[Pkg-openldap-devel] [openldap] 02/07: r1645 at pulsar: torsten | 2005-04-01 16:59:32 +0200 * debian/slapd.scripts-common: Move all shell functions of the maintainer scripts here to have it all in one place. --
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Thu Oct 10 05:35:01 UTC 2013
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to annotated tag 2.2.23-1
in repository openldap.
commit aae708a8968e7b8ed53df891fae416fa1379934f
Author: Torsten Landschoff <torsten at debian.org>
Date: Fri Apr 1 16:46:47 2005 +0000
r1645 at pulsar: torsten | 2005-04-01 16:59:32 +0200
* debian/slapd.scripts-common: Move all shell functions of the maintainer
scripts here to have it all in one place.
--
---
debian/changelog | 7 +
debian/slapd.config | 157 -----------
debian/slapd.postinst | 457 +------------------------------
debian/slapd.preinst | 26 --
debian/slapd.scripts-common | 624 +++++++++++++++++++++++++++++++++++++++++++
5 files changed, 634 insertions(+), 637 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 9ddbfef..1b9d3ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openldap2.2 (2.2.23-1) unstable; urgency=low
+
+ * debian/slapd.scripts-common: Move all shell functions of the maintainer
+ scripts here to have it all in one place.
+
+ --
+
openldap2.2 (2.2.23-0.pre6) experimental; urgency=low
Torsten Landschoff <torsten at debian.org>:
diff --git a/debian/slapd.config b/debian/slapd.config
index 1b13f68..d4dbfa8 100644
--- a/debian/slapd.config
+++ b/debian/slapd.config
@@ -9,163 +9,6 @@ set -e
# various helper functions and $OLD_VERSION and $SLAPD_CONF
#SCRIPTSCOMMON#
-
-# Set up the defaults for our templates
-set_defaults_for_unseen_entries() {
- DOMAIN=`hostname -d` || true
- if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
-
- db_fget slapd/domain seen
- if [ "$RET" = false ]; then
- db_set slapd/domain "$DOMAIN"
- fi
-
- db_fget shared/organization seen
- if [ "$RET" = false ]; then
- db_set shared/organization "$DOMAIN"
- fi
-}
-
-# Check if the user wants to configure slapd manually
-manual_configuration_wanted() {
- db_input low slapd/no_configuration || true
- db_go || true
- db_get slapd/no_configuration
- no_configuration="$RET"
-
- if [ "$no_configuration" = "true" ]; then
- return 0
- fi
- return 1
-}
-
-# Create the password hash for the given password
-create_password_hash() {
- perl -e '
- sub GenRandom {
- local ($len) = @_;
- local ($char, $data, @chars);
- @chars = split(//, "abcdefghijklmnopqrstuvwxyz"
- . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
-
- open(RD, "</dev/urandom") or die "Failed to open random source";
- $data = "";
- while ($len--) {
- read(RD, $char, 1) == 1 or die "Failed to read random data";
- $data .= $chars[ord($char) % @chars];
- }
-
- close(RD);
- return $data;
- }
- print crypt($ARGV[0], GenRandom(2));' "$1"
-}
-
-# Query the information we need to create an initial directory
-query_initial_config() {
- while true; do
- db_input medium slapd/domain || true
- db_input medium shared/organization || true
- db_input high slapd/password1 || true
- db_input high slapd/password2 || true
- db_input low slapd/backend || true
- db_input low slapd/purge_database || true
- # XXX - should be done more general, but for now this should do
- # the trick
- if ! is_empty_dir /var/lib/ldap; then
- db_input low slapd/move_old_database || true
- fi
- db_go || true
-
- if validate_initial_config; then
- break
- fi
- done
-}
-
-# Make sure the values entered make sense
-validate_initial_config() {
- local invalid
- invalid=""
-
- # Make sure the domain name is valid
- # The regexp doesn't work for UTF-8 domain names, but for that to
- # work, we would also need to Base64 encode it in the LDIF; since
- # we're not doing it at the moment, this should be fine for now
- db_get slapd/domain
- if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9-.]*$'; then
- db_fset slapd/domain seen false
- invalid=true
- fi
-
- # Suffix and Organization may not be empty
- db_get shared/organization
- if [ -z "$RET" ]; then
- db_fset shared/organization seen false
- invalid=true
- fi
-
- # Make sure the passwords match
- local pass1 pass2
- db_get slapd/password1
- pass1="$RET"
- db_get slapd/password2
- pass2="$RET"
-
- if [ "$pass1" != "$pass2" ]; then
- db_fset slapd/password1 seen false
- db_fset slapd/password2 seen false
- invalid=true
- fi
-
- # Tell the user
- if [ "$invalid" ]; then
- db_fset slapd/invalid_config seen false
- db_input critical slapd/invalid_config || true
- db_go || true
- db_get slapd/invalid_config
- if [ "$RET" != "true" ]; then
- db_set slapd/no_configuration true
- invalid=
- fi
- fi
-
- if [ "$invalid" ]; then
- return 1
- else
- return 0
- fi
-}
-
-# Store the encrypted admin password into the debconf db
-crypt_admin_pass() {
- db_get slapd/password1
- db_set slapd/internal/adminpw `create_password_hash "$RET"`
-}
-
-slave_databases_without_updateref() {
- (read_slapd_conf < $SLAPD_CONF && echo database) | \
- while read command data; do
- case $command in
- database)
- if [ -n "$backend" ] && [ -n "$updatedn" ] && [ -z "$updateref" ]; then
- return 1
- fi
- backend="$data"
- updatedn=""
- updateref=""
- ;;
- updatedn)
- updatedn="$data"
- ;;
- updateref)
- updateref="$data"
- ;;
- esac
- done || return 0
- return 1
-}
-
# Create an initial directory on fresh install
if is_initial_configuration "$@"; then
if ! manual_configuration_wanted; then
diff --git a/debian/slapd.postinst b/debian/slapd.postinst
index 63e61b8..932543f 100644
--- a/debian/slapd.postinst
+++ b/debian/slapd.postinst
@@ -3,465 +3,13 @@
set -e
# TODO:
-# - capture slapadd, slapcat output so it does not overwrite the progress display
+# - capture slapadd, slapcat output so it does not overwrite the progress
+# display
# This will be replaced with debian/slapd.scripts-common which includes
# various helper functions and $OLD_VERSION and $SLAPD_CONF
#SCRIPTSCOMMON#
-compute_backup_path() { # {{{
-# Compute the path to backup a database directory
-# Usage: compute_backup_path <dir> <basedn>
-
-# XXX: should ask the user via debconf
-
- local dirname basedn
- dirname="$1"
- basedn="$2"
-
- # Computing the name of the backup directory from the old version,
- # the suffix etc. all makes me feel worried. I'd rather have a
- # directory name which is not going to exist. So the simple
- # scheme we are using now is to compute the filename from the
- # directory name and appending date and time. And we check if it
- # exists to be really sure... -- Torsten
-
- local target
- local id
- id="$OLD_VERSION"
- [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
- target="/var/backups/$basedn-$id.ldapdb"
- if [ -e "$target" ]; then
- echo >&2
- echo >&2 " Backup path $target exists. Giving up..."
- exit 1
- fi
-
- echo "$target"
-}
-
-# }}}
-move_old_database_away() { # {{{
-# Move the old database away if it is still there
-#
-# In fact this function makes sure that the database directory is empty
-# and can be populated with a new database. If something is in the way
-# it is moved to a backup directory if the user accepted the debconf
-# option slapd/move_old_database. Otherwise we output a warning and let
-# the user fix it himself.
-# Usage: move_old_database_away <dbdir> [<basedn>]
-
- local databasedir backupdir
- databasedir="$1"
- suffix="$2"
-
- if is_empty_dir "$databasedir"; then
- return
- fi
-
-
- # Note that we can't just move the database dir as it might be
- # a mount point. Instead me move the content which might
- # include mount points as well anyway, but it's much less likely.
- db_get slapd/move_old_database
- if [ "$RET" = true ]; then
- backupdir=`compute_backup_path "$databasedir" "$suffix"`
- echo -n " - directory $suffix... " >&2
- mkdir -p "$backupdir"
- mv "$databasedir"/* "$backupdir"/
- echo done. >&2
- else
- cat >&2 <<EOF
- There are leftover files in $databasedir. This will probably break
- creating the initial directory. If that's the case please move away
- stuff in there and retry the configuration.
-EOF
- fi
-}
-# }}}
-manual_configuration_wanted() { # {{{
-# Check if the user wants to configure everything himself (queries debconf)
-# Returns success if yes.
-
- db_get slapd/no_configuration
- if [ "$RET" = "true" ]; then
- return 0
- else
- return 1
- fi
-}
-# }}}
-copy_example_DB_CONFIG() { # {{{
-# Copy an example DB_CONFIG file, only if available
-# copy_example_DB_CONFIG <directory>
- local directory srcdir
-
- directory="$1"
- srcdir="/usr/share/doc/slapd/examples"
-
- if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then
- if [ -r "$srcdir/DB_CONFIG" ]; then
- cp $src/DB_CONFIG "${directory}/DB_CONFIG"
- fi
-
- if [ -r "$srcdir/DB_CONFIG.gz" ]; then
- zcat $srcdir/DB_CONFIG.gz > "${directory}/DB_CONFIG"
- fi
- fi
-}
-
-# }}}
-create_new_configuration() { # {{{
-# Create a new configuration and directory
-
- local basedn dc backend
-
- # For the domain really.argh.org we create the basedn
- # dc=really,dc=argh,dc=org with the dc entry dc: really
- db_get slapd/domain
- local basedn="dc=`echo $RET|sed 's/\./,dc=/g'`"
- dc="`echo $RET|sed 's/\..*$//'`"
-
- db_get slapd/backend
- backend="`echo $RET|tr A-Z a-z`"
-
- # Looks like the following code is not needed as slapd is unconfigured
- # first and stopped at that time.
- # Make sure the daemon is shut down when doing a reconfigure. No
- # daemon should be running during an initial install.
- # XXX: Shouldn't we stop and start slapd at the outer level?
- #if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
- # invoke-rc.d slapd stop
- #fi
-
- move_old_database_away /var/lib/ldap
- create_new_slapd_conf "$basedn" "$backend"
- create_new_directory "$basedn" "$dc"
- copy_example_DB_CONFIG /var/lib/ldap
-}
-# }}}
-create_new_slapd_conf() { # {{{
-# Creates a new slapd.conf for the suffix given
-# Usage: create_new_slapd_conf <basedn> <backend>
-
- local basedn backend checkpoint conf_new conf_template
-
- basedn="$1"
- backend="$2"
- checkpoint=""
- conf_template="/usr/share/slapd/slapd.conf"
-
- # Checkpoint if using the BDB backend
- if [ "$backend" = "bdb" -o "$backend" = "hdb" ]; then
- checkpoint="checkpoint 512 30"
- fi
-
- conf_new=`mktemp -q ${SLAPD_CONF}.XXXXXX`
- echo -n " Creating initial slapd configuration... " >&2
- sed <"$conf_template" >"$conf_new" \
- -e "s/@SUFFIX@/$basedn/g" \
- -e "s/@ADMIN@/cn=admin,$basedn/g" \
- -e "s/@CHECKPOINT@/$checkpoint/g" \
- -e "s/@BACKEND@/$backend/g"
- # Make sure we keep the permissions of an old slapd.conf
- if [ -e "$SLAPD_CONF" ]; then
- assign_permissions "$SLAPD_CONF" "$conf_new"
- fi
- mv $conf_new $SLAPD_CONF
- echo "done." >&2
-}
-# }}}
-noisy_slapadd() { # {{{
-# Run slapadd and output the ldif file if something goes wrong.
-# Usage: noisy_slapadd [options] < ldif-file
- local ldif_tmp
-
- ldif_tmp=`mktemp -t slapadd.XXXXXX`
- cat > "$ldif_tmp"
- if ! slapadd "$@" < "$ldif_tmp"; then
- echo >&2 "Failed to slapadd this data: "
- cat >&2 < "$ldif_tmp"
- rm "$ldif_tmp"
- exit 1
- fi
- rm "$ldif_tmp"
-} # }}}
-create_new_directory() { # {{{
-# Create a new directory. Takes the basedn and the dc value of that entry.
-# Other information is extracted from debconf.
-# Usage: create_new_directory <basedn> <dc>
-
- local basedn dc organization adminpass
- basedn="$1"
- dc="$2"
-
- db_get shared/organization
- organization="$RET"
- db_get slapd/internal/adminpw
- adminpass="$RET"
-
- echo -n " Creating initial LDAP directory... " >&2
- touch /var/lib/slapd/suffix_change
-
- cat <<-EOF | noisy_slapadd
- dn: $basedn
- objectClass: top
- objectClass: dcObject
- objectClass: organization
- o: $organization
- dc: $dc
-
- dn: cn=admin,$basedn
- objectClass: simpleSecurityObject
- objectClass: organizationalRole
- cn: admin
- description: LDAP administrator
- userPassword: {crypt}$adminpass
- EOF
-
- echo "done." >&2
-}
-# }}}
-autoconfigure_modules() { # {{{
-# On upgrades from pre-2.1 we might have to update the configuration
-# file for loading the backend modules. This function tries to figure out
-# the needed changes automatically.
-# This function should probably go away some time after sarge release.
-
- local new_conf
-
- # Without a configuration we have nothing to update
- if [ ! -e "$SLAPD_CONF" ]; then
- echo " Did not find slapd.conf to update modules" >&2
- return 0
- fi
-
- # If the modulepath directive is already used in slapd.conf we assume
- # that the configuration was already adjusted
- if grep -q ^modulepath $SLAPD_CONF; then return 0; fi
-
- # If the user does not want us to do the module config we bail out
- db_get slapd/autoconf_modules || true
- if [ "$RET" != "true" ]; then return 0; fi
-
- echo -n " Updating config for dynamic backends... " >&2
- new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
- cat <<-EOF >$new_conf
- # Loading of backend modules - automatically generated
-
- modulepath /usr/lib/ldap
- EOF
- read_slapd_conf < $SLAPD_CONF | sed -n >>"$new_conf" \
- 's/^database[[:space:]]\+\([a-z]\+\)/moduleload back_\1/p'
- echo >>$new_conf
- cat $SLAPD_CONF >>$new_conf
- assign_permissions "$SLAPD_CONF" "$new_conf"
- mv $new_conf $SLAPD_CONF
- echo done. >&2
-}
-# }}}
-configure_v2_protocol_support() { # {{{
-# Adds the "allow bind_v2" directive to the configuration if the user decided
-# he wants to have ldap v2 enabled.
-
- local new_conf
-
- db_get slapd/allow_ldap_v2
- if [ "$RET" != "true" ]; then return 0; fi
-
- echo -n " Enabling LDAPv2 support... " >&2
-
- # Check if already enabled
- if read_slapd_conf < $SLAPD_CONF | \
- grep -q -E '^allow[[:space:]][^#]*bind_v2'; then
- echo "already enabled." >&2
- return 0
- fi
-
- # Create a temporary file for the new config
- new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
-
- # If there is an existing global allow command, add our option
- if extend_existing_allow_directive < $SLAPD_CONF > $new_conf; then
- # Succeeded
- echo -n "updated existing allow line" >&2
- else
- # That failed, so we have to add a new line for it
- echo '# Allow LDAPv2 binds' > $new_conf
- echo 'allow bind_v2' >> $new_conf
- echo >> $new_conf
- cat $SLAPD_CONF >> $new_conf
- echo -n "done" >&2
- fi
-
- # Activate the new configuration file
- assign_permissions "$SLAPD_CONF" "$new_conf"
- mv $new_conf $SLAPD_CONF
- echo . >&2
-}
-# }}}
-extend_existing_allow_directive() { # {{{
-# Filter the config file for an allow directive and add "bind_v2" to it
-# if found.
-
- local script
- script='
- $done = 0;
- while (<>) {
- $done = 1 if s/^allow/allow bind_v2/;
- last if m/^database/;
- print;
- }
- exit ! $done;'
-
- perl -e "$script" || return 1
-}
-# }}}
-alert_user() { # {{{
-# Tell the user that something went miserably wrong.
-# Usage: alert_user <key>
-# Currently key can be upgrade_slapcat_failure
-
- local dc_failed key
- key="$1"
- dc_failed=
-
- # Make sure the template is actually displayed
- db_fset slapd/$key seen false || dc_failed=1
- db_input high slapd/$key || dc_failed=1
- db_go || dc_failed=1
-
- if [ "$dc_failed" -a "$key" = "upgrade_slapcat_failure" ]; then
- cat <<EOF
-When attempting to upgrade your LDAP directory there was an error.
-This error occured when performing the 'slapcat' which attempts to
-extract your LDAP directory. This failure could be because of an
-incorrect config file. For example, if the appropriate moduleload
-lines for your backend database type are missing. This failure
-will cause 'slapadd' later to fail too. The old database files are
-about to be moved to /var/backups. If you want to try this upgrade
-again then move the old database files back into place, fix whatever
-caused slapcat to fail, and run:
-slapcat | /usr/share/slapd/fix_ldif -w -o "$organization" > $location
-Move the database files back to a backup area and then try and
-slapadd from $location.
-EOF
- elif [ "$dc_failed" -a "$key" = "upgrade_slapadd_failure" ]; then
- cat <<EOF
- When attempting to upgrade your LDAP directory there was an error.
- This error occured when performing the 'slapadd' which attempts to
- populate an empty new LDAP directory using the information from your
- original LDAP directory. Your original LDAP directory files have
- been saved in /var/backups. The results of the attempted upgrade
- is the ldif file in /var/backups. slapadd may have failed due to
- a configuration problem (in which case slapcat would have failed
- too) or due to a problem in the ldif. If the problem was with the
- ldif then you may be able to fix it and attempt the slapadd again.
-EOF
- fi
-
- exit 1
-}
-# }}}
-fix_ldif() { # {{{
-# Fix the directory when upgrading from before 2.1 and the root
-# dn has no structural objectclass
-# Usage: fix_ldif <old-ldif-file> <new-ldif-file>
-
- local location fixed_location
- location="$1"
- fixed_location="$2"
-
- db_get shared/organization
- organization="$RET"
- if [ -z "$organization" ]; then organization=Unknown; fi
-
- /usr/share/slapd/fix_ldif -w -o "$organization" \
- < "$location" > "$fixed_location"
-}
-# }}}
-assign_permissions() { # {{{
-# Apply the same permissions as on a reference file to another file.
-# Usage: apply_permissions <original> <new>
-
- chmod --reference="$1" "$2"
- chown --reference="$1" "$2"
-}
-# }}}
-import_database() { # {{{
-# Import a database from an ldif dump
-# Usage: import_database <basedn> <ldif-file>
-
- local suffix location failure
-
- suffix="$1"
- location="$2"
- failure=
-
- echo -n " Loading $suffix from $location... " >&2
- slapadd -b "$suffix" -l "$location" || failure=1
- if [ "$failure" ]; then
- echo "failed." >&2
- alert_user upgrade_slapadd_failure
- else
- echo "done." >&2
- fi
-}
-# }}}
-update_access_config_directives() { # {{{
-# Update the config file for some changes done for 2.2.x (vs. 2.1.x):
-# access to attribute=<attr> becomes access to attrs=<attr>
-# access to dn=".*,..." becomes access to dn.regex=".*,..."
-
-# For now only the main configuration file is fixed, includes are not
-# handled.
-
- local new_conf
-
- # Check if we have to apply these changes
- # First changed in Debian release 2.2.23, better update if we are
- # upgrading something older.
- if previous_version_newer 2.2.23; then
- return 0
- fi
-
- # Without a configuration we have nothing to update
- if [ ! -e "$SLAPD_CONF" ]; then
- echo >&2 \
- " Did not find slapd.conf to update access directives."
- return 0
- fi
-
- echo -n " Updating config access directives... " >&2
- new_conf="`mktemp -q ${SLAPD_CONF}.XXXXXX`"
-
- read_config < "$SLAPD_CONF" | perl -p \
- -e 'next if not m/^access\s+to/;' \
- -e 's/dn=/dn.regex=/g;' \
- -e 's/attribute=/attrs=/g;' >"$new_conf"
- assign_permissions "$SLAPD_CONF" "$new_conf"
- mv "$new_conf" "$SLAPD_CONF"
- echo done. >&2
-
-} # }}}
-
-# Testing interface # {{{
-#-----------------------------------------------------------------------
-# To be able to test parts of the maintainer scripts during development
-# without installing the whole package you can run the slapd.postinst script
-# with just
-# sh debian/slapd.postinst dry "<cmd>"
-# which will evaluate "<cmd>" with the functions of the maintainer scripts
-# defined.
-
-if [ "$1" = "dry" ]; then
- . `dirname "$0"`/slapd.scripts-common
- eval "$2"
- exit
-fi
-
-# }}}
-
. /usr/share/debconf/confmodule
# Initial configuration {{{
@@ -473,6 +21,7 @@ if is_initial_configuration "$@"; then
create_new_configuration
fi
fi
+
# }}}
# Update configuration files for new features {{{
diff --git a/debian/slapd.preinst b/debian/slapd.preinst
index 20f9285..5f6519f 100755
--- a/debian/slapd.preinst
+++ b/debian/slapd.preinst
@@ -11,32 +11,6 @@ fi
# various helper functions and $OLD_VERSION and $SLAPD_CONF
#SCRIPTSCOMMON#
-stop_slapd() { # {{{
-# Make sure slapd is shut down before mucking with the db files
-# and whatnot...
-# Usage: stop_slapd
-# XXX: Why are we stopping slapd manually? That should be done via
-# the init.d script and invoke-rc.d. Leaving this alone for now
-# -- Torsten
-
- # Find out the name of slapd's pid file
- if [ -z "$SLAPD_PIDFILE" ] && [ -f "$SLAPD_CONF" ]; then
- SLAPD_PIDFILE=`read_slapd_conf < $SLAPD_CONF \
- | sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p'`
- fi
-
- # Use the pidfile if it is there, if not then just do without
- if [ -z "$SLAPD_PIDFILE" ]; then
- start-stop-daemon --stop --retry 10 --quiet --oknodo \
- --exec /usr/sbin/slapd >&2
- else
- start-stop-daemon --stop --retry 10 --quiet --oknodo \
- --pidfile "$SLAPD_PIDFILE" >&2
- fi
-}
-
-# }}}
-
# If we are upgrading from an old version then stop slapd and attempt to
# slapcat out the data so we can use it in postinst to do the upgrade
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
index 6169737..637459e 100644
--- a/debian/slapd.scripts-common
+++ b/debian/slapd.scripts-common
@@ -1,5 +1,6 @@
# This file can be included with #SCRIPTSCOMMON#
+
# ===== Global variables ================================================ {{{
#
# At some points we need to know which version we are upgrading from if
@@ -299,6 +300,629 @@ get_database_list() {
# }}}
+
+compute_backup_path() { # {{{
+# Compute the path to backup a database directory
+# Usage: compute_backup_path <dir> <basedn>
+
+# XXX: should ask the user via debconf
+
+ local dirname basedn
+ dirname="$1"
+ basedn="$2"
+
+ # Computing the name of the backup directory from the old version,
+ # the suffix etc. all makes me feel worried. I'd rather have a
+ # directory name which is not going to exist. So the simple
+ # scheme we are using now is to compute the filename from the
+ # directory name and appending date and time. And we check if it
+ # exists to be really sure... -- Torsten
+
+ local target
+ local id
+ id="$OLD_VERSION"
+ [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
+ target="/var/backups/$basedn-$id.ldapdb"
+ if [ -e "$target" ]; then
+ echo >&2
+ echo >&2 " Backup path $target exists. Giving up..."
+ exit 1
+ fi
+
+ echo "$target"
+}
+
+# }}}
+move_old_database_away() { # {{{
+# Move the old database away if it is still there
+#
+# In fact this function makes sure that the database directory is empty
+# and can be populated with a new database. If something is in the way
+# it is moved to a backup directory if the user accepted the debconf
+# option slapd/move_old_database. Otherwise we output a warning and let
+# the user fix it himself.
+# Usage: move_old_database_away <dbdir> [<basedn>]
+
+ local databasedir backupdir
+ databasedir="$1"
+ suffix="$2"
+
+ if is_empty_dir "$databasedir"; then
+ return
+ fi
+
+
+ # Note that we can't just move the database dir as it might be
+ # a mount point. Instead me move the content which might
+ # include mount points as well anyway, but it's much less likely.
+ db_get slapd/move_old_database
+ if [ "$RET" = true ]; then
+ backupdir=`compute_backup_path "$databasedir" "$suffix"`
+ echo -n " - directory $suffix... " >&2
+ mkdir -p "$backupdir"
+ mv "$databasedir"/* "$backupdir"/
+ echo done. >&2
+ else
+ cat >&2 <<EOF
+ There are leftover files in $databasedir. This will probably break
+ creating the initial directory. If that's the case please move away
+ stuff in there and retry the configuration.
+EOF
+ fi
+}
+# }}}
+manual_configuration_wanted() { # {{{
+# Check if the user wants to configure everything himself (queries debconf)
+# Returns success if yes.
+
+ db_get slapd/no_configuration
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+# }}}
+copy_example_DB_CONFIG() { # {{{
+# Copy an example DB_CONFIG file, only if available
+# copy_example_DB_CONFIG <directory>
+ local directory srcdir
+
+ directory="$1"
+ srcdir="/usr/share/doc/slapd/examples"
+
+ if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then
+ if [ -r "$srcdir/DB_CONFIG" ]; then
+ cp $src/DB_CONFIG "${directory}/DB_CONFIG"
+ fi
+
+ if [ -r "$srcdir/DB_CONFIG.gz" ]; then
+ zcat $srcdir/DB_CONFIG.gz > "${directory}/DB_CONFIG"
+ fi
+ fi
+}
+
+# }}}
+create_new_configuration() { # {{{
+# Create a new configuration and directory
+
+ local basedn dc backend
+
+ # For the domain really.argh.org we create the basedn
+ # dc=really,dc=argh,dc=org with the dc entry dc: really
+ db_get slapd/domain
+ local basedn="dc=`echo $RET|sed 's/\./,dc=/g'`"
+ dc="`echo $RET|sed 's/\..*$//'`"
+
+ db_get slapd/backend
+ backend="`echo $RET|tr A-Z a-z`"
+
+ # Looks like the following code is not needed as slapd is unconfigured
+ # first and stopped at that time.
+ # Make sure the daemon is shut down when doing a reconfigure. No
+ # daemon should be running during an initial install.
+ # XXX: Shouldn't we stop and start slapd at the outer level?
+ #if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ # invoke-rc.d slapd stop
+ #fi
+
+ move_old_database_away /var/lib/ldap
+ create_new_slapd_conf "$basedn" "$backend"
+ create_new_directory "$basedn" "$dc"
+ copy_example_DB_CONFIG /var/lib/ldap
+}
+# }}}
+create_new_slapd_conf() { # {{{
+# Creates a new slapd.conf for the suffix given
+# Usage: create_new_slapd_conf <basedn> <backend>
+
+ local basedn backend checkpoint conf_new conf_template
+
+ basedn="$1"
+ backend="$2"
+ checkpoint=""
+ conf_template="/usr/share/slapd/slapd.conf"
+
+ # Checkpoint if using the BDB backend
+ if [ "$backend" = "bdb" -o "$backend" = "hdb" ]; then
+ checkpoint="checkpoint 512 30"
+ fi
+
+ conf_new=`mktemp -q ${SLAPD_CONF}.XXXXXX`
+ echo -n " Creating initial slapd configuration... " >&2
+ sed <"$conf_template" >"$conf_new" \
+ -e "s/@SUFFIX@/$basedn/g" \
+ -e "s/@ADMIN@/cn=admin,$basedn/g" \
+ -e "s/@CHECKPOINT@/$checkpoint/g" \
+ -e "s/@BACKEND@/$backend/g"
+ # Make sure we keep the permissions of an old slapd.conf
+ if [ -e "$SLAPD_CONF" ]; then
+ assign_permissions "$SLAPD_CONF" "$conf_new"
+ fi
+ mv $conf_new $SLAPD_CONF
+ echo "done." >&2
+}
+# }}}
+noisy_slapadd() { # {{{
+# Run slapadd and output the ldif file if something goes wrong.
+# Usage: noisy_slapadd [options] < ldif-file
+ local ldif_tmp
+
+ ldif_tmp=`mktemp -t slapadd.XXXXXX`
+ cat > "$ldif_tmp"
+ if ! slapadd "$@" < "$ldif_tmp"; then
+ echo >&2 "Failed to slapadd this data: "
+ cat >&2 < "$ldif_tmp"
+ rm "$ldif_tmp"
+ exit 1
+ fi
+ rm "$ldif_tmp"
+} # }}}
+create_new_directory() { # {{{
+# Create a new directory. Takes the basedn and the dc value of that entry.
+# Other information is extracted from debconf.
+# Usage: create_new_directory <basedn> <dc>
+
+ local basedn dc organization adminpass
+ basedn="$1"
+ dc="$2"
+
+ db_get shared/organization
+ organization="$RET"
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating initial LDAP directory... " >&2
+ touch /var/lib/slapd/suffix_change
+
+ cat <<-EOF | noisy_slapadd
+ dn: $basedn
+ objectClass: top
+ objectClass: dcObject
+ objectClass: organization
+ o: $organization
+ dc: $dc
+
+ dn: cn=admin,$basedn
+ objectClass: simpleSecurityObject
+ objectClass: organizationalRole
+ cn: admin
+ description: LDAP administrator
+ userPassword: {crypt}$adminpass
+ EOF
+
+ echo "done." >&2
+}
+# }}}
+autoconfigure_modules() { # {{{
+# On upgrades from pre-2.1 we might have to update the configuration
+# file for loading the backend modules. This function tries to figure out
+# the needed changes automatically.
+# This function should probably go away some time after sarge release.
+
+ local new_conf
+
+ # Without a configuration we have nothing to update
+ if [ ! -e "$SLAPD_CONF" ]; then
+ echo " Did not find slapd.conf to update modules" >&2
+ return 0
+ fi
+
+ # If the modulepath directive is already used in slapd.conf we assume
+ # that the configuration was already adjusted
+ if grep -q ^modulepath $SLAPD_CONF; then return 0; fi
+
+ # If the user does not want us to do the module config we bail out
+ db_get slapd/autoconf_modules || true
+ if [ "$RET" != "true" ]; then return 0; fi
+
+ echo -n " Updating config for dynamic backends... " >&2
+ new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
+ cat <<-EOF >$new_conf
+ # Loading of backend modules - automatically generated
+
+ modulepath /usr/lib/ldap
+ EOF
+ read_slapd_conf < $SLAPD_CONF | sed -n >>"$new_conf" \
+ 's/^database[[:space:]]\+\([a-z]\+\)/moduleload back_\1/p'
+ echo >>$new_conf
+ cat $SLAPD_CONF >>$new_conf
+ assign_permissions "$SLAPD_CONF" "$new_conf"
+ mv $new_conf $SLAPD_CONF
+ echo done. >&2
+}
+# }}}
+configure_v2_protocol_support() { # {{{
+# Adds the "allow bind_v2" directive to the configuration if the user decided
+# he wants to have ldap v2 enabled.
+
+ local new_conf
+
+ db_get slapd/allow_ldap_v2
+ if [ "$RET" != "true" ]; then return 0; fi
+
+ echo -n " Enabling LDAPv2 support... " >&2
+
+ # Check if already enabled
+ if read_slapd_conf < $SLAPD_CONF | \
+ grep -q -E '^allow[[:space:]][^#]*bind_v2'; then
+ echo "already enabled." >&2
+ return 0
+ fi
+
+ # Create a temporary file for the new config
+ new_conf=`mktemp -q ${SLAPD_CONF}.XXXXXX`
+
+ # If there is an existing global allow command, add our option
+ if extend_existing_allow_directive < $SLAPD_CONF > $new_conf; then
+ # Succeeded
+ echo -n "updated existing allow line" >&2
+ else
+ # That failed, so we have to add a new line for it
+ echo '# Allow LDAPv2 binds' > $new_conf
+ echo 'allow bind_v2' >> $new_conf
+ echo >> $new_conf
+ cat $SLAPD_CONF >> $new_conf
+ echo -n "done" >&2
+ fi
+
+ # Activate the new configuration file
+ assign_permissions "$SLAPD_CONF" "$new_conf"
+ mv $new_conf $SLAPD_CONF
+ echo . >&2
+}
+# }}}
+extend_existing_allow_directive() { # {{{
+# Filter the config file for an allow directive and add "bind_v2" to it
+# if found.
+
+ local script
+ script='
+ $done = 0;
+ while (<>) {
+ $done = 1 if s/^allow/allow bind_v2/;
+ last if m/^database/;
+ print;
+ }
+ exit ! $done;'
+
+ perl -e "$script" || return 1
+}
+# }}}
+alert_user() { # {{{
+# Tell the user that something went miserably wrong.
+# Usage: alert_user <key>
+# Currently key can be upgrade_slapcat_failure
+
+ local dc_failed key
+ key="$1"
+ dc_failed=
+
+ # Make sure the template is actually displayed
+ db_fset slapd/$key seen false || dc_failed=1
+ db_input high slapd/$key || dc_failed=1
+ db_go || dc_failed=1
+
+ if [ "$dc_failed" -a "$key" = "upgrade_slapcat_failure" ]; then
+ cat <<EOF
+When attempting to upgrade your LDAP directory there was an error.
+This error occured when performing the 'slapcat' which attempts to
+extract your LDAP directory. This failure could be because of an
+incorrect config file. For example, if the appropriate moduleload
+lines for your backend database type are missing. This failure
+will cause 'slapadd' later to fail too. The old database files are
+about to be moved to /var/backups. If you want to try this upgrade
+again then move the old database files back into place, fix whatever
+caused slapcat to fail, and run:
+slapcat | /usr/share/slapd/fix_ldif -w -o "$organization" > $location
+Move the database files back to a backup area and then try and
+slapadd from $location.
+EOF
+ elif [ "$dc_failed" -a "$key" = "upgrade_slapadd_failure" ]; then
+ cat <<EOF
+ When attempting to upgrade your LDAP directory there was an error.
+ This error occured when performing the 'slapadd' which attempts to
+ populate an empty new LDAP directory using the information from your
+ original LDAP directory. Your original LDAP directory files have
+ been saved in /var/backups. The results of the attempted upgrade
+ is the ldif file in /var/backups. slapadd may have failed due to
+ a configuration problem (in which case slapcat would have failed
+ too) or due to a problem in the ldif. If the problem was with the
+ ldif then you may be able to fix it and attempt the slapadd again.
+EOF
+ fi
+
+ exit 1
+}
+# }}}
+fix_ldif() { # {{{
+# Fix the directory when upgrading from before 2.1 and the root
+# dn has no structural objectclass
+# Usage: fix_ldif <old-ldif-file> <new-ldif-file>
+
+ local location fixed_location
+ location="$1"
+ fixed_location="$2"
+
+ db_get shared/organization
+ organization="$RET"
+ if [ -z "$organization" ]; then organization=Unknown; fi
+
+ /usr/share/slapd/fix_ldif -w -o "$organization" \
+ < "$location" > "$fixed_location"
+}
+# }}}
+assign_permissions() { # {{{
+# Apply the same permissions as on a reference file to another file.
+# Usage: apply_permissions <original> <new>
+
+ chmod --reference="$1" "$2"
+ chown --reference="$1" "$2"
+}
+# }}}
+import_database() { # {{{
+# Import a database from an ldif dump
+# Usage: import_database <basedn> <ldif-file>
+
+ local suffix location failure
+
+ suffix="$1"
+ location="$2"
+ failure=
+
+ echo -n " Loading $suffix from $location... " >&2
+ slapadd -b "$suffix" -l "$location" || failure=1
+ if [ "$failure" ]; then
+ echo "failed." >&2
+ alert_user upgrade_slapadd_failure
+ else
+ echo "done." >&2
+ fi
+}
+# }}}
+update_access_config_directives() { # {{{
+# Update the config file for some changes done for 2.2.x (vs. 2.1.x):
+# access to attribute=<attr> becomes access to attrs=<attr>
+# access to dn=".*,..." becomes access to dn.regex=".*,..."
+
+# For now only the main configuration file is fixed, includes are not
+# handled.
+
+ local new_conf
+
+ # Check if we have to apply these changes
+ # First changed in Debian release 2.2.23, better update if we are
+ # upgrading something older.
+ if previous_version_newer 2.2.23; then
+ return 0
+ fi
+
+ # Without a configuration we have nothing to update
+ if [ ! -e "$SLAPD_CONF" ]; then
+ echo >&2 \
+ " Did not find slapd.conf to update access directives."
+ return 0
+ fi
+
+ echo -n " Updating config access directives... " >&2
+ new_conf="`mktemp -q ${SLAPD_CONF}.XXXXXX`"
+
+ read_config < "$SLAPD_CONF" | perl -p \
+ -e 'next if not m/^access\s+to/;' \
+ -e 's/dn=/dn.regex=/g;' \
+ -e 's/attribute=/attrs=/g;' >"$new_conf"
+ assign_permissions "$SLAPD_CONF" "$new_conf"
+ mv "$new_conf" "$SLAPD_CONF"
+ echo done. >&2
+
+} # }}}
+stop_slapd() { # {{{
+# Make sure slapd is shut down before mucking with the db files
+# and whatnot...
+# Usage: stop_slapd
+# XXX: Why are we stopping slapd manually? That should be done via
+# the init.d script and invoke-rc.d. Leaving this alone for now
+# -- Torsten
+
+ # Find out the name of slapd's pid file
+ if [ -z "$SLAPD_PIDFILE" ] && [ -f "$SLAPD_CONF" ]; then
+ SLAPD_PIDFILE=`read_slapd_conf < $SLAPD_CONF \
+ | sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p'`
+ fi
+
+ # Use the pidfile if it is there, if not then just do without
+ if [ -z "$SLAPD_PIDFILE" ]; then
+ start-stop-daemon --stop --retry 10 --quiet --oknodo \
+ --exec /usr/sbin/slapd >&2
+ else
+ start-stop-daemon --stop --retry 10 --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" >&2
+ fi
+}
+
+# }}}
+
+
+# Set up the defaults for our templates
+set_defaults_for_unseen_entries() {
+ DOMAIN=`hostname -d` || true
+ if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
+
+ db_fget slapd/domain seen
+ if [ "$RET" = false ]; then
+ db_set slapd/domain "$DOMAIN"
+ fi
+
+ db_fget shared/organization seen
+ if [ "$RET" = false ]; then
+ db_set shared/organization "$DOMAIN"
+ fi
+}
+
+# Check if the user wants to configure slapd manually
+manual_configuration_wanted() {
+ db_input low slapd/no_configuration || true
+ db_go || true
+ db_get slapd/no_configuration
+ no_configuration="$RET"
+
+ if [ "$no_configuration" = "true" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# Create the password hash for the given password
+create_password_hash() {
+ perl -e '
+ sub GenRandom {
+ local ($len) = @_;
+ local ($char, $data, @chars);
+ @chars = split(//, "abcdefghijklmnopqrstuvwxyz"
+ . "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789");
+
+ open(RD, "</dev/urandom") or die "Failed to open random source";
+ $data = "";
+ while ($len--) {
+ read(RD, $char, 1) == 1 or die "Failed to read random data";
+ $data .= $chars[ord($char) % @chars];
+ }
+
+ close(RD);
+ return $data;
+ }
+ print crypt($ARGV[0], GenRandom(2));' "$1"
+}
+
+# Query the information we need to create an initial directory
+query_initial_config() {
+ while true; do
+ db_input medium slapd/domain || true
+ db_input medium shared/organization || true
+ db_input high slapd/password1 || true
+ db_input high slapd/password2 || true
+ db_input low slapd/backend || true
+ db_input low slapd/purge_database || true
+ # XXX - should be done more general, but for now this should do
+ # the trick
+ if ! is_empty_dir /var/lib/ldap; then
+ db_input low slapd/move_old_database || true
+ fi
+ db_go || true
+
+ if validate_initial_config; then
+ break
+ fi
+ done
+}
+
+# Make sure the values entered make sense
+validate_initial_config() {
+ local invalid
+ invalid=""
+
+ # Make sure the domain name is valid
+ # The regexp doesn't work for UTF-8 domain names, but for that to
+ # work, we would also need to Base64 encode it in the LDIF; since
+ # we're not doing it at the moment, this should be fine for now
+ db_get slapd/domain
+ if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9-.]*$'; then
+ db_fset slapd/domain seen false
+ invalid=true
+ fi
+
+ # Suffix and Organization may not be empty
+ db_get shared/organization
+ if [ -z "$RET" ]; then
+ db_fset shared/organization seen false
+ invalid=true
+ fi
+
+ # Make sure the passwords match
+ local pass1 pass2
+ db_get slapd/password1
+ pass1="$RET"
+ db_get slapd/password2
+ pass2="$RET"
+
+ if [ "$pass1" != "$pass2" ]; then
+ db_fset slapd/password1 seen false
+ db_fset slapd/password2 seen false
+ invalid=true
+ fi
+
+ # Tell the user
+ if [ "$invalid" ]; then
+ db_fset slapd/invalid_config seen false
+ db_input critical slapd/invalid_config || true
+ db_go || true
+ db_get slapd/invalid_config
+ if [ "$RET" != "true" ]; then
+ db_set slapd/no_configuration true
+ invalid=
+ fi
+ fi
+
+ if [ "$invalid" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# Store the encrypted admin password into the debconf db
+crypt_admin_pass() {
+ db_get slapd/password1
+ db_set slapd/internal/adminpw `create_password_hash "$RET"`
+}
+
+slave_databases_without_updateref() {
+ (read_slapd_conf < $SLAPD_CONF && echo database) | \
+ while read command data; do
+ case $command in
+ database)
+ if [ -n "$backend" ] && [ -n "$updatedn" ] && [ -z "$updateref" ]; then
+ return 1
+ fi
+ backend="$data"
+ updatedn=""
+ updateref=""
+ ;;
+ updatedn)
+ updatedn="$data"
+ ;;
+ updateref)
+ updateref="$data"
+ ;;
+ esac
+ done || return 0
+ return 1
+}
+
+
+
+
+
ANY_DATABASE_FORMAT_CHANGED="2.2.23-0.pre6"
DATABASE_FORMAT_CHANGED_BDB="2.2.23-0.pre6"
DATABASE_FORMAT_CHANGED_LDBM="2.2.23-0.pre6"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list