Skip to content
debian-edu-config (2.11.5) UNRELEASED; urgency=medium
* Improve usage information and comments:
- ldap-tools/debian-edu-ldap-install
- share/debian-edu-config/tools/edu-ldap-from-scratch
* share/debian-edu-config/passwords_stub.dat:
- Adjust after replacing icinga with icinga2 and icinga2-classicui.
-- Wolfgang Schweer <wschweer@arcor.de> Wed, 09 Oct 2019 23:28:32 +1300
debian-edu-config (2.11.4) unstable; urgency=medium
[ Wolfgang Schweer ]
......
#!/bin/bash
set -e
#
# to re-run the LDAP/GOsa/Samba bootstrap...
#
# [[[ WATCH OUT ]]] ... if you do this, your TJENER will be initialized
# YOU WILL LOOSE ALL SETTINGS STORED IN LDAP!!!
# DO THIS AT YOUR OWN RISK!!!
#
# o ... create little script with the following lines:
#
# <quote>
# #!/bin/bash
# . /usr/share/debconf/confmodule
# db_set debian-edu-config/ldap-password <rootpw>
# db_set debian-edu-config/kdc-password <rootpw>
# db_set debian-edu-config/first-user-password <firstuserpw>
# </quote>
#
# o then run the just created script; you have to run it using its
# full path (otherwise debconf will throw an error)
# o Then run these commands from a terminal
#
# $ systemctl stop nmbd.service
# $ systemctl stop smbd.service
# $ systemctl stop slapd.service
# $ rm /var/lib/ldap/*
# $ rm -r /var/lib/samba/*
# $ mkdir /var/lib/samba/private
# $ chmod 755 /var/lib/samba/private
# $ systemctl start slapd.service
# $ systemctl start smbd.service
# $ systemctl start nmbd.service
# $ rm /etc/krb5kdc/stash
# $ rm /etc/krb5.keyt*
#
# o Then run
#
# $ ldap-debian-edu-install
#
# o restart Kerberos KDC and admin server:
#
# $ systemctl restart krb5-kdc.service
# $ systemctl restart krb5-admin-server.service
#
# o And finally restart your webservice, e.g.
#
# $ systemctl restart apache2.service
#
# o If https://tjener/gosa/ shows an error, rebooting tjener may help.
# This script is run at main server installation time inside Debian Installer.
# Don't ever use it manually! You will definitely ruin your main server!
# If you intend to re-create the LDAP data base, use the dedicated tool:
# Run '/usr/share/debian-edu-config/tools/edu-ldap-from-scratch'
################# fetch LDAP password from debconf ################
#export DEBCONF_DEBUG='developer'
......@@ -153,17 +110,6 @@ fi
################# password available now ##################
# Some easy means to start/stop the mail spool
#if [ -x /etc/init.d/exim ] ; then
# MTAINIT=/etc/init.d/exim
#elif [ -x /etc/init.d/exim4 ] ; then
# MTAINIT=/etc/init.d/exim4
#else
# echo "error: unknown MTA, exiting..."
# exit 9
#fi
copy_example_DB_CONFIG() {
#function to set a DB_CONFIG, ripped from slapd.postinst
# Copy an example DB_CONFIG file
......@@ -199,7 +145,7 @@ slapd_stop() {
done
fi
# Not sure why, but it seem like slapd takes some time to shut down
# Not sure why, but it seems like slapd takes some time to shut down
LOOP=0
while [ $LOOP -lt 10 ] ; do
SLAPPIDS=$(pidof slapd || /bin/true)
......@@ -219,7 +165,7 @@ slapd_stop() {
done
fi
# Not sure why, but it seem like slapd takes some time to shut down
# Not sure why, but it seems like slapd takes some time to shut down
LOOP=0
while [ $LOOP -lt 10 ] ; do
SLAPPIDS=$(pidof slapd || /bin/true)
......@@ -537,23 +483,6 @@ EOF
exit 1
fi
done
# Migrate to new style LDAP configuration first. Required since
# slapd version 2.4.23-4.
# A better way is to convert our configuration to slapd.d config and
# include those files in the package.
# Disabled since openldap (>= 2.4.23-5) no longer
# require slapd.d config.
if false && [ ! -d /etc/ldap/slapd.d ] ; then
echo "info: migrating SLAPD configuration to slapd.d format"
mkdir /etc/ldap/slapd.d
slapd -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
service slapd stop
chown -R openldap:openldap /etc/ldap/slapd.d
# In case the init.d script fail to stop the service (which it
# does when testing 2010-09-07).
killall slapd
fi
# again: the database must be owned by openldap
if getent passwd openldap | grep -q openldap ; then
chown -R openldap:openldap /var/lib/ldap
......@@ -611,9 +540,3 @@ if [ -x /usr/bin/certutil ] ; then
echo "info: created dbm and sql nssdb files for first-user"
fi
#$MTAINIT start
## restart Kerberos KDC and admin server:
#/etc/init.d/krb5-kdc restart
#/etc/init.d/krb5-admin-server restart
......@@ -28,14 +28,14 @@ Value: ROOTPWD
Owners: debian-edu-config
Flags: seen
Name: icinga/adminpassword
Template: icinga/adminpassword
Value: skolelinux
Owners: icinga-cgi
Name: icinga2-classicui/adminpassword
Template: icinga2-classicui/adminpassword
Value:
Owners: icinga2-classicui
Flags: seen
Name: icinga/adminpassword-repeat
Template: icinga/adminpassword-repeat
Value: skolelinux
Owners: icinga-cgi
Name: icinga2-classicui/adminpassword-repeat
Template: icinga2-classicui/adminpassword-repeat
Value:
Owners: icinga2-classicui
Flags: seen
......@@ -20,6 +20,8 @@ Use uid and cleartext passwords as params:
edu-ldap-from-scratch <first-user uid> <first-user password> <root password>
Please note: the <first-user uid> must be the same one used during installation!
The cleartext passwords in debconf are cleared after the script has been run.
To exclude the command containing the passwords from being stored in bash
......