#platform=x86, AMD64, or Intel EM64T

#version=DEVEL

# Firewall configuration

firewall --enabled --service=ssh --port=80:tcp,389:tcp,111:tcp,111:udp,2049:tcp,2049:udp,892:tcp,892:udp,662:tcp,662:udp,32803:tcp,32769:udp

# Install OS instead of upgrade

install

# Use CDROM installation media

cdrom

# Root password

rootpw --iscrypted $1$QAWRQVGu$yP5fiyjs.aC59.TfdINof1

# System authorization information

auth  --useshadow  --passalgo=sha512

# Use text mode install

text

firstboot --disable

# System keyboard

keyboard uk

# System language

lang en_GB

# SELinux configuration

selinux --enforcing

# Installation logging level

logging --level=info

# Reboot after installation

reboot

# System timezone

timezone --isUtc Europe/London

ignoredisk --only-use=vda

# Network information

network  --bootproto=dhcp --device=eth0 --onboot=on --hostname=ldap1.example.com

# System bootloader configuration

bootloader --append="crashkernel=auto rhgb quiet" --location=mbr --driveorder="vda"

# Partition clearing information

clearpart --all --initlabel --drives=vda

# Disk partitioning information

part /boot --fstype="ext4" --size=500

part / --fstype="ext4" --size=8000

part swap --size=1000

part /home --fstype="ext4" --size=1000

%packages

@base

@basic-desktop

@console-internet

@core

@fonts

@general-desktop

@graphical-admin-tools

@internet-browser

@network-file-system-client

@perl-runtime

@server-platform

@x11

genisoimage

mtools

oddjob

perl-DBD-SQLite

python-dmidecode

sgpio

wodim

openldap-servers

php-ldap

php

migrationtools

httpd

nfs-utils

nfs4-acl-tools

%end

%post --log=/root/post.log

######################################################################################################################

#                                                                                                                    #

# Setting up the slapd.conf file                                                                                     #

#                                                                                                                    #

######################################################################################################################

# Create a defualt file .....

cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

# Customise the default file

filename='/etc/openldap/slapd.conf'                                        # File to be edited

# Create the Manager password...

slappasswd -s qwerty > pw.txt

newstring=$(echo -e 'rootpw\t\t\t')$(cat pw.txt)                           # create the directive for the file

sed -i '/{crypt}ijFYNcSNctBYg/a '"$newstring" "$filename"                  # add it to the file

# Modify paths to certificate store...

# (note the use a non-standard delimiter to accomodate the use of the forward slash character in the strings)

oldstring='TLSCertificateFile "\\"OpenLDAP Server\\""'                     # need to replace this string...

newstring='TLSCertificateFile /etc/openldap/certs/slapdcert.pem'           # ... with this one

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='TLSCertificateKeyFile /etc/openldap/certs/password'             # need to replace this string...

newstring='TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem'         # ... with this one

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

# Modify domain name...

oldstring='dc=my-domain,dc=com'                                            # need to replace this string...

newstring='dc=example,dc=com'                                              # ... with this one

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

# Tidy up...

rm -f pw.txt

######################################################################################################################

#                                                                                                                    #

# Setting up the other configuration                                                                                 #

#                                                                                                                    #

######################################################################################################################

cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

# leaving anything in here will overwrite the configuration changes, so clear out the directory...

rm -rf /etc/openldap/slapd.d/*

oldstring='SLAPD_LDAPS=no'                                                 # need to replace this string...

newstring='SLAPD_LDAPS=yes'                                                # ...with this one

filename='/etc/sysconfig/ldap'                                             # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='padl.com'                                                       # need to replace this string...

newstring='example.com'                                                    # ...with this one

filename='/usr/share/migrationtools/migrate_common.ph'                     # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='dc=padl'                                                        # need to replace this string...

newstring='dc=example'                                                     # ...with this one

filename='/usr/share/migrationtools/migrate_common.ph'                     # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

# Create default security keys...

openssl req -new -x509 -subj "/C=UK/ST=SomeCounty/L=SomeCity/O=IT/CN=ldap1.example.com" -nodes -out /etc/openldap/certs/slapdcert.pem -keyout /etc/openldap/certs/slapdkey.pem -days 365

chown -Rf root:ldap /etc/openldap/certs/slapdkey.pem                       # Make key and cert readable by ldap user

chown -Rf root:ldap /etc/openldap/certs/slapdcert.pem

chmod -Rf 750 /etc/openldap/certs/slapdkey.pem

chmod -Rf 750 /etc/openldap/certs/slapdcert.pem

# share certificate through web server...

mkdir /var/www/html/Certificate

cp /etc/openldap/certs/slapdcert.pem /var/www/html/Certificate/slapdcert.pem

chmod 755 -Rf /var/www/html/

# set relavent services to autostart in runlevels 3 and 5

chkconfig --level 35 slapd on

chkconfig --level 35 httpd on

echo "" | slapadd -f /etc/openldap/slapd.conf                              # initialise database

slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/             # convert config file to dynamic config

chown ldap.ldap -R /etc/openldap/slapd.d/                                  # adjust ownership of schema

chown ldap.ldap -R /var/lib/ldap/

# start slapd manually to allow OU structure and accounts to be created...

service slapd start

sleep 5    # It seems the slapd service can take a while to get going, so don't rush it.

# Define the base OU structure...

echo 'dn: dc=example,dc=com' > base.ldif

echo 'dc: example' >> base.ldif

echo 'objectClass: domain' >> base.ldif

echo >> base.ldif

echo 'dn: ou=People,dc=example,dc=com' >> base.ldif

echo 'ou: People' >> base.ldif

echo 'objectClass: top' >> base.ldif

echo 'objectClass: organizationalUnit' >> base.ldif

echo >> base.ldif

echo 'dn: ou=Group,dc=example,dc=com' >> base.ldif

echo 'ou: Group' >> base.ldif

echo 'objectClass: top' >> base.ldif

echo 'objectClass: organizationalUnit' >> base.ldif

echo >> base.ldif

# Create the base OU structure...

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f base.ldif

######################################################################################################################

#                                                                                                                    #

# Create some test LDAP user accounts                                                                                #

#                                                                                                                    #

######################################################################################################################

#homedrive=/home/                                                            # Default value (no automounter)

homedrive=/ldaphome/                                                         # Modify value for use with auto mounter

                                                                             # this is where the ldap accounts

                                                                             # will map their home drives and will

                                                                             # need to be created on any ldap clients

adduser ldapuser1

echo "qwerty" | passwd --stdin ldapuser1                                     # Yeah-I know. But what else can you do ?

grep ldapuser1 /etc/passwd > user.txt                                        # get the account details

/usr/share/migrationtools/migrate_passwd.pl user.txt > user.ldif             # convert to an ldif file

sed -i -e "s@/home/@$homedrive@g" "user.ldif"                                # select home drive

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f user.ldif        # and do it.

adduser ldapuser2

echo "qwerty" | passwd --stdin ldapuser2

grep ldapuser2 /etc/passwd > user.txt

/usr/share/migrationtools/migrate_passwd.pl user.txt > user.ldif

sed -i -e "s@/home/@$homedrive@g" "user.ldif"

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f user.ldif

adduser ldapuser3

echo "qwerty" | passwd --stdin ldapuser3

grep ldapuser3 /etc/passwd > user.txt

/usr/share/migrationtools/migrate_passwd.pl user.txt > user.ldif

sed -i -e "s@/home/@$homedrive@g" "user.ldif"

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f user.ldif

adduser ldapuser4

echo "qwerty" | passwd --stdin ldapuser4

grep ldapuser4 /etc/passwd > user.txt

/usr/share/migrationtools/migrate_passwd.pl user.txt > user.ldif

sed -i -e "s@/home/@$homedrive@g" "user.ldif"

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f user.ldif

adduser ldapuser5

echo "qwerty" | passwd --stdin ldapuser5

grep ldapuser5 /etc/passwd > user.txt

/usr/share/migrationtools/migrate_passwd.pl user.txt > user.ldif

sed -i -e "s@/home/@$homedrive@g" "user.ldif"

ldapadd -x -w "qwerty" -D "cn=Manager,dc=example,dc=com" -f user.ldif

# Tidy up...

rm -f user.txt

rm -f user.ldif

rm -f base.ldif

######################################################################################################################

#                                                                                                                    #

# Install the web based config utility - phpldapadmin                                                                #

#                                                                                                                    #

######################################################################################################################

# Download the EPEL (Extra Packages for Enterprise Linux) rpm file...

wget https://anorien.csc.warwick.ac.uk/mirrors/epel/6/i386/epel-release-6-8.noarch.rpm

# Install the EPEL package...

yum install -y epel-release-6-8.noarch.rpm

# Install phpldapadmin from EPEL...

yum install -y phpldapadmin

######################################################################################################################

#                                                                                                                    #

# Configure the phpldapadmin install                                                                                 #

#                                                                                                                    #

######################################################################################################################

filename='/etc/phpldapadmin/config.php'                                    # Configuration file to be changed

oldstring='// $servers->setValue('\''login'\'','\''attr'\'','\''dn'\'');'  # need to replace this string...

newstring='$servers->setValue('\''login'\'','\''attr'\'','\''dn'\'');'     # ...with this one...

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='$servers->setValue('\''login'\'','\''attr'\'','\''uid'\'');'    # need to replace this string...

newstring='// $servers->setValue('\''login'\'','\''attr'\'','\''uid'\'');' # ...with this one...

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

filename='/etc/httpd/conf.d/phpldapadmin.conf'                             # Configuration file to be changed

oldstring='Deny from all'                                                  # need to delete this line...

sed -i "/$oldstring/d" "$filename"                                         # do it

oldstring='Allow from ::1'                                                 # need to delete this line...

sed -i "/$oldstring/d" "$filename"                                         # do it

oldstring='Allow from 127.0.0.1'                                           # need to replace this string...

newstring='Allow from All'                                                 # ...with this one...

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

######################################################################################################################

#                                                                                                                    #

# Install NFS                                                                                                        #

#                                                                                                                    #

######################################################################################################################

# Fix the ports to allow firewall configuration...

oldstring='#MOUNTD_PORT'                                                   # need to replace this string...

newstring='MOUNTD_PORT'                                                    # ...with this one...

filename='/etc/sysconfig/nfs'                                              # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='#STATD_PORT'                                                    # need to replace this string...

newstring='STATD_PORT'                                                     # ...with this one...

filename='/etc/sysconfig/nfs'                                              # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='#LOCKD_TCPPORT'                                                 # need to replace this string...

newstring='LOCKD_TCPPORT'                                                  # ...with this one...

filename='/etc/sysconfig/nfs'                                              # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

oldstring='#LOCKD_UDPPORT'                                                 # need to replace this string...

newstring='LOCKD_UDPPORT'                                                  # ...with this one...

filename='/etc/sysconfig/nfs'                                              # ... in this file

sed -i -e "s@$oldstring@$newstring@g" "$filename"                          # do it.

# Export the home directories...

echo '/home/ldapuser1  *(rw,sync)' > /etc/exports                          # create the data file...

echo '/home/ldapuser2  *(rw,sync)' >> /etc/exports

echo '/home/ldapuser3  *(rw,sync)' >> /etc/exports

echo '/home/ldapuser4  *(rw,sync)' >> /etc/exports

echo '/home/ldapuser5  *(rw,sync)' >> /etc/exports

exportfs -ra                                                               # ... and export the shares

chmod 777 /home/ldapuser1                                                  # open up the permissions

chmod 777 /home/ldapuser2

chmod 777 /home/ldapuser3

chmod 777 /home/ldapuser4

chmod 777 /home/ldapuser5

# Start the services (and set to autostart on boot)...

chkconfig rpcbind --level 35 on

chkconfig nfs --level 35 on

service rpcbind start

service nfs start

eject                                                                      # pop the CD

%end