new structure

This kicks off the basic tree structure, where the docs all mirror the
reality, like an ascii penumbra.

kralizec/slapd/.gitignore

@@ -0,0 +1,2 @@
+acladd.ldif
+*gpg

kralizec/slapd/README.md

@@ -0,0 +1,18 @@
+Create ldap users at dmz.rs/account for users in the servicesaccounts.txt
+these accounts should be listed in /root/ldifs/addacl.ldif
+to generate addacl.ldif run generateacl.sh
+
+add tls keys in /etc/ssl/certs/ldap.krov.dmz.rs
+
+# Generate password for admin user on this server only and add it when asked during installation
+apt install slapd
+
+# For domain set dmz.rs for Organization set Users for admin password use previously generated password
+dpkg-reconfigure slapd
+
+# change /etc/default/slapd to replace ldap:// with ldaps:// under SLAPD_SERVICES
+service slapd restart
+./setup.sh
+
+dmzrsaccount vm should run prepare.py 
+ldapsync vm should run sync.py

kralizec/slapd/acladd-template.ldif

@@ -0,0 +1,18 @@
+dn: olcDatabase={1}mdb,cn=config
+add: olcAccess
+olcAccess: {1}to attrs=userPassword by self write by anonymous auth
+
+dn: olcDatabase={1}mdb,cn=config
+add: olcAccess
+#olcAccess: {2}to * by * none
+olcAccess: {2}to * by self write READUSERS by anonymous none
+
+dn: olcDatabase={-1}frontend,cn=config
+add: olcAccess
+olcAccess: {1}to attrs=userPassword by self write by anonymous auth
+
+dn: olcDatabase={-1}frontend,cn=config
+add: olcAccess
+#olcAccess: {2}to * by * none
+olcAccess: {2}to * by self READUSERS by anonymous none
+

kralizec/slapd/generateacl.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+READUSERS=""
+for i in $(cat servicesaccounts.txt); do READUSERS="$READUSERS by dn=\"$i\" read" ; done
+
+sed 's/READUSERS/'"$READUSERS"'/g' acladd-template.ldif > acladd.ldif
+

kralizec/slapd/generatecreds.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+function genpass(){
+echo $(shuf ../../scripts/shared/english.txt | head) | sed "s/ //g"
+}
+
+for i in $(cat servicesaccounts.txt) ; do printf "%s\n" $(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2 ; genpass) | gpg -e -r fram3d@dmz.rs -r sienna@dmz.rs --output creds/$(echo -n $i | cut -d"," -f 1 | cut -d"=" -f2).gpg ; done
+

kralizec/slapd/servicesaccounts.txt

@@ -0,0 +1,9 @@
+uid=readonlykrov,ou=Users,dc=dmz,dc=rs
+uid=wikildapkrov,ou=Users,dc=dmz,dc=rs
+uid=forumldapkrov,ou=Users,dc=dmz,dc=rs
+uid=gitealdapkrov,ou=Users,dc=dmz,dc=rs
+uid=xmppldapkrov,ou=Users,dc=dmz,dc=rs
+uid=dovecotldapkrov,ou=Users,dc=dmz,dc=rs
+uid=postfixldapkrov,ou=Users,dc=dmz,dc=rs
+uid=smtpdldapkrov,ou=Users,dc=dmz,dc=rs
+uid=kralizecslapd,ou=Users,dc=dmz,dc=rs