Master Controller/Software

From ESCTL
Jump to: navigation, search

Contents

Download esctl software

Configure LDAP

  • cd esctl/schema/
  • cp -p 70esctl.ldif /etc/ldap/schema/
  • vi /usr/share/slapd/slapd.conf
    • include /etc/ldap/schema/70esctl.ldif
  • [ dpkg-reconfigure --force slapd ]
    • DNS domain name: customername.hosted.esctl.co.uk
    • Organization name: customername
    • Administrator password: ****
    • Database backend to use: HDB
    • Remove database when slapd is purged? Yes (??!!)
    • Allow LDAPv2 protocol?: No
  • /etc/init.d/slapd restart

Add esctl schema extension

  • mkdir /root/schemaconv
  • cd /root/schemaconv
  • vi test.conf 
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /root/schemaconv/70esctl.schema

ls -l

~/schemaconv# ls -l

total 16 -rw-r--r-- 1 root root 2497 Nov 20 19:01 70esctl.schema -rw-r--r-- 1 root root 162 Nov 20 18:59 test.conf


  • slaptest -f test.conf -F /root/schemaconv
  • vi cn\=config/cn\=schema/cn\=\{3\}70esctl.ldif
    • (Change {3}70esctl to {4}70esctl or whichever number is next in your LDAP tree
    • Find out via ls /etc/ldap/slapd.d/cn\=config/cn\=schema/
  • cp -p /root/schemaconv/cn=config/cn=schema/cn={3}70esctl.ldif /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif
  • chown openldap /etc/ldap/slapd.d/cn\=config/cn\=schema/{4}70esctl.ldif
  • service slapd restart

Add read-only access to LDAP for esctl controller

If you would like your esctl controller software to connect to your LDAP server via a read-only user, rather than using the LDAP admin user, you can use something like this:

  • vi olc-esc-access.ldif 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to dn.sub="ou=esctl,dc=<<ROOTDN>>"
  by dn="cn=ESCTL Controller,dc=<<ROOTDN>>" read
  by self write
  by * none
  • ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcAccess.ldif


Sample LDAP schema content 

version: 1

dn: ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: esctl

dn: ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: readers

dn: ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: tokens

dn: ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: top
objectClass: organizationalUnit
ou: 1
description: Door 1

dn: cn=Manager,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escReader
cn: Manager
escDoor: 1
escgid: esctl Manager

dn: cn=Resident,ou=1,ou=readers,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escReader
cn: Resident
escDoor: 1
escgid: esctl Resident

dn: et=PIN:1234,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escToken
et: PIN:1234
escuid: jbloggs

dn: et=C0572A00,ou=tokens,ou=esctl,dc=customername,dc=hosted,dc=esctl,dc=co,dc=uk
objectClass: escToken
et: C15A2D03
escDateFrom: 20140128001003Z
escDateTo: 20380101000000Z
escuid: jbloggs


  • Need to create:
    • ou=Special Users
    • ou=People
    • ou=Groups 
dn: cn=ESCTL Controller,ou=Special Users,dc=<<ROOTDN>>
changetype: add
objectClass: simpleSecurityObject
objectClass: organizationalRole
userPassword:: ********
description: ESCTL Controller
cn: ESCTL Controller

Create indexes to optimise performance

  • vi olcDbIndex.ldif 
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn pres,sub,eq
-
add: olcDbIndex
olcDbIndex: et pres,eq
-
add: olcDbIndex
olcDbIndex: memberUid pres,sub,eq
  • ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcDbIndex.ldif


MySQL

You need to have the MySQL database server installed.

The script below (log.mysql) will automatically create the 'esctl' database, and within this database will create the 'log' table that is required for the controller to log any accesses.

  • mysql -p < ~/esctl/controller/log.mysql

You must also create a MySQL user for the controller to use when adding new log entries.

  • mysql -p
    • grant insert,select on esctl.log to esctl_log@localhost identified by '***********';

xinetd

  • cd /root/esctl/controller
  • cp -p xinetd.d-esctl /etc/xinetd.d/esctl
  • service xinetd restart

Final configuration

  • cp config.pm.template config.pm
  • vi config.pm


  • vi /etc/rsyslog.d/esctl.conf 
local3.*        /var/log/esctl
  • service rsyslog restart
Retrieved from ‘http://www.esctl.co.uk/index.php?title=Master_Controller/Software&oldid=79
Personal tools
Namespaces

Variants
Actions
Navigation
Tools