|
5 | 5 | BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )" |
6 | 6 | SEED_PATH="$( cd `dirname $0`/../test/fixtures && pwd )" |
7 | 7 |
|
8 | | -dpkg -s slapd time ldap-utils ||\ |
| 8 | +dpkg -s slapd time ldap-utils gnutls-bin ssl-cert > /dev/null ||\ |
9 | 9 | DEBIAN_FRONTEND=noninteractive sudo -E apt-get install -y --force-yes slapd time ldap-utils |
10 | 10 |
|
11 | 11 | sudo /etc/init.d/slapd stop |
@@ -45,3 +45,60 @@ sudo /etc/init.d/slapd start |
45 | 45 | -f $SEED_PATH/seed.ldif |
46 | 46 |
|
47 | 47 | sudo rm -rf $TMPDIR |
| 48 | + |
| 49 | +# SSL |
| 50 | + |
| 51 | +sudo sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem" |
| 52 | + |
| 53 | +sudo sh -c "cat > /etc/ssl/ca.info <<EOF |
| 54 | +cn = rubyldap |
| 55 | +ca |
| 56 | +cert_signing_key |
| 57 | +EOF" |
| 58 | + |
| 59 | +# Create the self-signed CA certificate: |
| 60 | +sudo certtool --generate-self-signed \ |
| 61 | +--load-privkey /etc/ssl/private/cakey.pem \ |
| 62 | +--template /etc/ssl/ca.info \ |
| 63 | +--outfile /etc/ssl/certs/cacert.pem |
| 64 | + |
| 65 | +# Make a private key for the server: |
| 66 | +sudo certtool --generate-privkey \ |
| 67 | +--bits 1024 \ |
| 68 | +--outfile /etc/ssl/private/ldap01_slapd_key.pem |
| 69 | + |
| 70 | +sudo sh -c "cat > /etc/ssl/ldap01.info <<EOF |
| 71 | +organization = Example Company |
| 72 | +cn = ldap01.example.com |
| 73 | +tls_www_server |
| 74 | +encryption_key |
| 75 | +signing_key |
| 76 | +expiration_days = 3650 |
| 77 | +EOF" |
| 78 | + |
| 79 | +# Create the server certificate |
| 80 | +sudo certtool --generate-certificate \ |
| 81 | +--load-privkey /etc/ssl/private/ldap01_slapd_key.pem \ |
| 82 | +--load-ca-certificate /etc/ssl/certs/cacert.pem \ |
| 83 | +--load-ca-privkey /etc/ssl/private/cakey.pem \ |
| 84 | +--template /etc/ssl/ldap01.info \ |
| 85 | +--outfile /etc/ssl/certs/ldap01_slapd_cert.pem |
| 86 | + |
| 87 | +sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<EOF | true |
| 88 | +dn: cn=config |
| 89 | +add: olcTLSCACertificateFile |
| 90 | +olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem |
| 91 | +- |
| 92 | +add: olcTLSCertificateFile |
| 93 | +olcTLSCertificateFile: /etc/ssl/certs/ldap01_slapd_cert.pem |
| 94 | +- |
| 95 | +add: olcTLSCertificateKeyFile |
| 96 | +olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem |
| 97 | +EOF |
| 98 | + |
| 99 | +sudo adduser openldap ssl-cert |
| 100 | +sudo chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem |
| 101 | +sudo chmod g+r /etc/ssl/private/ldap01_slapd_key.pem |
| 102 | +sudo chmod o-r /etc/ssl/private/ldap01_slapd_key.pem |
| 103 | + |
| 104 | +sudo service slapd restart |
0 commit comments