From 4912a2afae4e25049ead033c03f0f962a80424a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= <jerome@maroufle.fr>
Date: Thu, 21 Apr 2016 22:59:36 +0200
Subject: [PATCH] [fix] Init LDAP with package installation to fix ynh
 post-install

---
 data/hooks/conf_regen/06-slapd | 27 ++++++++++++++++++++++
 debian/postinst                |  1 +
 src/yunohost/tools.py          | 42 ++++++++++++++++------------------
 3 files changed, 48 insertions(+), 22 deletions(-)

diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd
index 08b3def6e..6211ebe28 100755
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@@ -2,6 +2,30 @@
 
 set -e
 
+do_init_regen() {
+  if [[ $EUID -ne 0 ]]; then
+      echo "You must be root to run this script" 1>&2
+      exit 1
+  fi
+
+  do_pre_regen ""
+
+  # fix some permissions
+  chown root:openldap /etc/ldap/slapd.conf
+  chown -R openldap:openldap /etc/ldap/schema/
+
+  # check the slapd config file at first
+  slaptest -Q -u -f /etc/ldap/slapd.conf
+
+  # regenerate LDAP config directory from slapd.conf
+  rm -Rf /etc/ldap/slapd.d
+  mkdir /etc/ldap/slapd.d
+  slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
+  chown -R openldap:openldap /etc/ldap/slapd.d/
+
+  service slapd restart
+}
+
 do_pre_regen() {
   pending_dir=$1
 
@@ -81,6 +105,9 @@ case "$1" in
   post)
     do_post_regen $4
     ;;
+  init)
+    do_init_regen
+    ;;
   *)
     echo "hook called with unknown argument \`$1'" >&2
     exit 1
diff --git a/debian/postinst b/debian/postinst
index 7c730987c..c67d432ab 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -8,6 +8,7 @@ do_configure() {
   if [ ! -f /etc/yunohost/installed ]; then
       bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init
       bash /usr/share/yunohost/hooks/conf_regen/02-ssl init
+      bash /usr/share/yunohost/hooks/conf_regen/06-slapd init
       bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
   else
       echo "Regenerating configuration, this might take a while..."
diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py
index 11af8c2db..f78e32363 100644
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@@ -170,16 +170,10 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
     """
     dyndns = not ignore_dyndns
 
-    try:
-        with open('/etc/yunohost/installed') as f: pass
-    except IOError:
-        logger.info(m18n.n('yunohost_installing'))
-    else:
-        raise MoulinetteError(errno.EPERM, m18n.n('yunohost_already_installed'))
-
-    # Regenerate some services at first
-    service_regen_conf(['slapd'], force=True)
-
+    # Do some checks at first
+    if os.path.isfile('/etc/yunohost/installed'):
+        raise MoulinetteError(errno.EPERM,
+                              m18n.n('yunohost_already_installed'))
     if len(domain.split('.')) >= 3 and not ignore_dyndns:
         try:
             r = requests.get('https://dyndns.yunohost.org/domains')
@@ -190,10 +184,23 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
             dyndomain  = '.'.join(domain.split('.')[1:])
             if dyndomain in dyndomains:
                 if requests.get('https://dyndns.yunohost.org/test/%s' % domain).status_code == 200:
-                    dyndns=True
+                    dyndns = True
                 else:
                     raise MoulinetteError(errno.EEXIST,
-                                      m18n.n('dyndns_unavailable'))
+                                          m18n.n('dyndns_unavailable'))
+
+    logger.info(m18n.n('yunohost_installing'))
+
+    # Instantiate LDAP Authenticator
+    auth = init_authenticator(('ldap', 'default'),
+                              {'uri': "ldap://localhost:389",
+                               'base_dn': "dc=yunohost,dc=org",
+                               'user_rdn': "cn=admin" })
+    auth.authenticate('yunohost')
+
+    # Initialize LDAP for YunoHost
+    # TODO: Improve this part by integrate ldapinit into conf_regen hook
+    tools_ldapinit(auth)
 
     # Create required folders
     folders_to_create = [
@@ -233,6 +240,7 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
     os.system('chmod 644 /etc/ssowat/conf.json.persistent')
 
     # Create SSL CA
+    service_regen_conf(['ssl'], force=True)
     ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
     command_list = [
         'echo "01" > %s/serial' % ssl_dir,
@@ -250,16 +258,6 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
             raise MoulinetteError(errno.EPERM,
                                   m18n.n('yunohost_ca_creation_failed'))
 
-    # Instantiate LDAP Authenticator
-    auth = init_authenticator(('ldap', 'default'),
-                              { 'uri': "ldap://localhost:389",
-                                'base_dn': "dc=yunohost,dc=org",
-                                'user_rdn': "cn=admin" })
-    auth.authenticate('yunohost')
-
-    # Initialize YunoHost LDAP base
-    tools_ldapinit(auth)
-
     # New domain config
     tools_maindomain(auth, old_domain='yunohost.org', new_domain=domain, dyndns=dyndns)