Sophie

Sophie

distrib > * > 2008.0 > x86_64 > by-pkgid > 740ea0dea92577c70c331190788190eb > files > 11

openldap-mandriva-dit-0.17-1mdv2008.0.src.rpm

#!/bin/bash

if [ "`id -u`" != "0" ]; then
	echo "Error, must be root user"
	exit 1
fi

SLAPTEST="/usr/sbin/slaptest"
SLAPADD="/usr/sbin/slapadd"
SLAPPASSWD="/usr/sbin/slappasswd"
slapd_conf_template="/usr/share/openldap/mandriva-dit/mandriva-dit-slapd-template.conf"
base_ldif_template="/usr/share/openldap/mandriva-dit/mandriva-dit-base-template.ldif"
acl_template="/usr/share/openldap/mandriva-dit/mandriva-dit-access-template.conf"
acl_file="/etc/openldap/mandriva-dit-access.conf"
now=`date +%s`
myfqdn=`hostname -f`
verbose=
noprompt=
if [ -z "$myfqdn" ]; then
	myfqdn="localhost"
fi

function usage() {
	echo "Usage:"
	echo "$0 [-h | --help] [-v] [-d <dnsdomain>] [-p <password>] [-y]"
	echo
	echo "-h | --help    : shows this help"
	echo "-v             : verbose mode"
	echo "-d <dnsdomain> : use <dnsdomain> for dns domain"
	echo "-p <password>  : use <password> for LDAP Admin password"
	echo 
	echo "-y             : assume default answer in all prompts "
	echo "                 except the password one"
}

function echo_v() {
	if [ -n "$verbose" ]; then
		echo "== $@"
	fi
}

# output: stdout: example.com or the possible detected domain
function detect_domain() {
	mydomain=`hostname -d`
	if [ -z "$mydomain" ]; then
		mydomain="example.com"
	fi
	echo "$mydomain"
	return 0
}

# output: stdout: name of temporary file
# *exits* if error
function make_temp() {
	tmpfile=`mktemp ${TMP:-/tmp}/mandriva-dit.XXXXXXXXXXXX`
	if [ -f "$tmpfile" ]; then
		echo "$tmpfile"
		return 0
	else
		echo "error while making temporary file" >&2
		exit 1
	fi
}

# $1: domain
# returns standard dc=foo,dc=bar suffix on stdout
function calc_suffix() {
	old_ifs=${IFS}
	IFS="."
	for component in $1; do
		result="$result,dc=$component"
	done
	IFS="${old_ifs}"
	echo "${result#,}"
	return 0
}


# $1: directory where the LDAP database is
# output (stdout): backup dir of the previous database
function clean_database() {
	backupdir="/var/lib/ldap.$now"
	cp -a "$1" "$backupdir" 2>/dev/null
	if [ "$?" -ne "0" ]; then
		echo "Error, could not make a backup copy of the"
		echo "current LDAP database, aborting..."
		echo
		echo "(not enough disk space?)"
		echo
		exit 1
	fi
	rm -f "$1"/{*.bdb,log.*,__*,alock}
	echo "$backupdir"
	return 0
}

# $1: *file* to be backed up
# output (stdout): backup filename
function mybackup() {
	if [ ! -f "$1" ]; then
		echo "Internal error, $1 has to be a file" >&2
		echo "Aborting" >&2
		exit 1
	fi
	newname="$1.$now"
	cp -a "$1" "$newname"
	echo "$newname"
	return 0
}

while [ -n "$1" ]; do
	case "$1" in
		-h | --help)
		usage
		exit 1
		;;
		-v)
		verbose=1
		shift
		;;
		-d)
		shift
		if [ -n "$1" -a "${1##-}" != "${1}" -o -z "${1}" ]; then
			echo "Error, -d requires an argument"
			exit 1
		fi
		mydomain="$1"
		shift
		;;
		-p)
		shift
		if [ -n "$1" -a "${1##-}" != "${1}" -o -z "${1}" ]; then
			echo "Error, -p requires an argument"
			exit 1
		fi
		mypass="$1"
		shift
		;;
		-y)
		noprompt=1
		shift
		;;
	esac
done

echo_v
echo_v "Running in verbose mode"
echo_v

if [ -z "$mydomain" ]; then
	mydomain=`detect_domain`
	if [ -z "$noprompt" ]; then
		echo "Please enter your DNS domain name [$mydomain]:"
		read inputdomain
		if [ -n "$inputdomain" ]; then
			mydomain="$inputdomain"
		fi
	fi
fi
mysuffix=`calc_suffix $mydomain`

if [ -z "$mypass" ]; then
	echo
	echo "Administrator account"
	echo
	echo "The administrator account for this directory is"
	echo "uid=LDAP Admin,ou=System Accounts,$mysuffix"
	echo
	echo "Please choose a password for this account:"
	while /bin/true; do
		pass=`$SLAPPASSWD -h {SSHA}`
		if [ -n "$pass" ]; then
			break
		fi
	done
else
	pass=`$SLAPPASSWD -h {SSHA} -s "$mypass"`
	if [ "$?" -ne "0" ]; then
		echo "Error at generating password, exiting"
		exit 1
	fi
fi

# confirmation
echo
echo
echo "Summary"
echo "======="
echo
echo "Domain:        $mydomain"
echo "LDAP suffix:   $mysuffix"
echo "Administrator: uid=LDAP Admin,ou=System Accounts,$mysuffix"
echo
if [ -z "$noprompt" ]; then
	echo "Confirm? (Y/n)"
	read val
	if [ "$val" = "n" -o "$val" = "N" ]; then
		echo
		echo "Cancelled."
		exit 1
	fi
fi

# let's do it

# first, slapd.conf
myslapdconf=`make_temp`

echo_v "Creating slapd.conf..."
cat $slapd_conf_template | sed -e "s/@SUFFIX@/$mysuffix/g;" > $myslapdconf
chmod 0640 $myslapdconf
chgrp ldap $myslapdconf

# now, /etc/openldap/ldap.conf
myldapconf=`make_temp`
echo_v "Creating ldap.conf..."
cat /etc/openldap/ldap.conf | \
	sed -e "s/^BASE[[:blank:]]\+.*/BASE $mysuffix/g;\
	s/^HOST[[:blank:]]\+.*/HOST $myfqdn/g;\
	s@^URI[[:blank:]]\+.*@URI ldap://$myfqdn@g" \
	> $myldapconf
if ! grep -qE '^(HOST|URI)' $myldapconf; then
	echo "URI ldap://$myfqdn" >> $myldapconf
fi
if ! grep -qE '^BASE' $myldapconf; then
	echo "BASE $mysuffix" >> $myldapconf
fi
chmod 0644 $myldapconf

# ACL file
echo_v "Creating acl file..."
cat $acl_template | sed -e "s/@SUFFIX@/$mysuffix/g" > $acl_file
chmod 0640 $acl_file
chgrp ldap $acl_file

# test
echo_v "Testing configuration with temporary files..."
$SLAPTEST -u -f $myslapdconf
if [ "$?" -ne "0" ]; then
	echo "ERROR"
	echo "OpenLDAP configuration file was generated with errors"
	echo "Aborting. File used was $myslapdconf"
	rm -f $myldapconf
	exit 1
fi

# load
echo_v "Test succeeded, creating LDIF file for database loading..."
myldif=`make_temp`
cat $base_ldif_template | sed -e "\
	s/@SUFFIX@/$mysuffix/g;\
	s/@DC@/${mydomain%%.[a-zA-Z0-9]*}/g;\
	s/@DOMAIN@/${mydomain}/g;\
	s|@ldapadmin_password@|$pass|g" > $myldif

# dry run first
echo_v "Attempting to test-load the database..."
$SLAPADD -u -f $myslapdconf < $myldif
if [ "$?" -ne "0" ]; then
	echo "ERROR"
	echo "Database loading failed during test run."
	echo "Ldif file used:       $myldif"
	echo "slapd.conf file used: $myslapdconf"
	echo
	echo "Exiting"
	rm -f $myldapconf
	exit 1
fi

# let's go for real now
echo_v "Everything ok, doing it for real now."
echo "Stopping ldap service"
/sbin/service ldap stop > /dev/null 2>&1 || :
echo_v "Backing up existing files..."
backup_db=`clean_database /var/lib/ldap`
backup_slapd_conf=`mybackup /etc/openldap/slapd.conf`
backup_ldap_conf=`mybackup /etc/openldap/ldap.conf`
echo_v "Writing /etc/openldap/slapd.conf and /etc/openldap/ldap.conf..."
cat $myslapdconf > /etc/openldap/slapd.conf; rm -f $myslapdconf
cat $myldapconf > /etc/openldap/ldap.conf; rm -f $myldapconf

echo_v "Loading database..."
$SLAPADD < $myldif
if [ "$?" -ne "0" ]; then
	echo "Something went wrong while initializing the database"
	echo "Aborting. Your previous database is at $backup_db"
	echo "Your original /etc/openldap/{slapd,ldap}.conf files"
	echo "were backed up as $backup_slapd_conf and"
	echo "$backup_ldap_conf, respectively."
	exit 1
fi

echo "Finished, starting ldap service"
/sbin/service ldap start
echo
echo "Your previous database directory has been backed up as $backup_db"
echo "All files that were backed up got the suffix \"$now\"."
echo

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional