Introduction

In this How-To, we will demonstrate several useful scripts for WebADM and explain how to use them.

WebADM Utilities location

Some scripts are available in:

[root@webadm]# cd /opt/webadm/bin/
[root@webadm bin]# ll
total 152
-rwxr-xr-x 1 root root  1809 11 oct.  15:35 backup
-rwxr-xr-x 1 root root  6807 11 oct.  15:35 dbprune
-rwxr-xr-x 1 root root 11215 11 oct.  15:35 encrypt
-rwxr-xr-x 1 root root 10837 11 oct.  15:35 extend
-rwxr-xr-x 1 root root  4442 11 oct.  15:35 pwcrypt
-rwxr-xr-x 1 root root   837 11 oct.  15:35 restore
-rwxr-xr-x 1 root root 17177 11 oct.  15:35 setup
-rwxr-xr-x 1 root root 12626 11 oct.  15:35 verify
-rwxr-xr-x 1 root root 12186 11 oct.  15:35 webadm
-rwxr-xr-x 1 root root 56456 11 oct.  15:35 yubihsm

Additional scripts are available at:

[root@webadm]# cd /opt/webadm/doc/scripts
[root@webadm]# ll
total 20
-rwxr-xr-x 1 root root  787 11 oct.  19:46 backup_all
-rwxr-xr-x 1 root root 4633 11 oct.  19:46 create_cert
-rwxr-xr-x 1 root root  379 11 oct.  19:46 create_mysqldb
-rwxr-xr-x 1 root root 1655 11 oct.  19:46 repair_perms

backup

This script backs up the WebADM configuration files.

[root@webadm bin]# ./backup 
Usage: ./backup [-f] <BACKUP_FILE>
[root@webadm bin]# ./backup -f mybackup
Adding conf/webadm.conf... Ok
Adding conf/rsignd.conf... Ok
Adding conf/objects.xml... Ok
Adding conf/servers.xml... Ok
Adding pki... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/license.key... Ok
Adding conf/webadm.env... Ok
Adding conf/custom.crt... Ok
Adding conf/custom.key... Ok
Adding websrvs/smshub/smsc/custom1.php... Ok
Adding websrvs/smshub/smsc/custom2.php... Ok
Adding websrvs/smshub/smsc/custom3.php... Ok
Adding websrvs/smshub/smsc/custom4.php... Ok
Compressing backup file... Ok

WebADM backup created in mybackup.gz

Once the backup file is created, you can use the restore script to restore your WebADM configuration.

restore

Once you have created your backup archive, you can use the restore script to restore your WebADM configuration.

[root@webadm bin]# ./restore 
Usage: ./restore <BACKUP_FILE>
[root@webadm tmp]# /opt/webadm/bin/restore mybackup.gz 
Are you sure you want to restore WebADM (y/n)? y
Unpacking backup files... Ok
Checking system architecture...Ok
Setting file permissions... Ok
Adding system user to dialout group... Ok
Adding systemd service... Ok
Adding logrotate scripts... Ok
WebADM has successfully been setup.

WebADM backup restored from mybackup.gz

dbprune

This script allows you to remove DB logs entries older than the specified time passed as a parameter.

[root@webadm bin]# ./dbprune 
Usage: dbprune [-y] [-t <prune time>] TABLE1 [TABLE2] ... [TABLEX]
Table 1..X is a list of WebADM SQL tables within Admin, Manag, Webapp, Websrv, Alert and Record.
Options:
  -y : Do not prompt for validation (to be used with cron jobs).
  -t <prune time> : Max age of SQL data retention in the form n[dmy] (ex. 1m for one month).
                    If no prune time is defined, the default pruning time is 3 month.

In my example, I remove DB logs entries older than one day:

[root@webadm bin]# ./dbprune -t 1d -y Websrv
Pruning log event older than 1 day in WebSrv SQL table... Ok

encrypt

This script allows you to encrypt, decrypt, and re-encrypt user metadata (WebADM metadata stored in user accounts in LDAP or SQL, depending on the configured datastore).

[root@webadm bin]# ./encrypt 
Usage: encrypt [-e | -d |-r] [-y] [-t] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP users will be updated.
Options:
  -e : Encrypt user data
  -d : Decrypt user data (not available with HSM encryption)
  -r : Recrypt user data
  -y : Do not prompt for validation (to be used with cron jobs).
  -t : Only list users to be updated but do not update (testing mode).
  -f <search filter> : Use a custom LDAP search filter.
  -c <search base> : Use a custom LDAP search base (can be used without domain list).
If no search filter is specified then any user object found in the domain(s) and which
includes the webadmAccount LDAP extension will be updated.
[root@webadm bin]# ./encrypt -d -f \(objectclass=webadmaccount\) rcdevs
This script will help you manage the WebADM user data encryption for the
LDAP users in the provided WebADM Domain(s). Using the script you can:
1) Review user data encryption.
2) Decrypt user data (-d option - not available with HSM encryption).
3) Encrypt user data (-e option).
4) Recrypt user data (-r option).
WebADM always uses the first configured encrypt_key to encrypt user data.
If you want to change the default encrypt_key then set the new key first.

Are you sure you want to update user data (y/n)? y

Entering Domain rcdevs (dc=rcdevs,dc=com).
Decrypting user data for CN=Administrateur,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=YO_AD-DC,OU=Domain Controllers,DC=rcdevs,DC=com (ignoring)
No user data found for CN=krbtgt,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=YO_DC,OU=Domain Controllers,DC=rcdevs,DC=com (ignoring)
No user data found for CN=Web ADM,OU=Services,DC=rcdevs,DC=com (ignoring)
No user data found for CN=push user,OU=Utils,DC=rcdevs,DC=com (ignoring)
No user data found for CN=scope,OU=TestScope,DC=rcdevs,DC=com (ignoring)
No user data found for CN=scope2,OU=testscope2,OU=TestScope,DC=rcdevs,DC=com (ignoring)
No user data found for CN=proxyuser,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=adfs user,CN=Users,DC=rcdevs,DC=com (ignoring)
Decrypting user data for CN=vagrant,CN=Users,DC=rcdevs,DC=com... Ok
Decrypting user data for CN=yoann,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=test@test,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=ff,OU=ADFS,DC=rcdevs,DC=com (ignoring)
Decrypting user data for CN=webmaster,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=OracleGuest,CN=Users,DC=rcdevs,DC=com (ignoring)
Decrypting user data for CN=perttu,CN=Users,DC=rcdevs,DC=com... Ok
Decrypting user data for CN=Admin,OU=localuser,DC=rcdevs,DC=com... Ok
Decrypting user data for CN=testadfs,CN=Users,DC=rcdevs,DC=com... Ok
Decrypting user data for CN=user,CN=Users,DC=rcdevs,DC=com... Ok
Decrypting user data for CN=administrator,OU=localuser,DC=rcdevs,DC=com... Ok

Updated 9 LDAP users in 0 seconds (0 errors).

User data is now decrypted. We will now attempt to encrypt it again:

[root@webadm bin]# ./encrypt -r -f \(objectclass=webadmaccount\) rcdevs
This script will help you manage the WebADM user data encryption for the
LDAP users in the provided WebADM Domain(s). Using the script you can:
1) Review user data encryption.
2) Decrypt user data (-d option - not available with HSM encryption).
3) Encrypt user data (-e option).
4) Recrypt user data (-r option).
WebADM always uses the first configured encrypt_key to encrypt user data.
If you want to change the default encrypt_key then set the new key first.

Are you sure you want to update user data (y/n)? y
Entering Domain rcdevs (dc=rcdevs,dc=com).
Re-encrypting user data for CN=Administrateur,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=YO_AD-DC,OU=Domain Controllers,DC=rcdevs,DC=com (ignoring)
No user data found for CN=krbtgt,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=YO_DC,OU=Domain Controllers,DC=rcdevs,DC=com (ignoring)
No user data found for CN=Web ADM,OU=Services,DC=rcdevs,DC=com (ignoring)
No user data found for CN=push user,OU=Utils,DC=rcdevs,DC=com (ignoring)
No user data found for CN=scope,OU=TestScope,DC=rcdevs,DC=com (ignoring)
No user data found for CN=scope2,OU=testscope2,OU=TestScope,DC=rcdevs,DC=com (ignoring)
No user data found for CN=proxyuser,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=adfs user,CN=Users,DC=rcdevs,DC=com (ignoring)
Re-encrypting user data for CN=vagrant,CN=Users,DC=rcdevs,DC=com... Ok
Re-encrypting user data for CN=yoann,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=test@test,CN=Users,DC=rcdevs,DC=com (ignoring)
No user data found for CN=ff,OU=ADFS,DC=rcdevs,DC=com (ignoring)
Re-encrypting user data for CN=webmaster,CN=Users,DC=rcdevs,DC=com... Ok
No user data found for CN=OracleGuest,CN=Users,DC=rcdevs,DC=com (ignoring)
Re-encrypting user data for CN=perttu,CN=Users,DC=rcdevs,DC=com... Ok
Re-encrypting user data for CN=Admin,OU=localuser,DC=rcdevs,DC=com... Ok
Re-encrypting user data for CN=testadfs,CN=Users,DC=rcdevs,DC=com... Ok
Re-encrypting user data for CN=user,CN=Users,DC=rcdevs,DC=com... Ok
Re-encrypting user data for CN=administrator,OU=localuser,DC=rcdevs,DC=com... Ok

Updated 9 LDAP users in 0 seconds (0 errors).

Data is now encrypted.

extend

User activation and extension can be performed using this script. The usage is similar to the encrypt script.

[root@webadm bin]# ./extend 
Usage: extend [-y] [-t] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP users will be extended.
Options:
  -y : Do not prompt for validation (to be used with cron jobs).
  -t : Only list users to be extended but do not extend (testing mode).
  -u : Un-extend users (remove the webadmAccount objectclass and attributes).
  -f <search filter> : Use a custom LDAP search filter.
  -c <search base> : Use a custom LDAP search base (can be used without domain list).
  -g <group DN> : Extend only users which are members of the group.
If no search filter is defined, all user objects without the webadmAccount
extension will be extended.

This time, I use the -t option to list the accounts that will be extended if the request is performed.

[root@webadm bin]# ./extend -t -f \(objectclass=user\) rcdevs
This script will activate all your LDAP users in the provided Domain(s)
by automatically adding the webadmAccount LDAP objectclass.
Once extended, a user is activated for use with WebADM applications
and it is accounted in the WebADM lincensing and user limit checks.

Are you sure you want to extend users (y/n)? y
Entering Domain rcdevs (cn=users,dc=rcdevs,dc=com).
User CN=yoann,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=test@test,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=Administrateur,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=Invité,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=webmaster,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=OracleGuest,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=perttu,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=test1,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=krbtgt,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=testadfs,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=user,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=proxyuser,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=adfs user,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=vagrant,CN=Users,DC=rcdevs,DC=com will be extended.

Found 14 LDAP users to be extended in 0 seconds.

To remove the WebADM account extension in the same way, add the -u option:

[root@webadm bin]# ./extend -t -u -f \(objectclass=webadmAccount\) rcdevs
This script will activate all your LDAP users in the provided Domain(s)
by automatically adding the webadmAccount LDAP objectclass.
Once extended, a user is activated for use with WebADM applications
and it is accounted in the WebADM lincensing and user limit checks.

Are you sure you want to extend users (y/n)? y
Entering Domain rcdevs (cn=users,dc=rcdevs,dc=com).
User CN=yoann,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=test@test,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=Administrateur,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=webmaster,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=OracleGuest,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=perttu,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=krbtgt,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=testadfs,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=user,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=proxyuser,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=adfs user,CN=Users,DC=rcdevs,DC=com will be extended.
User CN=vagrant,CN=Users,DC=rcdevs,DC=com will be extended.

Found 12 LDAP users to be extended in 0 seconds.

pwcrypt

This script encrypts sensitive WebADM configuration settings such as user passwords and encryption keys. It also replaces cleartext passwords and keys with encrypted values in webadm.conf and servers.xml.

This feature requires an Enterprise License, and the encryption mechanism is tied to secret data in your encoded license file. Start by encrypting the WebADM Encryption Key, as it is crucial for protecting your seeds as well.

[root@webadm scripts]#./pwcrypt 
Usage: pwcrypt [-p] SECRET
Options:
  -p : Secret is prompted (secret argument is omitted)
Argument is the secret value to be encrypted for use in your config files.
The maximum password or secret length is 250 characters.
[root@webadm bin]# ./pwcrypt -p
This script allows to encrypt some sensitive WebADM configuration settings
like user passwords and encryption keys. You can also replace the cleartext
passwords and keys with encrypted values in webadm.conf and servers.xml.

Secret: ********
Encrypted: {wcrypt}9k7vvgQQk/XoyNyPISPBSw==

For example:

-bash-4.2#/opt/webadm/bin/pwcrypt -p
This script allows to encrypt some sensitive WebADM configuration settings
like user passwords and encryption keys. You can also replace the cleartext
passwords and keys with encrypted values in webadm.conf and servers.xml.

Secret: ****************
Encrypted: {wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc=

-bash-4.2# vi /opt/webadm/conf/rsignd.conf
#
# WebADM PKI Server Configuration
#
...
#
# Client sections
#
# Declare here the Rsign clients with IP addresses or hostnames.
# In cluster mode, the client WebADM server(s) must be defined here!

client {
 hostname localhost
 secret {wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc=
}

-bash-4.2#  vi /opt/webadm/conf/servers.xml
<?xml version="1.0" encoding="UTF-8" ?>

<Servers>

<!--
******************************************
***  WebADM Remote Server Connections  ***
******************************************
...

<!--
A PKI server (or CA) is required for signing user certificates.
The RSign PKI server is included in WebADM. So you can keep the
default settings here.
-->

<PkiServer name="PKI Server"
	host="192.168.3.80"
	port="5000"
	secret="{wcrypt}Ucw4WJir9VGFzeKoTdYkOWAkO/kXIHSlkl655RyGHJc="
	ca_file="" />
	
-bash-4.2# /opt/webadm/bin/webadm restart

setup

This script is used for the initial setup of WebADM and can be reused at any time if needed.

[root@webadm bin]# ./setup

Simply follow the setup script. Ensure that WebADM services are stopped before running the setup script.

verify

This script performs checks, such as verifying if user metadata is encrypted and if passwords or certificates are expired.

[root@webadm bin]# ./verify
Usage: verify [-y] [-f <search filter>] DOMAIN1 [DOMAIN2] ... [DOMAINX]
Domain 1..X is a list of WebADM Domains where LDAP objects will be verified.
Options:
  -y : Do not prompt for validation (to be used with cron jobs).
  -f <search filter> : Use a custom LDAP search filter.
  -c <search base> : Use a custom LDAP search base (can be used without domain list).
If no search filter is defined, all user and group objects will be verified.

Here, we perform verification for the domain rcdevs:

[root@webadm bin]# ./verify rcdevs
This script will verify the consistency of your LDAP users and groups in the
provided Domain(s). WebADM LDAP attributes and certificates will be analysed.

Are you sure you want to verify objects (y/n)? y
Entering Domain rcdevs (cn=users,dc=rcdevs,dc=com).
Checking WebADM account CN=yoann,CN=Users,DC=rcdevs,DC=com...
 > WebADM Settings are valid: Yes
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Expires in 190 days!
Checking WebADM account CN=test@test,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Expires in 21 days!
Checking WebADM account CN=Administrateur,CN=Users,DC=rcdevs,DC=com...
 > WebADM Data are valid: Yes (encrypted)
 > Login certificates (1):
   - /description=USER/CN=rcdevs\administrateur/UID=administrateur/DC=rcdevs/emailAddress=support@compagny.com: Valid (expires in 208 days)
 > Password expiration: Never expires
Checking user CN=Invité,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Never expires
Checking WebADM group CN=WinRMRemoteWMIUsers__,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=master,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking WebADM account CN=webmaster,CN=Users,DC=rcdevs,DC=com...
 > WebADM Settings are valid: Yes
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Expires in 88 days!
Checking WebADM account CN=OracleGuest,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Expires in 60 days!
Checking WebADM account CN=perttu,CN=Users,DC=rcdevs,DC=com...
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Expires in 190 days!
Checking WebADM group CN=ITWeb,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (2 members)
Checking user CN=test1,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Expires in 131 days!
Checking WebADM account CN=krbtgt,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Already expired
Checking WebADM group CN=Ordinateurs du domaine,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=Contrôleurs de domaine,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=Administrateurs du schéma,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking WebADM group CN=Administrateurs de l’entreprise,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking group CN=Éditeurs de certificats,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking WebADM group CN=Admins du domaine,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (4 members)
Checking WebADM group CN=domain admins,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking WebADM group CN=Utilisateurs du domaine,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking group CN=Invités du domaine,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM account CN=testadfs,CN=Users,DC=rcdevs,DC=com...
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Expires in 158 days!
Checking WebADM group CN=Propriétaires créateurs de la stratégie de groupe,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (1 members)
Checking WebADM group CN=Serveurs RAS et IAS,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM account CN=user,CN=Users,DC=rcdevs,DC=com...
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Expires in 165 days!
Checking WebADM group CN=Groupe de réplication dont le mot de passe RODC est autorisé,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=Groupe de réplication dont le mot de passe RODC est refusé,CN=Users,DC=rcdevs,DC=com...
 > Contains members: Yes (8 members)
Checking group CN=Contrôleurs de domaine en lecture seule,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=Contrôleurs de domaine d’entreprise en lecture seule,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=Contrôleurs de domaine clonables,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking group CN=Protected Users,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking group CN=gpWebADM,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=DnsAdmins,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM group CN=DnsUpdateProxy,CN=Users,DC=rcdevs,DC=com...
 > Contains members: No
Checking WebADM account CN=proxyuser,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Never expires
Checking WebADM account CN=adfs user,CN=Users,DC=rcdevs,DC=com...
 > Password expiration: Never expires
Checking WebADM account CN=vagrant,CN=Users,DC=rcdevs,DC=com...
 > WebADM Settings are valid: Yes
 > WebADM Data are valid: Yes (encrypted)
 > Password expiration: Never expires

Verified 37 LDAP objects in 0 seconds (14 errors).

webadm

This binary is used to start, stop, and restart WebADM services. It can also check the status, version, and updates.

[root@webadm bin]# ./webadm 
Usage: ./webadm {start|stop|restart|status|version|update}
    start|stop|restart: start, stop and restart WebADM
    status: check the running status of WebADM
    version: display WebADM version information
    update: check if there is an update available online
[root@webadm scripts]#webadm bin]# ./webadm status 
WebADM HTTP server is running with PID 84199.
WebADM Watchd server is running with PID 84194.
WebADM Session server is running with PID 84185.
WebADM PKI server is running with PID 84192.
[root@webadm bin]# ./webadm version
RCDevs WebADM version 1.6.8 (64bit) built October 8 2018

yubihsm

This script can be used only if you have an HSM plugged in and configured with WebADM. It displays the HSM status, the number of HSMs connected to WebADM servers, and their serial numbers.

[root@webadm scripts]# /opt/webadm/bin/yubihsm 

YubiHSM Unlocker tool version 1.4.3 (382c1ecf4eb60dae767412e424d001cd87ea947e)
Copyright (c) 2010-2017 RCDevs SA, All rights reserved.

Found 1 HSM device:
1) YubiHSM N° 8D9626675057: UNLOCKED

backup_all

The backup_all script is similar to the previous backup script but also includes other RCDevs products installed under the /opt/ folder.

[root@webadm scripts]# ./backup_all backup
Starting full backup
Are you sure you want to backup OpenOTP LDAP Bridge (y/n)? y
Adding conf/ldproxy.conf... Ok
Adding conf/ldproxy.crt... Ok
Adding conf/ldproxy.key... Ok
Adding temp... Ok
Adding logs... Ok
Adding conf/ldproxy.csr... Missing
Adding conf/ldproxy.env... Missing
Compressing backup file... Ok

OpenOTP LDAP Bridge backup created in /tmp/ldproxy.bkp.gz

Are you sure you want to backup OpenOTP RADIUS Bridge (y/n)? y
Adding conf/clients.conf... Ok
Adding conf/radiusd.conf... Ok
Adding conf/radiusd.crt... Ok
Adding conf/radiusd.key... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/radiusd.csr... Missing
Adding conf/radiusd.env... Missing
Compressing backup file... Ok

OpenOTP RADIUS Bridge backup created in /tmp/radiusd.bkp.gz

Are you sure you want to backup WebADM (y/n)? y
Adding conf/webadm.conf... Ok
Adding conf/rsignd.conf... Ok
Adding conf/objects.xml... Ok
Adding conf/servers.xml... Ok
Adding pki... Ok
Adding logs... Ok
Adding temp... Ok
Adding conf/license.key... Ok
Adding conf/webadm.env... Ok
Adding conf/custom.crt... Missing
Adding conf/custom.key... Missing
Adding websrvs/smshub/smsc/custom1.php... Ok
Adding websrvs/smshub/smsc/custom2.php... Ok
Adding websrvs/smshub/smsc/custom3.php... Ok
Adding websrvs/smshub/smsc/custom4.php... Ok
Compressing backup file... Ok

WebADM backup created in /tmp/webadm.bkp.gz

Compressing backup file... Ok
Backup created in backup.gz

create_cert

This script generates a new Certificate Signing Request (CSR) and submits it to the Rsignd service for signing. Once signed, the certificate is updated on the file system, and the WebADM service needs to be restarted.

[root@webadm scripts]# ./create_cert 
Enter the server fully qualified host name (FQDN): webadm.rcdevs.com
Generating HTTP server private key... Ok
Creating HTTP server certificate request... Ok
Signing HTTP server certificate with WebADM CA... Ok
WebADM HTTP certificate successfully updated.
Do you want to restart WebADM (y/n)? y
Stopping WebADM HTTP server... Ok
Stopping WebADM Watchd server.......... Ok
Stopping WebADM Session server... Ok
Checking libudev dependency... Ok
Checking system architecture... Ok
Checking server configurations... Ok

Found Trial Enterprise license (RCDEVSSUPPORT)
Licensed by RCDevs SA to RCDevs Support
Licensed product(s): OpenOTP

Starting WebADM Session server... Ok
Starting WebADM PKI server... Ok
Starting WebADM Watchd server... Ok
Starting WebADM HTTP server... Ok

Checking server connections. Please wait... 
Connected LDAP server: YO_AD-DC (192.168.3.50)
Connected SQL server: SQL Server (192.168.3.58)
Connected PKI server: PKI Server (127.0.0.1)
Connected Mail server: SMTP Server (78.141.172.203)
Connected Push server: Push Server (91.134.128.157)
Connected Session server: Session Server (127.0.0.1)
Connected License server: License Server (91.134.128.157)

Checking LDAP proxy user access... Ok
Checking SQL database access... Ok
Checking PKI service access... Ok
Checking Mail service access... Ok
Checking Push service access... Ok

create_mysqldb

This script creates the database, user, and password, and sets the appropriate rights for the user created on the database for WebADM. Note that MySQL packages should be installed before running this script. You can edit the script to change the database name, username, and password. By default, these three values are set to "webadm."

[root@webadm scripts]# cat create_mysqldb 
#!/bin/bash
# This SQL script initializes the WebADM database on a MySQL Server

DATABASE="webadm"
USERNAME="webadm"
PASSWORD="webadm"

Q1="create database if not exists $DATABASE;"
Q2="grant usage on $DATABASE.* to $USERNAME@localhost identified by '$PASSWORD';"
Q3="grant all privileges on $DATABASE.* to $USERNAME@localhost;"
SQL="${Q1}${Q2}${Q3}"

mysql -u root -p -e "$SQL"

To execute this script:

[root@webadm scripts]# ./create_mysqldb 

repair_perms

This script can be run to repair permissions on WebADM configuration files.

[root@webadm1 scripts]# ./repair_perms 
Resetting WebADM file permissions... Ok