forked from pool/openldap2
Jan Engelhardt
17245dd92c
- Backported one hunk from upstream commit fb9e6a81bbee as openldap2-fb9e6a81bbee.patch to fix incompatible pointer type being passed to a function which is diagnosed as an error by GCC 14. If the request is OK, please forward it to Factory soon so that we can switch the default compiler. Thanks! OBS-URL: https://build.opensuse.org/request/show/1190307 OBS-URL: https://build.opensuse.org/package/show/network:ldap/openldap2?expand=0&rev=323
175 lines
5.8 KiB
Bash
175 lines
5.8 KiB
Bash
#! /bin/bash
|
|
# Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany.
|
|
# Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany.
|
|
# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# Author: Carsten Hoeger
|
|
# Ralf Haferkamp
|
|
#
|
|
|
|
test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap
|
|
|
|
SLAPD_BIN=/usr/sbin/slapd
|
|
LDAP_URLS=""
|
|
LDAPS_URLS=""
|
|
LDAPI_URLS=""
|
|
SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d"
|
|
SLAPD_PID_DIR="/var/run/slapd/"
|
|
|
|
test -x $SLAPD_BIN || exit 5
|
|
|
|
function init_ldap_listener_urls(){
|
|
case "$OPENLDAP_START_LDAP" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAP_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAP_INTERFACES ;do
|
|
LDAP_URLS="$LDAP_URLS ldap://$iface"
|
|
done
|
|
else
|
|
LDAP_URLS="ldap:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function init_ldapi_listener_urls(){
|
|
case "$OPENLDAP_START_LDAPI" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAPI_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAPI_INTERFACES ;do
|
|
esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g`
|
|
LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface"
|
|
done
|
|
else
|
|
LDAPI_URLS="ldapi:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function init_ldaps_listener_urls(){
|
|
case "$OPENLDAP_START_LDAPS" in
|
|
[Yy][Ee][Ss])
|
|
if [ -n "$OPENLDAP_LDAPS_INTERFACES" ]
|
|
then
|
|
for iface in $OPENLDAP_LDAPS_INTERFACES ;do
|
|
LDAPS_URLS="$LDAPS_URLS ldaps://$iface"
|
|
done
|
|
else
|
|
LDAPS_URLS="ldaps:///"
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
function check_connection(){
|
|
SLAPD_TIMEOUT=10
|
|
START=$( date +%s)
|
|
while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do
|
|
ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null
|
|
LDAPSEARCH_RC=$?
|
|
if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break
|
|
else sleep 1
|
|
fi
|
|
done
|
|
}
|
|
|
|
depth=0;
|
|
|
|
function chown_database_dirs_bconfig() {
|
|
ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}')
|
|
for dir in $(realpath ${ldapdir}); do
|
|
if [[ $dir =~ ^/var/lib/ldap$|^/var/lib/ldap/.* ]]; then
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
|
else
|
|
echo "Skipping chown -h of external directory for security reasons. You must manually run:"
|
|
echo "# chown -h -R $OPENLDAP_USER $dir"
|
|
echo "# chgrp -h -R $OPENLDAP_GROUP $dir"
|
|
fi
|
|
done
|
|
}
|
|
|
|
function chown_database_dirs() {
|
|
ldapdir=`grep ^directory $1 | awk '{print $2}'`
|
|
for dir in $ldapdir; do
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \
|
|
chown -h -R $OPENLDAP_USER $dir 2>/dev/null
|
|
[ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \
|
|
chgrp -h -R $OPENLDAP_GROUP $dir 2>/dev/null
|
|
done
|
|
includes=`grep ^include $1 | awk '{print $2}'`
|
|
if [ $depth -le 50 ]; then
|
|
depth=$(( $depth + 1 ));
|
|
for i in $includes; do
|
|
chown_database_dirs "$i" ;
|
|
done
|
|
fi
|
|
}
|
|
|
|
USER_CMD=""
|
|
GROUP_CMD=""
|
|
[ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER"
|
|
[ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP"
|
|
[ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf"
|
|
|
|
|
|
# chown -h backend directories if OPENLDAP_CHOWN_DIRS ist set
|
|
if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then
|
|
if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then
|
|
if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then
|
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
|
# assume back-config usage if slapd.conf is not present but slapd.d is
|
|
elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then
|
|
chown -h -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null
|
|
chgrp -h -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null
|
|
chown_database_dirs_bconfig "/etc/openldap/slapd.d"
|
|
else
|
|
chown_database_dirs "/etc/openldap/slapd.conf"
|
|
chgrp -h $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null
|
|
fi
|
|
if test -f /etc/sasl2/slapd.conf ; then
|
|
chgrp -h $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null
|
|
chmod 640 /etc/sasl2/slapd.conf 2>/dev/null
|
|
fi
|
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
|
keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/}
|
|
if test -f $keytabfile ; then
|
|
chgrp -h $OPENLDAP_GROUP $keytabfile 2>/dev/null
|
|
chmod g+r $keytabfile 2>/dev/null
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then
|
|
export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB
|
|
fi
|
|
case "$OPENLDAP_REGISTER_SLP" in
|
|
[Yy][Ee][Ss])
|
|
SLAPD_SLP_REG="-o slp=on"
|
|
;;
|
|
*)
|
|
SLAPD_SLP_REG="-o slp=off"
|
|
;;
|
|
esac
|
|
|
|
init_ldap_listener_urls
|
|
init_ldapi_listener_urls
|
|
init_ldaps_listener_urls
|
|
|
|
if [ ! -d $SLAPD_PID_DIR ]; then
|
|
mkdir -p $SLAPD_PID_DIR
|
|
chown -h ldap:ldap $SLAPD_PID_DIR
|
|
fi
|
|
echo -n "Starting ldap-server"
|
|
exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \
|
|
$SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \
|
|
$OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG
|
|
|