PREIN
/bin/sh
# Take care to only do ownership-changing if we're adding the user.
getent group ldap > /dev/null || \
/usr/sbin/groupadd -r -g 55 ldap
if /usr/sbin/useradd -c "LDAP User" -u 55 -g ldap \
-s /sbin/nologin -r -d /var/lib/ldap ldap 2> /dev/null ; then
if [ -d /var/lib/ldap ] ; then
for dbfile in /var/lib/ldap/* ; do
if [ -f $dbfile ] ; then
chown ldap:ldap $dbfile
fi
done
fi
fi
if [ "$1" = "2" ]; then
# guess, if database upgrade is necessary
OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
NEW_BDB_VERSION=$( echo 4.8.30 | sed 's/.[0-9]*$//' )
OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
NEW_SLAPD_VERSION=$( echo 2.4.24 | sed 's/\.[0-9]*$//' )
# we need to detect how is the init script named
# - in older versions ldap
# - in newer versions slapd
if [ -f /etc/init.d/ldap ]; then
SERVICE_NAME=ldap
elif [ -f /etc/init.d/slapd ]; then
SERVICE_NAME=slapd
fi
if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
# Minor version number has changed -> slapcat/slapadd of the BDB database
# is necessary. Save an ldif of the database where the "% post servers"
# scriptlet can restore it. Also save the database files to a "rpmorig"
# directory - Just In Case (TM)
# stop the server
if /sbin/service $SERVICE_NAME status &>/dev/null; then
touch /var/lib/ldap/need_start
/sbin/service $SERVICE_NAME stop &>/dev/null
fi
files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
/bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
mkdir /var/lib/ldap/rpmorig
mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
else
/bin/rm -f /var/lib/ldap/upgrade.ldif
fi
fi
fi
else
if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
# Minor version number of bdb has changed -> run db_upgrade in % post script
# stop the server
if /sbin/service $SERVICE_NAME status &>/dev/null; then
touch /var/lib/ldap/need_start
/sbin/service $SERVICE_NAME stop &>/dev/null
fi
# Ensure, that the database is correct
/sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap &>/dev/null
# Just create /var/lib/ldap/need_db_upgrade so % post knows
touch /var/lib/ldap/need_db_upgrade &>/dev/null
fi
fi
fi
exit 0
PREUN
/bin/sh
if [ "$1" = "0" ] ; then
/sbin/service slapd stop > /dev/null 2>&1 || :
/sbin/chkconfig --del slapd
# Openldap-servers are being removed from system.
# Do not touch the database! Older versions of this
# package attempted to store database in LDIF format, so
# it can be restored later - but it's up to the administrator
# to save the database, if he/she wants so.
fi
POSTIN
/bin/sh
/sbin/ldconfig
/sbin/chkconfig --add slapd
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
/sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1
rm -f /var/lib/ldap/upgrade.ldif
fi
# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/need_db_upgrade ]; then
/sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap" -h /var/lib/ldap /var/lib/ldap/*.bdb
/sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1
rm -f /var/lib/ldap/need_db_upgrade
fi
if [ ! -f /etc/pki/tls/certs/slapd.pem ] ; then
pushd /etc/pki/tls/certs > /dev/null 2>&1
umask 077
cat << EOF | make slapd.pem > /dev/null 2>&1
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root@localhost.localdomain
EOF
chown root:ldap slapd.pem
chmod 640 slapd.pem
popd
fi
if [ -f /etc/openldap/slapd.conf ]; then
# if there is no slapd.conf, we probably already have new configuration in place
mv /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
mkdir -p /etc/openldap/slapd.d/
lines=`egrep -n '^(database|backend)' /etc/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
lines=$(($lines-1))
head -n $lines /etc/openldap/slapd.conf.bak > /etc/openldap/slapd.conf
cat >> /etc/openldap/slapd.conf << EOF
database config
rootdn "cn=admin,cn=config"
#rootpw secret
EOF
lines_r=`wc --lines /etc/openldap/slapd.conf.bak | cut -f1 -d" "`
lines_r=$(($lines_r-$lines))
tail -n $lines_r /etc/openldap/slapd.conf.bak >> /etc/openldap/slapd.conf
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d > /dev/null 2> /dev/null
chown -R ldap:ldap /etc/openldap/slapd.d
chmod -R 000 /etc/openldap/slapd.d
chmod -R u+rwX /etc/openldap/slapd.d
rm -f /etc/openldap/slapd.conf
fi
if [ $1 -ge 1 ] ; then
/sbin/service slapd condrestart &>/dev/null
/sbin/service slapd status &>/dev/null
if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
/sbin/service slapd start &>/dev/null
rm -f /var/lib/ldap/need_start &>/dev/null
fi
fi
exit 0
POSTUN
/bin/sh
/sbin/ldconfig