diff --git a/Dockerfile b/Dockerfile index dec02e3..3f49e24 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,16 @@ -FROM osixia/openldap:1.1.9 -LABEL maintainer="it@feki.de" \ - version="1.1.9-1.3-1" +FROM osixia/openldap:1.2.4 +MAINTAINER Feki.de e.V. "it@feki.de" +LABEL version="1.2.4-1.3-1" -ENV FUSIONDIRECTORY_VERSION=1.3-1 +ADD bootstrap /var/fusiondirectory/bootstrap +ADD certs /container/service/slapd/assets/certs +ADD environment /container/environment/01-custom -RUN apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys D744D55EACDA69FF \ - && (echo "deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main"; \ - echo "deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main") \ +ARG FUSIONDIRECTORY_VERSION=1.3-1 + +RUN apt-key adv --keyserver keys.gnupg.net --receive-keys D744D55EACDA69FF \ + && (echo "deb https://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main"; \ + echo "deb https://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main") \ > /etc/apt/sources.list.d/fusiondirectory-stretch.list \ && apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ diff --git a/bootstrap/ldif/add.ldif b/bootstrap/ldif/add.ldif new file mode 100644 index 0000000..30cc0b2 --- /dev/null +++ b/bootstrap/ldif/add.ldif @@ -0,0 +1,127 @@ +dn: uid=fd-admin,{{ LDAP_BASE_DN }} +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: person +cn: System Administrator +sn: Administrator +givenName: System +uid: fd-admin +userPassword: {{ FD_ADMIN_PASSWORD }} + +dn: ou=aclroles,{{ LDAP_BASE_DN }} +objectClass: organizationalUnit +ou: aclroles + +dn: cn=admin,ou=aclroles,{{ LDAP_BASE_DN }} +objectClass: top +objectClass: gosaRole +cn: admin +description: Gives all rights on all objects +gosaAclTemplate: 0:all;cmdrw + +dn: cn=manager,ou=aclroles,{{ LDAP_BASE_DN }} +cn: manager +description: Give all rights on users in the given branch +objectClass: top +objectClass: gosaRole +gosaAclTemplate: 0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw + +dn: cn=editowninfos,ou=aclroles,{{ LDAP_BASE_DN }} +cn: editowninfos +description: Allow users to edit their own information (main tab and posix use + only on base) +objectClass: top +objectClass: gosaRole +gosaAclTemplate: 0:user/posixAccount;srw,user/user;srw + +dn: ou=fusiondirectory,{{ LDAP_BASE_DN }} +objectClass: organizationalUnit +ou: fusiondirectory + +dn: ou=tokens,ou=fusiondirectory,{{ LDAP_BASE_DN }} +objectClass: organizationalUnit +ou: tokens + +dn: ou=locks,ou=fusiondirectory,{{ LDAP_BASE_DN }} +objectClass: organizationalUnit +ou: locks + +dn: ou=snapshots,{{ LDAP_BASE_DN }} +objectClass: organizationalUnit +ou: snapshots + +dn: cn=config,ou=fusiondirectory,{{ LDAP_BASE_DN }} +fdTheme: default +fdTimezone: America/New_York +fusionConfigMd5: 7fd38d273a2f2e14c749467f4c38a650 +fdSchemaCheck: TRUE +fdPasswordDefaultHash: ssha +fdListSummary: TRUE +fdModificationDetectionAttribute: entryCSN +fdLogging: TRUE +fdLdapSizeLimit: 200 +fdLoginAttribute: uid +fdWarnSSL: TRUE +fdSessionLifeTime: 1800 +fdEnableSnapshots: TRUE +fdSnapshotBase: ou=snapshots,{{ LDAP_BASE_DN }} +fdSslKeyPath: /etc/ssl/private/fd.key +fdSslCertPath: /etc/ssl/certs/fd.cert +fdSslCaCertPath: /etc/ssl/certs/ca.cert +fdCasServerCaCertPath: /etc/ssl/certs/ca.cert +fdCasHost: localhost +fdCasPort: 443 +fdCasContext: /cas +fdAccountPrimaryAttribute: uid +fdCnPattern: %givenName% %sn% +fdStrictNamingRules: TRUE +fdMinId: 100 +fdUidNumberBase: 1100 +fdGidNumberBase: 1100 +fdUserRDN: ou=people +fdGroupRDN: ou=groups +fdAclRoleRDN: ou=aclroles +fdIdAllocationMethod: traditional +fdDebugLevel: 0 +fdShells: /bin/ash +fdShells: /bin/bash +fdShells: /bin/csh +fdShells: /bin/sh +fdShells: /bin/ksh +fdShells: /bin/tcsh +fdShells: /bin/dash +fdShells: /bin/zsh +fdShells: /sbin/nologin +fdShells: /bin/false +fdForcePasswordDefaultHash: FALSE +fdHandleExpiredAccounts: FALSE +fdForceSSL: FALSE +fdHttpAuthActivated: FALSE +fdCasActivated: FALSE +fdRestrictRoleMembers: FALSE +fdDisplayErrors: FALSE +fdLdapStats: FALSE +fdDisplayHookOutput: FALSE +fdAclTabOnObjects: FALSE +cn: config +fdOGroupRDN: ou=groups +fdForceSaslPasswordAsk: FALSE +fdDashboardNumberOfDigit: 3 +fdDashboardPrefix: PC +fdDashboardExpiredAccountsDays: 15 +objectClass: fusionDirectoryConf +objectClass: fusionDirectoryPluginsConf +objectClass: fdDashboardPluginConf +objectClass: fdPasswordRecoveryConf +fdPasswordRecoveryActivated: FALSE +fdPasswordRecoveryEmail: to.be@chang.ed +fdPasswordRecoveryValidity: 10 +fdPasswordRecoverySalt: SomethingSecretAndVeryLong +fdPasswordRecoveryUseAlternate: FALSE +fdPasswordRecoveryMailSubject: [FusionDirectory] Password recovery link +fdPasswordRecoveryMailBody:: SGVsbG8sCgpIZXJlIGFyZSB5b3VyIGluZm9ybWF0aW9ucyA6I + AogLSBMb2dpbiA6ICVzCiAtIExpbmsgOiAlcwoKVGhpcyBsaW5rIGlzIG9ubHkgdmFsaWQgZm9yID + EwIG1pbnV0ZXMu +fdPasswordRecoveryMail2Subject: [FusionDirectory] Password recovery successful +fdPasswordRecoveryMail2Body:: SGVsbG8sCgpZb3VyIHBhc3N3b3JkIGhhcyBiZWVuIGNoYW5n + ZWQuCllvdXIgbG9naW4gaXMgc3RpbGwgJXMu \ No newline at end of file diff --git a/bootstrap/ldif/modify.ldif b/bootstrap/ldif/modify.ldif new file mode 100644 index 0000000..da3e2ca --- /dev/null +++ b/bootstrap/ldif/modify.ldif @@ -0,0 +1,7 @@ +dn: {{ LDAP_BASE_DN }} +changetype: modify +objectClass: gosaDepartment +changetype: modify +objectClass: gosaAcl +changetype: modify +gosaAclEntry: 0:subtree:{{ CN_ADMIN_BS64 }}:{{ UID_FD_ADMIN_BS64 }} \ No newline at end of file diff --git a/certs/ca.crt b/certs/ca.crt new file mode 100644 index 0000000..ab543a3 --- /dev/null +++ b/certs/ca.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0zCCAlmgAwIBAgIUCfQ+m0pgZ/BjYAJvxrn/bdGNZokwCgYIKoZIzj0EAwMw +gZYxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsT +G0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJx +dWUxEzARBgNVBAgTCk5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1i +YXNlaW1hZ2UwHhcNMTUxMjIzMTM1MzAwWhcNMjAxMjIxMTM1MzAwWjCBljELMAkG +A1UEBhMCVVMxFTATBgNVBAoTDEExQSBDYXIgV2FzaDEkMCIGA1UECxMbSW5mb3Jt +YXRpb24gVGVjaG5vbG9neSBEZXAuMRQwEgYDVQQHEwtBbGJ1cXVlcnF1ZTETMBEG +A1UECBMKTmV3IE1leGljbzEfMB0GA1UEAxMWZG9ja2VyLWxpZ2h0LWJhc2VpbWFn +ZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMZf/12pupAgl8Sm+j8GmjNeNbSFAZWW +oTmIvf2Mu4LWPHy4bTldkQgHUbBpT3xWz8f0lB/ru7596CHsGoL2A28hxuclq5hb +Ux1yrIt3bJIY3TuiX25HGTe6kGCJPB1aLaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIG +A1UdEwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFE+l6XolXDAYnGLTl4W6ULKHrm74 +MB8GA1UdIwQYMBaAFE+l6XolXDAYnGLTl4W6ULKHrm74MAoGCCqGSM49BAMDA2gA +MGUCMQCXLZj8okyxW6UTL7hribUUbu63PbjuwIXnwi420DdNsvA9A7fcQEXScWFL +XAGC8rkCMGcqwXZPSRfwuI9r+R11gTrP92hnaVxs9sjRikctpkQpOyNlIXFPopFK +8FdfWPypvA== +-----END CERTIFICATE----- diff --git a/certs/cert.crt b/certs/cert.crt new file mode 100644 index 0000000..000efc1 --- /dev/null +++ b/certs/cert.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAnegAwIBAgIIXM3vfP16npQwCgYIKoZIzj0EAwMwgZYxCzAJBgNVBAYT +AlVTMRUwEwYDVQQKEwxBMUEgQ2FyIFdhc2gxJDAiBgNVBAsTG0luZm9ybWF0aW9u +IFRlY2hub2xvZ3kgRGVwLjEUMBIGA1UEBxMLQWxidXF1ZXJxdWUxEzARBgNVBAgT +Ck5ldyBNZXhpY28xHzAdBgNVBAMTFmRvY2tlci1saWdodC1iYXNlaW1hZ2UwHhcN +MTYwMTEwMDk1OTAwWhcNMTcwMTA5MDk1OTAwWjCBjDELMAkGA1UEBhMCVVMxFTAT +BgNVBAoTDEExQSBDYXIgV2FzaDEkMCIGA1UECxMbSW5mb3JtYXRpb24gVGVjaG5v +bG9neSBEZXAuMRQwEgYDVQQHEwtBbGJ1cXVlcnF1ZTETMBEGA1UECBMKTmV3IE1l +eGljbzEVMBMGA1UEAxMMZTNkMTNlZmQ5YjMxMHYwEAYHKoZIzj0CAQYFK4EEACID +YgAElkKdHmSbyRwpEGkaMW4Hq9XHpEWLnet7mkqpigQMCMNhuUKLThKYWOm8ZLK3 +Yo21jeb/dXF2LiXgd/Jjaenas3KXkb/FMJESQVTvZ3dwcQwOgyEpCTbjs2GSbiK7 +1JuNo4GZMIGWMA4GA1UdDwEB/wQEAwIAoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI +KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUtXICfw5YqIkZi83qxOpB +P5UaHXcwHwYDVR0jBBgwFoAUT6XpeiVcMBicYtOXhbpQsoeubvgwFwYDVR0RBBAw +DoIMZTNkMTNlZmQ5YjMxMAoGCCqGSM49BAMDA2gAMGUCMQC20jjmVWusnspeGSOr +Yk+pWNdbTKzNLaU8mR3X2gCs07xrws6cFJBdx/lx8KxE05YCMEaD5kdea/HkaBzy +5xJZJAuIMpj56AR3J4od9aa3x74NDpgOObRDc4Y7ErAWqjsf3A== +-----END CERTIFICATE----- diff --git a/certs/cert.key b/certs/cert.key new file mode 100644 index 0000000..a77533b --- /dev/null +++ b/certs/cert.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDAXhGbcS1lHXUJ6cvJZHlm/nHmjJ+wzj+REhgIlQUhf+mDELlwgJEJo +Hnag8Ow0xMygBwYFK4EEACKhZANiAASWQp0eZJvJHCkQaRoxbger1cekRYud63ua +SqmKBAwIw2G5QotOEphY6bxksrdijbWN5v91cXYuJeB38mNp6dqzcpeRv8UwkRJB +VO9nd3BxDA6DISkJNuOzYZJuIrvUm40= +-----END EC PRIVATE KEY----- diff --git a/certs/dhparam.pem b/certs/dhparam.pem new file mode 100644 index 0000000..73b8c1e --- /dev/null +++ b/certs/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA7adhygsX/CvbcQBlSEKBmm0D0+hVfIttcftyFTuDPNok4yDJUBUF +zzc7X/i3PUMzANhShBrngBaXbOhVk3QcjMC623TPhFmILx0r236+aQEUGnlwN73M +RUFM6EblYgH4+E4nv+JLwzHdO72+qMAd92rtzVMiaDlCWghH6wdAFoasTsT6Posc +F5T8WCkzFAZeVhNGRKPP6k3l2BjvRJzkwYMMJrxaIYznMEK6H5CYIqZcpeAB3d2B +NaZXLxFCemLrSS16UHrH1modEe8yjrOaE5+ZesGAA9onsNRZkAJp0x/pRaO/+rHn +Q5QVCQCzxY16UsLzH0q/P80xPMU7BMoocwIBAg== +-----END DH PARAMETERS----- diff --git a/environment/fd.startup.yaml b/environment/fd.startup.yaml new file mode 100644 index 0000000..6d0b99c --- /dev/null +++ b/environment/fd.startup.yaml @@ -0,0 +1,11 @@ +# This is the default image startup configuration file +# this file define environment variables used during the container **first start** in **startup files**. + +# This file is deleted right after startup files are processed for the first time, +# after that all these values will not be available in the container environment. +# This helps to keep your container configuration secret. +# more information : https://github.com/osixia/docker-light-baseimage + +# FusionDirectory environment variables +FD_ADMIN_USERNAME: fd-admin +FD_ADMIN_PASSWORD: password diff --git a/environment/fd.yml b/environment/fd.yml new file mode 100644 index 0000000..08ec762 --- /dev/null +++ b/environment/fd.yml @@ -0,0 +1,9 @@ +# This is the default image configuration file +# These values will persists in container environment. + +# All environment variables used after the container first start +# must be defined here. +# more information : https://github.com/osixia/docker-light-baseimage + +# General container configuration +# see table 5.1 in http://www.openldap.org/doc/admin24/slapdconf2.html for the available log levels. diff --git a/init.sh b/init.sh index f43c0d1..f5a1ed4 100644 --- a/init.sh +++ b/init.sh @@ -1,224 +1,40 @@ -#!/bin/bash -set -e - -BOOTSTRAPPED=/etc/ldap/slapd.d/bootstrapped -if [ -e ${BOOTSTRAPPED} ]; then - exit 0 -fi - -IFS='.' read -a domain_elems <<< "${LDAP_DOMAIN}" -SUFFIX="" -TOP="" -for elem in "${domain_elems[@]}" ; do - if [ "x${SUFFIX}" = x ] ; then - SUFFIX="dc=${elem}" - TOP="${elem}" +#!/bin/bash -e + +if [ ! -e "$FIRST_START_DONE" ]; then + + function ldap_add_or_modify (){ + local LDIF_FILE=$1 + + log-helper debug "Processing file ${LDIF_FILE}" + sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" $LDIF_FILE + sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" $LDIF_FILE + sed -i "s|{{ LDAP_DOMAIN }}|${LDAP_DOMAIN}|g" $LDIF_FILE + sed -i "s|{{ CN_ADMIN_BS64 }}|${CN_ADMIN_BS64}|g" $LDIF_FILE + sed -i "s|{{ UID_FD_ADMIN_BS64 }}|${FD_ADMIN_PASSWORD}|g" $LDIF_FILE + sed -i "s|{{ FD_ADMIN_PASSWORD }}|${FD_ADMIN_PASSWORD}|g" $LDIF_FILE + if grep -iq changetype $LDIF_FILE ; then + ( ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $LDIF_FILE 2>&1 || ldapmodify -h localhost -p 389 -D cn=admin,$LDAP_BASE_DN -w "$LDAP_ADMIN_PASSWORD" -f $LDIF_FILE 2>&1 ) | log-helper debug else - SUFFIX="${SUFFIX},dc=${elem}" + ( ldapadd -Y EXTERNAL -Q -H ldapi:/// -f $LDIF_FILE 2>&1 || ldapadd -h localhost -p 389 -D cn=admin,$LDAP_BASE_DN -w "$LDAP_ADMIN_PASSWORD" -f $LDIF_FILE 2>&1 ) | log-helper debug fi -done - -CN_ADMIN="cn=admin,ou=aclroles,${SUFFIX}" -UID_FD_ADMIN="uid=fd-admin,${SUFFIX}" -CN_ADMIN_BS64=$(echo -n ${CN_ADMIN} | base64 | tr -d '\n') -UID_FD_ADMIN_BS64=$(echo -n ${UID_FD_ADMIN} | base64 | tr -d '\n') -FD_ADMIN_PASSWORD=${FD_ADMIN_PASSWORD:-"adminpassword"} + } -touch /tmp/delete.ldif - -if "${LDAP_READONLY_USER}"; then - cat <> /tmp/delete.ldif -dn: cn=${LDAP_READONLY_USER_USERNAME},${SUFFIX} -changetype: delete - -EOF -fi + CN_ADMIN="cn=admin,ou=aclroles,${LDAP_BASE_DN}" + UID_FD_ADMIN="uid=${FD_ADMIN_USERNAME},${LDAP_BASE_DN}" + CN_ADMIN_BS64=$(echo -n ${CN_ADMIN} | base64 | tr -d '\n') + UID_FD_ADMIN_BS64=$(echo -n ${UID_FD_ADMIN} | base64 | tr -d '\n') -cat <> /tmp/delete.ldif -dn: cn=admin,${SUFFIX} -changetype: delete + LDAP_ADMIN_PASSWORD_HASH=$(slappasswd -s $LDAP_ADMIN_PASSWORD) + FD_ADMIN_PASSWORD_HASH=$(slappasswd -s $FD_ADMIN_PASSWORD) -dn: ${SUFFIX} -changetype: delete + fusiondirectory-insert-schema + mkdir /etc/ldap/schema/fusiondirectory/modify/ + mv /etc/ldap/schema/fusiondirectory/rfc2307bis.schema /etc/ldap/schema/fusiondirectory/modify/rfc2307bis.schema + fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/*.schema + fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/modify/*.schema -EOF + ldap_add_or_modify "/var/fusiondirectory/bootstrap/ldif/modify.ldif" + ldap_add_or_modify "/var/fusiondirectory/bootstrap/ldif/add.ldif" -ldapmodify -x -D "cn=admin,${SUFFIX}" -w ${LDAP_ADMIN_PASSWORD} -f /tmp/delete.ldif -fusiondirectory-insert-schema - -cat < /tmp/base.ldif -dn: ${SUFFIX} -o: ${LDAP_ORGANISATION} -dc: ${TOP} -ou: ${TOP} -description: ${TOP} -objectClass: top -objectClass: dcObject -objectClass: organization -objectClass: gosaDepartment -objectClass: gosaAcl -gosaAclEntry: 0:subtree:${CN_ADMIN_BS64}:${UID_FD_ADMIN_BS64} - -dn: cn=admin,${SUFFIX} -objectClass: simpleSecurityObject -objectClass: organizationalRole -cn: admin -description: LDAP administrator -userPassword: ${LDAP_ADMIN_PASSWORD} - -EOF - -if "${LDAP_READONLY_USER}"; then - cat <> /tmp/base.ldif -dn: cn=${LDAP_READONLY_USER_USERNAME},${SUFFIX} -objectClass: simpleSecurityObject -objectClass: organizationalRole -cn: cn=${LDAP_READONLY_USER_USERNAME} -description: LDAP read only user -userPassword: ${LDAP_READONLY_USER_PASSWORD} - -EOF + rm -rf /tmp/* fi - -ldapadd -x -D "cn=admin,${SUFFIX}" -w ${LDAP_ADMIN_PASSWORD} -f /tmp/base.ldif - -cat < /tmp/add.ldif -dn: uid=fd-admin,${SUFFIX} -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: person -cn: System Administrator -sn: Administrator -givenName: System -uid: fd-admin -userPassword: ${FD_ADMIN_PASSWORD} - -dn: ou=aclroles,${SUFFIX} -objectClass: organizationalUnit -ou: aclroles - -dn: cn=admin,ou=aclroles,${SUFFIX} -objectClass: top -objectClass: gosaRole -cn: admin -description: Gives all rights on all objects -gosaAclTemplate: 0:all;cmdrw - -dn: cn=manager,ou=aclroles,${SUFFIX} -cn: manager -description: Give all rights on users in the given branch -objectClass: top -objectClass: gosaRole -gosaAclTemplate: 0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw - -dn: cn=editowninfos,ou=aclroles,${SUFFIX} -cn: editowninfos -description: Allow users to edit their own information (main tab and posix use - only on base) -objectClass: top -objectClass: gosaRole -gosaAclTemplate: 0:user/posixAccount;srw,user/user;srw - -dn: ou=fusiondirectory,${SUFFIX} -objectClass: organizationalUnit -ou: fusiondirectory - -dn: ou=tokens,ou=fusiondirectory,${SUFFIX} -objectClass: organizationalUnit -ou: tokens - -dn: cn=config,ou=fusiondirectory,${SUFFIX} -fdTheme: default -fdTimezone: America/New_York -fusionConfigMd5: 7fd38d273a2f2e14c749467f4c38a650 -fdSchemaCheck: TRUE -fdPasswordDefaultHash: ssha -fdListSummary: TRUE -fdModificationDetectionAttribute: entryCSN -fdLogging: TRUE -fdLdapSizeLimit: 200 -fdLoginAttribute: uid -fdWarnSSL: TRUE -fdSessionLifeTime: 1800 -fdEnableSnapshots: TRUE -fdSnapshotBase: ou=snapshots,${SUFFIX} -fdSslKeyPath: /etc/ssl/private/fd.key -fdSslCertPath: /etc/ssl/certs/fd.cert -fdSslCaCertPath: /etc/ssl/certs/ca.cert -fdCasServerCaCertPath: /etc/ssl/certs/ca.cert -fdCasHost: localhost -fdCasPort: 443 -fdCasContext: /cas -fdAccountPrimaryAttribute: uid -fdCnPattern: %givenName% %sn% -fdStrictNamingRules: TRUE -fdMinId: 100 -fdUidNumberBase: 1100 -fdGidNumberBase: 1100 -fdUserRDN: ou=people -fdGroupRDN: ou=groups -fdAclRoleRDN: ou=aclroles -fdIdAllocationMethod: traditional -fdDebugLevel: 0 -fdShells: /bin/ash -fdShells: /bin/bash -fdShells: /bin/csh -fdShells: /bin/sh -fdShells: /bin/ksh -fdShells: /bin/tcsh -fdShells: /bin/dash -fdShells: /bin/zsh -fdShells: /sbin/nologin -fdShells: /bin/false -fdForcePasswordDefaultHash: FALSE -fdHandleExpiredAccounts: FALSE -fdForceSSL: FALSE -fdHttpAuthActivated: FALSE -fdCasActivated: FALSE -fdRestrictRoleMembers: FALSE -fdDisplayErrors: FALSE -fdLdapStats: FALSE -fdDisplayHookOutput: FALSE -fdAclTabOnObjects: FALSE -cn: config -fdOGroupRDN: ou=groups -fdForceSaslPasswordAsk: FALSE -fdDashboardNumberOfDigit: 3 -fdDashboardPrefix: PC -fdDashboardExpiredAccountsDays: 15 -objectClass: fusionDirectoryConf -objectClass: fusionDirectoryPluginsConf -objectClass: fdDashboardPluginConf -objectClass: fdPasswordRecoveryConf -fdPasswordRecoveryActivated: FALSE -fdPasswordRecoveryEmail: to.be@chang.ed -fdPasswordRecoveryValidity: 10 -fdPasswordRecoverySalt: SomethingSecretAndVeryLong -fdPasswordRecoveryUseAlternate: FALSE -fdPasswordRecoveryMailSubject: [FusionDirectory] Password recovery link -fdPasswordRecoveryMailBody:: SGVsbG8sCgpIZXJlIGFyZSB5b3VyIGluZm9ybWF0aW9ucyA6I - AogLSBMb2dpbiA6ICVzCiAtIExpbmsgOiAlcwoKVGhpcyBsaW5rIGlzIG9ubHkgdmFsaWQgZm9yID - EwIG1pbnV0ZXMu -fdPasswordRecoveryMail2Subject: [FusionDirectory] Password recovery successful -fdPasswordRecoveryMail2Body:: SGVsbG8sCgpZb3VyIHBhc3N3b3JkIGhhcyBiZWVuIGNoYW5n - ZWQuCllvdXIgbG9naW4gaXMgc3RpbGwgJXMu - -dn: ou=locks,ou=fusiondirectory,${SUFFIX} -objectClass: organizationalUnit -ou: locks - -dn: ou=snapshots,${SUFFIX} -objectClass: organizationalUnit -ou: snapshots - -EOF - -mkdir -p /etc/ldap/schema/fusiondirectory/modify -mv /etc/ldap/schema/fusiondirectory/rfc2307bis.schema \ - /etc/ldap/schema/fusiondirectory/modify/ -fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/*.schema -fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/modify/*.schema -ldapadd -x -D "cn=admin,${SUFFIX}" -w ${LDAP_ADMIN_PASSWORD} -f /tmp/add.ldif - -rm -rf /tmp/* -touch ${BOOTSTRAPPED}