YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Fixing again the whole permission / cert situation for slapd ... for good this time hopefully

Browse source
This commit is contained in:
Alexandre Aubin 2019-08-13 17:32:02 +02:00
parent b44ad4ad80
commit 2dc809548b
2 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
data/hooks/conf_regen/06-slapd
View file

@ -73,12 +73,12 @@ do_post_regen() {
mkdir -p /etc/ldap/slapd.d
# fix some permissions
echo "Making sure we have the right permissions needed ..."
# penldap user should be in the ssl-cert group to let it access the certificate for TLS
usermod -aG ssl-cert openldap
chown root:openldap /etc/ldap/slapd.conf
chown -R openldap:openldap /etc/ldap/schema/
chown -R openldap:openldap /etc/ldap/slapd.d/
# Add openldap user in the ssl-cert group to let it access the certificate for TLS
usermod -aG ssl-cert openldap
chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
chmod o-rwx /etc/yunohost/certs/yunohost.org/
@ -92,6 +92,7 @@ do_post_regen() {
if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
# regenerate LDAP config directory and import database as root
# since the admin user may be unavailable
echo "Regenerate LDAP config directory and import the database using slapadd"
sh -c "rm -Rf /etc/ldap/slapd.d;
mkdir /etc/ldap/slapd.d;
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
@ -101,14 +102,17 @@ do_post_regen() {
chown -R openldap:openldap /var/lib/ldap" 2>&1
else
# regenerate LDAP config directory from slapd.conf
echo "Regenerate LDAP config directory from slapd.conf"
rm -Rf /etc/ldap/slapd.d
mkdir /etc/ldap/slapd.d
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
chown -R openldap:openldap /etc/ldap/slapd.d/
fi
su openldap -c "slapindex"
echo "Running slapdindex"
su openldap -s "/bin/bash" -c "/usr/sbin/slapindex"
echo "Reloading slapd"
service slapd force-reload
# on slow hardware/vm this regen conf would exit before the admin user that

4
data/templates/slapd/slapd.conf
View file

@ -42,8 +42,8 @@ sizelimit 500
tool-threads 1
# TLS Support
TLSCertificateFile /etc/ssl/certs/yunohost_crt.pem
TLSCertificateKeyFile /etc/ssl/private/yunohost_key.pem
TLSCertificateFile /etc/yunohost/certs/yunohost.org/crt.pem
TLSCertificateKeyFile /etc/yunohost/certs/yunohost.org/key.pem
#######################################################################
# Specific Backend Directives for mdb: