From 6e00c9e8137aae1fb8dd568a62d9fb5fc4a277cb Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Tue, 24 Sep 2024 22:35:45 -0400
Subject: finish up idm_server hostclass

---
 scripts/hostclass/idm_server/10-slapd | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'scripts/hostclass/idm_server/10-slapd')

diff --git a/scripts/hostclass/idm_server/10-slapd b/scripts/hostclass/idm_server/10-slapd
index dc52a58..204c405 100644
--- a/scripts/hostclass/idm_server/10-slapd
+++ b/scripts/hostclass/idm_server/10-slapd
@@ -10,10 +10,13 @@
 : ${slapd_syncrepl_session_log:='1000'}
 : ${slapd_syncrepl_cleanup_age:='7'}
 : ${slapd_syncrepl_cleanup_interval:='1'}
+: ${slapd_admin_role:='role-ldap-admin'}
 
 slapd_user=ldap
 slapd_data_dir=/var/db/openldap-data
 slapd_conf_dir=/usr/local/etc/openldap
+slapd_socket=/var/run/openldap/ldapi
+slapd_ldapi_uri="ldapi://$(echo "$slapd_socket" | sed 's|/|%2f|g')"
 slapd_tls_cert="${slapd_conf_dir}/slapd.crt"
 slapd_tls_key="${slapd_conf_dir}/slapd.key"
 slapd_replicator_tls_cert="${slapd_conf_dir}/replicator.crt"
@@ -72,8 +75,8 @@ fi
 sysrc -v \
   slapd_enable=YES \
   slapd_cn_config=YES \
-  slapd_flags="-h 'ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/ ldaps://0.0.0.0/ ldaps://${BOXCONF_DEFAULT_IPV4}/'" \
-  slapd_sockets="/var/run/openldap/ldapi" \
+  slapd_flags="-h '${slapd_ldapi_uri}/ ldap://0.0.0.0/ ldaps://0.0.0.0/ ldaps://${BOXCONF_DEFAULT_IPV4}/'" \
+  slapd_sockets="$slapd_socket" \
   slapd_krb5_ktname="$slapd_keytab"
 
 service slapd restart
@@ -149,6 +152,12 @@ EOF
   ldap_add "$roles_basedn" <<EOF
 objectClass: organizationalUnit
 ou: $(ldap_rdn_value "$roles_basedn")
+EOF
+
+  # cn=role-ldap-admin,ou=roles,ou=groups,ou=accounts,dc=example,dc=com
+  ldap_add "cn=${slapd_admin_role},${roles_basedn}" <<EOF
+objectClass: groupOfMembers
+cn: ${slapd_admin_role}
 EOF
 
   # ou=automount,dc=example,dc=com
-- 
cgit v1.2.3