tuto:linux_divers:installer_fusiondirectory_centos_6

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision 		Révision précédente
tuto:linux_divers:installer_fusiondirectory_centos_6 [01/08/2013 15:20]
dani créée 		tuto:linux_divers:installer_fusiondirectory_centos_6 [05/09/2013 17:19] (Version actuelle)
Ligne 1: Ligne 1:
 +====== Installer FusionDirectory sur CentOS 6 ======
 +
 <note important>Cette page est en cours de rédaction, les notes peuvent être incomplètes ou erronées</note> <note important>Cette page est en cours de rédaction, les notes peuvent être incomplètes ou erronées</note>
  
 +Dans ce how-to, nous allons mettre en place [[http://fusiondirectory.org|FusionDirectory]] pour gérer dans un annuaire LDAP
 +  * Les groupes et utilisateurs
 +  * Samba
 +  * DHCP
 +  * DNS
 +  * les utilisateurs LDAP système (branche DSA)
 +
 +Deux serveurs seront mis en place:
 +  * Le premier exécutera OpenLDAP
 +  * Le second hébergera l'interface de FusionDirectory
 +
 +===== Prérequis =====
 +Deux serveurs (possible de tout déployer sur un seul également) sous CentOS 6.4 x86_64. Le dépôt EPEL est configuré et activé
 +
 +===== Configuration des dépôts =====
 +Il faut ajouter le dépôt FusionFirectory
 +
 +<code bash>
 +cat <<'EOF' > /etc/yum.repos.d/fusiondirectory.repo
 +[fusiondirectory]
 +name=Fusiondirectory Packages for RHEL / CentOS 6
 +baseurl=http://repos.fusiondirectory.org/rhel/6/noarch
 +enabled=1
 +gpgcheck=1
 +gpgkey=http://download.fusiondirectory.org/gpg/fusiondirectory_public.key
 +EOF
 +</code>
 +
 +===== Préparer l'environnement =====
 +<code bash>
 +mkdir /etc/install
 +chmod 700 /etc/install
 +echo 'p@ssw0rd' > /etc/install/ldap.pw
 +echo 'Firewall Services' > /etc/install/ldap.org
 +echo 'dc=firewall-services,dc=com' > /etc/install/ldap.base
 +echo 'firewall-services' > /etc/install/ldap.topdc
 +echo 'files' > /etc/install/samba.netbios
 +echo 'FIREWALL.LOCAL' > /etc/install/samba.domain
 +echo 'firewall-services.com' > /etc/install/dnsdomain
 +openssl rand -base64 33 | perl -pe 's/\//\./g' > /etc/install/samba.pw
 +openssl rand -base64 33 | perl -pe 's/\//\./g' > /etc/install/dhcp.pw
 +openssl rand -base64 33 | perl -pe 's/\//\./g' > /etc/install/unix.pw
 +openssl rand -base64 33 | perl -pe 's/\//\./g' > /etc/install/dns.pw
 +openssl rand -base64 33 | perl -pe 's/\//\./g' > /etc/install/ssh.pw
 +</code>
 +===== Installer OpenLDAP =====
 +Sur le serveur LDAP
 +
 +  * installer OpenLDAP:
 +
 +<code bash>
 +yum install openldap-servers openldap-clients
 +</code>
 +
 +  * Installer les schemas
 +<code bash>
 +yum install fusiondirectory-schema
 +</code>
 +
 +  * Schema supplémentaires:
 +
 +<hidden Récupérer et installer les 4 fichiers suivants dans /etc/openldap/schema/fusiondirectory>
 +<file schema dhcp-fd.schema>
 +attributetype ( 2.16.840.1.38414.1.203.4.1 
 +  NAME 'dhcpPrimaryDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The DN of the dhcpServer which is the primary server for the configuration.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.2 
 +  NAME 'dhcpSecondaryDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.3 
 +  NAME 'dhcpStatements' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.4 
 +  NAME 'dhcpRange' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen.  Each range is defined as a separate value.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.5 
 +  NAME 'dhcpPermitList' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.6 
 +  NAME 'dhcpNetMask' 
 +  EQUALITY integerMatch
 +  DESC 'The subnet mask length for the subnet.  The mask can be easily computed from this length.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.7 
 +  NAME 'dhcpOption' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Encoded option values to be sent to clients.  Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.8 
 +  NAME 'dhcpClassData' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons.  Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.9 
 +  NAME 'dhcpOptionsDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.10 
 +  NAME 'dhcpHostDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'the distinguished name(s) of the dhcpHost objects.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.11 
 +  NAME 'dhcpPoolDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of pools.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.12 
 +  NAME 'dhcpGroupDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s)   of the groups.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.13 
 +  NAME 'dhcpSubnetDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of the subnets.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.14 
 +  NAME 'dhcpLeaseDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name of a client address.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.15 
 +  NAME 'dhcpLeasesDN' 
 +  DESC 'The distinguished name(s) client addresses.' 
 +  EQUALITY distinguishedNameMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.16 
 +  NAME 'dhcpClassesDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of a class(es) in a subclass.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.17 
 +  NAME 'dhcpSubclassesDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of subclass(es).' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.18 
 +  NAME 'dhcpSharedNetworkDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name(s) of sharedNetworks.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.19 
 +  NAME 'dhcpServiceDN' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.20 
 +  NAME 'dhcpVersion'
 +  DESC 'The version attribute of this object.'
 +  EQUALITY caseIgnoreIA5Match
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.21 
 +  NAME 'dhcpImplementation' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.22 
 +  NAME 'dhcpAddressState' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'This stores information about the current binding-status of an address.  For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP" For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.23 
 +  NAME 'dhcpExpirationTime' 
 +  EQUALITY generalizedTimeMatch 
 +  DESC 'This is the time the current lease for an address expires.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.24 
 +  NAME 'dhcpStartTimeOfState' 
 +  EQUALITY generalizedTimeMatch 
 +  DESC 'This is the time of the last state change for a leased address.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.25 
 +  NAME 'dhcpLastTransactionTime' 
 +  EQUALITY generalizedTimeMatch 
 +  DESC 'This is the last time a valid DHCP packet was received from the client.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.26 
 +  NAME 'dhcpBootpFlag' 
 +  EQUALITY booleanMatch 
 +  DESC 'This indicates whether the address was assigned via BOOTP.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.27 
 +  NAME 'dhcpDomainName' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'This is the name of the domain sent to the client by the server.  It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN.  To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.28 
 +  NAME 'dhcpDnsStatus' 
 +  EQUALITY integerMatch
 +  DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address.  The value is a 16-bit bitmask.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.29 
 +  NAME 'dhcpRequestedHostName' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'This is the hostname that was requested by the client.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.30 
 +  NAME 'dhcpAssignedHostName' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client.  The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.31 
 +  NAME 'dhcpReservedForClient' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'The distinguished name of a "dhcpClient" that an address is reserved for.  This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.32 
 +  NAME 'dhcpAssignedToClient' 
 +  EQUALITY distinguishedNameMatch
 +  DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to.  This attribute is only present in the class when the address is leased.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.33 
 +  NAME 'dhcpRelayAgentInfo' 
 +  EQUALITY octetStringMatch
 +  DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.34 
 +  NAME 'dhcpHWAddress' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'The clients hardware address that requested this IP address.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.35 
 +  NAME 'dhcpHashBucketAssignment' 
 +  EQUALITY octetStringMatch
 +  DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.36 
 +  NAME 'dhcpDelayedServiceParameter' 
 +  EQUALITY integerMatch
 +  DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.37 
 +  NAME 'dhcpMaxClientLeadTime' 
 +  EQUALITY integerMatch
 +  DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.38 
 +  NAME 'dhcpFailOverEndpointState' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.39 
 +  NAME 'dhcpErrorLog' 
 +  EQUALITY caseIgnoreIA5Match
 +  DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.40 
 +  NAME 'dhcpLocatorDN' 
 +  EQUALITY distinguishedNameMatch 
 +  DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype  ( 2.16.840.1.38414.1.203.4.41 
 +  NAME 'dhcpKeyAlgorithm' 
 +  EQUALITY caseIgnoreIA5Match 
 +  DESC 'Algorithm to generate TSIG Key' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype  ( 2.16.840.1.38414.1.203.4.42 
 +  NAME 'dhcpKeySecret' 
 +  EQUALITY octetStringMatch 
 +  DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.43 
 +  NAME 'dhcpDnsZoneServer' 
 +  EQUALITY caseIgnoreIA5Match 
 +  DESC 'Master server of the DNS Zone' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.44 
 +  NAME 'dhcpKeyDN' 
 +  EQUALITY distinguishedNameMatch 
 +  DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.45 
 +  NAME 'dhcpZoneDN' 
 +  EQUALITY distinguishedNameMatch 
 +  DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.46 
 +  NAME 'dhcpFailOverPrimaryServer' 
 +  EQUALITY caseIgnoreIA5Match 
 +  DESC 'IP address or DNS name of the server playing primary role in DHC Load Balancing and Fail over.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.47 
 +  NAME 'dhcpFailOverSecondaryServer' 
 +  EQUALITY caseIgnoreIA5Match 
 +  DESC 'IP address or DNS name of the server playing secondary role in DHC Load Balancing and Fail over.' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.48
 +  NAME 'dhcpFailOverPrimaryPort' 
 +  EQUALITY integerMatch 
 +  DESC 'Port on which primary server listens for connections from its fail over peer (secondary server)' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +  
 +attributetype ( 2.16.840.1.38414.1.203.4.49
 +  NAME 'dhcpFailOverSecondaryPort' 
 +  EQUALITY integerMatch 
 +  DESC 'Port on which secondary server listens for connections from its fail over peer (primary server)' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.50
 +  NAME 'dhcpFailOverResponseDelay' 
 +  EQUALITY integerMatch 
 +  DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.51
 +  NAME 'dhcpFailOverUnackedUpdates' 
 +  EQUALITY integerMatch 
 +  DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.52
 +  NAME 'dhcpFailOverSplit' 
 +  EQUALITY integerMatch 
 +  DESC 'Split between the primary and secondary servers for fail over purpose' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.53
 +  NAME 'dhcpFailOverLoadBalanceTime' 
 +  EQUALITY integerMatch 
 +  DESC 'Cutoff time in seconds, after which load balance is disabled' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.54
 +  NAME 'dhcpFailOverPeerDN' 
 +  EQUALITY distinguishedNameMatch 
 +  DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
 +
 +#List of all servers in the tree
 +attributetype ( 2.16.840.1.38414.1.203.4.55
 +  NAME 'dhcpServerDN' 
 +  EQUALITY distinguishedNameMatch 
 +  DESC 'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 +
 +attributetype ( 2.16.840.1.38414.1.203.4.56
 +  NAME 'dhcpComments' 
 +  EQUALITY caseIgnoreIA5Match 
 +  DESC 'Generic attribute that allows coments  within any DHCP object' 
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 +
 +# Classes
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.1 
 +  NAME 'dhcpService' 
 +  DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
 +  SUP top 
 +  MUST (cn) 
 +  MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.2 
 +  NAME 'dhcpSharedNetwork' 
 +  DESC 'This stores configuration information for a shared network.' 
 +  SUP top 
 +  MUST cn 
 +  MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.3 
 +  NAME 'dhcpSubnet' 
 +  DESC 'This class defines a subnet. This is a container object.' 
 +  SUP top 
 +  MUST ( cn $ dhcpNetMask ) 
 +  MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.4 
 +  NAME 'dhcpPool' 
 +  DESC 'This stores configuration information about a pool.' 
 +  SUP top 
 +  MUST ( cn $ dhcpRange ) 
 +  MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
 +  X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.5 
 +  NAME 'dhcpGroup' 
 +  DESC 'Group object that lists host DNs and parameters. This is a container object.' 
 +  SUP top 
 +  MUST cn 
 +  MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
 +  X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.6 
 +  NAME 'dhcpHost' 
 +  DESC 'This represents information about a particular client' 
 +  SUP top 
 +  MUST cn 
 +  MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
 +  X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.7 
 +  NAME 'dhcpClass' 
 +  DESC 'Represents information about a collection of related clients.' 
 +  SUP top 
 +  MUST cn 
 +  MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
 +  X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.8 
 +  NAME 'dhcpSubClass' 
 +  DESC 'Represents information about a collection of related classes.' 
 +  SUP top 
 +  MUST cn 
 +  MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.9 
 +  NAME 'dhcpOptions' 
 +  DESC 'Represents information about a collection of options defined.' 
 +  SUP top AUXILIARY
 +  MUST cn 
 +  MAY ( dhcpOption $ dhcpComments ) 
 +  X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.10 
 +  NAME 'dhcpLeases' 
 +  DESC 'This class represents an IP Address, which may or may not have been leased.' 
 +  SUP top 
 +  MUST ( cn $ dhcpAddressState ) 
 +  MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress ) 
 +  X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.11 
 +  NAME 'dhcpLog' 
 +  DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
 +  SUP top 
 +  MUST ( cn ) 
 +  MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
 +  X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.12 
 +  NAME 'dhcpServer' 
 +  DESC 'DHCP Server Object' 
 +  SUP top AUXILIARY 
 +  MUST ( cn ) 
 +  MAY (dhcpServiceDN  $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) 
 +  X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.13 
 +  NAME 'dhcpTSigKey' 
 +  DESC 'TSIG key for secure dynamic updates' 
 +  SUP top 
 +  MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret ) 
 +  MAY ( dhcpComments ) 
 +  X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.14 
 +  NAME 'dhcpDnsZone' 
 +  DESC 'DNS Zone for updating leases' 
 +  SUP top 
 +  MUST (cn $ dhcpDnsZoneServer ) 
 +  MAY (dhcpKeyDN $ dhcpComments) 
 +  X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.15 
 +  NAME 'dhcpFailOverPeer' 
 +  DESC 'This class defines the Fail over peer' 
 +  SUP top 
 +  MUST ( cn $ dhcpFailOverPrimaryServer $ dhcpFailOverSecondaryServer $ dhcpFailoverPrimaryPort $ dhcpFailOverSecondaryPort) MAY (dhcpFailOverResponseDelay  $ dhcpFailOverUnackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments ) 
 +  X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
 +
 +objectclass ( 2.16.840.1.38414.1.203.6.16 
 +  NAME 'dhcpLocator' 
 +  DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
 +  SUP top 
 +  MUST ( cn ) 
 +  MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments) 
 +  X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
 +
 +</file>
 +<file schema dnszone.schema>
 +# A schema for storing DNS zones in LDAP
 +#
 +attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
 + DESC 'An integer denoting time to live'
 + EQUALITY integerMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
 + DESC 'The class of a resource record'
 + EQUALITY caseIgnoreIA5Match
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
 + DESC 'The name of a zone, i.e. the name of the highest node in the zone'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
 + DESC 'The starting labels of a domain name'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
 + DESC 'domain name pointer, RFC 1035'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
 + DESC 'host information, RFC 1035'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
 + DESC 'mailbox or mail list information, RFC 1035'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
 + DESC 'text string, RFC 1035'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
 + DESC 'for AFS Data Base location, RFC 1183'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
 + DESC 'Signature, RFC 2535'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
 + DESC 'Key, RFC 2535'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
 + DESC 'IPv6 address, RFC 1886'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
 + DESC 'Location, RFC 1876'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
 + DESC 'non-existant, RFC 2535'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
 + DESC 'service location, RFC 2782'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
 + DESC 'Naming Authority Pointer, RFC 2915'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
 + DESC 'Key Exchange Delegation, RFC 2230'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
 + DESC 'certificate, RFC 2538'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
 + DESC 'A6 Record Type, RFC 2874'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
 + DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
 + DESC 'Delegation Signer, RFC 3658'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
 + DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
 + DESC 'RRSIG, RFC 3755'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
 + DESC 'NSEC, RFC 3755'
 + EQUALITY caseIgnoreIA5Match
 + SUBSTR caseIgnoreIA5SubstringsMatch
 + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 +
 +objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
 +        SUP top STRUCTURAL
 + MUST ( zoneName $ relativeDomainName )
 +        MAY ( DNSTTL $ DNSClass $
 +              ARecord $ MDRecord $ MXRecord $ NSRecord $
 +       SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
 +              MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
 +              KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
 +              SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
 +              A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
 +              RRSIGRecord $ NSECRecord ) )
 +</file>
 +<file schema dsa-fd-conf.schema>
 +##
 +## dsa-fd.schema - Needed by Fusion Directory for managing DSA
 +##
 +
 +# Attributes
 +attributetype ( 1.3.6.1.4.1.38414.13.1.1 NAME 'fdDSARDN'
 +  DESC 'FusionDirectory - DSA RDN'
 +  EQUALITY caseExactIA5Match
 +  SUBSTR caseExactIA5SubstringsMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 +  SINGLE-VALUE)
 +
 +# Object Class
 +objectclass ( 1.3.6.1.4.1.38414.13.2.1 NAME 'fdDsaPluginConf'
 +  DESC 'FusionDirectory dsa plugin configuration'
 +  SUP top AUXILIARY
 +  MUST ( cn )
 +  MAY ( fdDSARDN ) )
 +</file>
 +<file schema samba-fd-conf.schema>
 +##
 +## fd-samba-conf.schema - Needed by FusionDirectory Samba Plugin for its configuration
 +##
 +
 +# Attributes
 +
 +# Samba settings
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.1 NAME 'fdSambaMachineAccountRDN'
 +  DESC 'FusionDirectory - Samba RDN'
 +  EQUALITY caseExactIA5Match
 +  SUBSTR caseExactIA5SubstringsMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 +  SINGLE-VALUE )
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.2 NAME 'fdSambaIdMapping'
 +  DESC 'FusionDirectory - Samba id mapping'
 +  EQUALITY booleanMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 +  SINGLE-VALUE )
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.3 NAME 'fdSambaSID'
 +  DESC 'FusionDirectory - Samba SID'
 +  EQUALITY caseExactIA5Match
 +  SUBSTR caseExactIA5SubstringsMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 +  SINGLE-VALUE )
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.4 NAME 'fdSambaRidBase'
 +  DESC 'FusionDirectory - Samba rid base'
 +  EQUALITY integerMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
 +  SINGLE-VALUE )
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.5 NAME 'fdSambaExpirationSync'
 +  DESC 'FusionDirectory - Samba expiration date synchronisation'
 +  EQUALITY caseExactIA5Match
 +  SUBSTR caseExactIA5SubstringsMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 +  SINGLE-VALUE )
 +
 +attributetype ( 1.3.6.1.4.1.38414.9.1.6 NAME 'fdSambaGenLMPassword'
 +  DESC 'FusionDirectory - Samba LMPassword activation'
 +  EQUALITY booleanMatch
 +  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 +  SINGLE-VALUE )
 +
 +
 +# Object Class
 +objectclass ( 1.3.6.1.4.1.38414.9.2.1 NAME 'fdSambaPluginConf'
 +  DESC 'FusionDirectory samba plugin configuration'
 +  SUP top AUXILIARY
 +  MUST ( )
 +  MAY ( fdSambaMachineAccountRDN $ fdSambaIdMapping $
 +        fdSambaSID $ fdSambaRidBase $ fdSambaExpirationSync $ fdSambaGenLMPassword) )
 +</file>
 +
 +</hidden>
 +
 +  * Mise en place de la conf slapd
 +
 +<code bash>
 +cat <<'EOF' > /etc/openldap/slapd.conf
 +
 +</code>
 +
 +<code bash>
 +sed -i -e "s/dc=firewall-services,dc=com/$(cat /etc/install/ldap.base)/g" \
 +       -e "s/__SECRET__/$(cat /etc/install/ldap.pw)/g" /etc/openldap/slapd.conf
 +</code>
 +
 +<code bash>
 +mkdir -p /var/lib/ldap/db_log
 +chown ldap:ldap /var/lib/ldap/db_log
 +chown 770 /var/lib/ldap/db_log
 +cat <<'EOF' > /var/lib/ldap/DB_CONFIG
 +#
 +# Set the database in memory cache size.
 +#
 +set_cachesize         2097152        0
 +#
 +# Set log values.
 +#
 +set_lg_regionmax        1048576
 +set_lg_max              10485760
 +set_lg_bsize            2097152
 +set_lg_dir              /var/lib/ldap/db_log
 +EOF
 +</code>
 +
 +<file ldif init.ldif>
 +dn: dc=firewall-services,dc=com
 +dc: firewall-services
 +o: Firewall Services
 +ou: firewall-services
 +description: firewall-services
 +objectClass: top
 +objectClass: organization
 +objectClass: dcObject
 +objectClass: gosaDepartment
 +</file>
 +
 +<code bash>
 +sed -i -e "s/dc=firewall-services,dc=com/$(cat /etc/install/ldap.base)/g" \
 +       -e "s/firewall-services/$(cat /etc/install/ldap.topdc)/g" ./init.ldif
 +</code>
 +
 +<code bash>
 +slapadd -f init.ldif
 +chown -R ldap:ldap /var/lib/ldap/*
 +</code>
 +
 +
 +===== En vrac =====
 +<file ini named.conf>
 +options {
 +        listen-on port 53 { 127.0.0.1; };
 +        directory       "/var/named";
 +        dump-file       "/var/named/data/cache_dump.db";
 +        statistics-file "/var/named/data/named_stats.txt";
 +        memstatistics-file "/var/named/data/named_mem_stats.txt";
 +        allow-query     { localhost;};
 +        recursion no;
 +
 +        dnssec-enable no;
 +        dnssec-validation no;
 +        dnssec-lookaside auto;
 +
 +        /* Path to ISC DLV key */
 +        bindkeys-file "/etc/named.iscdlv.key";
 +
 +        managed-keys-directory "/var/named/dynamic";
 +};
 +
 +logging {
 +        channel default_debug {
 +                file "data/named.run";
 +                severity dynamic;
 +        };
 +};
 +
 +zone "firewall-services.com" IN {
 +        type master;
 +        database "ldap ldap://localhost/ou=servers,ou=systems,dc=firewall-services,dc=com????!bindname=cn=dns%2cou=DSA%2cdc=firewall-services%2cdc=com,!x-bindpw=__DNS_SECRET__ 172800";
 +};
 +
 +zone "10.10.in-addr.arpa" IN {
 +        type master;
 +        database "ldap ldap://localhost/ou=servers,ou=systems,dc=firewall-services,dc=com????!bindname=cn=dns%2cou=DSA%2cdc=firewall-services%2cdc=com,!x-bindpw=__DNS_SECRET__ 172800";
 +};
 +
 +</file>
 +
 +<file ini unbound.conf>
 +server:
 +        verbosity: 1
 +        statistics-interval: 0
 +        statistics-cumulative: no
 +        extended-statistics: yes
 +        num-threads: 2
 +        interface: 10.10.4.10
 +        interface-automatic: no
 +        do-ip6: no
 +        access-control: 127.0.0.1 allow
 +        access-control: 10.10.0.0/16 allow
 +        chroot: ""
 +        username: "unbound"
 +        directory: "/etc/unbound"
 +        log-time-ascii: yes
 +        pidfile: "/var/run/unbound/unbound.pid"
 +        hide-identity: yes
 +        hide-version: yes
 +        harden-glue: yes
 +        harden-dnssec-stripped: yes
 +        harden-below-nxdomain: yes
 +        harden-referral-path: yes
 +        use-caps-for-id: no
 +        unwanted-reply-threshold: 10000000
 +        do-not-query-localhost: no
 +        prefetch: yes
 +        prefetch-key: yes
 +        dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
 +        trusted-keys-file: /etc/unbound/keys.d/*.key
 +        auto-trust-anchor-file: "/etc/unbound/root.anchor"
 +        val-clean-additional: yes
 +        val-permissive-mode: no
 +        val-log-level: 1
 +        include: /etc/unbound/local.d/*.conf
 +
 +remote-control:
 +        control-enable: no
 +
 +stub-zone:
 +       name: "firewall-services.com"
 +       stub-addr: 127.0.0.1
 +
 +forward-zone:
 +       name: "."
 +       forward-addr: 88.191.254.60
 +       forward-addr: 88.191.254.70
 +
 +</file>
 +
 +<file ini slapd.conf>
 +include         /etc/openldap/schema/core.schema
 +include         /etc/openldap/schema/cosine.schema
 +include         /etc/openldap/schema/inetorgperson.schema
 +include         /etc/openldap/schema/openldap.schema
 +include         /etc/openldap/schema/misc.schema
 +include         /etc/openldap/schema/fusiondirectory/rfc2307bis.schema
 +include         /etc/openldap/schema/fusiondirectory/samba.schema
 +include         /etc/openldap/schema/fusiondirectory/samba-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/core-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/core-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/ldapns.schema
 +include         /etc/openldap/schema/fusiondirectory/recovery-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/dnszone.schema
 +include         /etc/openldap/schema/fusiondirectory/dhcp-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/dsa-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/mime-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/service-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/systems-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/openssh-lpk.schema
 +include         /etc/openldap/schema/fusiondirectory/systems-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/mail-fd.schema
 +include         /etc/openldap/schema/fusiondirectory/mail-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/alias-fd-conf.schema
 +include         /etc/openldap/schema/fusiondirectory/alias-fd.schema
 +
 +password-hash               {SSHA}
 +pidfile                     /var/run/openldap/slapd.pid
 +loglevel                    256
 +modulepath                  /usr/lib64/openldap
 +moduleload                  back_hdb
 +moduleload                  memberof
 +database                    monitor
 +database                    hdb
 +mode                        0600
 +suffix                      dc=firewall-services,dc=com
 +rootdn                      cn=admin,dc=firewall-services,dc=com
 +rootpw                      __LDAP_SECRET__
 +directory                   /var/lib/ldap
 +cachesize                   10000
 +checkpoint                  128 15
 +
 +index                       uid,mail                                               eq,sub
 +index                       cn,sn,givenName,ou                                     pres,eq,sub
 +index                       objectClass                                            pres,eq
 +index                       uidNumber,gidNumber,memberuid,member                   eq
 +index                       gosaSubtreeACL,gosaObject,gosaUser                     pres,eq
 +index                       sambaSID                                               eq,sub
 +index                       sambaPrimaryGroupSID                                   eq
 +index                       sambaDomainName                                        eq
 +index                       sambaGroupType                                         eq
 +index                       sambaSIDList                                           eq
 +index                       zoneName                                               eq
 +index                       relativeDomainName                                     eq
 +index                       dhcpHWAddress                                          eq
 +index                       dhcpClassData                                          eq
 +index                       dhcpPrimaryDN                                          eq
 +index                       dhcpSecondaryDN                                        eq
 +index                       dhcpServerDN                                           eq
 +index                       dhcpFailOverPeerDN                                     eq
  
 +access to attrs=userPassword,sambaLmPassword,sambaNtPassword
 +       by dn=cn=samba,ou=DSA,dc=firewall-services,dc=com write
 +       by anonymous auth
 +       by self write
 +       by * none
 +access to attrs=sambaAcctFlags,sambaBadPasswordCount,sambaBadPasswordTime,sambaKickoffTime,sambaLogoffTime,sambaLogonHours,sambaPasswordHistory,sambaSID,sambaPrimaryGroupSID,sambaPwdCanChange,sambaPwdLastSet,sambaPwdMustChange,sambaUserWorkstations,sambaSIDList,sambaGroupType,sambaMungedDial,sambaLogonHours,sambaLogonTime,sambaDomainName,sambaHomePath,sambaHomeDrive
 +       by dn=cn=samba,ou=DSA,dc=firewall-services,dc=com write
 +       by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write
 +       by self read
 +       by * none
 +access to filter=(objectClass=sambaDomain)
 +       by dn=cn=samba,ou=DSA,dc=firewall-services,dc=com write
 +       by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write
 +       by * none
 +access to dn.subtree=ou=Computers,ou=systems,dc=firewall-services,dc=com
 +       by dn=cn=samba,ou=DSA,dc=firewall-services,dc=com write
 +       by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write
 +       by * none
 +access to attrs=loginShell,gidNumber,homeDirectory,uidNumber,shadowExpire,shadowFlag,shadowInactive,shadowLastChange,shadowMax,shadowMin,shadowWarning
 +       by dn=cn=samba,ou=DSA,dc=firewall-services,dc=com write
 +       by self read
 +       by dn="cn=unix,ou=DSA,dc=firewall-services,dc=com" read
 +access to dn.subtree=ou=DSA,dc=firewall-services,dc=com
 +       by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write
 +       by * none
 +access to dn.base=dc=firewall-services,dc=com
 +       by * read
 +access to dn.subtree=ou=systems,dc=firewall-services,dc=com filter=(objectClass=dNSZone)
 +       by group.exact="cn=admins,ou=Groups,dc=firewall-services,dc=com" write
 +       by dn="cn=dns,ou=DSA,dc=firewall-services,dc=com" read
 +       by * none
 +access to dn.regex="^.*,ou=(People|Groups),dc=firewall-services,dc=org"
 +       by * read
 +access to *
 +       by users read
 +       by anonymous auth
 +</file>
  • tuto/linux_divers/installer_fusiondirectory_centos_6.1375363219.txt.gz
  • Dernière modification: 01/08/2013 15:20
  • de dani