install_ldap_srv.sh

yum -y update
yum install -y openldap-servers openldap-clients
yum install -y --enablerepo=epel ldapvi

echo -e '#ldaplog\nlocal4.*\t-/var/log/ldaplog' > /etc/rsyslog.d/ldap.conf

sed -i '3s/\(.*\)/\1\n\/var\/log\/ldaplog/' /etc/logrotate.d/syslog
service rsyslog restart

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
chown ldap. /var/lib/ldap/DB_CONFIG


chkconfig slapd on
service slapd start



mkdir ldapconf
cd ldapconf

ldappass=$(slappasswd -s password)


cat <<EOF > ldapconf_init_passwd.ldif
dn: olcDatabase={0}config,cn=config
changeType: modify
add: olcRootPW
olcRootPW: ${ldappass}
EOF


ldapadd -Y EXTERNAL -H ldapi:// -f ldapconf_init_passwd.ldif




base='dc=testcompany,dc=com'

cat <<EOF >ldapconf_init_suffix.ldif
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
  read by dn.base="cn=Manager,${base}" read by * none

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: ${base}

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=Manager,${base}

dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcRootPW
olcRootPW: ${ldappass}
EOF


ldapmodify -x -D "cn=config" -w password -f ldapconf_init_suffix.ldif

sed -i 's/SLAPD_LDAPS=no/SLAPD_LDAPS=yes/' /etc/sysconfig/ldap
cat /etc/sysconfig/ldap |grep SLAPD_LDAPS|grep -v -E "^#"