Fix ldap init using slapadd

data/hooks/conf_regen/06-slapd

@@ -32,22 +32,29 @@ EOF
 
   DEBIAN_FRONTEND=noninteractive dpkg-reconfigure slapd -u
 
-  # Regen conf
-
-  _regenerate_slapd_conf
-
   # Enforce permissions
   chown root:openldap /etc/ldap/slapd.ldif
   chown -R openldap:openldap /etc/ldap/schema/
   usermod -aG ssl-cert openldap
 
-
   # (Re-)init data according to default ldap entries
-  slapadd -n1 -l /usr/share/yunohost/yunohost-config/moulinette/ldap_default_entries.ldif 2>&1 \
+  echo '  Initializing LDAP with Yunohost DB structure'
+
+  rm -rf /etc/ldap/slapd.d
+  mkdir -p /etc/ldap/slapd.d
+  slapadd -F /etc/ldap/slapd.d -b cn=config -l "/etc/ldap/slapd.ldif" 2>&1 \
       | grep -v "none elapsed\|Closing DB" || true
+  chown -R openldap: /etc/ldap/slapd.d
 
-  slapcat
+  rm -rf /var/lib/ldap
+  mkdir -p /var/lib/ldap
+  slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l /usr/share/yunohost/yunohost-config/moulinette/ldap_default_entries.ldif 2>&1 \
+      | grep -v "none elapsed\|Closing DB" || true
+  chown -R openldap: /var/lib/ldap
 
+  nscd -i groups
+
+  systemctl restart slapd
 }
 
 _regenerate_slapd_conf() {
@@ -57,7 +64,7 @@ _regenerate_slapd_conf() {
   # so we use a temporary directory slapd_new.d
   rm -Rf /etc/ldap/slapd_new.d
   mkdir /etc/ldap/slapd_new.d
-  slapadd -n0 -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1 \
+  slapadd -b cn=config -l /etc/ldap/slapd.ldif -F /etc/ldap/slapd_new.d/ 2>&1 \
       | grep -v "none elapsed\|Closing DB" || true
   # Actual validation (-Q is for quiet, -u is for dry-run)
   slaptest -Q -u -F /etc/ldap/slapd_new.d

data/other/ldap_default_entries.ldif

@@ -1,3 +1,19 @@
+dn: dc=yunohost,dc=org
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: yunohost.org
+dc: yunohost
+
+dn: cn=admin,ou=sudo,dc=yunohost,dc=org
+cn: admin
+objectClass: sudoRole
+objectClass: top
+sudoCommand: ALL
+sudoUser: admin
+sudoOption: !authenticate
+sudoHost: ALL
+
 dn: ou=users,dc=yunohost,dc=org
 objectClass: organizationalUnit
 objectClass: top
@@ -28,14 +44,17 @@ objectClass: organizationalUnit
 objectClass: top
 ou: sudo
 
-dn: cn=admin,ou=sudo,dc=yunohost,dc=org
+dn: cn=admin,dc=yunohost,dc=org
+objectClass: organizationalRole
+objectClass: posixAccount
+objectClass: simpleSecurityObject
 cn: admin
-sudoCommand: ALL
+uid: admin
-sudoUser: admin
+uidNumber: 1007
-objectClass: sudoRole
+gidNumber: 1007
-objectClass: top
+homeDirectory: /home/admin
-sudoOption: !authenticate
+loginShell: /bin/bash
-sudoHost: ALL
+userPassword: yunohost
 
 dn: cn=admins,ou=groups,dc=yunohost,dc=org
 objectClass: posixGroup

src/yunohost/tools.py

@@ -97,19 +97,11 @@ def tools_adminpw(new_password, check_strength=True):
         ldap.update(
             "cn=admin",
             {
-                "cn": ["admin"],
-                "uid": ["admin"],
-                "description": ["LDAP Administrator"],
-                "gidNumber": ["1007"],
-                "uidNumber": ["1007"],
-                "homeDirectory": ["/home/admin"],
-                "loginShell": ["/bin/bash"],
-                "objectClass": ["organizationalRole", "posixAccount", "simpleSecurityObject"],
                 "userPassword": [new_hash]
             },
         )
-    except Exception:
+    except Exception as e:
-        logger.error("unable to change admin password")
+        logger.error("unable to change admin password : %s" % e)
         raise YunohostError("admin_password_change_failed")
     else:
         # Write as root password