PREIN
/bin/sh
/usr/share/rpm-helper/add-user openldap2.2 $1 ldap /var/lib/ldap /bin/false
# allowing slapd to read hosts.allow and hosts.deny
/usr/bin/gpasswd -a ldap adm 1>&2 > /dev/null || :
# bgmilne: Fix dbb->gdbm stuffup:
#echo "Checking for incompatible db types"
if [ -f "/etc/openldap2.2/slapd.conf" ]
then
for dbdir in `awk '/^[:space:]*directory[:space:]*\w*/ {print $2}' /etc/openldap2.2/slapd.conf`
do
if [ -n "`find ${dbdir}/*.gdbm 2>&-`" ]
then
echo "Found incompatible db type gdbm"
echo "Making a backup to ldif file ${dbdir}/rpm-db-backup-gdbm.ldif"
# For some reason, slapcat works in the shell when slapd is
# running but not via rpm ...
SLAPD_STATUS=`service ldap2.2 status|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 stop
slapcat > ${dbdir}/rpm-db-backup-gdbm.ldif ||:
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 start
#else
# echo "Found no incompatible db-type"
fi
DBRECOVER=""
if [ -x /usr/bin/slapd_db_recover ]
then
# private db_recover is the best choice
DBRECOVER=/usr/bin/slapd_db_recover
elif [ -x /usr/bin/db_recover ]
then
DBRECOVER=/usr/bin/db_recover
else
DBRECOVER=""
fi
if [ -n "`find ${dbdir}/*.bdb 2>&-`" ]
then
if [ -n "$DBRECOVER" ]
then
echo "Running $DBRECOVER on ${dbdir}"
$DBRECOVER -h ${dbdir} 2>&1 >/dev/null
else
echo "Warning: no db_recover available for ${dbdir}"
fi
fi
done
fi
PREUN
/bin/sh
/usr/share/rpm-helper/del-service openldap2.2 $1 ldap2.2
POSTIN
/bin/sh
/sbin/ldconfig
SLAPD_STATUS=`service ldap2.2 status|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 stop
# bgmilne: part 2 of gdbm->dbb conversion for data created with
# original package for 9.1:
dbnum=1
if [ -f "/etc/openldap2.2/slapd.conf" ]
then
for dbdir in `awk '/^[:space:]*directory[:space:]*\w*/ {print $2}' /etc/openldap2.2/slapd.conf`
do
if [ -n "`find ${dbdir}/*.gdbm 2>&-`" ]
then
if [ -e ${dbdir}/ldap-rpm-backup -a -e ${dbdir}/rpm-db-backup-gdbm.ldif ]
then
echo "Warning: Old ldap backup data in ${dbdir}/ldap-rpm-backup"
echo "If importing ${dbdir}/rpm-db-backup-gdbm.ldif fails,"
echo "please do it manually by running (as root):"
echo "# service ldap2.2 stop"
echo "# slapadd2.2 -c -l ${dbdir}/rpm-db-backup-gdbm.ldif"
echo "# slapindex2.2"
echo "# chown ldap:ldap ${dbdir}/*"
echo "# service ldap2.2 start"
fi
if [ -e ${dbdir}/rpm-db-backup-gdbm.ldif ]
then
mkdir -p ${dbdir}/ldap-rpm-backup
mv -f ${dbdir}/*.gdbm ${dbdir}/ldap-rpm-backup
echo "Importing ${dbdir}/rpm-db-backup-gdbm.ldif"
slapadd2.2 -cv -l ${dbdir}/rpm-db-backup-gdbm.ldif > \
${dbdir}rpm-ldif-import.log 2>&1
echo "Import complete, see log ${dbdir}/rpm-ldif-import.log"
fi
fi
chown ldap:ldap -R ${dbdir}
# openldap-2.0.x->2.1.x on ldbm/dbb backend seems to need reindex regardless:
#slapindex -n $dbnum
#dbnum=$[dbnum+1]
done
fi
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 start
# Setup log facility for OpenLDAP
if [ -f /etc/syslog.conf ] ;then
# clean syslog
perl -pi -e "s|^.*ldap2.2.*\n||g" /etc/syslog.conf
typeset -i cntlog
cntlog=0
# probe free local-users
while [ `grep -c local${cntlog} /etc/syslog.conf` -gt 0 ]
do
cntlog=${cntlog}+1
done
if [ ${cntlog} -le 9 ];then
echo "# added by openldap2.2-2.2.20 r""pm $(date)" >> /etc/syslog.conf
# modified by Oden Eriksson
# echo "local${cntlog}.* /var/log/ldap/ldap.log" >> /etc/syslog.conf
echo -e "local${cntlog}.*\t\t\t\t\t\t\t-/var/log/ldap2.2/ldap.log" >> /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
else
echo "I can't set syslog local-user!"
fi
# set syslog local-user in /etc/sysconfig/ldap
perl -pi -e "s|^.*SLAPDSYSLOGLOCALUSER.*|SLAPDSYSLOGLOCALUSER=\"LOCAL${cntlog}\"|g" /etc/sysconfig/ldap2.2
fi
# Reset right permissions
for i in /var/lib/ldap/* ; do
if [ -f $i ]; then
chmod 0600 $i
chown ldap:ldap $i
fi
done
# generate the ldap.pem cert here instead of the initscript
if [ ! -e /etc/ssl/openldap2.2/ldap.pem ] ; then
if [ -x /usr/share/openldap2.2/gencert.sh ] ; then
echo "Generating self-signed certificate..."
pushd /etc/ssl/openldap2.2/ > /dev/null
yes ""|/usr/share/openldap2.2/gencert.sh >/dev/null 2>&1
chmod 640 ldap.pem
chown root:ldap ldap.pem
popd > /dev/null
fi
echo "To generate a self-signed certificate, you can use the utility"
echo "/usr/share/openldap2.2/gencert.sh..."
fi
pushd /etc/openldap2.2/ > /dev/null
for i in slapd.conf slapd.access.conf ; do
if [ -f $i ]; then
chmod 0640 $i
chown root:ldap $i
fi
done
popd > /dev/null
/usr/share/rpm-helper/add-service openldap2.2 $1 ldap2.2
# nscd reset
if [ -f /var/lock/subsys/nscd ]; then
service nscd restart > /dev/null 2>/dev/null || :
fi
POSTUN
/bin/sh
/sbin/ldconfig
if [ $1 = 0 ]; then
# remove ldap entry
perl -pi -e "s|^.*ldap.*\n||g" /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
fi
/usr/share/rpm-helper/del-user openldap2.2 $1 ldap