From 6f48d1d855641c69bbae6c8770b1763f2fd06f72 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 12 Aug 2019 11:15:47 +0200
Subject: [PATCH] Get rid of those sudo's ... otherwise, because sudo is in
 fact sudo-ldap, might create weird errors or stuck situation where everything
 is broken because slapd is stopped and the regenconf can't restart it

---
 data/hooks/conf_regen/06-slapd | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd
index 55f323438..049b0ac34 100755
--- a/data/hooks/conf_regen/06-slapd
+++ b/data/hooks/conf_regen/06-slapd
@@ -44,7 +44,7 @@ do_pre_regen() {
     || touch "${pending_dir}/etc/ldap/slapd-yuno.conf"
 
   # remove temporary backup file
-  sudo rm -f "$tmp_backup_dir_file"
+  rm -f "$tmp_backup_dir_file"
 
   # retrieve current and new backends
   curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2>/dev/null | awk '{print $2}')
@@ -53,8 +53,8 @@ do_pre_regen() {
   # save current database before any conf changes
   if [[ -n "$curr_backend" && "$curr_backend" != "$new_backend" ]]; then
     backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
-    sudo mkdir -p "$backup_dir"
-    sudo slapcat -b dc=yunohost,dc=org \
+    mkdir -p "$backup_dir"
+    slapcat -b dc=yunohost,dc=org \
       -l "${backup_dir}/dc=yunohost-dc=org.ldif"
     echo "$backup_dir" > "$tmp_backup_dir_file"
   fi
@@ -70,29 +70,29 @@ do_post_regen() {
   regen_conf_files=$1
 
   # ensure that slapd.d exists
-  sudo mkdir -p /etc/ldap/slapd.d
+  mkdir -p /etc/ldap/slapd.d
 
   # fix some permissions
-  sudo chown root:openldap /etc/ldap/slapd.conf
-  sudo chown -R openldap:openldap /etc/ldap/schema/
-  sudo chown -R openldap:openldap /etc/ldap/slapd.d/
+  chown root:openldap /etc/ldap/slapd.conf
+  chown -R openldap:openldap /etc/ldap/schema/
+  chown -R openldap:openldap /etc/ldap/slapd.d/
 
   # Add openldap user in the ssl-cert group to let it access the certificate for TLS
-  sudo usermod -aG ssl-cert openldap
+  usermod -aG ssl-cert openldap
   chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
   chmod o-rwx /etc/yunohost/certs/yunohost.org/
 
   [ -z "$regen_conf_files" ] && exit 0
 
   # check the slapd config file at first
-  sudo slaptest -Q -u -f /etc/ldap/slapd.conf
+  slaptest -Q -u -f /etc/ldap/slapd.conf
 
   # check if a backup should be restored
   backup_dir=$(cat "$tmp_backup_dir_file" 2>/dev/null || true)
   if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
       # regenerate LDAP config directory and import database as root
       # since the admin user may be unavailable
-      sudo sh -c "rm -Rf /etc/ldap/slapd.d;
+      sh -c "rm -Rf /etc/ldap/slapd.d;
   mkdir /etc/ldap/slapd.d;
   slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
   chown -R openldap:openldap /etc/ldap/slapd.d;
@@ -101,15 +101,15 @@ do_post_regen() {
   chown -R openldap:openldap /var/lib/ldap" 2>&1
   else
       # regenerate LDAP config directory from slapd.conf
-      sudo rm -Rf /etc/ldap/slapd.d
-      sudo mkdir /etc/ldap/slapd.d
-      sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
-      sudo chown -R openldap:openldap /etc/ldap/slapd.d/
+      rm -Rf /etc/ldap/slapd.d
+      mkdir /etc/ldap/slapd.d
+      slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
+      chown -R openldap:openldap /etc/ldap/slapd.d/
   fi
 
-  sudo -u openldap slapindex
+  su openldap -c "slapindex"
 
-  sudo service slapd force-reload
+  service slapd force-reload
 
   # on slow hardware/vm this regen conf would exit before the admin user that
   # is stored in ldap is available because ldap seems to slow to restart