forked from pool/openldap2
114 lines
3.1 KiB
Bash
114 lines
3.1 KiB
Bash
|
#!/bin/bash
|
||
|
# This script has been created to update the OpenLDAP modules path in cn=config
|
||
|
# For details of changing the configuration items' location read these:
|
||
|
# https://www.openldap.org/lists/openldap-software/200812/msg00080.html
|
||
|
# This script writes over the config entry of backend databases location, which files are necessary to run LDAP. The procedure has been created upon this description:
|
||
|
# https://serverfault.com/questions/863274/modify-openldap-cn-config-without-slapd-running
|
||
|
|
||
|
# Author: Zsolt KALMAR (SUSE Linux GmbH) zkalmar@suse.com
|
||
|
|
||
|
conf_dir='/etc/openldap/slapd.d'
|
||
|
tmp_file='/tmp/ldap_conf_tmp.ldif'
|
||
|
backup='/tmp/slapd.d'
|
||
|
res=0
|
||
|
|
||
|
rm -f ${tmp_file}
|
||
|
|
||
|
# Check if the configuration is containing the inappropriate entry
|
||
|
|
||
|
/usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no
|
||
|
res=$?
|
||
|
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "Creating ${tmp_file} has failed."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
entry_cnt=`cat ${tmp_file} | grep ^[^#\;] | grep olcModulePath | wc -l`
|
||
|
|
||
|
if [ $entry_cnt -eq 0 ]
|
||
|
then
|
||
|
logger -p user.info "The current LDAP configuration does not contain the wrong item. Stop applying this script. Bye."
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
rm -rf ${tmp_file}
|
||
|
|
||
|
# Make sure the LDAP is not running:
|
||
|
/usr/bin/systemctl stop slapd.service
|
||
|
|
||
|
# Creating symlinks for the modules required for the slapcat and slapadd
|
||
|
ln -s /usr/lib64/openldap/back_bdb.so /usr/lib/openldap/back_bdb.so
|
||
|
ln -s /usr/lib64/openldap/back_hdb.so /usr/lib/openldap/back_hdb.so
|
||
|
ln -s /usr/lib64/openldap/back_mdb.so /usr/lib/openldap/back_mdb.so
|
||
|
ln -s /usr/lib64/openldap/syncprov.so /usr/lib/openldap/syncprov.so
|
||
|
|
||
|
# Export the config to a text
|
||
|
/usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no
|
||
|
res=$?
|
||
|
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "Creating ${tmp_file} has failed."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Create a backup of LDAP config
|
||
|
mkdir ${backup}
|
||
|
cp -r ${conf_dir}/* ${backup}/
|
||
|
res=$?
|
||
|
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "LDAP Update script: Backing up ${conf_dir} has failed."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Remove the configuration item "olcModulePath"
|
||
|
sed -n -i '/olcModulePath/!p' ${tmp_file}
|
||
|
res=$?
|
||
|
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "LDAP Update script: Removing of entry in ${tmp_file} has failed."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Remove the current configuration
|
||
|
rm -rf ${conf_dir}/*
|
||
|
|
||
|
# Load the modified configuration
|
||
|
/usr/sbin/slapadd -n0 -F ${conf_dir} -l ${tmp_file}
|
||
|
res=$?
|
||
|
|
||
|
# Catch result code of slapadd
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "LDAP Update script: Implementing new configuration has failed."
|
||
|
exit 1
|
||
|
else
|
||
|
# Remove temporary symlinks
|
||
|
rm -rf /usr/lib/openldap/back_bdb.so
|
||
|
rm -rf /usr/lib/openldap/back_hdb.so
|
||
|
rm -rf /usr/lib/openldap/back_mdb.so
|
||
|
rm -rf /usr/lib/openldap/syncprov.so
|
||
|
fi
|
||
|
|
||
|
# Start the SLAPD with the new configuration
|
||
|
/usr/bin/systemctl start slapd.service
|
||
|
res=$?
|
||
|
|
||
|
if [ $res -ne 0 ]
|
||
|
then
|
||
|
logger -p user.error "LDAP Update script: Starting updated LDAP server has been failed."
|
||
|
exit 1
|
||
|
else
|
||
|
# Remove backups
|
||
|
rm -rf ${backup}
|
||
|
rm -rf ${tmp_file}
|
||
|
# Create "/var/adm/openldap_update_modules"
|
||
|
touch /var/adm/openldap_update_modules
|
||
|
exit 0
|
||
|
fi
|