2018-06-29 18:22:52 +02:00
# this script has been created to update the OpenLDAP modules path in cn=config
2018-04-06 14:15:51 +02:00
# For details of changing the configuration items' location read these:
# https://www.openldap.org/lists/openldap-software/200812/msg00080.html
# This script writes over the config entry of backend databases location, which files are necessary to run LDAP. The procedure has been created upon this description:
# https://serverfault.com/questions/863274/modify-openldap-cn-config-without-slapd-running
# Author: Zsolt KALMAR (SUSE Linux GmbH) zkalmar@suse.com
2018-04-25 16:46:31 +02:00
# define variables
2018-04-06 14:15:51 +02:00
conf_dir = '/etc/openldap/slapd.d'
2018-04-25 16:46:31 +02:00
if [ ! -d ${ conf_dir } ] || [ ! -f ${ conf_dir } /cn= config.ldif ]
then
exit 0
fi
2018-04-06 14:15:51 +02:00
tmp_file = '/tmp/ldap_conf_tmp.ldif'
backup = '/tmp/slapd.d'
res = 0
2018-04-25 16:46:31 +02:00
# common functions
create_symlinks ( ) {
if [ ! -f /usr/lib/openldap/back_bdb.so ] ; then ln -s /usr/lib64/openldap/back_bdb.so /usr/lib/openldap/back_bdb.so; fi
if [ ! -f /usr/lib/openldap/back_hdb.so ] ; then ln -s /usr/lib64/openldap/back_hdb.so /usr/lib/openldap/back_hdb.so; fi
if [ ! -f /usr/lib/openldap/back_mdb.so ] ; then ln -s /usr/lib64/openldap/back_mdb.so /usr/lib/openldap/back_mdb.so; fi
if [ ! -f /usr/lib/openldap/syncprov.so ] ; then ln -s /usr/lib64/openldap/syncprov.so /usr/lib/openldap/syncprov.so; fi
#logger -p user.info "Update openLDAP: symlinks have been created."
}
cleanup ( ) {
rm -f /usr/lib/openldap/back_bdb.so
rm -f /usr/lib/openldap/back_hdb.so
rm -f /usr/lib/openldap/back_mdb.so
rm -f /usr/lib/openldap/syncprov.so
2018-04-06 14:15:51 +02:00
rm -f ${ tmp_file }
2018-04-25 16:46:31 +02:00
#logger -p user.info "Update openLDAP: symlinks have been removed."
}
2018-04-06 14:15:51 +02:00
2018-04-25 16:46:31 +02:00
rm -f ${ tmp_file }
2018-04-06 14:15:51 +02:00
2018-04-25 16:46:31 +02:00
# Check if the configuration is containing the inappropriate entry
create_symlinks
res = 0
if [ -f /usr/sbin/slapcat ]
then
/usr/sbin/slapcat -n0 -F ${ conf_dir } -l ${ tmp_file } -o ldif-wrap= no
res = $?
fi
2018-04-06 14:15:51 +02:00
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Creating ${tmp_file} has failed during the search of faulty openLDAP entry."
2018-04-06 14:15:51 +02:00
exit 1
2018-04-25 16:46:31 +02:00
#else
#logger -p user.info "LDAP Update script: ${tmp_file} has been created."
2018-04-06 14:15:51 +02:00
fi
entry_cnt = ` cat ${ tmp_file } | grep ^[ ^#\; ] | grep olcModulePath | wc -l`
if [ $entry_cnt -eq 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.info "LDAP Update script: The current LDAP configuration does not contain the wrong item. Stop applying this script. Bye."
cleanup
2018-04-06 14:15:51 +02:00
exit 0
fi
rm -rf ${ tmp_file }
# Make sure the LDAP is not running:
/usr/bin/systemctl stop slapd.service
2018-04-25 16:46:31 +02:00
#logger -p user.info "LDAP Update script: openLDAP has been stopped."
2018-04-06 14:15:51 +02:00
# Creating symlinks for the modules required for the slapcat and slapadd
2018-04-25 16:46:31 +02:00
create_symlinks
2018-04-06 14:15:51 +02:00
# Export the config to a text
2018-04-25 16:46:31 +02:00
res = 0
if [ -f /usr/sbin/slapcat ]
then
/usr/sbin/slapcat -n0 -F ${ conf_dir } -l ${ tmp_file } -o ldif-wrap= no
res = $?
fi
2018-04-06 14:15:51 +02:00
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Creating ${tmp_file} has failed."
cleanup
2018-04-06 14:15:51 +02:00
exit 1
fi
# Create a backup of LDAP config
mkdir ${ backup }
cp -r ${ conf_dir } /* ${ backup } /
res = $?
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Backing up ${conf_dir} has failed."
2018-04-06 14:15:51 +02:00
exit 1
2018-04-25 16:46:31 +02:00
#else
#logger -p user.info "LDAP Update script: Back up has been created of openLDAP configuration."
2018-04-06 14:15:51 +02:00
fi
# Remove the configuration item "olcModulePath"
sed -n -i '/olcModulePath/!p' ${ tmp_file }
res = $?
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Removing of entry in ${tmp_file} has failed."
2018-04-06 14:15:51 +02:00
exit 1
2018-04-25 16:46:31 +02:00
#else
#logger -p user.info "LDAP Update script: olcModulesPath entry has been removed."
2018-04-06 14:15:51 +02:00
fi
# Remove the current configuration
rm -rf ${ conf_dir } /*
# Load the modified configuration
/usr/sbin/slapadd -n0 -F ${ conf_dir } -l ${ tmp_file }
res = $?
# Catch result code of slapadd
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Implementing new configuration has failed."
2018-04-06 14:15:51 +02:00
exit 1
else
2018-04-25 16:46:31 +02:00
#logger -p user.info "LDAP Update script: Implementing new configuration has been succeeded."
cleanup
2018-04-06 14:15:51 +02:00
fi
# Start the SLAPD with the new configuration
/usr/bin/systemctl start slapd.service
res = $?
if [ $res -ne 0 ]
then
2018-04-25 16:46:31 +02:00
#logger -p user.error "LDAP Update script: Starting updated LDAP server has been failed."
2018-04-06 14:15:51 +02:00
exit 1
else
2018-04-25 16:46:31 +02:00
#logger -p user.info "LDAP Update script: Updated LDAP server has been successfully started."
2018-04-06 14:15:51 +02:00
# Remove backups
rm -rf ${ backup }
rm -rf ${ tmp_file }
# Create "/var/adm/openldap_update_modules"
touch /var/adm/openldap_update_modules
exit 0
fi