PREIN

/bin/sh

# Take care to only do ownership-changing if we're adding the user.
getent group ldap > /dev/null || \
/usr/sbin/groupadd -r -g 55 ldap
if /usr/sbin/useradd -c "LDAP User" -u 55 -g ldap \
    -s /sbin/nologin -r -d /var/lib/ldap ldap 2> /dev/null ; then
    if [ -d /var/lib/ldap ] ; then
        for dbfile in /var/lib/ldap/* ; do
            if [ -f $dbfile ] ; then
                chown ldap:ldap $dbfile
            fi
        done
    fi
fi

if [ "$1" = "2" ]; then
    # guess, if database upgrade is necessary
    OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
    NEW_BDB_VERSION=$( echo 4.8.30 | sed 's/.[0-9]*$//' )

    OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
    NEW_SLAPD_VERSION=$( echo 2.4.24 | sed 's/\.[0-9]*$//' )
    # we need to detect how is the init script named
    # - in older versions ldap
    # - in newer versions slapd
    if [ -f /etc/init.d/ldap ]; then
        SERVICE_NAME=ldap
    elif [ -f /etc/init.d/slapd ]; then
        SERVICE_NAME=slapd
    fi

    if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
        # Minor version number has changed -> slapcat/slapadd of the BDB database 
        # is necessary. Save an ldif of the database where the "% post servers" 
        # scriptlet can restore it.  Also save the database files to a "rpmorig" 
        # directory - Just In Case (TM)

        # stop the server
        if /sbin/service $SERVICE_NAME status &>/dev/null; then 
            touch /var/lib/ldap/need_start
            /sbin/service $SERVICE_NAME stop &>/dev/null
        fi

        files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
        if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
            if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1 ; then
                if [ -f /var/lib/ldap/upgrade.ldif ] ; then
                    /bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                    mkdir /var/lib/ldap/rpmorig
                    mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                    cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                else
                    /bin/rm -f /var/lib/ldap/upgrade.ldif
                fi
            fi
        fi
    else
        if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
            # Minor version number of bdb has changed -> run db_upgrade in % post script 
    
            # stop the server
            if /sbin/service $SERVICE_NAME status &>/dev/null; then 
                touch /var/lib/ldap/need_start
                /sbin/service $SERVICE_NAME stop &>/dev/null
            fi

            # Ensure, that the database is correct
            /sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap &>/dev/null
            # Just create /var/lib/ldap/need_db_upgrade so % post knows
            touch /var/lib/ldap/need_db_upgrade &>/dev/null
        fi
    fi
fi
exit 0

PREUN

/bin/sh

if [ "$1" = "0" ] ; then
  /sbin/service slapd stop > /dev/null 2>&1 || :
  /sbin/chkconfig --del slapd
# Openldap-servers are being removed from system.
# Do not touch the database! Older versions of this
# package attempted to store database in LDIF format, so
# it can be restored later - but it's up to the administrator 
# to save the database, if he/she wants so.
fi

POSTIN

/bin/sh

/sbin/ldconfig
/sbin/chkconfig --add slapd
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
    /sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif > /dev/null 2>&1
    rm -f /var/lib/ldap/upgrade.ldif
fi

# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/need_db_upgrade ]; then
    /sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap"  -h /var/lib/ldap /var/lib/ldap/*.bdb
    /sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1
    rm -f /var/lib/ldap/need_db_upgrade
fi

if [ ! -f /etc/pki/tls/certs/slapd.pem ] ; then
pushd /etc/pki/tls/certs > /dev/null 2>&1
umask 077
cat << EOF | make slapd.pem > /dev/null 2>&1
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root@localhost.localdomain
EOF
chown root:ldap slapd.pem
chmod 640 slapd.pem
popd
fi

if [ -f /etc/openldap/slapd.conf ]; then
    # if there is no slapd.conf, we probably already have new configuration in place
    mv /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bak
    mkdir -p /etc/openldap/slapd.d/
    lines=`egrep -n '^(database|backend)' /etc/openldap/slapd.conf.bak | cut -d: -f1 | head -n 1`
    lines=$(($lines-1))
    head -n $lines /etc/openldap/slapd.conf.bak > /etc/openldap/slapd.conf
    cat >> /etc/openldap/slapd.conf << EOF
database config
rootdn   "cn=admin,cn=config"
#rootpw   secret
EOF
    lines_r=`wc --lines /etc/openldap/slapd.conf.bak | cut -f1 -d" "`
    lines_r=$(($lines_r-$lines))
    tail -n $lines_r /etc/openldap/slapd.conf.bak >> /etc/openldap/slapd.conf
    slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d > /dev/null 2> /dev/null
    chown -R ldap:ldap /etc/openldap/slapd.d
    chmod -R 000 /etc/openldap/slapd.d
    chmod -R u+rwX /etc/openldap/slapd.d
    rm -f /etc/openldap/slapd.conf
fi


if [ $1 -ge 1 ] ; then
    /sbin/service slapd condrestart &>/dev/null
    /sbin/service slapd status &>/dev/null
    if [ "$?" != "0" -a -f /var/lib/ldap/need_start ]; then
        /sbin/service slapd start &>/dev/null
        rm -f /var/lib/ldap/need_start &>/dev/null 
    fi
fi

exit 0

POSTUN

/bin/sh

/sbin/ldconfig