PREIN
/bin/sh
# Take care to only do ownership-changing if we're adding the user.
if /usr/sbin/useradd -c "LDAP User" -u 55 \
-s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null ; then
if [ -d /var/lib/ldap ] ; then
for dbfile in /var/lib/ldap/* ; do
if [ -f $dbfile ] ; then
chown ldap:ldap $dbfile
fi
done
fi
fi
if [ "$1" = "2" ]; then
# Log progress into /var/lib/ldap/openldap-severs-update.log
echo "Updating openldap-servers, %pre section" >/var/lib/ldap/openldap-severs-update.log 2>&1
date >>/var/lib/ldap/openldap-severs-update.log 2>&1
# Guess, if database upgrade is necessary
OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
NEW_BDB_VERSION=$( echo 4.4.20 | sed 's/.[0-9]*$//' )
echo "Old BDB version: $OLD_BDB_VERSION, new BDB version: $NEW_BDB_VERSION" >>/var/lib/ldap/openldap-severs-update.log 2>&1
OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
NEW_SLAPD_VERSION=$( echo 2.3.43 | sed 's/\.[0-9]*$//' )
echo "Old OpenLDAP version: $OLD_SLAPD_VERSION, new OpenLDAP version: $NEW_SLAPD_VERSION" >>/var/lib/ldap/openldap-severs-update.log 2>&1
if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
# Minor version number has changed -> slapcat/slapadd of the BDB database
# is necessary. Save an ldif of the database where the "% post servers"
# scriptlet can restore it. Also save the database files to a "rpmorig"
# directory - Just In Case (TM)
echo "-> complete dump and restore of BDB database is necessary" >>/var/lib/ldap/openldap-severs-update.log 2>&1
# stop the server
if /sbin/service ldap status &>/dev/null; then
touch /var/lib/ldap/need_start
/sbin/service ldap stop &>/dev/null
fi
# Upgrade it only if the database was configured and used. Check only
# for default location, database in custom directories must be migrated
# manually by admin.
files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
echo "Dumping database in /var/lib/ldap" >>/var/lib/ldap/openldap-severs-update.log 2>&1
if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1 ; then
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
echo "Storing original database in /var/lib/ldap/rpmorig" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
mkdir /var/lib/ldap/rpmorig
mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
else
echo "Dump failed!" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/bin/rm -f /var/lib/ldap/upgrade.ldif
fi
fi
fi
else
if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
# Minor version number of bdb has changed -> run db_upgrade in % post script
# stop the server
echo "-> db-upgrade is necessary" >>/var/lib/ldap/openldap-severs-update.log 2>&1
if /sbin/service ldap status &>/dev/null; then
touch /var/lib/ldap/need_start
/sbin/service ldap stop &>/dev/null
fi
# Ensure, that the database is valid
echo "Running /slapd_db_recover" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap >>/var/lib/ldap/openldap-severs-update.log 2>&1
# Just create /var/lib/ldap/need_db_upgrade so % post knows
touch /var/lib/ldap/need_db_upgrade &>/dev/null
fi
fi
echo "%pre done" >>/var/lib/ldap/openldap-severs-update.log 2>&1
fi
exit 0
PREUN
/bin/sh
if [ "$1" = "0" ] ; then
/sbin/service ldap stop > /dev/null 2>&1 || :
/sbin/chkconfig --del ldap
fi
POSTIN
/bin/sh
/sbin/ldconfig
/sbin/chkconfig --add ldap
echo "Entering %post section..." >>/var/lib/ldap/openldap-severs-update.log 2>&1
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the %pre and contains data of the previous version.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
echo "Restoring /var/lib/ldap database from dump" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1
if [ "$?" == "0" ]; then
rm -f /var/lib/ldap/upgrade.ldif
echo "Database restored successfully" >>/var/lib/ldap/openldap-severs-update.log 2>&1
else
echo "Database restore failed. Old database can be found in /var/lib/ldap/rpmorig/ and in /var/lib/ldap/upgrade.ldif" >>/var/lib/ldap/openldap-severs-update.log 2>&1
fi
fi
# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/need_db_upgrade ]; then
echo "Running db_upgrade on /var/lib/ldap/*.bdb" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap" -h /var/lib/ldap /var/lib/ldap/*.bdb >>/var/lib/ldap/openldap-severs-update.log 2>&1
echo "Creating checkpoint" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1 >>/var/lib/ldap/openldap-severs-update.log 2>&1
rm -f /var/lib/ldap/need_db_upgrade
fi
exec > /dev/null 2> /dev/null
if [ ! -f /etc/pki/tls/certs/slapd.pem ] ; then
pushd /etc/pki/tls/certs
umask 077
cat << EOF | make slapd.pem
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root@localhost.localdomain
EOF
chown root:ldap slapd.pem
chmod 640 slapd.pem
popd
fi
echo "%post done" >>/var/lib/ldap/openldap-severs-update.log 2>&1
exit 0
POSTUN
/bin/sh
/sbin/ldconfig
if [ $1 -ge 1 ] ; then
/sbin/service ldap condrestart > /dev/null 2>&1 || :
fi
POSTTRANS
/bin/sh
# prev. versions of openldap-servers package exported the database
# to /var/lib/ldap/upgrade.ldif and moved the database to
# /var/lib/rpmorig in %preun, assuming that %post will be called
# later and restore the DB from there. Unfortunatelly this
# assumption is wrong, %preun is called after %post ->
# in the end the database is moved to /var/lib/rpmorig
# and nobody restores it.
# Let's restore it here:
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the uninstall of the previous version.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
echo "Entering %posttrans section, /var/lib/ldap/upgrade.ldif created by %postun of prev. version detected" >>/var/lib/ldap/openldap-severs-update.log 2>&1
STARTAGAIN=0
/sbin/service ldap status >/dev/null 2>/dev/null
if [ "$?" = "0" ] ; then
service ldap stop
STARTAGAIN=1
fi
# set the database owner - #preun of prev. version could create
# the database with root:root owner (!)
if [ -d /var/lib/ldap ] ; then
for dbfile in /var/lib/ldap/* ; do
if [ -f $dbfile ] ; then
chown ldap:ldap $dbfile
fi
done
fi
echo "Restoring database" >>/var/lib/ldap/openldap-severs-update.log 2>&1
/sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1
rm /var/lib/ldap/upgrade.ldif
if [ "$STARTAGAIN" = 1 ] ; then
service ldap start
fi
fi
exec > /dev/null 2> /dev/null