175 lines
5.8 KiB
Bash
175 lines
5.8 KiB
Bash
#! /bin/bash
|
|
# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
|
|
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
|
|
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# Author: Carsten Hoeger
|
|
# Ralf Haferkamp
|
|
#
|
|
|
|
test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
|
|
|
|
SLAPD_BIN=/usr/sbin/slapd
|
|
LDAP_URLS=""
|
|
LDAPS_URLS=""
|
|
LDAPI_URLS=""
|
|
SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
|
|
SLAPD_PID_DIR="/var/run/slapd/"
|
|
|
|
test -x $SLAPD_BIN || exit 5
|
|
|
|
function init_ldap_listener_urls(){
|
|
case "$OPENLDAP_START_LDAP" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAP_INTERFACES ;do
|
|
LDAP_URLS="$LDAP_URLS ldap://$iface"
|
|
done
|
|
else
|
|
LDAP_URLS="ldap:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function init_ldapi_listener_urls(){
|
|
case "$OPENLDAP_START_LDAPI" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAPI_INTERFACES ;do
|
|
esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
|
|
LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
|
|
done
|
|
else
|
|
LDAPI_URLS="ldapi:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function init_ldaps_listener_urls(){
|
|
case "$OPENLDAP_START_LDAPS" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAPS_INTERFACES ;do
|
|
LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
|
|
done
|
|
else
|
|
LDAPS_URLS="ldaps:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function check_connection(){
|
|
SLAPD_TIMEOUT=10
|
|
START=$( date +%s)
|
|
while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
|
|
ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
|
|
LDAPSEARCH_RC=$?
|
|
if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
|
|
else sleep 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
depth=0;
|
|
|
|
function chown_database_dirs_bconfig() {
|
|
ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
|
|
for dir in $(realpath ${ldapdir}); do
|
|
if [[ $dir =~ ^/var/lib/ldap$|^/var/lib/ldap/.* ]]; then
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
|
else
|
|
echo "Skipping chown -h of external directory for security reasons. You must manually run:"
|
|
echo "# chown -h -R $OPENLDAP_USER $dir"
|
|
echo "# chgrp -h -R $OPENLDAP_GROUP $dir"
|
|
fi
|
|
done
|
|
}
|
|
|
|
function chown_database_dirs() {
|
|
ldapdir=`grep ^directory $1 | awk '{print $2}'`
|
|
for dir in $ldapdir; do
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
|
done
|
|
includes=`grep ^include $1 | awk '{print $2}'`
|
|
if [ $depth -le 50 ]; then
|
|
depth=$(( $depth + 1 ));
|
|
for i in $includes; do
|
|
chown_database_dirs "$i" ;
|
|
done
|
|
fi
|
|
}
|
|
|
|
USER_CMD=""
|
|
GROUP_CMD=""
|
|
[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
|
|
[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
|
|
[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
|
|
|
|
|
|
# chown -h backend directories if OPENLDAP_CHOWN_DIRS ist set
|
|
if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
|
|
if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
|
|
if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
|
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
|
# assume back-config usage if slapd.conf is not present but slapd.d is
|
|
elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
|
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
|
else
|
|
chown_database_dirs "/etc/openldap/slapd.conf"
|
|
chgrp -h $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
|
|
fi
|
|
if test -f /etc/sasl2/slapd.conf ; then
|
|
chgrp -h $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
|
|
chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
|
|
fi
|
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
|
keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
|
|
if test -f $keytabfile ; then
|
|
chgrp -h $OPENLDAP_GROUP $keytabfile 2>/dev/null
|
|
chmod g+r $keytabfile 2>/dev/null
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
|
export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
|
|
fi
|
|
case "$OPENLDAP_REGISTER_SLP" in
|
|
[Yy][Ee][Ss])
|
|
SLAPD_SLP_REG="-o slp=on"
|
|
;;
|
|
*)
|
|
SLAPD_SLP_REG="-o slp=off"
|
|
;;
|
|
esac
|
|
|
|
init_ldap_listener_urls
|
|
init_ldapi_listener_urls
|
|
init_ldaps_listener_urls
|
|
|
|
if [ ! -d $SLAPD_PID_DIR ]; then
|
|
mkdir -p $SLAPD_PID_DIR
|
|
chown -h ldap:ldap $SLAPD_PID_DIR
|
|
fi
|
|
echo -n "Starting ldap-server"
|
|
exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
|
|
$SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
|
|
$OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
|
|
|