From 9dccfa721e16a1e1e2c469155ae8e4fde5607ba8 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 23 May 2021 23:06:44 +0200 Subject: [PATCH] Fix ldap init using slapadd --- data/hooks/conf_regen/06-slapd | 25 +++++++++++++-------- data/other/ldap_default_entries.ldif | 33 ++++++++++++++++++++++------ src/yunohost/tools.py | 12 ++-------- 3 files changed, 44 insertions(+), 26 deletions(-) diff --git a/data/hooks/conf_regen/06-slapd b/data/hooks/conf_regen/06-slapd index 12707c64b..d2b5bd97c 100755 --- a/data/hooks/conf_regen/06-slapd +++ b/data/hooks/conf_regen/06-slapd @@ -32,22 +32,29 @@ EOF DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd -u - # Regen conf - - _regenerate_slapd_conf - - # Enforce permissions + # Enforce permissions chown root:openldap /etc/ldap/slapd.ldif chown -R openldap:openldap /etc/ldap/schema/ usermod -aG ssl-cert openldap - # (Re-)init data according to default ldap entries - slapadd -n1 -l /usr/share/yunohost/yunohost-config/moulinette/ldap_default_entries.ldif 2>&1 \ + echo ' Initializing LDAP with Yunohost DB structure' + + rm -rf /etc/ldap/slapd.d + mkdir -p /etc/ldap/slapd.d + slapadd -F /etc/ldap/slapd.d -b cn=config -l "/etc/ldap/slapd.ldif" 2>&1 \ | grep -v "none elapsed\|Closing DB" || true + chown -R openldap: /etc/ldap/slapd.d - slapcat + rm -rf /var/lib/ldap + mkdir -p /var/lib/ldap + slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l /usr/share/yunohost/yunohost-config/moulinette/ldap_default_entries.ldif 2>&1 \ + | grep -v "none elapsed\|Closing DB" || true + chown -R openldap: /var/lib/ldap + nscd -i groups + + systemctl restart slapd } _regenerate_slapd_conf() { @@ -57,7 +64,7 @@ _regenerate_slapd_conf() { # so we use a temporary directory slapd_new.d rm -Rf /etc/ldap/slapd_new.d mkdir /etc/ldap/slapd_new.d - slapadd -n0 -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1 \ + slapadd -b cn=config -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1 \ | grep -v "none elapsed\|Closing DB" || true # Actual validation (-Q is for quiet, -u is for dry-run) slaptest -Q -u -F /etc/ldap/slapd_new.d diff --git a/data/other/ldap_default_entries.ldif b/data/other/ldap_default_entries.ldif index e76edb3d6..15a0a6bbb 100644 --- a/data/other/ldap_default_entries.ldif +++ b/data/other/ldap_default_entries.ldif @@ -1,3 +1,19 @@ +dn: dc=yunohost,dc=org +objectClass: top +objectClass: dcObject +objectClass: organization +o: yunohost.org +dc: yunohost + +dn: cn=admin,ou=sudo,dc=yunohost,dc=org +cn: admin +objectClass: sudoRole +objectClass: top +sudoCommand: ALL +sudoUser: admin +sudoOption: !authenticate +sudoHost: ALL + dn: ou=users,dc=yunohost,dc=org objectClass: organizationalUnit objectClass: top @@ -28,14 +44,17 @@ objectClass: organizationalUnit objectClass: top ou: sudo -dn: cn=admin,ou=sudo,dc=yunohost,dc=org +dn: cn=admin,dc=yunohost,dc=org +objectClass: organizationalRole +objectClass: posixAccount +objectClass: simpleSecurityObject cn: admin -sudoCommand: ALL -sudoUser: admin -objectClass: sudoRole -objectClass: top -sudoOption: !authenticate -sudoHost: ALL +uid: admin +uidNumber: 1007 +gidNumber: 1007 +homeDirectory: /home/admin +loginShell: /bin/bash +userPassword: yunohost dn: cn=admins,ou=groups,dc=yunohost,dc=org objectClass: posixGroup diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 2b386a277..281a4d048 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -97,19 +97,11 @@ def tools_adminpw(new_password, check_strength=True): ldap.update( "cn=admin", { - "cn": ["admin"], - "uid": ["admin"], - "description": ["LDAP Administrator"], - "gidNumber": ["1007"], - "uidNumber": ["1007"], - "homeDirectory": ["/home/admin"], - "loginShell": ["/bin/bash"], - "objectClass": ["organizationalRole", "posixAccount", "simpleSecurityObject"], "userPassword": [new_hash] }, ) - except Exception: - logger.error("unable to change admin password") + except Exception as e: + logger.error("unable to change admin password : %s" % e) raise YunohostError("admin_password_change_failed") else: # Write as root password