Linux vps-61133.fhnet.fr 4.9.0-19-amd64 #1 SMP Debian 4.9.320-2 (2022-06-30) x86_64
Apache/2.4.25 (Debian)
Server IP : 93.113.207.21 & Your IP : 216.73.216.35
Domains :
Cant Read [ /etc/named.conf ]
User : www-data
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
usr /
src /
php-7.4.33 /
azure /
Delete
Unzip
Name
Size
Permission
Date
Action
i386
[ DIR ]
drwxrwxr-x
2022-10-31 11:36
macos
[ DIR ]
drwxrwxr-x
2022-10-31 11:36
apt.yml
1.57
KB
-rw-rw-r--
2022-10-31 11:36
community_job.yml
4.03
KB
-rw-rw-r--
2022-10-31 11:36
configure.yml
1.56
KB
-rw-rw-r--
2022-10-31 11:36
coverage_job.yml
1.7
KB
-rw-rw-r--
2022-10-31 11:36
install.yml
454
B
-rw-rw-r--
2022-10-31 11:36
job.yml
983
B
-rw-rw-r--
2022-10-31 11:36
lsan-suppressions.txt
37
B
-rw-rw-r--
2022-10-31 11:36
msan_job.yml
2.74
KB
-rw-rw-r--
2022-10-31 11:36
setup-slapd.sh
4.31
KB
-rwxrwxr-x
2022-10-31 11:36
setup.yml
423
B
-rw-rw-r--
2022-10-31 11:36
test.yml
1.25
KB
-rw-rw-r--
2022-10-31 11:36
Save
Rename
#!/bin/sh set -ev # Create TLS certificate sudo mkdir -p /etc/ldap/ssl alt_names() { ( ( (hostname && hostname -a && hostname -A && hostname -f) | xargs -n 1 | sort -u | sed -e 's/\(\S\+\)/DNS:\1/g' ) && ( (hostname -i && hostname -I && echo "127.0.0.1 ::1") | xargs -n 1 | sort -u | sed -e 's/\(\S\+\)/IP:\1/g' ) ) | paste -d, -s } sudo openssl req -newkey rsa:4096 -x509 -nodes -days 3650 \ -out /etc/ldap/ssl/server.crt -keyout /etc/ldap/ssl/server.key \ -subj "/C=US/ST=Arizona/L=Localhost/O=localhost/CN=localhost" \ -addext "subjectAltName = `alt_names`" sudo chown -R openldap:openldap /etc/ldap/ssl # Display the TLS certificate (should be world readable) openssl x509 -noout -text -in /etc/ldap/ssl/server.crt # Point to the certificate generated if ! grep -q 'TLS_CACERT \/etc\/ldap\/ssl\/server.crt' /etc/ldap/ldap.conf; then sudo sed -e 's|^\s*TLS_CACERT|# TLS_CACERT|' -i /etc/ldap/ldap.conf echo 'TLS_CACERT /etc/ldap/ssl/server.crt' | sudo tee -a /etc/ldap/ldap.conf fi # Configure LDAP protocols to serve. sudo sed -e 's|^\s*SLAPD_SERVICES\s*=.*$|SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"|' -i /etc/default/slapd # Configure LDAP database. DBDN=`sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(&(olcRootDN=*)(olcSuffix=*))' dn | grep -i '^dn:' | sed -e 's/^dn:\s*//'`; sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif sudo service slapd restart sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF dn: $DBDN changetype: modify replace: olcSuffix olcSuffix: dc=my-domain,dc=com - replace: olcRootDN olcRootDN: cn=Manager,dc=my-domain,dc=com - replace: olcRootPW olcRootPW: secret dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/server.crt - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/ldap/ssl/server.crt - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/ldap/ssl/server.key - add: olcTLSVerifyClient olcTLSVerifyClient: never - add: olcAuthzRegexp olcAuthzRegexp: uid=usera,cn=digest-md5,cn=auth cn=usera,dc=my-domain,dc=com - replace: olcLogLevel olcLogLevel: -1 dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: sssvlv - add: olcModuleLoad olcModuleLoad: ppolicy - add: olcModuleLoad olcModuleLoad: dds EOF sudo service slapd restart sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// << EOF dn: olcOverlay=sssvlv,$DBDN objectClass: olcOverlayConfig objectClass: olcSssVlvConfig olcOverlay: sssvlv olcSssVlvMax: 10 olcSssVlvMaxKeys: 5 dn: olcOverlay=ppolicy,$DBDN objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: ppolicy ### This would clutter our DIT and make tests to fail, while ppolicy does not ### seem to work as we expect (it does not seem to provide expected controls) ## olcPPolicyDefault: cn=default,ou=pwpolicies,dc=my-domain,dc=com ## olcPPolicyHashCleartext: FALSE ## olcPPolicyUseLockout: TRUE dn: olcOverlay=dds,$DBDN objectClass: olcOverlayConfig objectClass: olcDdsConfig olcOverlay: dds EOF sudo service slapd restart sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF dn: $DBDN changetype: modify add: olcDbIndex olcDbIndex: entryExpireTimestamp eq EOF sudo service slapd restart ldapadd -H ldapi:/// -D cn=Manager,dc=my-domain,dc=com -w secret <<EOF dn: dc=my-domain,dc=com objectClass: top objectClass: organization objectClass: dcObject dc: my-domain o: php ldap tests ### This would clutter our DIT and make tests to fail, while ppolicy does not ### seem to work as we expect (it does not seem to provide expected controls) ## dn: ou=pwpolicies,dc=my-domain,dc=com ## objectClass: top ## objectClass: organizationalUnit ## ou: pwpolicies ## ## dn: cn=default,ou=pwpolicies,dc=my-domain,dc=com ## objectClass: top ## objectClass: person ## objectClass: pwdPolicy ## cn: default ## sn: default ## pwdAttribute: userPassword ## pwdMaxAge: 2592000 ## pwdExpireWarning: 3600 ## #pwdInHistory: 0 ## pwdCheckQuality: 0 ## pwdMaxFailure: 5 ## pwdLockout: TRUE ## #pwdLockoutDuration: 0 ## #pwdGraceAuthNLimit: 0 ## #pwdFailureCountInterval: 0 ## pwdMustChange: FALSE ## pwdMinLength: 3 ## pwdAllowUserChange: TRUE ## pwdSafeModify: FALSE EOF # Verify TLS connection ldapsearch -d 255 -H ldaps://localhost -D cn=Manager,dc=my-domain,dc=com -w secret -s base -b dc=my-domain,dc=com 'objectclass=*'