PREIN
/bin/sh
/usr/share/rpm-helper/add-user openldap2.2 $1 ldap /var/lib/ldap /bin/false
# allowing slapd to read hosts.allow and hosts.deny
/usr/bin/gpasswd -a ldap adm 1>&2 > /dev/null || :
LDAPUSER=ldap
LDAPGROUP=ldap
[ -e "/etc/sysconfig/openldap2.2" ] && . "/etc/sysconfig/openldap2.2"
SLAPDCONF=${SLAPDCONF:-/etc/openldap2.2/slapd.conf}
if [ -e "$SLAPDCONF" ]
then
SLAPD_STATUS=`LANG=C LC_ALL=C NOLOCALE=1 service ldap2.2 status 2>/dev/null|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 stop
#`awk '/^[:space:]*directory[:space:]*\w*/ {print $2}' /etc/openldap2.2/slapd.conf`
dbs=`awk 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2;suf="";dir=""}; /^[:space:]*suffix[:space:]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm"||db=="hdb")&&(suf!=""&&dir!="")) print dir,suf};/^[:space:]*directory[:space:]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm"||db="hdb")&&(suf!=""&&dir!="")) print dir,suf};' "$SLAPDCONF" $(awk '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'`
for db in $dbs
do
dbdir=${db/:*/}
dbsuffix=${db/*:/}
[ -e /etc/sysconfig/ldap2.2 ] && . /etc/sysconfig/ldap2.2
# data migration between incompatible versions
# openldap >= 2.2.x have slapcat as a link to slapd, older releases do not
if [ "${AUTOMIGRATE:-yes}" == "yes" -a -f /usr/sbin/slapcat ]
then
ldiffile="rpm-migrate-to-2.2.ldif"
# dont do backups more than onc
if [ ! -e "${dbdir}/${ldiffile}-imported" -a ! -e "${dbdir}/${ldiffile}-import-failed" ];then
echo "Migrating pre-OpenLDAP-2.2 data"
echo "Making a backup of $dbsuffix to ldif file ${dbdir}/$ldiffile"
# For some reason, slapcat works in the shell when slapd is
# running but not via rpm ...
slapcat -b "$dbsuffix" -l ${dbdir}/${ldiffile} ||:
fi
fi
DBRECOVER=""
if [ -x /usr/bin/slapd_db_recover2.2 ]
then
# private db_recover is the best choice
DBRECOVER=/usr/bin/slapd_db_recover2.2
elif [ -x /usr/bin/db_recover ]
then
DBRECOVER=/usr/bin/db_recover
else
DBRECOVER=""
fi
if [ -n "`find ${dbdir}/*.bdb 2>&-`" ]
then
if [ -n "$DBRECOVER" ]
then
echo "Running $DBRECOVER on ${dbdir}"
su $LDAPUSER -s /bin/bash -c "$DBRECOVER -h ${dbdir} 2>&1 >/dev/null"
else
echo "Warning: no db_recover available for ${dbdir}"
fi
fi
done
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 start || :
fi
PREUN
/bin/sh
/usr/share/rpm-helper/del-service openldap2.2 $1 ldap2.2
POSTIN
/bin/sh
/sbin/ldconfig
SLAPD_STATUS=`LANG=C LC_ALL=C NOLOCALE=1 service ldap2.2 status 2>/dev/null|grep -q stopped;echo $?`
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 stop
# bgmilne: part 2 of gdbm->dbb conversion for data created with
# original package for 9.1:
dbnum=1
LDAPUSER=ldap
LDAPGROUP=ldap
[ -e "/etc/sysconfig/openldap2.2" ] && . "/etc/sysconfig/openldap2.2"
SLAPDCONF=${SLAPDCONF:-/etc/openldap2.2/slapd.conf}
if [ -e "$SLAPDCONF" ]
then
dbs=`awk 'BEGIN {OFS=":"} /[:space:]*^database[:space:]*\w*/ {db=$2;suf="";dir=""}; /^[:space:]*suffix[:space:]*\w*/ {suf=$2;if((db=="bdb"||db=="ldbm")&&(suf!=""&&dir!="")) print dir,suf};/^[:space:]*directory[:space:]*\w*/ {dir=$2; if((db=="bdb"||db=="ldbm")&&(suf!=""&&dir!="")) print dir,suf};' "$SLAPDCONF" $(awk '/^[[:blank:]]*include[[:blank:]]*/ {print $2}' "$SLAPDCONF")|sed -e 's/"//g'`
for db in $dbs
do
dbdir=${db/:*/}
dbsuffix=${db/*:/}
ldiffile="rpm-migrate-to-2.2.ldif"
if [ -e "${dbdir}/${ldiffile}" ]
then
if [ -e ${dbdir}/ldap-rpm-backup ]
then
echo "Warning: Old ldap backup data in ${dbdir}/ldap-rpm-backup"
echo "If importing ${dbdir}/${ldiffile} fails,"
echo "please do it manually by running (as root):"
echo "# service ldap2.2 stop"
echo "# slapadd2.2 -c -l ${dbdir}/${ldiffile}-import-failed"
echo "# chown $LDAPUSER:$LDAPGROUP ${dbdir}/*"
echo "# service ldap2.2 start"
fi
echo "Moving the database files fom ${dbdir} to ${dbdir}/ldap-rpm-backup"
mkdir -p ${dbdir}/ldap-rpm-backup
mv -f ${dbdir}/{*.bdb,*.gdbm,*.dbb,log.*,__db*} ${dbdir}/ldap-rpm-backup 2>/dev/null
echo "Importing $dbsuffix from ${dbdir}/${ldiffile}"
if slapadd2.2 -cv -b "$dbsuffix" -l ${dbdir}/${ldiffile} > \
${dbdir}/rpm-ldif-import.log 2>&1
then
echo "Import complete, see log ${dbdir}/rpm-ldif-import.log"
echo "If any entries were not migrated, see ${dbdir}/${ldiffile}-imported"
mv -f ${dbdir}/${ldiffile} ${dbdir}/${ldiffile}-imported
else
echo "Import failed on ${dbdir}/${ldifffile}, see ${dbdir}/rpm-ldif-import.log"
echo "An ldif dump of $dbsuffix has been saved as ${dbdir}/${ldiffile}-import-failed"
mv -f ${dbdir}/${ldiffile} ${dbdir}/${ldiffile}-import-failed
fi
fi
chown $LDAPUSER:$LDAPGROUP -R ${dbdir}
# openldap-2.0.x->2.1.x on ldbm/dbb backend seems to need reindex regardless:
#slapindex -n $dbnum
#dbnum=$[dbnum+1]
done
fi
[ $SLAPD_STATUS -eq 1 ] && service ldap2.2 start
# Setup log facility for OpenLDAP
if [ -f /etc/syslog.conf ] ;then
# clean syslog
perl -pi -e "s|^.*ldap2.2.*\n||g" /etc/syslog.conf
typeset -i cntlog
cntlog=0
# probe free local-users
while [ `grep -c local${cntlog} /etc/syslog.conf` -gt 0 ]
do
cntlog=${cntlog}+1
done
if [ ${cntlog} -le 9 ];then
echo "# added by openldap2.2-2.2.27 r""pm $(date)" >> /etc/syslog.conf
# modified by Oden Eriksson
# echo "local${cntlog}.* /var/log/ldap/ldap.log" >> /etc/syslog.conf
echo -e "local${cntlog}.*\t\t\t\t\t\t\t-/var/log/ldap2.2/ldap.log" >> /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
else
echo "I can't set syslog local-user!"
fi
# set syslog local-user in /etc/sysconfig/ldap
perl -pi -e "s|^.*SLAPDSYSLOGLOCALUSER.*|SLAPDSYSLOGLOCALUSER=\"LOCAL${cntlog}\"|g" /etc/sysconfig/ldap2.2
fi
# generate the ldap.pem cert here instead of the initscript
if [ ! -e /etc/ssl/openldap2.2/ldap.pem ] ; then
if [ -x /usr/share/openldap2.2/gencert.sh ] ; then
echo "Generating self-signed certificate..."
pushd /etc/ssl/openldap2.2/ > /dev/null
yes ""|/usr/share/openldap2.2/gencert.sh >/dev/null 2>&1
chmod 640 ldap.pem
chown root:$LDAPGROUP ldap.pem
popd > /dev/null
fi
echo "To generate a self-signed certificate, you can use the utility"
echo "/usr/share/openldap2.2/gencert.sh..."
fi
pushd /etc/openldap2.2/ > /dev/null
for i in slapd.conf slapd.access.conf ; do
if [ -f $i ]; then
chmod 0640 $i
chown root:$LDAPGROUP $i
fi
done
popd > /dev/null
/usr/share/rpm-helper/add-service openldap2.2 $1 ldap2.2
# nscd reset
if [ -f /var/lock/subsys/nscd ]; then
service nscd restart > /dev/null 2>/dev/null || :
fi
POSTUN
/bin/sh
/sbin/ldconfig
if [ $1 = 0 ]; then
# remove ldap entry
perl -pi -e "s|^.*ldap.*\n||g" /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
fi
/usr/share/rpm-helper/del-user openldap2.2 $1 ldap