5
if [ ! "$?" -eq 0 ]; then
10
ldapadd -x -D cn=admin,dc=__DOMAIN__ -w "__PASSROOT__" -f ldapconfig.ldif
13
ldapadd -x -D cn=admin,dc=__DOMAIN__ -w "__PASSROOT__" -f grups.ldif
16
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f uid_index.ldif
19
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f corba.ldif
22
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f logging.ldif
25
sudo systemctl restart syslog.service
27
sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem"
29
sudo certtool --generate-self-signed \
30
--load-privkey /etc/ssl/private/cakey.pem \
31
--template /etc/ssl/ca.info \
32
--outfile /etc/ssl/certs/cacert.pem
35
sudo certtool --generate-privkey \
37
--outfile /etc/ssl/private/servidor_slapd_key.pem
40
sudo certtool --generate-certificate \
41
--load-privkey /etc/ssl/private/servidor_slapd_key.pem \
42
--load-ca-certificate /etc/ssl/certs/cacert.pem \
43
--load-ca-privkey /etc/ssl/private/cakey.pem \
44
--template /etc/ssl/servidor.info \
45
--outfile /etc/ssl/certs/servidor_slapd_cert.pem
48
sudo chgrp openldap /etc/ssl/private/servidor_slapd_key.pem
51
sudo chmod 0640 /etc/ssl/private/servidor_slapd_key.pem
54
sudo gpasswd -a openldap ssl-cert
57
sudo systemctl restart slapd.service
60
sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f certinfo.ldif