PREIN
/bin/sh
/usr/share/rpm-helper/add-user openldap $1 ldap /var/lib/ldap /bin/false
/usr/share/rpm-helper/add-group openldap $1 ldap ldap
# allowing slapd to read hosts.allow and hosts.deny
/usr/bin/gpasswd -a ldap adm 1>&2 > /dev/null || :
if [ "$1" -ne '1' ]
then
if [ -e /etc/sysconfig/ldap ]
then mv /etc/sysconfig/ldap /etc/sysconfig/slapd
fi
LDAPUSER=ldap
LDAPGROUP=ldap
[ -e "/etc/sysconfig/slapd" ] && . "/etc/sysconfig/slapd"
if [ -z "$SLAPDCONF" ]
then
if [ -e "/etc/openldap/slapd.d/cn=config.ldif" ]
then SLAPDCONF=/etc/openldap/slapd.d
else SLAPDCONF=/etc/openldap/slapd.conf
fi
fi
echo "Using $SLAPDCONF as configuration for %pre servers"
if [ -x /usr/bin/systemd -a -e /usr/lib/systemd/system/slapd.service ]
then
echo "Stopping slapd.service via systemd and recovering via ldap-config"
SLAPD_STATUS=`systemctl -q is-active slapd.service;echo $[1-$?]`
[ $SLAPD_STATUS -eq 1 ] && systemctl stop slapd.service
/usr/share/openldap/scripts/ldap-config recover
elif [ -e /etc/rc.d/init.d/ldap ]
then
# Handle packages before service renaming
SLAPD_STATUS=`LANG=C LC_ALL=C NOLOCALE=1 service ldap status 2>/dev/null|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap stop
service ldap recover
else
# Handle packages after service renaming on platforms without systemd
SLAPD_STATUS=`LANG=C LC_ALL=C NOLOCALE=1 service slapd status 2>/dev/null|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service slapd stop
service slapd recover
fi
if [ -e "$SLAPDCONF/cn=config.ldif" ]
then
echo "Creating a config export from $SLAPDCONF as /etc/openldap/slapd-config-rpm-upgrade.ldif"
slapcat -n0 -l /etc/openldap/slapd-config-rpm-upgrade.ldif
fi
#if build_system
#decide whether we need to migrate at all:
MIGRATE=`/usr/sbin/slapd -VV 2>&1|while read a b c d e;do case $d in (2.4.*) echo nomigrate;;(2.*) echo migrate;;esac;done`
if [ "$1" -ne 1 -a -e "$SLAPDCONF" -a "$MIGRATE" != "nomigrate" ]
then
#`awk '/^[:space:]*directory[:space:]*\w*/ {print $2}' /etc/openldap/slapd.conf`
dbs=`awk 'BEGIN {OFS=":"} /[[:space:]]*^database[[:space:]]*\w*/ {db=$2;suf="";dir=""}; /^[[:space:]]*suffix[[:space:]]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm"||db=="hdb")&&(suf!=""&&dir!="")) print dir,suf};/^[[:space:]]*directory[[:space:]]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm"||db="hdb")&&(suf!=""&&dir!="")) print dir,suf};' "$SLAPDCONF" $(awk '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'`
for db in $dbs
do
dbdir=${db/:*/}
dbsuffix=${db/*:/}
[ -e /etc/sysconfig/slapd ] && . /etc/sysconfig/slapd
# data migration between incompatible versions
# openldap >= 2.2.x have slapcat as a link to slapd, older releases do not
if [ "${AUTOMIGRATE:-yes}" == "yes" -a -f /usr/sbin/slapcat ]
then
ldiffile="rpm-migrate-to-2.4.ldif"
# dont do backups more than onc
if [ ! -e "${dbdir}/${ldiffile}-imported" -a ! -e "${dbdir}/${ldiffile}-import-failed" ];then
echo "Migrating pre-OpenLDAP-2.4 data"
echo "Making a backup of $dbsuffix to ldif file ${dbdir}/$ldiffile"
# For some reason, slapcat works in the shell when slapd is
# running but not via rpm ...
slapcat -b "$dbsuffix" -l ${dbdir}/${ldiffile} ||:
fi
fi
done
fi
#endif
# We want post to start the service, but we dont want to start
# it now to create a new database environment in case of db library upgrade
touch /var/lock/subsys/slapd
fi
PREUN
/bin/sh
/usr/share/rpm-helper/del-service openldap $1 slapd
POSTIN
/bin/sh
/usr/bin/systemd-tmpfiles --create openldap.conf
if [ -x /usr/bin/systemd -a -e /usr/lib/systemd/system/slapd.service ]
then
SLAPD_STATUS=`systemctl -q is-active slapd.service;echo $[1-$?]`
[ $SLAPD_STATUS -eq 1 ] && systemctl stop slapd.service
elif [ -x /usr/bin/systemd -a -e /etc/rc.d/init.d/ldap ]
then
SLAPD_STATUS=`systemctl -q is-active ldap.service;echo $[1-$?]`
[ $SLAPD_STATUS -eq 1 ] && systemctl stop ldap.service
else
SLAPD_STATUS=`LANG=C LC_ALL=C NOLOCALE=1 service ldap status 2>/dev/null|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap stop
fi
# bgmilne: part 2 of gdbm->dbb conversion for data created with
# original package for 9.1:
dbnum=1
LDAPUSER=ldap
LDAPGROUP=ldap
[ -e "/etc/sysconfig/slapd" ] && . "/etc/sysconfig/slapd"
SLAPDCONF=${SLAPDCONF:-/etc/openldap/slapd.conf}
if [ -e "$SLAPDCONF" ]
then
dbs=`awk 'BEGIN {OFS=":"} /[[:space:]]*^database[[:space:]]*\w*/ {db=$2;suf="";dir=""}; /^[[:space:]]*suffix[[:space:]]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm")&&(suf!=""&&dir!="")) print dir,suf};/^[[:space:]]*directory[[:space:]]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm")&&(suf!=""&&dir!="")) print dir,suf};' "$SLAPDCONF" $(awk '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'`
for db in $dbs
do
dbdir=${db/:*/}
dbsuffix=${db/*:/}
ldiffile="rpm-migrate-to-2.4.ldif"
if [ -e "${dbdir}/${ldiffile}" ]
then
echo -e "\n\nImporting $dbsuffix"
if [ -e ${dbdir}/ldap-rpm-backup ]
then
echo "Warning: Old ldap backup data in ${dbdir}/ldap-rpm-backup"
echo "These files will be removed"
rm -f ${dbdir}/ldap-rpm-backup/*
fi
echo "Moving the database files fom ${dbdir} to ${dbdir}/ldap-rpm-backup"
mkdir -p ${dbdir}/ldap-rpm-backup
mv -f ${dbdir}/{*.bdb,*.gdbm,*.dbb,log.*,__db*} ${dbdir}/ldap-rpm-backup 2>/dev/null
echo "Importing $dbsuffix from ${dbdir}/${ldiffile}"
if slapadd -q -cv -b "$dbsuffix" -l ${dbdir}/${ldiffile} > \
${dbdir}/rpm-ldif-import.log 2>&1
then
mv -f ${dbdir}/${ldiffile} ${dbdir}/${ldiffile}-imported
echo "Import complete, see log ${dbdir}/rpm-ldif-import.log"
echo "If any entries were not migrated, see ${dbdir}/${ldiffile}-imported"
else
mv -f ${dbdir}/${ldiffile} ${dbdir}/${ldiffile}-import-failed
echo "Import failed on ${dbdir}/${ldifffile}, see ${dbdir}/rpm-ldif-import.log"
echo "An ldif dump of $dbsuffix has been saved as ${dbdir}/${ldiffile}-import-failed"
echo -e "\nYou can import it manually by running (as root):"
echo "# service slapd stop"
echo "# slapadd -c -l ${dbdir}/${ldiffile}-import-failed"
echo "# chown $LDAPUSER:$LDAPGROUP ${dbdir}/*"
echo "# service slapd start"
fi
fi
chown ${LDAPUSER}:${LDAPGROUP} -R ${dbdir}
# openldap-2.0.x->2.1.x on ldbm/dbb backend seems to need reindex regardless:
#slapindex -n $dbnum
#dbnum=$[dbnum+1]
done
fi
[ $SLAPD_STATUS -eq 1 ] && service slapd start
# Setup log facility for OpenLDAP on new install
/usr/share/rpm-helper/add-syslog openldap $1 /var/log/ldap/ldap.log local4
perl -pi -e "s|^.*SLAPDSYSLOGLOCALUSER.*|SLAPDSYSLOGLOCALUSER=\"local4\"|" \
/etc/sysconfig/slapd
# Handle switch from /etc/ssl/openldap/ldap.pem to /etc/pki/tls/private/ldap.pem
if [ -e /etc/ssl/openldap/ldap.pem -a ! -e /etc/pki/tls/private/ldap.pem ]
then
mv /etc/ssl/openldap/ldap.pem /etc/pki/tls/private/ldap.pem
ln -s /etc/pki/tls/private/ldap.pem /etc/ssl/openldap/ldap.pem
fi
# generate the ldap.pem cert here instead of the initscript
/usr/share/rpm-helper/create-ssl-certificate openldap $1 ldap -g ldap
pushd /etc/openldap/ > /dev/null
for i in slapd.conf slapd.access.conf ; do
if [ -f $i ]; then
chmod 0640 $i
chown root:ldap $i
fi
done
popd > /dev/null
/usr/share/rpm-helper/add-service openldap $1 slapd
# nscd reset
if [ -f /var/lock/subsys/nscd ]; then
service nscd restart > /dev/null 2>/dev/null || :
fi
POSTUN
/bin/sh
/usr/share/rpm-helper/del-syslog openldap $1
/usr/share/rpm-helper/del-user openldap $1 ldap
/usr/share/rpm-helper/del-group openldap $1 ldap