PREIN
/bin/sh
getent group ldap > /dev/null || \
/usr/sbin/groupadd -r -g 55 ldap
getent passwd nslcd > /dev/null || \
/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \
-u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || :
PREUN
/bin/sh
if [ "$1" -eq "0" ]; then
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/usr/bin/systemctl --no-reload disable nslcd.service > /dev/null 2>&1 || :
/usr/bin/systemctl stop nslcd.service > /dev/null 2>&1 || :
fi
fi
exit 0
POSTIN
/bin/sh
# The usual stuff.
if [ $1 -eq 1 ] ; then
# Initial installation
/usr/bin/systemctl preset nslcd.service >/dev/null 2>&1 || :
fi
/sbin/ldconfig
# Import important non-default settings from nss_ldap or pam_ldap configuration
# files, but only the first time this package is installed.
comment="This comment prevents repeated auto-migration of settings."
if test -s /etc/nss-ldapd.conf ; then
source=/etc/nss-ldapd.conf
elif test -s /etc/nss_ldap.conf ; then
source=/etc/nss_ldap.conf
elif test -s /etc/pam_ldap.conf ; then
source=/etc/pam_ldap.conf
else
source=/etc/ldap.conf
fi
target=/etc/nslcd.conf
if test "$1" -eq "1" && ! grep -q -F "# $comment" $target 2> /dev/null ; then
# Try to make sure we only do this the first time.
echo "# $comment" >> $target
if grep -E -q '^uri[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the uri.
grep -E '^uri[[:blank:]]' $source >> $target
elif grep -E -q '^host[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default host/uri and replace it...
sed -i -r -e 's,^((host|uri)[[:blank:]].*),# \1,g' $target
# ... with the "host" reformatted as a URI.
scheme=ldap
# check for 'ssl on', which means we want to use ldaps://
if grep -E -q '^ssl[[:blank:]]+on$' $source 2> /dev/null ; then
scheme=ldaps
fi
grep -E '^host[[:blank:]]' $source |\
sed -r -e "s,^host[[:blank:]](.*),uri ${scheme}://\1/,g" >> $target
fi
# Base doesn't require any special logic.
if grep -E -q '^base[[:blank:]]' $source 2> /dev/null ; then
# Comment out the packaged default base and replace it.
sed -i -r -e 's,^(base[[:blank:]].*),# \1,g' $target
grep -E '^base[[:blank:]]' $source >> $target
fi
# Pull in these settings, if they're set, directly.
grep -E '^(binddn|bindpw|port|scope|ssl|pagesize)[[:blank:]]' $source 2> /dev/null >> $target
grep -E '^(tls_)' $source 2> /dev/null >> $target
grep -E '^(timelimit|bind_timelimit|idle_timelimit)[[:blank:]]' $source 2> /dev/null >> $target
fi
# If this is the first time we're being installed, and the system is already
# configured to use LDAP as a naming service, enable the daemon, but don't
# start it since we can never know if that's a safe thing to do. If this
# is an upgrade, leave the user's runlevel selections alone.
if [ "$1" -eq "1" ]; then
if grep -E -q '^USELDAP=yes$' /etc/sysconfig/authconfig 2> /dev/null ; then
/bin/systemctl --no-reload enable nslcd.service >/dev/null 2>&1 ||:
fi
fi
# Earlier versions of 0.7.6 of this package would have included both 'gid
# nslcd' (a group which doesn't exist) and 'gid ldap' (which we ensure exists).
# If we detect both, fix the configuration.
if grep -q '^gid nslcd' $target ; then
if grep -q '^gid ldap' $target ; then
sed -i -e 's,^gid nslcd$,# gid nslcd,g' $target
fi
fi
# In 0.8.4, the name of the attribute which was expected to contain the DNs of
# a group's members changed from "uniqueMember" to "member". Change any
# instances of "map group uniqueMember ..." to "map group member ...", unless
# "member" is already being mapped, in which case attempting this would
# probably just confuse things further.
if grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]]" $target ; then
if ! grep -E -q "^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+member[[:blank:]]" $target ; then
sed -i -r -e "s,^[[:blank:]]*map[[:blank:]]+group[[:blank:]]+uniqueMember[[:blank:]](.*),map group member \1,g" $target
fi
fi
# Create the daemon's /var/run directory if it isn't there.
if ! test -d /var/run/nslcd ; then
mkdir -p -m 0755 /var/run/nslcd
fi
exit 0
POSTUN
/bin/sh
/sbin/ldconfig
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || :
if [ $1 -ge 1 ] ; then
# Package upgrade, not uninstall
/usr/bin/systemctl try-restart nslcd.service >/dev/null 2>&1 || :
fi
exit 0