| Server IP : 104.21.38.3 / Your IP : 162.158.88.82 Web Server : Apache System : Linux krdc-ubuntu-s-2vcpu-4gb-amd-blr1-01.localdomain 5.15.0-142-generic #152-Ubuntu SMP Mon May 19 10:54:31 UTC 2025 x86_64 User : www ( 1000) PHP Version : 7.4.33 Disable Function : passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /www/server/php/82/src/.github/scripts/ |
Upload File : |
#!/bin/sh
set -ex
# Create TLS certificate
sudo mkdir -p /etc/ldap/ssl
alt_names() {
(
(
(hostname && hostname -a && hostname -A && hostname -f) |
xargs -n 1 |
sort -u |
sed -e 's/\(\S\+\)/DNS:\1/g'
) && (
(hostname -i && hostname -I && echo "127.0.0.1 ::1") |
xargs -n 1 |
sort -u |
sed -e 's/\(\S\+\)/IP:\1/g'
)
) | paste -d, -s
}
sudo openssl req -newkey rsa:4096 -x509 -nodes -days 3650 \
-out /etc/ldap/ssl/server.crt -keyout /etc/ldap/ssl/server.key \
-subj "/C=US/ST=Arizona/L=Localhost/O=localhost/CN=localhost" \
-addext "subjectAltName = `alt_names`"
sudo chown -R openldap:openldap /etc/ldap/ssl
# Display the TLS certificate (should be world readable)
openssl x509 -noout -text -in /etc/ldap/ssl/server.crt
# Point to the certificate generated
if ! grep -q 'TLS_CACERT \/etc\/ldap\/ssl\/server.crt' /etc/ldap/ldap.conf; then
sudo sed -e 's|^\s*TLS_CACERT|# TLS_CACERT|' -i /etc/ldap/ldap.conf
echo 'TLS_CACERT /etc/ldap/ssl/server.crt' | sudo tee -a /etc/ldap/ldap.conf
fi
# Configure LDAP protocols to serve.
sudo sed -e 's|^\s*SLAPD_SERVICES\s*=.*$|SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"|' -i /etc/default/slapd
# Configure LDAP database.
DBDN=`sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config '(&(olcRootDN=*)(olcSuffix=*))' dn | grep -i '^dn:' | sed -e 's/^dn:\s*//'`;
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF
dn: $DBDN
changetype: modify
replace: olcSuffix
olcSuffix: dc=my-domain,dc=com
-
replace: olcRootDN
olcRootDN: cn=Manager,dc=my-domain,dc=com
-
replace: olcRootPW
olcRootPW: secret
dn: cn=config
changetype: modify
add: olcTLSCACertificateFile
olcTLSCACertificateFile: /etc/ldap/ssl/server.crt
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/ldap/ssl/server.crt
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/ldap/ssl/server.key
-
add: olcTLSVerifyClient
olcTLSVerifyClient: never
-
add: olcAuthzRegexp
olcAuthzRegexp: uid=usera,cn=digest-md5,cn=auth cn=usera,dc=my-domain,dc=com
-
replace: olcLogLevel
olcLogLevel: -1
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: sssvlv
-
add: olcModuleLoad
olcModuleLoad: ppolicy
-
add: olcModuleLoad
olcModuleLoad: dds
EOF
sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// << EOF
dn: olcOverlay=sssvlv,$DBDN
objectClass: olcOverlayConfig
objectClass: olcSssVlvConfig
olcOverlay: sssvlv
olcSssVlvMax: 10
olcSssVlvMaxKeys: 5
dn: olcOverlay=ppolicy,$DBDN
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
### This would clutter our DIT and make tests to fail, while ppolicy does not
### seem to work as we expect (it does not seem to provide expected controls)
## olcPPolicyDefault: cn=default,ou=pwpolicies,dc=my-domain,dc=com
## olcPPolicyHashCleartext: FALSE
## olcPPolicyUseLockout: TRUE
dn: olcOverlay=dds,$DBDN
objectClass: olcOverlayConfig
objectClass: olcDdsConfig
olcOverlay: dds
EOF
sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// << EOF
dn: $DBDN
changetype: modify
add: olcDbIndex
olcDbIndex: entryExpireTimestamp eq
EOF
ldapadd -H ldapi:/// -D cn=Manager,dc=my-domain,dc=com -w secret <<EOF
dn: dc=my-domain,dc=com
objectClass: top
objectClass: organization
objectClass: dcObject
dc: my-domain
o: php ldap tests
### This would clutter our DIT and make tests to fail, while ppolicy does not
### seem to work as we expect (it does not seem to provide expected controls)
## dn: ou=pwpolicies,dc=my-domain,dc=com
## objectClass: top
## objectClass: organizationalUnit
## ou: pwpolicies
##
## dn: cn=default,ou=pwpolicies,dc=my-domain,dc=com
## objectClass: top
## objectClass: person
## objectClass: pwdPolicy
## cn: default
## sn: default
## pwdAttribute: userPassword
## pwdMaxAge: 2592000
## pwdExpireWarning: 3600
## #pwdInHistory: 0
## pwdCheckQuality: 0
## pwdMaxFailure: 5
## pwdLockout: TRUE
## #pwdLockoutDuration: 0
## #pwdGraceAuthNLimit: 0
## #pwdFailureCountInterval: 0
## pwdMustChange: FALSE
## pwdMinLength: 3
## pwdAllowUserChange: TRUE
## pwdSafeModify: FALSE
EOF
sudo service slapd restart
# Verify TLS connection
tries=0
while : ; do
ldapsearch -d 255 -H ldaps://localhost -D cn=Manager,dc=my-domain,dc=com -w secret -s base -b dc=my-domain,dc=com 'objectclass=*'
rt=$?
if [ $rt -eq 0 ]; then
echo "OK"
exit 0
else
tries=$((tries+1))
if [ $((tries)) -gt 3 ]; then
echo "exit failure $rt"
exit $rt
else
echo "trying again"
sleep 3
fi
fi
done