Revision as of 15:29, 25 November 2016

Notes on building Hackerspace public and member services.

Common

1. Install basic stuff

# yum install -y epel-release
# yum install -y vim bash-completion wget certbot

LDAP

Installation

# yum install -y openldap openldap-clients openldap-servers

Service

1. Enable and start service

# systemctl enable slapd.service
# systemctl start slapd.service

2. Check it actually works

# systemctl status -l slapd.service

Configuration

1. Copy default DB_CONFIG

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

2. Create a new admin password

# slappasswd

3. Create an initial config in a file

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 
  read by dn.base="cn=admin,dc=example,dc=org" read by * none

dn: olcDatabase={2}bdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=example,dc=org
-
replace: olcRootDN
olcRootDN: cn=admin,dc=example,dc=org
-
add: olcRootPW
olcRootPW: {SSHA}3u4JMk96UgMheppVZpdr7HmMJFKHRpEd

4. And use it

ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f openldap_initial.ldif

Schema

1. Create an ldif file with the schema

# example.org
dn: dc=example,dc=org
dc: example
objectClass: dcObject
objectClass: organizationalUnit
ou: example.org

# People
dn: ou=People,dc=example,dc=org
objectClass: organizationalUnit
ou: People

2. And use it

# ldapmodify -x -W -D cn=admin,dc=example,dc=org -a -f schema.ldif

Users

1. Create a new user

dn: uid=test,ou=People,dc=example,dc=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
mail: username@example.gr
cn: username example
sn: example
givenName: username
uid: test
uidNumber: 99
gidNumber: 12
homeDirectory: /Maildir/test
userPassword: test

Status

1. Display entire config

# ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config"

Jabber

Installation

# yum -y install prosody

Configuration