#! /bin/sh # Copyright (c) 1997-2000 SuSE GmbH Nuernberg, Germany. # Copyright (c) 2002 SuSE Linux AG Nuernberg, Germany. # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # # Author: Carsten Hoeger # Ralf Haferkamp # # /etc/init.d/ldap # ### BEGIN INIT INFO # Provides: ldap # Required-Start: $network $remote_fs # Required-Stop: $network $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: OpenLDAP Server (slapd) # Description: Start and Stop the OpenLDAP Server (slapd) to # provide LDAP directory services. ### END INIT INFO # Determine the base and follow a runlevel link name. base=${0##*/} link=${base#*[SK][0-9][0-9]} test -f /etc/sysconfig/openldap && . /etc/sysconfig/openldap SLAPD_BIN=/usr/sbin/slapd LDAP_URLS="" LDAPS_URLS="" LDAPI_URLS="" SLAPD_CONFIG_ARG="-F /etc/openldap/slapd.d" SLAPD_PID_DIR="/var/run/slapd/" test -x $SLAPD_BIN || exit 5 # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_failed <num> set local and overall rc status to <num><num> # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status . /etc/rc.status # First reset status of this service rc_reset function init_ldap_listener_urls(){ case "$OPENLDAP_START_LDAP" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAP_INTERFACES" ] then for iface in $OPENLDAP_LDAP_INTERFACES ;do LDAP_URLS="$LDAP_URLS ldap://$iface" done else LDAP_URLS="ldap:///" fi ;; esac } function init_ldapi_listener_urls(){ case "$OPENLDAP_START_LDAPI" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAPI_INTERFACES" ] then for iface in $OPENLDAP_LDAPI_INTERFACES ;do esc_iface=`echo "$iface" | sed -e s'/\\//\\%2f/'g` LDAPI_URLS="$LDAPI_URLS ldapi://$esc_iface" done else LDAPI_URLS="ldapi:///" fi ;; esac } function init_ldaps_listener_urls(){ case "$OPENLDAP_START_LDAPS" in [Yy][Ee][Ss]) if [ -n "$OPENLDAP_LDAPS_INTERFACES" ] then for iface in $OPENLDAP_LDAPS_INTERFACES ;do LDAPS_URLS="$LDAPS_URLS ldaps://$iface" done else LDAPS_URLS="ldaps:///" fi ;; esac } function check_connection(){ SLAPD_TIMEOUT=10 START=$( date +%s) while [ $(( $( date +%s) - ${START} )) -lt ${SLAPD_TIMEOUT} ]; do ldapsearch -x -H "$LDAP_URLS $LDAPI_URLS $LDAPS_URLS" -b "" -s base &>/dev/null LDAPSEARCH_RC=$? if [ ${LDAPSEARCH_RC} -ge 0 ] && [ ${LDAPSEARCH_RC} -le 80 ] ; then break else sleep 1 fi done } depth=0; function chown_database_dirs_bconfig() { ldapdir=$(find $1 -type f -name "olcDatabase*" | xargs grep -i olcdbdirectory | awk '{print $2}') for dir in $ldapdir; do [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \ chown -R $OPENLDAP_USER $dir 2>/dev/null [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null done } function chown_database_dirs() { ldapdir=`grep ^directory $1 | awk '{print $2}'` for dir in $ldapdir; do [ -d "$dir" ] && [ -n "$OPENLDAP_USER" ] && \ chown -R $OPENLDAP_USER $dir 2>/dev/null [ -d "$dir" ] && [ -n "$OPENLDAP_GROUP" ] && \ chgrp -R $OPENLDAP_GROUP $dir 2>/dev/null done includes=`grep ^include $1 | awk '{print $2}'` if [ $depth -le 50 ]; then depth=$(( $depth + 1 )); for i in $includes; do chown_database_dirs "$i" ; done fi } USER_CMD="" GROUP_CMD="" [ ! "x$OPENLDAP_USER" = "x" ] && USER_CMD="-u $OPENLDAP_USER" [ ! "x$OPENLDAP_GROUP" = "x" ] && GROUP_CMD="-g $OPENLDAP_GROUP" [ ! "x$OPENLDAP_CONFIG_BACKEND" = "xldap" ] && SLAPD_CONFIG_ARG="-f /etc/openldap/slapd.conf" if [ -f /etc/openldap/UPDATE_NEEDED ]; then rc_failed 6 echo " The configuration of your LDAP server needs to be updated." echo " Please see /usr/share/doc/packages/openldap2/README.update" echo " for details." echo " After the update please remove the file:" echo " /etc/openldap/UPDATE_NEEDED" rc_status -v exit fi # chown backend directories if OPENLDAP_CHOWN_DIRS ist set if [ "$(echo "$OPENLDAP_CHOWN_DIRS" | tr 'A-Z' 'a-z')" = "yes" ]; then if [ -n "$OPENLDAP_USER" -o -n "$OPENLDAP_GROUP" ]; then if [ -n "$OPENLDAP_CONFIG_BACKEND" -a "$OPENLDAP_CONFIG_BACKEND" = "ldap" ]; then chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null chown_database_dirs_bconfig "/etc/openldap/slapd.d" # assume back-config usage if slapd.conf is not present but slapd.d is elif [ ! -f /etc/openldap/slapd.conf -a /etc/openldap/slapd.d ]; then chown -R $OPENLDAP_USER /etc/openldap/slapd.d 2>/dev/null chgrp -R $OPENLDAP_GROUP /etc/openldap/slapd.d 2>/dev/null chown_database_dirs_bconfig "/etc/openldap/slapd.d" else chown_database_dirs "/etc/openldap/slapd.conf" chgrp $OPENLDAP_GROUP /etc/openldap/slapd.conf 2>/dev/null fi if test -f /etc/sasl2/slapd.conf ; then chgrp $OPENLDAP_GROUP /etc/sasl2/slapd.conf 2>/dev/null chmod 640 /etc/sasl2/slapd.conf 2>/dev/null fi if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then keytabfile=${OPENLDAP_KRB5_KEYTAB/#FILE:/} if test -f $keytabfile ; then chgrp $OPENLDAP_GROUP $keytabfile 2>/dev/null chmod g+r $keytabfile 2>/dev/null fi fi fi fi if [ -n "$OPENLDAP_KRB5_KEYTAB" ]; then export KRB5_KTNAME=$OPENLDAP_KRB5_KEYTAB fi case "$OPENLDAP_REGISTER_SLP" in [Yy][Ee][Ss]) SLAPD_SLP_REG="-o slp=on" ;; *) SLAPD_SLP_REG="-o slp=off" ;; esac init_ldap_listener_urls init_ldapi_listener_urls init_ldaps_listener_urls if [ ! -d $SLAPD_PID_DIR ]; then mkdir -p $SLAPD_PID_DIR chown ldap:ldap $SLAPD_PID_DIR fi echo -n "Starting ldap-server" exec $SLAPD_BIN -h "$LDAP_URLS $LDAPS_URLS $LDAPI_URLS" \ $SLAPD_CONFIG_ARG $USER_CMD $GROUP_CMD \ $OPENLDAP_SLAPD_PARAMS $SLAPD_SLP_REG