#!/bin/bash
if [ "`id -u`" != "0" ]; then
echo "Error, must be root user"
exit 1
fi
SLAPTEST="/usr/sbin/slaptest"
SLAPADD="/usr/sbin/slapadd"
SLAPPASSWD="/usr/sbin/slappasswd"
slapd_conf_template="/usr/share/openldap/mandriva-dit/mandriva-dit-slapd-template.conf"
base_ldif_template="/usr/share/openldap/mandriva-dit/mandriva-dit-base-template.ldif"
acl_template="/usr/share/openldap/mandriva-dit/mandriva-dit-access-template.conf"
acl_file="/etc/openldap/mandriva-dit-access.conf"
now=`date +%s`
myfqdn=`hostname -f`
verbose=
noprompt=
if [ -z "$myfqdn" ]; then
myfqdn="localhost"
fi
function usage() {
echo "Usage:"
echo "$0 [-h | --help] [-v] [-d <dnsdomain>] [-p <password>] [-y]"
echo
echo "-h | --help : shows this help"
echo "-v : verbose mode"
echo "-d <dnsdomain> : use <dnsdomain> for dns domain"
echo "-p <password> : use <password> for LDAP Admin password"
echo
echo "-y : assume default answer in all prompts "
echo " except the password one"
}
function echo_v() {
if [ -n "$verbose" ]; then
echo "== $@"
fi
}
# output: stdout: example.com or the possible detected domain
function detect_domain() {
mydomain=`hostname -d`
if [ -z "$mydomain" ]; then
mydomain="example.com"
fi
echo "$mydomain"
return 0
}
# output: stdout: name of temporary file
# *exits* if error
function make_temp() {
tmpfile=`mktemp ${TMP:-/tmp}/mandriva-dit.XXXXXXXXXXXX`
if [ -f "$tmpfile" ]; then
echo "$tmpfile"
return 0
else
echo "error while making temporary file" >&2
exit 1
fi
}
# $1: domain
# returns standard dc=foo,dc=bar suffix on stdout
function calc_suffix() {
old_ifs=${IFS}
IFS="."
for component in $1; do
result="$result,dc=$component"
done
IFS="${old_ifs}"
echo "${result#,}"
return 0
}
# $1: directory where the LDAP database is
# output (stdout): backup dir of the previous database
function clean_database() {
backupdir="/var/lib/ldap.$now"
cp -a "$1" "$backupdir" 2>/dev/null
if [ "$?" -ne "0" ]; then
echo "Error, could not make a backup copy of the"
echo "current LDAP database, aborting..."
echo
echo "(not enough disk space?)"
echo
exit 1
fi
rm -f "$1"/{*.bdb,log.*,__*,alock}
echo "$backupdir"
return 0
}
# $1: *file* to be backed up
# output (stdout): backup filename
function mybackup() {
if [ ! -f "$1" ]; then
echo "Internal error, $1 has to be a file" >&2
echo "Aborting" >&2
exit 1
fi
newname="$1.$now"
cp -a "$1" "$newname"
echo "$newname"
return 0
}
while [ -n "$1" ]; do
case "$1" in
-h | --help)
usage
exit 1
;;
-v)
verbose=1
shift
;;
-d)
shift
if [ -n "$1" -a "${1##-}" != "${1}" -o -z "${1}" ]; then
echo "Error, -d requires an argument"
exit 1
fi
mydomain="$1"
shift
;;
-p)
shift
if [ -n "$1" -a "${1##-}" != "${1}" -o -z "${1}" ]; then
echo "Error, -p requires an argument"
exit 1
fi
mypass="$1"
shift
;;
-y)
noprompt=1
shift
;;
esac
done
echo_v
echo_v "Running in verbose mode"
echo_v
if [ -z "$mydomain" ]; then
mydomain=`detect_domain`
if [ -z "$noprompt" ]; then
echo "Please enter your DNS domain name [$mydomain]:"
read inputdomain
if [ -n "$inputdomain" ]; then
mydomain="$inputdomain"
fi
fi
fi
mysuffix=`calc_suffix $mydomain`
if [ -z "$mypass" ]; then
echo
echo "Administrator account"
echo
echo "The administrator account for this directory is"
echo "uid=LDAP Admin,ou=System Accounts,$mysuffix"
echo
echo "Please choose a password for this account:"
myslapdpass=`make_temp`
while /bin/true; do
$SLAPPASSWD -h {SSHA} | tee $myslapdpass
pass=`grep SSHA $myslapdpass`
if [ -n "$pass" ]; then
break
fi
done
else
pass=`$SLAPPASSWD -h {SSHA} -s "$mypass"`
if [ "$?" -ne "0" ]; then
echo "Error at generating password, exiting"
exit 1
fi
fi
# confirmation
echo
echo
echo "Summary"
echo "======="
echo
echo "Domain: $mydomain"
echo "LDAP suffix: $mysuffix"
echo "Administrator: uid=LDAP Admin,ou=System Accounts,$mysuffix"
echo
if [ -z "$noprompt" ]; then
echo "Confirm? (Y/n)"
read val
if [ "$val" = "n" -o "$val" = "N" ]; then
echo
echo "Cancelled."
exit 1
fi
fi
# let's do it
# first, slapd.conf
myslapdconf=`make_temp`
echo_v "Creating slapd.conf..."
cat $slapd_conf_template | sed -e "s/@SUFFIX@/$mysuffix/g;" > $myslapdconf
# Check/fix schema locations
awk '/^include\s*.*.schema/ {print $2}' $myslapdconf | while read schema
do
if [ ! -e $schema ]
then
newschema=''
schemaname=${schema##*/}
for schemadir in /etc/openldap/schema /usr/share/openldap2.4/schema /etc/openldap2.4/schema
do
if [ -e $schemadir/$schemaname ]
then
newschema=$schemadir/$schemaname
perl -pi -e "s,^(include\s*)$schema,\${1}$newschema,g" $myslapdconf
break
fi
done
if [ "$newschema" == "" ]
then
echo "Couldn't find location of required schema $schema" >&2
exit 1
fi
fi
done
# check modules to load
modulepath=$(awk '/^modulepath/ {print $2}' $myslapdconf)
if [ -z "$modulepath" ]
then echo "Module path is empty, we hope all overlays are built-in"
fi
awk '/^moduleload/ {print $2}' $myslapdconf |while read module
do
if [ ! -e $modulepath/$module ]
then
echo "$modulepath/$module does not exist, removing moduleload statement" >&2
perl -pi -e "s,^moduleload\s*$module,,g" $myslapdconf
fi
done
# check pid file location
for type in pid args
do
file=$(awk "/^${type}file/ {print \$2}" $myslapdconf)
dir=$(dirname $file)
if [ ! -d $dir ]
then
if [ -d "/var/run/openldap" ]
then
perl -pi -e "s,(^${type}file\s*)$dir,\${1}/var/run/openldap,g" $myslapdconf
fi
fi
done
# check cert location
awk '/^TLS.*File/ {print $2}' $myslapdconf |while read cert
do
if [ ! -e $cert ]
then
if [ -e "/etc/pki/tls/certs/slapd.pem" ]
then
perl -pi -e "s,(^TLS.*File\s*)$cert,\$1/etc/pki/tls/certs/slapd.pem,g" $myslapdconf
fi
fi
done
chmod 0640 $myslapdconf
chgrp ldap $myslapdconf
# now, /etc/openldap/ldap.conf
myldapconf=`make_temp`
echo_v "Creating ldap.conf..."
cat /etc/openldap/ldap.conf | \
sed -e "s/^BASE[[:blank:]]\+.*/BASE $mysuffix/g;\
s/^HOST[[:blank:]]\+.*/HOST $myfqdn/g;\
s@^URI[[:blank:]]\+.*@URI ldap://$myfqdn@g" \
> $myldapconf
if ! grep -qE '^(HOST|URI)' $myldapconf; then
echo "URI ldap://$myfqdn" >> $myldapconf
fi
if ! grep -qE '^BASE' $myldapconf; then
echo "BASE $mysuffix" >> $myldapconf
fi
chmod 0644 $myldapconf
# ACL file
echo_v "Creating acl file..."
cat $acl_template | sed -e "s/@SUFFIX@/$mysuffix/g" > $acl_file
chmod 0640 $acl_file
chgrp ldap $acl_file
# test
echo_v "Testing configuration with temporary files..."
$SLAPTEST -u -f $myslapdconf
if [ "$?" -ne "0" ]; then
echo "ERROR"
echo "OpenLDAP configuration file was generated with errors"
echo "Aborting. File used was $myslapdconf"
rm -f $myldapconf
exit 1
fi
# load
echo_v "Test succeeded, creating LDIF file for database loading..."
myldif=`make_temp`
cat $base_ldif_template | sed -e "\
s/@SUFFIX@/$mysuffix/g;\
s/@DC@/${mydomain%%.[a-zA-Z0-9]*}/g;\
s/@DOMAIN@/${mydomain}/g;\
s|@ldapadmin_password@|$pass|g" > $myldif
# dry run first
echo_v "Attempting to test-load the database..."
$SLAPADD -u -f $myslapdconf < $myldif
if [ "$?" -ne "0" ]; then
echo "ERROR"
echo "Database loading failed during test run."
echo "Ldif file used: $myldif"
echo "slapd.conf file used: $myslapdconf"
echo
echo "Exiting"
rm -f $myldapconf
exit 1
fi
# let's go for real now
echo_v "Everything ok, doing it for real now."
echo "Stopping ldap service"
/sbin/service ldap stop > /dev/null 2>&1 || :
echo_v "Backing up existing files..."
backup_db=`clean_database /var/lib/ldap`
backup_slapd_conf=`mybackup /etc/openldap/slapd.conf`
backup_ldap_conf=`mybackup /etc/openldap/ldap.conf`
echo_v "Writing /etc/openldap/slapd.conf and /etc/openldap/ldap.conf..."
cat $myslapdconf > /etc/openldap/slapd.conf; rm -f $myslapdconf
cat $myldapconf > /etc/openldap/ldap.conf; rm -f $myldapconf
echo_v "Loading database..."
$SLAPADD < $myldif
if [ "$?" -ne "0" ]; then
echo "Something went wrong while initializing the database"
echo "Aborting. Your previous database is at $backup_db"
echo "Your original /etc/openldap/{slapd,ldap}.conf files"
echo "were backed up as $backup_slapd_conf and"
echo "$backup_ldap_conf, respectively."
exit 1
fi
chown -R ldap:ldap /var/lib/ldap
echo "Finished, starting ldap service"
/sbin/service ldap start
echo
echo "Your previous database directory has been backed up as $backup_db"
echo "All files that were backed up got the suffix \"$now\"."
echo
distrib
>
Mandriva
>
2010.2
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
8f0a67aecc04d157855bea40abecf3f7
>
files
>
11
