#!/bin/sh # # ldap This shell script takes care of starting and stopping # ldap server (slapd). # # chkconfig: 345 39 61 # description: LDAP stands for Lightweight Directory Access Protocol, used \ # for implementing the industry standard directory services. # processname: slapd # config: /etc/openldap/slapd.conf # pidfile: /var/run/ldap/slapd.pid # # Created by Christian Zoffoli <czoffoli@linux-mandrake.com> # Version 0.1b 2001-05-23 # ### BEGIN INIT INFO # Provides: ldap # Required-Start: $network # Required-Stop: $network # Default-Start: 3 4 5 # Short-Description: LDAP servers (slapd) # Description: LDAP stands for Lightweight Directory Access Protocol, used # for implementing the industry standard directory services. ### END INIT INFO # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # define gprintf for distros without it: gprintf() { printf -- "$@" } # Source function library. if [ -f /etc/init.d/functions ] ; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 0 fi SLAPDCONFFILE=/etc/openldap/slapd.conf SLAPDCONFDIR=/etc/openldap/slapd.d/ LDAPUSER=ldap LDAPGROUP=ldap SLAPTEST_OPTS="-d4" MAXFILES=1024 PIDFILE=/var/run/ldap/slapd.pid KILLDELAY=10 slapd=/usr/sbin/slapd slaptest="/usr/sbin/slaptest" # Source an auxiliary options file if we have one, and pick up OPTIONS, # SLAPD_OPTIONS, and SLURPD_OPTIONS. if [ -r /etc/sysconfig/ldap ] ; then . /etc/sysconfig/ldap fi if [ -e "${SLAPDCONFDIR}/cn=config.ldif" ] then SLAPDCONF="$SLAPDCONFDIR" SLAPDCONFTYPE="dir" SLAPDCONFFLAG="-F" else SLAPDCONF="$SLAPDCONFFILE" SLAPDCONFTYPE="file" SLAPDCONFFLAG="-f" fi [ -x ${slapd} ] || exit 0 export TMPDIR=/var/tmp check_slurpd() { if grep -Eq "^[[:space:]]*replica[[:space:]]+(host|uri)" $SLAPDCONF then STARTSLURPD="${STARTSLURPD:-yes}" fi if [ "${STARTSLURPD:-no}" == "yes" ] then return 0 fi return 1 } check_config() { gprintf "Checking config %s %s: " "${SLAPDCONFTYPE}" "${SLAPDCONF}" ERROR="`su $LDAPUSER - -s /bin/bash -c \"${slaptest} ${SLAPTEST_OPTS} ${SLAPDCONFFLAG} ${SLAPDCONF} $@\" 2>&1 > /dev/null`" RETVAL=$? if [ $RETVAL -eq 0 ] then echo_success;echo else echo_failure;echo;echo -e "$ERROR" fi return $RETVAL } convert_config() { su - ldap -s /bin/bash -c "/usr/sbin/slaptest -f ${SLAPDCONFFILE} -F ${SLAPDCONFDIR}" } start() { ulimit -n ${MAXFILES} local RETVAL=0 local RETVAL2=0 local ARGS="" # Start daemons. ARGS="-u $LDAPUSER -g $LDAPGROUP" # Syslog if [ -n "$SLAPDSYSLOGLOCALUSER" ] ; then ARGS="$ARGS -l $SLAPDSYSLOGLOCALUSER" if [ -n "$SLAPDSYSLOGLEVEL" ] ; then ARGS="$ARGS -s $SLAPDSYSLOGLEVEL" fi fi if [ "${SLAPDCONFTYPE}" == "file" -a "$SLAPDCONF" != "/etc/openldap/slapd.conf" ] then ARGS="$ARGS -f $SLAPDCONF" fi if [ "${SLAPDCONFTYPE}" == "dir" -a "$SLAPDCONF" != "/etc/openldap/slapd.d" ] then ARGS="$ARGS -F $SLAPDCONF" fi have_tlsconf=0 if [ "${SLAPDCONFTYPE}" == "file" ] && grep -q "^[[:space:]]*TLS" $SLAPDCONF; then have_tlsconf=1 elif [ "${SLAPDCONFTYPE}" == "dir" ] && grep -qi "^[[:space:]]*olcTLS" "${SLAPDCONFDIR}/cn=config.ldif"; then have_tlsconf=1 fi OUT="ldap" if [ -n "$SLAPDURLLIST" ] ; then if [ "$have_tlsconf" -eq 1 ]; then OUT="ldap + ldaps" else SLAPDURLLIST=$( echo $SLAPDURLLIST | sed 's#ldaps:[^ ]*##g') fi ARGS="$ARGS -h \"$SLAPDURLLIST \"" else if [ "$have_tlsconf" -eq 1 ]; then ARGS="$ARGS -h \"ldap:/// ldaps:///\"" && OUT="ldap + ldaps" else ARGS="$ARGS -h ldap:/// " fi fi gprintf "Starting %s: " "slapd ($OUT)" daemon ${slapd} $ARGS RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/`basename ${slapd}` if [ $RETVAL -eq 0 ]; then if check_slurpd ; then gprintf "slurpd is not longer supported, but configuration found" warning echo fi fi return $RETVAL } stop() { local RETVAL=0 # Stop daemons. gprintf "Stopping %s: " slapd if killproc -p ${PIDFILE} -d ${KILLDELAY} ${slapd} -0 >/dev/null 2>/dev/null then killproc -p ${PIDFILE} -d ${KILLDELAY} ${slapd} 2>/dev/null else internal_killproc -p ${PIDFILE} -d ${KILLDELAY} ${slapd} 2>/dev/null fi RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/`basename ${slapd}` /var/run/ldap/slapd.args return $RETVAL } dbtool () { local DO_RECOVER DO_PERMS while [ $# -ne 0 ] do case $1 in recover) DO_RECOVER=yes;; fixperms) DO_PERMS=yes;; esac shift done # For bdb backends we want to recover the transaction logs: if [ "$SLAPDCONFTYPE" == "file" ] then dbdirs=`awk 'BEGIN {OFS=":"} /[[:space:]]*^database[[:space:]]*\w*/ {db=$2;suf="";dir=""}; /^[[:space:]]*suffix[[:space:]]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm"||db=="hdb")&&(suf!=""&&dir!="")) print dir};/^[[:space:]]*directory[[:space:]]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm"||db="hdb")&&(suf!=""&&dir!="")) print dir};' "$SLAPDCONF" $(awk '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'` else dbdirs=$(awk -F': ' '/^olcDbDirectory/ {print $2}' $(find "$SLAPDCONF" -type f -name '*db.ldif') /dev/null) fi if [ "$DO_RECOVER" == "yes" ] then # Find a db_recover local DBRECOVER if [ -x /usr/bin/slapd_db_recover ] then # private db_recover is the best choice DBRECOVER=/usr/bin/slapd_db_recover elif [ -x /usr/bin/db51_recover ] then DBRECOVER=/usr/bin/db51_recover else DBRECOVER="" fi fi for dbdir in $dbdirs do # Ensure the ldap user owns all database directories if [ "$DO_PERMS" == "yes" -a "$FIXPERMS" != "no" ] then chown -R $LDAPUSER:$LDAPGROUP $dbdir fi if [ "$DO_RECOVER" -a -n "`find ${dbdir}/*.bdb 2>&-`" -a "$AUTORECOVER" != "no" ] then if [ -n "$DBRECOVER" ] then gprintf "Running %s on %s\n" "$DBRECOVER" "${dbdir}" su $LDAPUSER -s /bin/bash -c "$DBRECOVER -h "${dbdir}" 2>&1 >/dev/null" if [ -f "${dbdir}/alock" ] then gprintf "removing ${dbdir}/alock\n" rm -f "${dbdir}/alock" fi else gprintf "Warning: no %s available for %s\n" db_recover "${dbdir}" fi fi done } internal_killproc() { local RC killlevel= base pid pid_file= delay RC=0; delay=3 # Test syntax. if [ "$#" -eq 0 ]; then gprintf "Usage: internal_killproc [-p pidfile] [ -d delay] {program} [-signal]\n" return 1 fi if [ "$1" = "-p" ]; then pid_file=$2 shift 2 fi if [ "$1" = "-d" ]; then delay=$2 shift 2 fi # check for second arg to be kill level [ -n "${2:-}" ] && killlevel=$2 # Save basename. base=${1##*/} # Find pid. __pids_var_run "$1" "$pid_file" if [ -z "$pid_file" -a -z "$pid" ]; then pid="$(__pids_pidof "$1")" fi # Kill it. if [ -n "$pid" ] ; then [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base " if [ -z "$killlevel" ] ; then if checkpid $pid 2>&1; then # TERM first, then KILL if not dead kill -TERM $pid >/dev/null 2>&1 usleep 100000 if checkpid $pid && sleep 1 && checkpid $pid && sleep $delay && checkpid $pid ; then kill -KILL $pid >/dev/null 2>&1 usleep 100000 fi fi checkpid $pid RC=$? [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown" RC=$((! $RC)) # use specified level only else if checkpid $pid; then kill $killlevel $pid >/dev/null 2>&1 RC=$? [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel" elif [ -n "${LSB:-}" ]; then RC=7 # Program is not running fi fi else if [ -n "${LSB:-}" -a -n "$killlevel" ]; then RC=7 # Program is not running else failure "%s shutdown" "$base" RC=0 fi fi # Remove pid file if any. if [ -z "$killlevel" ]; then rm -f "${pid_file:-/var/run/$base.pid}" fi return $RC } # See how we were called. case "$1" in start) if [ "$AUTORECOVER" == "yes" ] then dbtool recover fixperms else dbtool fixperms fi start RETVAL=$? ;; stop) stop RETVAL=$? ;; status) status ${slapd} RETVAL=$? ;; force-restart) stop dbtool fixperms start RETVAL=$? ;; restart) if check_config -u then stop dbtool fixperms start fi RETVAL=$? ;; reload) killall -HUP ${slapd} RETVAL=$? ;; condrestart) RETVAL=0 if [ -f /var/lock/subsys/`basename ${slapd}` ] ; then stop start RETVAL=$? fi ;; recover) RETVAL=0 if status ${slapd} >/dev/null then if stop then dbtool recover fixperms start else gprintf "Failed to stop\n" fi else dbtool recover fixperms fi RETVAL=$? ;; check) if status ${slapd} >/dev/null then check_config -u else check_config fi RETVAL=$? ;; convert) convert_config RETVAL=$? ;; *) gprintf "Usage: %s\n" "$0 {start|stop|restart|force-restart|status|condrestart|check|recover|convert}" RETVAL=1 ;; esac exit $RETVAL