Skip to content

Commit

Permalink
Merge branch 'ODN_v1.0.3'
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterklimo
peterklimo committed Jun 16, 2015
2 parents 99126f5 + 1ed9a12 commit eb75cf1
Show file tree
Hide file tree
Showing 16 changed files with 1,243 additions and 110 deletions.
8 changes: 1 addition & 7 deletions cas.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ host.name=cas01.example.org
#
# log4j refresh interval in millis
# log4j.refresh.interval=60000

log4j.config.location=file:/etc/odn-cas/log4j2.xml
##
# Password Policy
#
Expand Down Expand Up @@ -187,12 +187,6 @@ ldap.useStartTLS=false
# Base DN of users to be authenticated
ldap.authn.baseDn=ou=people,dc=opendata,dc=org

# Manager DN for authenticated searches
ldap.authn.managerDN=uid=idm,ou=Administrators,dc=opendata,dc=org

# Manager password for authenticated searches
ldap.authn.managerPassword=secret

# Search filter used for configurations that require searching for DNs
#ldap.authn.searchFilter=(&(uid={user})(accountState=active))
ldap.authn.searchFilter=(uid={user})
Expand Down
73 changes: 73 additions & 0 deletions log4j2.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="UTF-8" ?>

<!--
Licensed to Apereo under one or more contributor license
agreements. See the NOTICE file distributed with this work
for additional information regarding copyright ownership.
Apereo licenses this file to you under the Apache License,
Version 2.0 (the "License"); you may not use this file
except in compliance with the License. You may obtain a
copy of the License at the following location:
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->

<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="60">
<Appenders>
<Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
</Console>
<RollingFile name="file" fileName="/var/log/odn-cas/cas.log" append="true"
filePattern="/var/log/odn-cas/cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="perfFileAppender" fileName="/var/log/odn-cas/perfStats.log" append="true"
filePattern="/var/log/odn-cas/perfStats-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
</Appenders>
<Loggers>
<Logger name="org.jasig" level="info" additivity="false">
<AppenderRef ref="console"/>
<AppenderRef ref="file"/>
</Logger>
<Logger name="org.springframework" level="warn" />
<Logger name="org.springframework.webflow" level="warn" />
<Logger name="org.springframework.web" level="warn" />
<Logger name="org.springframework.security" level="warn" />

<Logger name="perfStatsLogger" level="info" additivity="false">
<AppenderRef ref="perfFileAppender"/>
</Logger>

<Logger name="org.jasig.cas.web.flow" level="info" additivity="true">
<AppenderRef ref="file"/>
</Logger>
<Logger name="org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager" level="info">
<AppenderRef ref="file"/>
</Logger>
<Root level="error">
<AppenderRef ref="console"/>
</Root>
</Loggers>
</Configuration>
49 changes: 20 additions & 29 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<groupId>sk.eea.edem</groupId>
<artifactId>odn-cas-overlay</artifactId>
<packaging>war</packaging>
<version>1.0.2</version>
<version>1.0.3</version>

<build>
<plugins>
Expand Down Expand Up @@ -65,24 +65,12 @@
<prefix>/etc</prefix>
</mapper>
</data>
<!-- data>
<src>${basedir}/src/deb/var/lib/midpoint.home</src>
<type>directory</type>
<mapper>
<type>perm</type>
<prefix>/var/lib/midpoint.home</prefix>
<user>odn-midpoint</user>
<group>odn-midpoint</group>
</mapper>
</data -->
<data>
<src>${basedir}/src/deb/usr/share/odn-cas</src>
<type>directory</type>
<mapper>
<type>perm</type>
<prefix>/usr/share/odn-cas</prefix>
<user>odn-midpoint</user>
<group>odn-midpoint</group>
</mapper>
</data>
<data>
Expand All @@ -91,11 +79,11 @@
<path>/var/cache/odn-cas/</path>
<path>/var/log/odn-cas/</path>
<path>/var/tmp/odn-cas</path>
<path>/etc/odn-cas/ssl/certs</path>
<path>/etc/odn-cas/ssl/private</path>
</paths>
<mapper>
<type>perm</type>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -105,19 +93,24 @@
<symlink>true</symlink>
<mapper>
<type>perm</type>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
<type>link</type>
<linkName>/usr/local/share/ca-certificates/odn-cert.crt</linkName>
<linkTarget>/etc/odn-cas/ssl/certs/odn-cert.pem</linkTarget>
<symlink>true</symlink>
<mapper>
<type>perm</type>
</mapper>
</data>
<data>
<type>link</type>
<linkName>/usr/share/odn-cas/work</linkName>
<linkTarget>/var/cache/odn-cas/</linkTarget>
<symlink>true</symlink>
<mapper>
<type>perm</type>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -127,8 +120,6 @@
<symlink>true</symlink>
<mapper>
<type>perm</type>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -137,8 +128,6 @@
<mapper>
<type>perm</type>
<prefix>/usr/share/odn-cas/webapps/cas</prefix>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -147,8 +136,6 @@
<mapper>
<type>perm</type>
<prefix>/usr/share/odn-simple/ldap</prefix>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -157,8 +144,6 @@
<mapper>
<type>perm</type>
<prefix>/etc/odn-simple/ldap</prefix>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
Expand All @@ -167,10 +152,16 @@
<mapper>
<type>perm</type>
<prefix>/etc/odn-cas</prefix>
<user>odn-cas</user>
<group>odn-cas</group>
</mapper>
</data>
<data>
<src>${project.basedir}/log4j2.xml</src>
<type>file</type>
<mapper>
<type>perm</type>
<prefix>/etc/odn-cas</prefix>
</mapper>
</data>
</dataSet>
</configuration>
</execution>
Expand Down
67 changes: 44 additions & 23 deletions src/deb/control/postinst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,10 @@ create_user() {

fix_perms() {
chmod +x /etc/init.d/odn-cas
chown odn-cas /var/cache/odn-cas
chown odn-cas /var/tmp/odn-cas
chown odn-cas /var/log/odn-cas
chown odn-cas -R /var/cache/odn-cas
chown odn-cas -R /var/tmp/odn-cas
chown odn-cas -R /var/log/odn-cas
chown odn-cas -R /usr/share/odn-cas
}

service_start() {
Expand All @@ -41,6 +42,15 @@ service_start() {
fi
}

service_slapd_restart() {
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d slapd restart || true
else
service slapd restart || true
fi
}


get_hostname() {
HOSTNAME=`hostname --all-fqdns`
if [ -z ${HOSTNAME} ]
Expand All @@ -62,28 +72,20 @@ generate_keystore() {
echo ">> generate_keystore"

HOSTNAME=$(get_hostname)

CERTS_PATH=/etc/odn-cas/ssl/certs
PRIVATE_PATH=/etc/odn-cas/ssl/private
KEYSTORE_NAME=/usr/share/odn-cas/conf/.keystore
KEYSTORE_PASSWORD="changeit"
PRIVATEKEY_PASS="changeit"
DAYS_VALID=730

CERTS_PATH=/usr/local/share/ca-certificates/$HOSTNAME
if [ ! -d $CERTS_PATH ] ; then
mkdir $CERTS_PATH

openssl req -x509 -days $DAYS_VALID -newkey rsa:2048 -keyout servicekey.pem -out servicecert.pem -passout pass:$KEYSTORE_PASSWORD -subj '/CN='${HOSTNAME}''
openssl pkcs12 -export -inkey servicekey.pem -in servicecert.pem -out service.p12 -name tomcat -passin pass:$KEYSTORE_PASSWORD -passout pass:$PRIVATEKEY_PASS
keytool -importkeystore -destkeystore $KEYSTORE_NAME -deststorepass $KEYSTORE_PASSWORD -deststoretype jks -srckeystore service.p12 -srcstorepass $PRIVATEKEY_PASS -srcstoretype pkcs12
keytool -export -storepass $KEYSTORE_PASSWORD -keystore /usr/share/odn-cas/conf/.keystore -alias tomcat -file $CERTS_PATH/export.crt
rm *.pem *.p12

update-ca-certificates
echo "keystore created"
else
echo "keystore has already been set"
fi

openssl req -x509 -days $DAYS_VALID -newkey rsa:2048 -keyout $PRIVATE_PATH/odn-key.pem -out $CERTS_PATH/odn-cert.pem -passout pass:$KEYSTORE_PASSWORD -subj '/CN='${HOSTNAME}'' -nodes
openssl pkcs12 -export -inkey $PRIVATE_PATH/odn-key.pem -in $CERTS_PATH/odn-cert.pem -out $CERTS_PATH/service.p12 -name tomcat -passin pass:$KEYSTORE_PASSWORD -passout pass:$PRIVATEKEY_PASS
keytool -importkeystore -destkeystore $KEYSTORE_NAME -deststorepass $KEYSTORE_PASSWORD -deststoretype jks -srckeystore $CERTS_PATH/service.p12 -srcstorepass $PRIVATEKEY_PASS -srcstoretype pkcs12 -noprompt

update-ca-certificates
echo "keystore created"

echo "<< generate_keystore"
}

Expand All @@ -94,8 +96,10 @@ set_ldap_evolveum() {
chmod +x /usr/share/odn-cas/bin/ldapgenerate
chmod +x /usr/share/odn-cas/bin/slapdconf
chmod +x /usr/share/odn-cas/bin/slapdadm
chmod +x /usr/share/odn-cas/bin/ldaptest
chmod +x /usr/share/odn-cas/bin/ldaptest
chmod +x /usr/share/odn-cas/bin/schema2ldif

CONFIG=/etc/default/slapd
LDAP_DB_PATH=/var/lib/ldap_odn

if [ ! -d $LDAP_DB_PATH ]; then
Expand All @@ -111,22 +115,39 @@ set_ldap_evolveum() {

/usr/share/odn-cas/bin/ldapgenerate -D cn=admin,$TREE -w admin -i -s dc=opendata,dc=org

/usr/share/odn-cas/bin/slapdconf add-schema --dbDir $LDAP_DB_PATH --rootPassword admin -f /etc/ldap/schema/midpoint.schema

ldapadd -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/admin.ldif
ldapmodify -Y EXTERNAL -H ldapi:/// -f /usr/share/odn-simple/ldap/acl.ldif
echo "ldap user for IDM created"
echo "ldap user for IDM created"

else
# set slapd to running on 127.0.0.1
echo "ldap has already been set"
fi

if grep -q "^SLAPD_SERVICES=\"ldap://127.0.0.1:389/" $CONFIG ; then
echo "slapd has already been set to running on localhost port"
else
sed -i "s/^SLAPD_SERVICES.*/SLAPD_SERVICES=\"ldap:\/\/127.0.0.1:389\/\/ ldapi:\/\/\/\"/" $CONFIG
fi

service_slapd_restart

echo "<< set_ldap"
}

case "$1" in
configure)
VERSION="$2"
create_user
fix_perms
set_ldap_evolveum
generate_keystore
# if not upgrade or version = 1.0.2
if [ "${VERSION}" = "" ] || [ "${VERSION}" = "1.0.2" ] ; then
generate_keystore
fi

service_start
;;

Expand Down
2 changes: 1 addition & 1 deletion src/deb/control/postrm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ case "$1" in

# reload default slapd configuration
if [ -x "/etc/init.d/slapd" ]; then
invoke-rc.d slapd start || true
invoke-rc.d slapd restart || true
fi

# clean cert
Expand Down
Loading

0 comments on commit eb75cf1

Please sign in to comment.