sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-06-22 21:20:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/net/openldap25-server/files/slapd.in
Xin LI 682ba7c849 net/openldap2[4-6]-server: suppress warning message when chown failed. 
On UFS with sujournal enabled, the journal is immutable and chown would
fail. This would cause the script to issue an error when a separate UFS
file system is used as OpenLDAP data store, which is not actionable and
causes confusion.

Reported by:	Olivier Nicole <on cs.ait.ac.th>
PR:		ports/266811
2022-10-21 10:43:12 -07:00

217 lines
5.6 KiB
Bash
Raw Blame History

#!/bin/sh
# PROVIDE: slapd
# REQUIRE: FILESYSTEMS ldconfig netif
# BEFORE: SERVERS kdc
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable slapd:
#
#slapd_enable="YES"
#slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
#slapd_sockets="/var/run/openldap/ldapi"
#
# See slapd(8) for more flags
#
# The `-u' and `-g' flags are automatically extracted from slapd_owner,
# by default slapd runs under the non-privileged user id `ldap'. If you
# want to run slapd as root, override this in /etc/rc.conf with
#
#slapd_owner="DEFAULT"
#
# To use the cn=config style configuration add the following
# line to /etc/rc.conf:
#
#slapd_cn_config="YES"
#
# To specify alternative Kerberos 5 Key Table, add the following
# rc.conf(5) configuration:
#
#slapd_krb5_ktname="/path/to/ldap.keytab"
#
#slapd_autobackup_enable="YES"
# To enable automatic backup of OpenLDAP data after successful shutdown
# in the form of LDIF.
#
#slapd_autobackup_num="8"
# How many automatic backups should this script keep.
#
#slapd_autobackup_compress="YES"
# Compress backup data with zstd (if present) or gzip.
#
#slapd_autobackup_name="backup"
# Name to be used for backups
. /etc/rc.subr
name="slapd"
rcvar=slapd_enable
# read settings, set defaults
load_rc_config ${name}
: ${slapd_enable="NO"}
if [ -n "${slapd_args+set}" ]; then
warn "slapd_args is deprecated, use slapd_flags"
: ${slapd_flags="$slapd_args"}
fi
: ${slapd_owner="%%LDAP_USER%%:%%LDAP_GROUP%%"}
: ${slapd_sockets_mode="666"}
: ${slapd_cn_config="NO"}
: ${slapd_autobackup_enable="YES"}
: ${slapd_autobackup_num="8"}
: ${slapd_autobackup_compress="YES"}
: ${slapd_autobackup_name="backup"}
command="%%PREFIX%%/libexec/slapd"
pidfile="%%LDAP_RUN_DIR%%/slapd.pid"
# set required_dirs, required_files and DATABASEDIR
if checkyesno slapd_cn_config; then
required_dirs="%%PREFIX%%/etc/openldap/slapd.d"
required_files="%%PREFIX%%/etc/openldap/slapd.d/cn=config.ldif"
DATABASEDIR=`grep olcDbDirectory %%PREFIX%%/etc/openldap/slapd.d/cn=config/olcDatabase=* | awk '{ print $2 }'`
else
required_files="%%PREFIX%%/etc/openldap/slapd.conf"
DATABASEDIR=`awk '$1 == "directory" { print $2 }' "%%PREFIX%%/etc/openldap/slapd.conf" 2>&1 /dev/null`
fi
start_precmd=start_precmd
start_postcmd=start_postcmd
stop_postcmd=stop_postcmd
# extract user and group, adjust ownership of directories and database
start_precmd()
{
local slapd_ownername slapd_groupname
mkdir -p %%LDAP_RUN_DIR%%
case "$slapd_owner" in
""|[Nn][Oo][Nn][Ee]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt])
;;
*)
local DBDIR
for DBDIR in ${DATABASEDIR}; do
if [ ! -d "${DBDIR}" ]; then
mkdir -p "${DBDIR}"
[ -f "%%PREFIX%%/etc/openldap/DB_CONFIG.example" ] && cp "%%PREFIX%%/etc/openldap/DB_CONFIG.example" "${DBDIR}/DB_CONFIG"
fi
chown -fRL "$slapd_owner" "${DBDIR}"
chmod 700 "${DBDIR}"
done
chown "$slapd_owner" "%%LDAP_RUN_DIR%%"
if checkyesno slapd_cn_config; then
chown -fR $slapd_owner "%%PREFIX%%/etc/openldap/slapd.d"
else
chown $slapd_owner "%%PREFIX%%/etc/openldap/slapd.conf"
fi
slapd_ownername="${slapd_owner%:*}"
slapd_groupname="${slapd_owner#*:}"
if [ -n "$slapd_ownername" ]; then
rc_flags="$rc_flags -u $slapd_ownername"
fi
if [ -n "$slapd_groupname" ]; then
rc_flags="$rc_flags -g $slapd_groupname"
fi
if [ -n "${slapd_krb5_ktname}" ]; then
export KRB5_KTNAME=${slapd_krb5_ktname}
fi
;;
esac
echo -n "Performing sanity check on slap configuration: "
if ${command} -Tt -u >/dev/null 2>&1; then
echo "OK"
else
echo "FAILED"
return 1
fi
}
# adjust ownership of created unix sockets
start_postcmd()
{
local socket seconds
for socket in $slapd_sockets; do
for seconds in 1 2 3 4 5; do
[ -e "$socket" ] && break
sleep 1
done
if [ -S "$socket" ]; then
case "$slapd_owner" in
""|[Nn][Oo][Nn][Ee]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt])
;;
*)
chown "$slapd_owner" "$socket"
;;
esac
chmod "$slapd_sockets_mode" "$socket"
else
warn "slapd: Can't find socket $socket"
fi
done
}
stop_postcmd()
{
local compress_program compress_suffix
if checkyesno slapd_autobackup_enable; then
if checkyesno slapd_autobackup_compress; then
if [ -x /usr/bin/zstd ]; then
compress_program="/usr/bin/zstd"
compress_suffix=".zstd"
else
compress_program="/usr/bin/gzip"
compress_suffix=".gz"
fi
else
compress_program="cat"
compress_suffix=""
fi
umask 077
mkdir -p %%BACKUPDIR%%
chmod 700 %%BACKUPDIR%%
n=0
while [ ${n} -lt ${slapd_autobackup_num} ]; do
backup_file="%%BACKUPDIR%%/${slapd_autobackup_name}.ldif.${n}${compress_suffix}"
if [ ! -e "${backup_file}" -o -f "${backup_file}" ]; then
break
fi
n=$(( ${n} + 1 ))
done
if [ -f "${backup_file}" ]; then
n=$(( ${n} + 1 ))
while [ ${n} -lt ${slapd_autobackup_num} ]; do
next_backup_file="%%BACKUPDIR%%/${slapd_autobackup_name}.ldif.${n}${compress_suffix}"
if [ -f "${next_backup_file}" ]; then
[ "${next_backup_file}" -ot "${backup_file}" ] && \
backup_file=${next_backup_file}
elif [ ! -e "${next_backup_file}" ]; then
backup_file=${next_backup_file}
break
fi
n=$(( ${n} + 1 ))
done
fi
if [ -e "${backup_file}" -a ! -f "${backup_file}" ]; then
err 1 "Unable to backup OpenLDAP data"
else
info "Backing up OpenLDAP data to ${backup_file}"
fi
%%PREFIX%%/sbin/slapcat | ${compress_program} > ${backup_file}
fi
}
run_rc_command "$1"
Reference in a new issue View git blame Copy permalink