Technologies informatiques,
Recherche et développement

Ceci est une ancienne révision du document !

---

[page en cours, broullion]

Ref: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-ubuntu-16-04

apt update && apt-upgrade -y

wget http://ftp.fr.debian.org/debian/pool/main/p/phpldapadmin/phpldapadmin_1.2.2-6.3_all.deb
dpkg -i phpldapadmin_1.2.2-6.3_all.deb 
# (answer questions here)

vi /etc/phpldapadmin/config.php
# $servers->setValue('server','base',array('dc=tecrd,dc=com'));
# ​$servers->setValue('login','bind_id','cn=admin,dc=tecrd,dc=com');

# Setup letsencrypt
apt install snapd
snap install core
snap refresh core

snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
certbot --apache
# (answer questions here)

[[ $(ldapwhoami -H ldap:// -x) = 'anonymous' ]] && echo 'ALL OK SO FAR'

Build /usr/local/bin/ldap_renew_cert.sh:

#!/bin/sh
 
SITE=tools.tecrd.com
 
# move to the correct let's encrypt directory
cd /etc/letsencrypt/live/$SITE
 
# copy the files
cp cert.pem /etc/ssl/certs/$SITE.cert.pem
cp fullchain.pem /etc/ssl/certs/$SITE.fullchain.pem
cp privkey.pem /etc/ssl/private/$SITE.privkey.pem
 
# adjust permissions of the private key
chown :ssl-cert /etc/ssl/private/$SITE.privkey.pem
chmod 640 /etc/ssl/private/$SITE.privkey.pem
 
# restart slapd to load new certificates
systemctl restart slapd

### ./systemd/system/snap.certbot.renew.service

systemctl list-timers snap.certbot.renew.timer

--post-hook /usr/local/bin/ldap_renew_cert.sh
Better:
--deploy-hook /usr/local/bin/ldap_renew_cert.sh

ExecStart=/usr/bin/snap run --timer="00:00~24:00/2" certbot.renew