PREIN
/bin/sh
/usr/share/rpm-helper/add-user openldap $1 ldap /var/lib/ldap /bin/false
# allowing slapd to read hosts.allow and hosts.deny
/usr/bin/gpasswd -a ldap adm 1>&2 > /dev/null || :
PREUN
/bin/sh
/usr/share/rpm-helper/del-service openldap $1 ldap
POSTIN
/bin/sh
# Setup log facility for OpenLDAP
if [ -f /etc/syslog.conf ] ;then
# clean syslog
perl -pi -e "s|^.*ldap.*\n||g" /etc/syslog.conf
typeset -i cntlog
cntlog=0
# probe free local-users
while [ `grep -c local${cntlog} /etc/syslog.conf` -gt 0 ]
do
cntlog=${cntlog}+1
done
if [ ${cntlog} -le 9 ];then
echo "# added by openldap-2.0.27 r""pm $(date)" >> /etc/syslog.conf
# modified by Oden Eriksson
# echo "local${cntlog}.* /var/log/ldap/ldap.log" >> /etc/syslog.conf
echo -e "local${cntlog}.*\t\t\t\t\t\t\t-/var/log/ldap/ldap.log" >> /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
else
echo "I can't set syslog local-user!"
fi
# set syslog local-user in /etc/sysconfig/ldap
perl -pi -e "s|^.*SLAPDSYSLOGLOCALUSER.*|SLAPDSYSLOGLOCALUSER=\"LOCAL${cntlog}\"|g" /etc/sysconfig/ldap
fi
# Reset right permissions
for i in /var/lib/ldap/* ; do
if [ -f $i ]; then
chmod 0600 $i
chown ldap.ldap $i
fi
done
# generate the ldap.pem cert here instead of the initscript
if [ ! -e /etc/ssl/openldap/ldap.pem ] ; then
if [ -x /usr/share/openldap/gencert.sh ] ; then
echo "Generating self-signed certificate..."
pushd /etc/ssl/openldap/ > /dev/null
yes ""|/usr/share/openldap/gencert.sh >/dev/null 2>&1
chmod 640 ldap.pem
chown root.ldap ldap.pem
popd > /dev/null
fi
echo "To generate a self-signed certificate, you can use the utility"
echo "/usr/share/openldap/gencert.sh..."
fi
# talk about gdbm to ldif conversion here instead of the initscript
if ls /var/lib/ldap/*.gdbm > /dev/null 2>&1 || : ; then
echo "To convert a gdbm DB to a ldif file, you can use the utility"
echo "/usr/sbin/slapcat-gdbm (actually openldap uses Berkeley DB 3.x)..."
fi
pushd /etc/openldap/ > /dev/null
for i in slapd.conf slapd.access.conf ; do
if [ -f $i ]; then
chmod 0640 $i
chown root.ldap $i
fi
done
popd > /dev/null
/usr/share/rpm-helper/add-service openldap $1 ldap
# nscd reset
if [ -f /var/lock/subsys/nscd ]; then
service nscd restart > /dev/null 2>/dev/null || :
fi
POSTUN
/bin/sh
if [ $1 = 0 ]; then
# remove ldap entry
perl -pi -e "s|^.*ldap.*\n||g" /etc/syslog.conf
# reset syslog daemon
if [ -f /var/lock/subsys/syslog ]; then
service syslog restart > /dev/null 2>/dev/null || :
fi
fi
/usr/share/rpm-helper/del-user openldap $1 ldap