rpms / openldap

Clone
Source Code
GIT

Files

  1.   8034ea5a16f92a536d2a0ba4c478cb808d268c69
  2.   ldap.init
Blob Blame History Raw 
#!/bin/bash
#
# slapd   This shell script takes care of starting and stopping
#         ldap servers (slapd).
#
# chkconfig: - 27 73
# description: LDAP stands for Lightweight Directory Access Protocol, used \
#              for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/slapd.pid

### BEGIN INIT INFO
# Provides: slapd
# Required-Start: $network $local_fs
# Required-Stop: $network $local_fs 
# Should-Start: 
# Should-Stop: 
# Default-Start: 
# Default-Stop: 
# Short-Description: starts and stopd OpenLDAP server daemon
# Description: LDAP stands for Lightweight Directory Access Protocol, used
#              for implementing the industry standard directory services.
### END INIT INFO

# Source function library.
. /etc/init.d/functions

# Define default values of options allowed in /etc/sysconfig/ldap
SLAPD_LDAP="yes"
SLAPD_LDAPI="no"
SLAPD_LDAPS="no"
SLAPD_URLS=""
SLAPD_SHUTDOWN_TIMEOUT=3
# OPTIONS, SLAPD_OPTIONS and KTB5_KTNAME are not defined

# Source an auxiliary options file if we have one
if [ -r /etc/sysconfig/ldap ] ; then
	. /etc/sysconfig/ldap
fi

slapd=/usr/sbin/slapd
slaptest=/usr/sbin/slaptest
lockfile=/var/lock/subsys/slapd
configdir=/etc/openldap/slapd.d/
configfile=/etc/openldap/slapd.conf
pidfile=/var/run/slapd.pid
slapd_pidfile=/var/run/openldap/slapd.pid

RETVAL=0

#
# Pass commands given in $2 and later to "test" run as user given in $1.
#
function testasuser() {
	local user= cmd=
	user="$1"
	shift
	cmd="$@"
	if test x"$user" != x ; then
		if test x"$cmd" != x ; then
			/sbin/runuser -f -m -s /bin/sh -c "test $cmd" -- "$user"
		else
			false
		fi
	else
		false
	fi
}

#
# Check for read-access errors for the user given in $1 for a service named $2.
# If $3 is specified, the command is run if "klist" can't be found.
#
function checkkeytab() {
	local user= service= klist= default=
	user="$1"
	service="$2"
	default="${3:-false}"
	if test -x /usr/kerberos/bin/klist ; then
		klist=/usr/kerberos/bin/klist
	elif test -x /usr/bin/klist ; then
		klist=/usr/bin/klist
	fi
	KRB5_KTNAME="${KRB5_KTNAME:-/etc/krb5.keytab}"
	export KRB5_KTNAME
	if test -s "$KRB5_KTNAME" ; then
		if test x"$klist" != x ; then
			if LANG=C $klist -k "$KRB5_KTNAME" | tail -n 4 | awk '{print $2}' | grep -q ^"$service"/ ; then
				if ! testasuser "$user" -r ${KRB5_KTNAME:-/etc/krb5.keytab} ; then
					true
				else
					false
				fi
			else
				false
			fi
		else
			$default
		fi
	else
		false
	fi
}

function configtest() {
	local user= ldapuid= dbdir= file=
	# Check for simple-but-common errors.
	user=ldap
	prog=`basename ${slapd}`
	ldapuid=`id -u $user`
	# Unaccessible database files.
	dbdirs=""
	if [ -d $configdir ]; then
		for configfile in `ls -1 $configdir/cn\=config/olcDatabase*.ldif`; do
			dbdirs=$dbdirs"
			"`LANG=C egrep '^olcDbDirectory[[:space:]]*:[[:space:]]+[[:print:]]+$' $configfile | sed 's,^olcDbDirectory: ,,'`
		done
	elif [ -f $configfile ]; then
			dbdirs=`LANG=C egrep '^directory[[:space:]]+' $configfile | sed 's,^directory[[:space:]]*,,'`
	else
		exit 6
	fi
	for dbdir in $dbdirs; do
		if [ ! -d $dbdir ]; then
			exit 6
		fi
		for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
			echo -n $"$file is not owned by \"$user\"" ; warning ; echo
		done
		if test -f "${dbdir}/DB_CONFIG"; then
			if ! testasuser $user -r "${dbdir}/DB_CONFIG"; then
				file=DB_CONFIG
				echo -n $"$file is not readable by \"$user\"" ; warning ; echo
			fi
		fi
	done
	# Unaccessible keytab with an "ldap" key.
	if checkkeytab $user ldap ; then
		file=${KRB5_KTNAME:-/etc/krb5.keytab}
		echo -n $"$file is not readable by \"$user\"" ; warning ; echo
	fi
	# Unaccessible TLS configuration files.
	if [ -d $configdir ]; then
		tlsconfigs=$(LANG=C sed \
			-e '/^olcTLS\(CertificateFile\|CertificateKeyFile\|CACertificateFile\)/!d' \
			-e ':a;N;s/\n //;ta;P;D' "${configdir}/cn=config.ldif" | \
			awk '{print $2}' | sort -u
		)
	elif [ -f $configfile ]; then
		tlsconfigs=$(LANG=C egrep \
			'^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile)[[:space:]]+' $configfile | \
			awk '{print $2}' | sort -u
		)
	fi
	for file in $tlsconfigs ; do
		if ! testasuser $user -r $file ; then
			echo -n $"$file is not readable by \"$user\"" ; warning ; echo
		fi
	done
	# Check the configuration file.
	slaptestout=`/sbin/runuser -m -s "$slaptest" -- "$user" "-u" 2>&1`
	slaptestexit=$?
#	slaptestout=`echo $slaptestout 2>/dev/null | grep -v "config file testing succeeded"`
	# print warning if slaptest passed but reports some problems
	if test $slaptestexit == 0 ; then
		if echo "$slaptestout" | grep -v "config file testing succeeded" >/dev/null ; then
			echo -n $"Checking configuration files for $prog: " ; warning ; echo
			echo "$slaptestout"
		fi
	fi
	# report error if configuration file is wrong
	if test $slaptestexit != 0 ; then
		echo -n $"Checking configuration files for $prog: " ; failure ; echo
		echo "$slaptestout"
		if /sbin/runuser -m -s "$slaptest" -- "$user" "-u" > /dev/null 2> /dev/null ; then
			#dirs=`LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' $configfile | awk '{print $2}'`
			for directory in $dbdirs ; do
				if test -r $directory/__db.001 ; then
					echo -n $"stale lock files may be present in $directory" ; warning ; echo
				fi
			done
		fi
		exit 6
	fi
}

function start() {
	[ -x $slapd ] || exit 5
	[ `id -u` -eq 0 ] || exit 4
	configtest
	# Define a couple of local variables which we'll need. Maybe.
	user=ldap
	prog=`basename ${slapd}`
	harg="$SLAPD_URLS"
	if test x$SLAPD_LDAP = xyes ; then
		harg="$harg ldap:///"
	fi
	if test x$SLAPD_LDAPS = xyes ; then
		harg="$harg ldaps:///"
	fi
	if test x$SLAPD_LDAPI = xyes ; then
		harg="$harg ldapi:///"
	fi
	# Start daemons.
	echo -n $"Starting $prog: "
	daemon --pidfile=$pidfile --check=$prog ${slapd} -h "\"$harg\"" -u ${user} $OPTIONS $SLAPD_OPTIONS 
	RETVAL=$?
	if [ $RETVAL -eq 0 ]; then
		touch $lockfile
		ln $slapd_pidfile $pidfile
	fi
	echo
	return $RETVAL
}

function stop() {
	# Stop daemons.
	prog=`basename ${slapd}`
	[ `id -u` -eq 0 ] || exit 4
	echo -n $"Stopping $prog: "

	# This will remove pid and args files from /var/run/openldap
	killproc -p $slapd_pidfile -d $SLAPD_SHUTDOWN_TIMEOUT ${slapd}
	RETVAL=$?

	# Now we want to remove lock file and hardlink of pid file
	[ $RETVAL -eq 0 ] && rm -f $pidfile $lockfile
	echo
	return $RETVAL
}

# See how we were called.
case "$1" in
	configtest)
		configtest
		;;
	start)
		start
		RETVAL=$?
		;;
	stop)
		stop
		RETVAL=$?
		;;
	status)
		status -p $pidfile ${slapd}
		RETVAL=$?
		;;
	restart|force-reload)
		stop
		start
		RETVAL=$?
		;;
	condrestart|try-restart)
		status -p $pidfile ${slapd} > /dev/null 2>&1 || exit 0
		stop
		start
		;;
	usage)
		echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|configtest|usage}"
		RETVAL=0
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart|try-restart|configtest|usage}"
		RETVAL=2
esac

exit $RETVAL
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.