Master Controller/Software
From ESCTL
< Master Controller(Difference between revisions)
(Created page with " === Download esctl software === * apt-get install subversion * cd /root * mkdir esctl * svn co svn://giles.northenden.ninja.org.uk/esctl/server/trunk/ esctl/ === Configure L...") |
|||
| Line 22: | Line 22: | ||
* /etc/init.d/slapd restart | * /etc/init.d/slapd restart | ||
| + | |||
| + | === Add esctl schema extension === | ||
| + | |||
| + | * mkdir /root/schemaconv | ||
| + | * cd /root/schemaconv | ||
| + | * vi test.conf | ||
| + | <pre> | ||
| + | include /etc/ldap/schema/core.schema | ||
| + | include /etc/ldap/schema/cosine.schema | ||
| + | include /etc/ldap/schema/inetorgperson.schema | ||
| + | include /root/schemaconv/70esctl.schema | ||
| + | </pre> | ||
| + | |||
| + | * slaptest -f test.conf -F /root/schemaconv | ||
| + | * vi cn\=config/cn\=schema/cn\=\{3\}70esctl.ldif | ||
| + | ** (Change {3}70esctl to {4}70esctl or whichever number is next in your LDAP tree | ||
| + | ** Find out via ls /etc/ldap/slapd.d/cn\=config/cn\=schema/ | ||
| + | * cp -p /root/schemaconv/cn=config/cn=schema/cn={3}70esctl.ldif /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif | ||
| + | * service slapd restart | ||
| + | |||
| + | === Add read-only access to LDAP for esctl controller === | ||
| + | * !!! Have not actually done this !!!! Works fine without..! | ||
| + | * vi olc-esc-access.ldif | ||
| + | <pre> | ||
| + | dn: olcDatabase={1}hdb,cn=config | ||
| + | changetype: modify | ||
| + | add: olcAccess | ||
| + | olcAccess: {1}to dn.sub="ou=esctl,dc=<<ROOTDN>>" | ||
| + | by dn="cn=ESCTL Controller,dc=<<ROOTDN>>" read | ||
| + | by self write | ||
| + | by * none | ||
| + | </pre> | ||
| + | * ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif | ||
| + | |||
==== Sample LDAP schema content ==== | ==== Sample LDAP schema content ==== | ||
| Line 73: | Line 107: | ||
</pre> | </pre> | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
* Need to create: | * Need to create: | ||
Revision as of 23:24, 20 November 2014
Contents |
Download esctl software
- apt-get install subversion
- cd /root
- mkdir esctl
- svn co svn://giles.northenden.ninja.org.uk/esctl/server/trunk/ esctl/
Configure LDAP
- cd esctl/schema/
- cp -p 70esctl.ldif /etc/ldap/schema/
- vi /usr/share/slapd/slapd.conf
- include /etc/ldap/schema/70esctl.ldif
- [ dpkg-reconfigure --force slapd ]
- DNS domain name: customername.hosted.esctl.co.uk
- Organization name: customername
- Administrator password: ****
- Database backend to use: HDB
- Remove database when slapd is purged? Yes (??!!)
- Allow LDAPv2 protocol?: No
- /etc/init.d/slapd restart
Add esctl schema extension
- mkdir /root/schemaconv
- cd /root/schemaconv
- vi test.conf
include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /root/schemaconv/70esctl.schema
- slaptest -f test.conf -F /root/schemaconv
- vi cn\=config/cn\=schema/cn\=\{3\}70esctl.ldif
- (Change {3}70esctl to {4}70esctl or whichever number is next in your LDAP tree
- Find out via ls /etc/ldap/slapd.d/cn\=config/cn\=schema/
- cp -p /root/schemaconv/cn=config/cn=schema/cn={3}70esctl.ldif /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif
- service slapd restart
Add read-only access to LDAP for esctl controller
- !!! Have not actually done this !!!! Works fine without..!
- vi olc-esc-access.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to dn.sub="ou=esctl,dc=<<ROOTDN>>"
by dn="cn=ESCTL Controller,dc=<<ROOTDN>>" read
by self write
by * none
- ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif
Sample LDAP schema content
version: 1 dn: ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: top objectClass: organizationalUnit ou: esctl dn: ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: top objectClass: organizationalUnit ou: readers dn: ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: top objectClass: organizationalUnit ou: tokens dn: ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: top objectClass: organizationalUnit ou: 1 description: Door 1 dn: cn=Manager,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: escReader cn: Manager escDoor: 1 escgid: esctl Manager dn: cn=Resident,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: escReader cn: Resident escDoor: 1 escgid: esctl Resident dn: et=PIN:1234,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: escToken et: PIN:1234 escuid: jbloggs dn: et=C0572A00,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk objectClass: escToken et: C15A2D03 escDateFrom: 20140128001003Z escDateTo: 20380101000000Z escuid: jbloggs
- Need to create:
- ou=Special Users
- ou=People
- ou=Groups
dn: cn=ESCTL Controller,ou=Special Users,dc=<<ROOTDN>> changetype: add objectClass: simpleSecurityObject objectClass: organizationalRole userPassword:: ******** description: ESCTL Controller cn: ESCTL Controller
Create indexes to optimise performance
- vi olcDbIndex.ldif
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn pres,sub,eq
-
add: olcDbIndex
olcDbIndex: et pres,eq
-
add: olcDbIndex
olcDbIndex: memberUid pres,sub,eq
- ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif
MySQL
- cd ~/esctl/controller
- mysql -p < log.mysql
- grant insert,select on esctl.log to esctl_log@localhost identified by '***********';
xinetd
- cd /root/esctl/controller
- cp -p xinetd.d-esctl /etc/xinetd.d/esctl
- service xinetd restart
Final configuration
- cp config.pm.template config.pm
- vi config.pm
- vi /etc/rsyslog.d/esctl.conf
local3.* /var/log/esctl
- service rsyslog restart
