[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. edc92acf792922857c5495552c2d34c7267657ff
Andreas B. Mundt
andi.mundt at web.de
Tue Feb 7 20:36:42 UTC 2012
The following commit has been merged in the master branch:
commit edc92acf792922857c5495552c2d34c7267657ff
Author: Andreas B. Mundt <andi.mundt at web.de>
Date: Tue Feb 7 21:32:45 2012 +0100
Update configuration files on softupdate.
Running a FAI softupdate should not modify or re-initialize LDAP and
KDC, however configuration files should be updated.
diff --git a/fai/config/scripts/KDC_LDAP/10-slapd-KDC b/fai/config/scripts/KDC_LDAP/10-slapd-KDC
index 86e7fac..b6c4fbd 100755
--- a/fai/config/scripts/KDC_LDAP/10-slapd-KDC
+++ b/fai/config/scripts/KDC_LDAP/10-slapd-KDC
@@ -2,6 +2,27 @@
#
set -e
+LDIFS="/etc/ldap/root.ldif /etc/ldap/krb5.ldif /etc/ldap/autofs.ldif"
+
+## Copy files in place, but no modifications in softupdate mode:
+for file in $LDIFS /etc/ldap/slapd.conf; do
+ fcopy -U -m openldap,openldap,660 $file
+done
+
+DN_KRB_CONT=`$ROOTCMD awk '/^dn: cn=kerberos,/ {print $2}' /etc/ldap/krb5.ldif`
+DN_KDC="cn=kdc-service,$DN_KRB_CONT"
+DN_KADMIN="cn=kadmin-service,$DN_KRB_CONT"
+
+## We might want to change a configuration after installation,
+## so distribute the corresponding files in any case:
+fcopy /etc/krb5.conf
+$ROOTCMD sed -i s:@DN_KRB_CONT@:$DN_KRB_CONT:g /etc/krb5.conf
+$ROOTCMD sed -i s:@DN_KDC@:$DN_KDC:g /etc/krb5.conf
+$ROOTCMD sed -i s:@DN_KADMIN@:$DN_KADMIN:g /etc/krb5.conf
+fcopy /etc/krb5kdc/kdc.conf
+fcopy /etc/krb5kdc/kadm5.acl
+
+## Stop now, if LDAP database is already present:
if [ -f /var/lib/ldap/__db.001 ] ; then
echo "The LDAP data base is not empty, stopping. "
echo "To initialize a brand new LDAP+KDC: "
@@ -10,13 +31,6 @@ if [ -f /var/lib/ldap/__db.001 ] ; then
exit 0
fi
-LDIFS="/etc/ldap/root.ldif /etc/ldap/krb5.ldif /etc/ldap/autofs.ldif"
-
-## Copy files in place:
-for file in $LDIFS /etc/ldap/slapd.conf; do
- fcopy -m openldap,openldap,660 $file
-done
-
## Kerberos schema:
$ROOTCMD gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz > \
$target/etc/ldap/schema/kerberos.schema
@@ -24,6 +38,8 @@ $ROOTCMD gunzip -c /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz > \
## Create $DATADIR:
mkdir -p $target$DATADIR
+##########################################################################
+
copy_example_DB_CONFIG() {
## Function to set a DB_CONFIG, ripped from slapd.postinst.
## Copy an example DB_CONFIG file:
@@ -93,9 +109,6 @@ init_KDC() {
fi
DN_LDAP_ADMIN=`$ROOTCMD awk '/^dn: cn=admin,/ {print $2}' /etc/ldap/root.ldif`
- DN_KRB_CONT=`$ROOTCMD awk '/^dn: cn=kerberos,/ {print $2}' /etc/ldap/krb5.ldif`
- DN_KDC="cn=kdc-service,$DN_KRB_CONT"
- DN_KADMIN="cn=kadmin-service,$DN_KRB_CONT"
STASHFILE="/etc/krb5kdc/stash"
echo "Using '$DN_LDAP_ADMIN' and '$DN_KRB_CONT' for KDC setup."
@@ -107,13 +120,6 @@ init_KDC() {
echo "Random Kerberos KDC master password saved in ${PWFILE}."
fi
- fcopy /etc/krb5.conf
- $ROOTCMD sed -i s:@DN_KRB_CONT@:$DN_KRB_CONT:g /etc/krb5.conf
- $ROOTCMD sed -i s:@DN_KDC@:$DN_KDC:g /etc/krb5.conf
- $ROOTCMD sed -i s:@DN_KADMIN@:$DN_KADMIN:g /etc/krb5.conf
- fcopy /etc/krb5kdc/kdc.conf
- fcopy /etc/krb5kdc/kadm5.acl
-
## create kerberos subtree in ldap database:
$ROOTCMD kdb5_ldap_util -s -D $DN_LDAP_ADMIN -w $LDAP_ADMIN_PW \
create -subtrees dc=intern -H ldapi:// -P $KDC_MASTER_PW
--
Debian-LAN development and packaging
More information about the debian-lan-devel
mailing list