| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- #!/bin/sh
- # Set the variables
- SERVER=${SERVER:-`hostname --fqdn`}
- DOMAIN=${SERVER#*.}
- LDAP_ROOT=""
- IFS="."
- for DC in $DOMAIN
- do
- LDAP_ROOT="${LDAP_ROOT},dc=$DC"
- done
- LDAP_ROOT="${LDAP_ROOT#,}"
- echo -e "
- \nServer: $SERVER
- \nDomain: $DOMAIN
- \nLDAP Root: $LDAP_ROOT
- "
- # Setup TLS certificate (self-signed) for LDAP
- CA_KEY=certs/CAself-key.pem
- CA_INFO=certs=certs/CAself.info
- CA_CERT=certs/CAself-cert.pem
- certtool --generate-privkey > $CA_KEY
- cat > $CA_INFO <<EOF
- cn = $DOMAIN
- ca
- cert_signing_key
- expiration_days = 8000
- EOF
- certtool \
- --generate-self-signed \
- --load-privkey $CA_KEY \
- --template $CA_INFO \
- --outfile $CA_CERT
- chmod 0640 $CA_KEY
- # Generate private key for LDAP service
- LDAP_TLS_KEY=certs/$SERVER_slapd_key.pem
- LDAP_TLS_INFO=certs/$SERVER.info
- LDAP_TLS_CERT=certs/$SERVER_slapd_cert.pem
- certtool --generate-privkey > $LDAP_TLS_KEY
- cat > $LDAP_TLS_INFO <<EOF
- organization = $DOMAIN
- cn = $SERVER
- tls_www_server
- encryption_key
- signing_key
- expiration_days = 8000
- EOF
- certtool \
- --generate-certificate \
- --load-privkey $LDAP_TLS_KEY \
- --load-ca-certificate $CA_CERT \
- --load-ca-privkey $CA_KEY \
- --template $LDAP_TLS_INFO \
- --outfile $LDAP_TLS_CERT
- chmod 0640 $LDAP_TLS_KEY
|
