
- cat > "certs/sourceme" <<EOF
- CA_KEY="certs/CAself-key.pem"
- CA_INFO="certs/CAself.info"
- CA_CERT="certs/CAself-cert.pem"
- LDAP_TLS_KEY="certs/${SERVER}_slapd_key.pem"
- LDAP_TLS_INFO="certs/${SERVER}.info"
- LDAP_TLS_CERT="certs/${SERVER}_slapd_cert.pem"
- EOF
|
