Add this files from CentOS version Signed-off-by: Yue Tao --- /dev/null +++ ldapscripts-2.0.8/ldapaddgroup.template.cgcs @@ -0,0 +1,5 @@ +dn: cn=,, +objectClass: posixGroup +cn: +gidNumber: +description: Group account --- /dev/null +++ ldapscripts-2.0.8/ldapaddsudo.template.cgcs @@ -0,0 +1,10 @@ +dn: cn=,ou=SUDOers, +objectClass: top +objectClass: sudoRole +cn: +sudoUser: +sudoHost: ALL +sudoRunAsUser: ALL +sudoCommand: ALL +#sudoOrder: +#sudoOption: --- /dev/null +++ ldapscripts-2.0.8/ldapadduser.template.cgcs @@ -0,0 +1,16 @@ +dn: uid=,, +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +objectClass: top +cn: +uid: +uidNumber: +gidNumber: +shadowMax: 99999 +shadowWarning: 7 +shadowLastChange: 0 +homeDirectory: +loginShell: +gecos: +description: User account --- /dev/null +++ ldapscripts-2.0.8/ldapmodsudo.template.cgcs @@ -0,0 +1,4 @@ +dn: cn=,ou=SUDOers, +changeType: modify +: +: --- /dev/null +++ ldapscripts-2.0.8/ldapmoduser.template.cgcs @@ -0,0 +1,4 @@ +dn: uid=,, +changeType: modify +: +: --- /dev/null +++ ldapscripts-2.0.8/ldapscripts.conf.cgcs @@ -0,0 +1,152 @@ +# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora +# Copyright (C) 2006-2013 Ganaël LAPLANCHE +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +# LDAP server +SERVER="ldap://controller" + +# Suffixes +SUFFIX="dc=cgcs,dc=local" # Global suffix +GSUFFIX="ou=Group" # Groups ou (just under $SUFFIX) +USUFFIX="ou=People" # Users ou (just under $SUFFIX) +MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) + +# Authentication type +# If empty, use simple authentication +# Else, use the value as an SASL authentication mechanism +SASLAUTH="" +#SASLAUTH="GSSAPI" + +# Simple authentication parameters +# The following BIND* parameters are ignored if SASLAUTH is set +BINDDN="cn=ldapadmin,dc=cgcs,dc=local" +# The following file contains the raw password of the BINDDN +# Create it with something like : echo -n 'secret' > $BINDPWDFILE +# WARNING !!!! Be careful not to make this file world-readable +BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd" +# For older versions of OpenLDAP, it is still possible to use +# unsecure command-line passwords by defining the following option +# AND commenting the previous one (BINDPWDFILE takes precedence) +#BINDPWD="secret" + +# Start with these IDs *if no entry found in LDAP* +GIDSTART="10000" # Group ID +UIDSTART="10000" # User ID +MIDSTART="20000" # Machine ID + +# Group membership management +# ObjectCLass used for groups +# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) +# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). +# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, +# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. +GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! +# When using groupOfNames or groupOfUniqueNames, creating a group requires an initial +# member. Specify it below, you will be able to remove it once groups are populated. +#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" + +# User properties +USHELL="/bin/sh" +UHOMES="/home/%u" # You may use %u for username here +CREATEHOMES="no" # Create home directories and set rights ? +HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. +HOMEPERMS="700" # Default permissions for home directories + +# User passwords generation +# Command-line used to generate a password for added users. +# You may use %u for username here ; special value "" will ask for a password interactively +# WARNING !!!! This is evaluated, everything specified here will be run ! +# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). +# In this case, consider using /dev/urandom instead. +#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" +#PASSWORDGEN="pwgen" +#PASSWORDGEN="echo changeme" +PASSWORDGEN="echo %u" +#PASSWORDGEN="" + +# User passwords recording +# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS +# (useful when performing a massive creation / net rpc vampire) +# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! +# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! +RECORDPASSWORDS="no" +PASSWORDFILE="/var/log/ldapscripts_passwd.log" + +# Where to log +LOGFILE="/var/log/ldapscripts.log" + +# Temporary folder +TMPDIR="/tmp" + +# Various binaries used within the scripts +# Warning : they also use uuencode, date, grep, sed, cut, which... +# Please check they are installed before using these scripts +# Note that many of them should come with your OS + +# OpenLDAP client commands +LDAPSEARCHBIN="/usr/bin/ldapsearch" +LDAPADDBIN="/usr/bin/ldapadd" +LDAPDELETEBIN="/usr/bin/ldapdelete" +LDAPMODIFYBIN="/usr/bin/ldapmodify" +LDAPMODRDNBIN="/usr/bin/ldapmodrdn" +LDAPPASSWDBIN="/usr/bin/ldappasswd" + +# OpenLDAP client common additional options +# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS +#LDAPBINOPTS="-ZZ" + +# OpenLDAP ldapsearch-specific additional options +# The following option disables long-line wrapping (which makes the scripts bug +# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so +# comment it if you are using OpenLDAP < 2.4.24. +LDAPSEARCHOPTS="-o ldif-wrap=no" +# And here is an example to activate paged results +#LDAPSEARCHOPTS="-E pr=500/noprompt" + +# Character set conversion : $ICONVCHAR <-> UTF-8 +# Comment ICONVBIN to disable UTF-8 conversion +# ICONVBIN="/usr/bin/iconv" +# ICONVCHAR="" + +# Base64 decoding +# Comment UUDECODEBIN to disable Base64 decoding +#UUDECODEBIN="/usr/bin/uudecode" + +# Getent command to use - choose the ones used +# on your system. Leave blank or comment for auto-guess. +# GNU/Linux +GETENTPWCMD="getent passwd" +GETENTGRCMD="getent group" +# FreeBSD +#GETENTPWCMD="pw usershow" +#GETENTGRCMD="pw groupshow" +# Auto +#GETENTPWCMD="" +#GETENTGRCMD="" + +# You can specify custom LDIF templates here +# Leave empty to use default templates +# See *.template.sample for default templates +#GTEMPLATE="/path/to/ldapaddgroup.template" +#UTEMPLATE="/path/to/ldapadduser.template" +#MTEMPLATE="/path/to/ldapaddmachine.template" +GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs" +UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs" +UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs" +STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs" +SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs" +MTEMPLATE="" --- /dev/null +++ ldapscripts-2.0.8/ldapscripts.passwd @@ -0,0 +1 @@ +_LDAPADMIN_PW_