update ldap and postgresql password

This commit is contained in:
Emmanuel Garette 2022-03-15 12:12:09 +01:00
parent e7980db685
commit fa7653dd14
4 changed files with 12 additions and 0 deletions

View file

@ -8,6 +8,7 @@
<file owner="ldap" mode="400">/etc/pki/tls/private/openldap.key</file> <file owner="ldap" mode="400">/etc/pki/tls/private/openldap.key</file>
<file owner="ldap">/var/lib/ldap/DB_CONFIG</file> <file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
<file>/secrets/users.ldif</file> <file>/secrets/users.ldif</file>
<file>/secrets/users_mod.ldif</file>
<file>/secrets/config.ldif</file> <file>/secrets/config.ldif</file>
<file>/secrets/config_acl.ldif</file> <file>/secrets/config_acl.ldif</file>
<file>/secrets/admin_ldap.pwd</file> <file>/secrets/admin_ldap.pwd</file>

View file

@ -13,3 +13,4 @@ ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
#waiting for ldap server... #waiting for ldap server...
ExecStartPost=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done' ExecStartPost=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif

View file

@ -0,0 +1,9 @@
# Remote
%for %%remote in %%accounts.remotes
%set %%name = %%normalize_family(%%remote)
dn: %%accounts['remote_' + %%name]['dn_' + %%name]
changetype: modify
replace: userPassword
userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
%end for

View file

@ -2,5 +2,6 @@
%set %%name = %%normalize_family(%%server) %set %%name = %%normalize_family(%%server)
CREATE DATABASE "%%name"; CREATE DATABASE "%%name";
CREATE ROLE "%%name" WITH LOGIN ENCRYPTED PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]'; CREATE ROLE "%%name" WITH LOGIN ENCRYPTED PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
ALTER USER "%%name" PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
GRANT ALL PRIVILEGES ON DATABASE "%%name" TO "%%name"; GRANT ALL PRIVILEGES ON DATABASE "%%name" TO "%%name";
%end for %end for