diff --git a/testing/ldap/README b/testing/ldap/README new file mode 100644 index 0000000..3f85e55 --- /dev/null +++ b/testing/ldap/README @@ -0,0 +1,23 @@ +The most important file is slapd.conf. it has some quick configs necisarry for testing. +the file slapd.conf belongs at /etc/openldap/slapd.conf + +install the packages if they are not already + yum -y install openldap-server openldap-clients + +add the root dn + slapadd -v -l root.ldif + +start the service + /etc/init.d/ldap start + +add some test entries (service must be running) + ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -a -v -f users.ldif + +remove them + ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -v -f remove_all.ldif + +read them with slapcat + slapcat + +or read them with a client tool + ldapsearch -x -b "dc=plainjoe,dc=org" "(objectclass=*)" diff --git a/testing/ldap/remove_all.ldif b/testing/ldap/remove_all.ldif new file mode 100644 index 0000000..499713e --- /dev/null +++ b/testing/ldap/remove_all.ldif @@ -0,0 +1,8 @@ +dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org +changetype: delete + +dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org +changetype: delete + +dn: ou=people,dc=plainjoe,dc=org +changetype: delete diff --git a/testing/ldap/root.ldif b/testing/ldap/root.ldif new file mode 100644 index 0000000..a376ce8 --- /dev/null +++ b/testing/ldap/root.ldif @@ -0,0 +1,5 @@ +dn: dc=plainjoe,dc=org +dc: plainjoe +objectClass: dcObject +objectClass: organizationalUnit +ou: PlainJoe Dot Org diff --git a/testing/ldap/slapd.conf b/testing/ldap/slapd.conf new file mode 100644 index 0000000..96a0177 --- /dev/null +++ b/testing/ldap/slapd.conf @@ -0,0 +1,98 @@ +# +# See slapd.conf(5) for details on configuration options. +# This file should NOT be world readable. +# +include /etc/openldap/schema/core.schema +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/nis.schema + +# Allow LDAPv2 client connections. This is NOT the default. +allow bind_v2 + +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +#referral ldap://root.openldap.org + +pidfile /var/run/slapd.pid +argsfile /var/run/slapd.args + +# Load dynamic backend modules: +# modulepath /usr/sbin/openldap +# moduleload back_bdb.la +# moduleload back_ldap.la +# moduleload back_ldbm.la +# moduleload back_passwd.la +# moduleload back_shell.la + +# The next three lines allow use of TLS for encrypting connections using a +# dummy test certificate which you can generate by changing to +# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on +# slapd.pem so that the ldap user or group can read it. Your client software +# may balk at self-signed certificates, however. +# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt +# TLSCertificateFile /etc/pki/tls/certs/slapd.pem +# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem + +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 63-bit encryption for simple bind +# security ssf=1 update_ssf=112 simple_bind=64 + +# Sample access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# Directives needed to implement policy: +# access to dn.base="" by * read +# access to dn.base="cn=Subschema" by * read +# access to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! + +#just allow anyone to do whatever for testing purposes +access to * + by * write + +####################################################################### +# ldbm and/or bdb database definitions +####################################################################### + +database bdb +suffix "dc=plainjoe,dc=org" +rootdn "cn=Manager,dc=plainjoe,dc=org" +# Cleartext passwords, especially for the rootdn, should +# be avoided. See slappasswd(8) and slapd.conf(5) for details. +# Use of strong authentication encouraged. +# rootpw secret +# rootpw {crypt}ijFYNcSNctBYg +rootpw {SSHA}3Q3i+6viSPu3ZIso9ta6cYtNS4TEAXuO + +# The database directory MUST exist prior to running slapd AND +# should only be accessible by the slapd and slap tools. +# Mode 700 recommended. +directory /var/lib/ldap + +# Indices to maintain for this database +index objectClass eq,pres +index ou,cn,mail,surname,givenname eq,pres,sub +index uidNumber,gidNumber,loginShell eq,pres +index uid,memberUid eq,pres,sub +index nisMapName,nisMapEntry eq,pres,sub + +# Replicas of this database +#replogfile /var/lib/ldap/openldap-master-replog +#replica host=ldap-1.example.com:389 starttls=critical +# bindmethod=sasl saslmech=GSSAPI +# authcId=host/ldap-master.example.com@EXAMPLE.COM diff --git a/testing/ldap/users.ldif b/testing/ldap/users.ldif new file mode 100644 index 0000000..3ac0e27 --- /dev/null +++ b/testing/ldap/users.ldif @@ -0,0 +1,23 @@ +dn: ou=people,dc=plainjoe,dc=org +ou: people +objectClass: organizationalUnit + +dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org +cn: Some Guy +sn: Guy +mail: sguy@place.com +mail: sguy@otherplace.com +labeledURI: http://www.place.com/sguy/index.php +roomNumber: 1234 his room +departmentNumber: sw devel +pager: 555-666-7777 +mobile: 898-898-8989 +objectClass: inetOrgPerson + +dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org +cn: Other Guy +sn: Guy +mail: oguy@place.com +departmentNumber: hw devel +mobile: 898-898-9999 +objectClass: inetOrgPerson diff --git a/testing/ldap_config_files/README.etc.openldap b/testing/ldap_config_files/README.etc.openldap deleted file mode 100644 index f2d0d09..0000000 --- a/testing/ldap_config_files/README.etc.openldap +++ /dev/null @@ -1,23 +0,0 @@ -The most important file is slapd.conf. it has some quick configs necisarry for testing. -the file etc.openldap.slapd.conf belongs at /etc/openldap/slapd.conf - -install the packages if they are not already - yum -y install openldap-server openldap-clients - -add the root dn - slapadd -v -l root.ldif - -start the service - /etc/init.d/ldap start - -add some test entries (service must be running) - ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -a -v -f users.ldif - -remove them - ldapmodify -D "cn=Manager,dc=plainjoe,dc=org" -w secret -x -v -f remove_all.ldif - -read them with slapcat - slapcat - -or read them with a client tool - ldapsearch -x -b "dc=plainjoe,dc=org" "(objectclass=*)" diff --git a/testing/ldap_config_files/etc.openldap.slap.conf b/testing/ldap_config_files/etc.openldap.slap.conf deleted file mode 100644 index 96a0177..0000000 --- a/testing/ldap_config_files/etc.openldap.slap.conf +++ /dev/null @@ -1,98 +0,0 @@ -# -# See slapd.conf(5) for details on configuration options. -# This file should NOT be world readable. -# -include /etc/openldap/schema/core.schema -include /etc/openldap/schema/cosine.schema -include /etc/openldap/schema/inetorgperson.schema -include /etc/openldap/schema/nis.schema - -# Allow LDAPv2 client connections. This is NOT the default. -allow bind_v2 - -# Do not enable referrals until AFTER you have a working directory -# service AND an understanding of referrals. -#referral ldap://root.openldap.org - -pidfile /var/run/slapd.pid -argsfile /var/run/slapd.args - -# Load dynamic backend modules: -# modulepath /usr/sbin/openldap -# moduleload back_bdb.la -# moduleload back_ldap.la -# moduleload back_ldbm.la -# moduleload back_passwd.la -# moduleload back_shell.la - -# The next three lines allow use of TLS for encrypting connections using a -# dummy test certificate which you can generate by changing to -# /etc/pki/tls/certs, running "make slapd.pem", and fixing permissions on -# slapd.pem so that the ldap user or group can read it. Your client software -# may balk at self-signed certificates, however. -# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt -# TLSCertificateFile /etc/pki/tls/certs/slapd.pem -# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem - -# Sample security restrictions -# Require integrity protection (prevent hijacking) -# Require 112-bit (3DES or better) encryption for updates -# Require 63-bit encryption for simple bind -# security ssf=1 update_ssf=112 simple_bind=64 - -# Sample access control policy: -# Root DSE: allow anyone to read it -# Subschema (sub)entry DSE: allow anyone to read it -# Other DSEs: -# Allow self write access -# Allow authenticated users read access -# Allow anonymous users to authenticate -# Directives needed to implement policy: -# access to dn.base="" by * read -# access to dn.base="cn=Subschema" by * read -# access to * -# by self write -# by users read -# by anonymous auth -# -# if no access controls are present, the default policy -# allows anyone and everyone to read anything but restricts -# updates to rootdn. (e.g., "access to * by * read") -# -# rootdn can always read and write EVERYTHING! - -#just allow anyone to do whatever for testing purposes -access to * - by * write - -####################################################################### -# ldbm and/or bdb database definitions -####################################################################### - -database bdb -suffix "dc=plainjoe,dc=org" -rootdn "cn=Manager,dc=plainjoe,dc=org" -# Cleartext passwords, especially for the rootdn, should -# be avoided. See slappasswd(8) and slapd.conf(5) for details. -# Use of strong authentication encouraged. -# rootpw secret -# rootpw {crypt}ijFYNcSNctBYg -rootpw {SSHA}3Q3i+6viSPu3ZIso9ta6cYtNS4TEAXuO - -# The database directory MUST exist prior to running slapd AND -# should only be accessible by the slapd and slap tools. -# Mode 700 recommended. -directory /var/lib/ldap - -# Indices to maintain for this database -index objectClass eq,pres -index ou,cn,mail,surname,givenname eq,pres,sub -index uidNumber,gidNumber,loginShell eq,pres -index uid,memberUid eq,pres,sub -index nisMapName,nisMapEntry eq,pres,sub - -# Replicas of this database -#replogfile /var/lib/ldap/openldap-master-replog -#replica host=ldap-1.example.com:389 starttls=critical -# bindmethod=sasl saslmech=GSSAPI -# authcId=host/ldap-master.example.com@EXAMPLE.COM diff --git a/testing/ldap_config_files/remove_all.ldif b/testing/ldap_config_files/remove_all.ldif deleted file mode 100644 index 499713e..0000000 --- a/testing/ldap_config_files/remove_all.ldif +++ /dev/null @@ -1,8 +0,0 @@ -dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org -changetype: delete - -dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org -changetype: delete - -dn: ou=people,dc=plainjoe,dc=org -changetype: delete diff --git a/testing/ldap_config_files/root.ldif b/testing/ldap_config_files/root.ldif deleted file mode 100644 index a376ce8..0000000 --- a/testing/ldap_config_files/root.ldif +++ /dev/null @@ -1,5 +0,0 @@ -dn: dc=plainjoe,dc=org -dc: plainjoe -objectClass: dcObject -objectClass: organizationalUnit -ou: PlainJoe Dot Org diff --git a/testing/ldap_config_files/users.ldif b/testing/ldap_config_files/users.ldif deleted file mode 100644 index 3ac0e27..0000000 --- a/testing/ldap_config_files/users.ldif +++ /dev/null @@ -1,23 +0,0 @@ -dn: ou=people,dc=plainjoe,dc=org -ou: people -objectClass: organizationalUnit - -dn: cn=Some Guy,ou=people,dc=plainjoe,dc=org -cn: Some Guy -sn: Guy -mail: sguy@place.com -mail: sguy@otherplace.com -labeledURI: http://www.place.com/sguy/index.php -roomNumber: 1234 his room -departmentNumber: sw devel -pager: 555-666-7777 -mobile: 898-898-8989 -objectClass: inetOrgPerson - -dn: cn=Other Guy,ou=people,dc=plainjoe,dc=org -cn: Other Guy -sn: Guy -mail: oguy@place.com -departmentNumber: hw devel -mobile: 898-898-9999 -objectClass: inetOrgPerson