benr
diff --git a/‎DirectoryBuilder/Makefile
+69 b/‎DirectoryBuilder/Makefile
+69
diff --git a/‎DirectoryBuilder/aliases.template
+6 b/‎DirectoryBuilder/aliases.template
+6
diff --git a/‎DirectoryBuilder/autofs.template
+11 b/‎DirectoryBuilder/autofs.template
+11
diff --git a/‎DirectoryBuilder/dit-base.template
+119 b/‎DirectoryBuilder/dit-base.template
+119
diff --git a/‎DirectoryBuilder/dua.template
+15 b/‎DirectoryBuilder/dua.template
+15
diff --git a/‎DirectoryBuilder/group.template
+8 b/‎DirectoryBuilder/group.template
+8
diff --git a/‎DirectoryBuilder/host.template
+7 b/‎DirectoryBuilder/host.template
+7
diff --git a/‎DirectoryBuilder/mirrormode.template
+7 b/‎DirectoryBuilder/mirrormode.template
+7
diff --git a/‎DirectoryBuilder/netgroup.template
+8 b/‎DirectoryBuilder/netgroup.template
+8
diff --git a/‎DirectoryBuilder/ppolicy.template
+26 b/‎DirectoryBuilder/ppolicy.template
+26
diff --git a/‎DirectoryBuilder/project.template
+8 b/‎DirectoryBuilder/project.template
+8
diff --git a/‎DirectoryBuilder/proxyAgent.template
+6 b/‎DirectoryBuilder/proxyAgent.template
+6
diff --git a/‎DirectoryBuilder/rbac.template
+82 b/‎DirectoryBuilder/rbac.template
+82
@@ -0,0 +1,69 @@
+include ../Makefile.config
+
+
+DOMAIN= $(DIT_SUFFIX)
+################################################################################
+
+
+all: templates
+
+
+
+templates:
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g autofs.template > autofs.ldif
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g dit-base.template \
+		| /bin/sed s/__NISDOMAIN__/$(NISDOMAIN)/g > dit-base.ldif
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g dua.template \
+		| /bin/sed s/__LDAPSERVERS__/$(SERVERS)/ \
+		| /bin/sed s/__PREFSERVERS__/$(PREFSERVERS)/ > dua.ldif
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g proxyAgent.template \
+		| /bin/sed s/__PROXYPASS__/$(PROXY_PASS_SSHA)/ > proxyAgent.ldif
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g rbac.template > rbac.ldif
+
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g mirrormode.template \
+		| /bin/sed s/__MIRRORMODE_PASS__/$(MIRROR_PASS_SSHA)/ > mirrormode.ldif
+	
+	mkdir groups
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g group.template > groups/group.copyme
+	mkdir users
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g user.template > users/user.copyme
+	mkdir hosts
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g host.template > hosts/host.copyme
+	mkdir projects
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g project.template > projects/project.copyme
+	mkdir netgroups
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g netgroup.template > netgroups/netgroup.copyme
+	mkdir aliases
+	/bin/sed s/__DOMAIN__/$(DOMAIN)/g aliases.template > aliases/aliases.copyme
+
+	mkdir template
+	mv *.template template
+	#
+	# Now start modifying LDIF's, namely DUA, proxyAgent, and mirrormode.
+	#
+
+clean-all: 
+	rm -f autofs.ldif dit-base.ldif dua.ldif proxyAgent.ldif \
+		mirrormode.ldif rbac.ldif
+	rm -rf groups users hosts projects netgroups aliases
+	mv template/*.template .
+	rmdir template
+	
+
+
+backup: 
+	mkdir backups
+	cp *.ldif backups
+
+
+addbase:
+	cp /etc/openldap/DB_CONFIG.example /var/openldap/DB_CONFIG
+	chown root:openldap /var/openldap/DB_CONFIG
+	chmod 440 /var/openldap/DB_CONFIG
+
+	slapadd -l dit-base.ldif
+	slapadd -l dua.ldif
+	slapadd -l proxyAgent.ldif
+	slapadd -l rbac.ldif
+	slapadd -l mirrormode.ldif
+	# Now add custom LDIF's, such as users, groups, hosts, projects, etc.
@@ -0,0 +1,6 @@
+dn: cn=operator,ou=aliases,__DOMAIN__
+objectClass: mailGroup
+objectClass: top
+mail: operator
+mgrpRFC822MailMember:: CXJvb3Q=
+cn: operator
@@ -0,0 +1,11 @@
+dn: automountKey=/net,automountMapName=auto_master,__DOMAIN__
+objectClass: automount
+objectClass: top
+automountKey: /net
+automountInformation: -hosts  -nosuid,nobrowse
+
+dn: automountKey=/home,automountMapName=auto_master,__DOMAIN__
+objectClass: automount
+objectClass: top
+automountKey: /home
+automountInformation: auto_home -nobrowse
@@ -0,0 +1,119 @@
+dn: __DOMAIN__
+objectClass: domain
+objectClass: top
+objectClass: nisDomainObject
+dc: __NISDC__
+nisDomain: __NISDOMAIN__
+
+## DIT Structure: ######################################
+
+dn: ou=people,__DOMAIN__
+ou: people
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=group,__DOMAIN__
+ou: group
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=rpc,__DOMAIN__
+ou: rpc
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=protocols,__DOMAIN__
+ou: protocols
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=networks,__DOMAIN__
+ou: networks
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=netgroup,__DOMAIN__
+ou: netgroup
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=aliases,__DOMAIN__
+ou: aliases
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=hosts,__DOMAIN__
+ou: hosts
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=services,__DOMAIN__
+ou: services
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=ethers,__DOMAIN__
+ou: ethers
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=profile,__DOMAIN__
+ou: profile
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=printers,__DOMAIN__
+ou: printers
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=projects,__DOMAIN__
+ou: projects
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=SolarisAuthAttr,__DOMAIN__
+ou: SolarisAuthAttr
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=SolarisProfAttr,__DOMAIN__
+ou: SolarisProfAttr
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=Timezone,__DOMAIN__
+ou: Timezone
+objectClass: top
+objectClass: organizationalUnit
+
+dn: ou=ipTnet,__DOMAIN__
+ou: ipTnet
+objectClass: top
+objectClass: organizationalUnit
+
+####### NFS AUTOMOUNT #####################################
+
+### auto_home
+dn: automountMapName=auto_home,__DOMAIN__
+automountMapName: auto_home
+objectClass: top
+objectClass: automountMap
+
+### auto_direct
+dn: automountMapName=auto_direct,__DOMAIN__
+automountMapName: auto_direct
+objectClass: top
+objectClass: automountMap
+
+### auto_master
+dn: automountMapName=auto_master,__DOMAIN__
+automountMapName: auto_master
+objectClass: top
+objectClass: automountMap
+
+### auto_shared
+dn: automountMapName=auto_shared,__DOMAIN__
+automountMapName: auto_shared
+objectClass: top
+objectClass: automountMap
@@ -0,0 +1,15 @@
+###  Used by 'ldapclient' to configure the client per RFC 2307 (DUA = Directory User Agent)
+###
+dn: cn=default,ou=profile,__DOMAIN__
+objectClass: top
+objectClass: DUAConfigProfile
+cn: default
+defaultServerList: __LDAPSERVERS__
+preferredServerList: __PREFSERVERS__
+defaultSearchBase: __DOMAIN__
+followReferrals: FALSE
+defaultSearchScope: one
+searchTimeLimit: 30
+profileTTL: 43200
+credentialLevel: proxy
+bindTimeLimit: 10
@@ -0,0 +1,8 @@
+dn: cn=family,ou=group,__DOMAIN__
+objectClass: posixGroup
+objectClass: top
+cn: family     
+gidNumber: 100 
+description: Family Group
+memberUid: benr
+memberUid: nova
@@ -0,0 +1,7 @@
+dn: cn=quadra.cuddlelabs.com+ipHostNumber=10.0.0.18,ou=Hosts,__DOMAIN__
+objectClass: ipHost
+objectClass: device
+objectClass: top
+cn: quadra.cuddlelabs.com
+cn: quadra
+ipHostNumber: 10.0.0.18
@@ -0,0 +1,7 @@
+# userPassword should match the password in slapd.conf (use "slappasswd")
+dn: cn=mirrormode,__DOMAIN__
+objectClass: top
+objectClass: person
+cn: mirrormode
+sn: mirrormode
+userPassword: __MIRRORMODE_PASS__
@@ -0,0 +1,8 @@
+dn: cn=admins,ou=netgroup,__DOMAIN__
+objectClass: nisNetgroup
+objectClass: top
+cn: admins
+nisNetgroupTriple: (machine1,user1,domain1)
+nisNetgroupTriple: (machine2,user2,domain2)
+memberNisNetgroup: anotherNetGroup
+description: Sampe Admin NetGroup
@@ -0,0 +1,26 @@
+dn: ou=policies,__DOMAIN__
+objectClass: organizationalUnit
+objectClass: top
+ou: policies
+
+dn: cn=default,ou=policies,__DOMAIN__
+cn: default
+objectClass: pwdPolicy
+objectClass: person
+objectClass: top
+pwdAllowUserChange: TRUE
+pwdAttribute: userPassword
+pwdCheckQuality: 2
+pwdExpireWarning: 600
+pwdFailureCountInterval: 30
+pwdGraceAuthNLimit: 5
+pwdInHistory: 5
+pwdLockout: TRUE
+pwdLockoutDuration: 0
+pwdMaxAge: 0
+pwdMaxFailure: 5
+pwdMinAge: 0
+pwdMinLength: 5
+pwdMustChange: FALSE
+pwdSafeModify: FALSE
+sn: PPolicy
@@ -0,0 +1,8 @@
+dn: SolarisProjectName=apache,ou=projects,__DOMAIN__
+objectClass: SolarisProject      
+objectClass: top                 
+SolarisProjectName: apache
+SolarisProjectID: 103    
+description: Apache Web Server
+SolarisProjectAttr: project.max-lwps=(priv,1000,deny);project.cpu-shares=(priv,100,none);project.cpu-cap=(priv,150,deny)
+memberUid: www  
@@ -0,0 +1,6 @@
+dn: cn=proxyagent,ou=profile,__DOMAIN__
+objectClass: top
+objectClass: person
+cn: proxyagent
+sn: proxyagent
+userPassword: __PROXYPASS__
@@ -0,0 +1,82 @@
+# Example RBAC Profile  (/etc/security/prof_attr)
+dn: cn=xVM Management,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisProfAttr
+objectClass: top
+cn: xVM Management
+SolarisAttrKeyValue: help=RtxvmMngmnt.html
+SolarisAttrLongDesc: xVM Administration
+
+# Put Primary Administrator in LDAP, just in case its not present on a nodes local file.
+dn: cn=Primary Administrator,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisProfAttr
+objectClass: top
+cn: Primary Administrator
+SolarisAttrKeyValue: auths=solaris.*,solaris.grant;help=RtPriAdmin.html
+SolarisAttrLongDesc: Can perform all administrative tasks
+
+dn: cn=Primary Administrator+SolarisKernelSecurityPolicy=suser+SolarisProfileType=cmd+SolarisProfileId=*,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisExecAttr
+objectClass: SolarisProfAttr
+objectClass: top
+cn: Primary Administrator
+SolarisKernelSecurityPolicy: suser
+SolarisProfileType: cmd
+SolarisProfileId: *
+SolarisAttrKeyValue: uid=0;gid=0
+
+# Example of a RBAC Meta-Profile (Profile of Profiles)
+dn: cn=Joyent Level 1,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisProfAttr
+objectClass: top
+cn: Joyent Level 1
+SolarisAttrKeyValue: profiles=Zone Management,xVM Administration;help=RtJoyentLvl1.html
+SolarisAttrLongDesc: Joyent General Staff
+
+dn: cn=Joyent Level 2,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisProfAttr
+objectClass: top
+cn: Joyent Level 2
+SolarisAttrKeyValue: profiles=Network Management,Network Management,Process Management,ZFS File System Management,Zone Management,Cron Management,File System Management,Maintenance and Repair,xVM Administration,Service Management;help=RtJoyentLvl2.html
+SolarisAttrLongDesc: Joyent Intermediate Engineers
+
+dn: cn=Joyent Level 3,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisProfAttr
+objectClass: top
+cn: Joyent Level 3
+SolarisAttrKeyValue: profiles=Primary Administrator;auths=solaris.*,solaris.grant;help=RtJoyentLvl2.html
+SolarisAttrLongDesc: Joyent Senior Engineers
+
+# Example of RBAC Exec (give UID=0 to "xVM Management" profile calling "xm")
+dn: cn=xVM Management+SolarisKernelSecurityPolicy=solaris+SolarisProfileType=cmd+SolarisProfileId=/usr/sbin/xm,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisExecAttr
+objectClass: SolarisProfAttr
+objectClass: top
+cn: xVM Management
+SolarisKernelSecurityPolicy: solaris
+SolarisProfileType: cmd
+SolarisProfileId: /usr/sbin/xm
+SolarisAttrKeyValue: uid=0
+
+# Example of RBAC Exec (give UID=0 to "xVM Management" profile calling "virsh")
+dn: cn=xVM Management+SolarisKernelSecurityPolicy=solaris+SolarisProfileType=cmd+SolarisProfileId=/bin/virsh,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisExecAttr
+objectClass: SolarisProfAttr
+objectClass: top
+cn: xVM Management
+SolarisKernelSecurityPolicy: solaris
+SolarisProfileType: cmd
+SolarisProfileId: /bin/virsh
+SolarisAttrKeyValue: uid=0
+
+# Example of RBAC Exec (give UID=0 to "xVM Management" profile calling "virt-install")
+dn: cn=xVM Management+SolarisKernelSecurityPolicy=solaris+SolarisProfileType=cmd+SolarisProfileId=/bin/virt-install,ou=SolarisProfAttr,__DOMAIN__
+objectClass: SolarisExecAttr
+objectClass: SolarisProfAttr
+objectClass: top
+cn: xVM Management
+SolarisKernelSecurityPolicy: solaris
+SolarisProfileType: cmd
+SolarisProfileId: /bin/virt-install
+SolarisAttrKeyValue: uid=0
+
+