Master Controller/Software

From ESCTL
< Master Controller(Difference between revisions)
Jump to: navigation, search
(Add esctl schema extension)
(Add read-only access to LDAP for esctl controller)
Line 51: Line 51:
  
 
=== Add read-only access to LDAP for esctl controller ===
 
=== Add read-only access to LDAP for esctl controller ===
* !!! Have not actually done this !!!! Works fine without..!
+
If you would like your esctl controller software to connect to your LDAP server via a read-only user, rather than using the LDAP admin user, you can use something like this:
 
* vi olc-esc-access.ldif
 
* vi olc-esc-access.ldif
 
<pre>
 
<pre>
Line 65: Line 65:
  
  
==== Sample LDAP schema content ====
+
=== Sample LDAP schema content ===
 
<pre>version: 1
 
<pre>version: 1
  
Line 131: Line 131:
  
 
</pre>
 
</pre>
 
  
 
=== Create indexes to optimise performance ===
 
=== Create indexes to optimise performance ===

Revision as of 09:13, 21 November 2014

Contents

Download esctl software

Configure LDAP

  • cd esctl/schema/
  • cp -p 70esctl.ldif /etc/ldap/schema/
  • vi /usr/share/slapd/slapd.conf
    • include /etc/ldap/schema/70esctl.ldif
  • [ dpkg-reconfigure --force slapd ]
    • DNS domain name: customername.hosted.esctl.co.uk
    • Organization name: customername
    • Administrator password: ****
    • Database backend to use: HDB
    • Remove database when slapd is purged? Yes (??!!)
    • Allow LDAPv2 protocol?: No
  • /etc/init.d/slapd restart

Add esctl schema extension

  • mkdir /root/schemaconv
  • cd /root/schemaconv
  • vi test.conf 
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /root/schemaconv/70esctl.schema

ls -l

~/schemaconv# ls -l

total 16 -rw-r--r-- 1 root root 2497 Nov 20 19:01 70esctl.schema -rw-r--r-- 1 root root 162 Nov 20 18:59 test.conf


  • slaptest -f test.conf -F /root/schemaconv
  • vi cn\=config/cn\=schema/cn\=\{3\}70esctl.ldif
    • (Change {3}70esctl to {4}70esctl or whichever number is next in your LDAP tree
    • Find out via ls /etc/ldap/slapd.d/cn\=config/cn\=schema/
  • cp -p /root/schemaconv/cn=config/cn=schema/cn={3}70esctl.ldif /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif
  • chown openldap /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif
  • service slapd restart

Add read-only access to LDAP for esctl controller

If you would like your esctl controller software to connect to your LDAP server via a read-only user, rather than using the LDAP admin user, you can use something like this:

  • vi olc-esc-access.ldif 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to dn.sub="ou=esctl,dc=<<ROOTDN>>"
  by dn="cn=ESCTL Controller,dc=<<ROOTDN>>" read
  by self write
  by * none
  • ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif


Sample LDAP schema content 

version: 1

dn: ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: esctl

dn: ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: readers

dn: ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: tokens

dn: ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: 1
description: Door 1

dn: cn=Manager,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escReader
cn: Manager
escDoor: 1
escgid: esctl Manager

dn: cn=Resident,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escReader
cn: Resident
escDoor: 1
escgid: esctl Resident

dn: et=PIN:1234,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escToken
et: PIN:1234
escuid: jbloggs

dn: et=C0572A00,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escToken
et: C15A2D03
escDateFrom: 20140128001003Z
escDateTo: 20380101000000Z
escuid: jbloggs


  • Need to create:
    • ou=Special Users
    • ou=People
    • ou=Groups 
dn: cn=ESCTL Controller,ou=Special Users,dc=<<ROOTDN>>
changetype: add
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword:: ********
description: ESCTL Controller
cn: ESCTL Controller

Create indexes to optimise performance

  • vi olcDbIndex.ldif 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn pres,sub,eq
-
add: olcDbIndex
olcDbIndex: et pres,eq
-
add: olcDbIndex
olcDbIndex: memberUid pres,sub,eq
  • ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif


MySQL

  • cd ~/esctl/controller
  • mysql -p < log.mysql
    • grant insert,select on esctl.log to esctl_log@localhost identified by '***********';

xinetd

  • cd /root/esctl/controller
  • cp -p xinetd.d-esctl /etc/xinetd.d/esctl
  • service xinetd restart

Final configuration

  • cp config.pm.template config.pm
  • vi config.pm


  • vi /etc/rsyslog.d/esctl.conf 
local3.*        /var/log/esctl
  • service rsyslog restart
Retrieved from ‘http://www.esctl.co.uk/index.php?title=Master_Controller/Software&oldid=78
Personal tools
Namespaces

Variants
Actions
Navigation
Tools