mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
155 lines
4.5 KiB
Bash
Executable file
155 lines
4.5 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
tmp_backup_dir_file="/tmp/slapd-backup-dir.txt"
|
|
|
|
do_init_regen() {
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "You must be root to run this script" 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
do_pre_regen ""
|
|
|
|
# fix some permissions
|
|
chown root:openldap /etc/ldap/slapd.conf
|
|
chown -R openldap:openldap /etc/ldap/schema/
|
|
usermod -aG ssl-cert openldap
|
|
|
|
# check the slapd config file at first
|
|
slaptest -Q -u -f /etc/ldap/slapd.conf
|
|
|
|
# regenerate LDAP config directory from slapd.conf
|
|
rm -Rf /etc/ldap/slapd.d
|
|
mkdir /etc/ldap/slapd.d
|
|
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
|
|
chown -R openldap:openldap /etc/ldap/slapd.d/
|
|
|
|
service slapd restart
|
|
}
|
|
|
|
do_pre_regen() {
|
|
pending_dir=$1
|
|
|
|
cd /usr/share/yunohost/templates/slapd
|
|
|
|
# create needed directories
|
|
ldap_dir="${pending_dir}/etc/ldap"
|
|
schema_dir="${ldap_dir}/schema"
|
|
mkdir -p "$ldap_dir" "$schema_dir"
|
|
|
|
# remove legacy configuration file
|
|
[ ! -f /etc/ldap/slapd-yuno.conf ] \
|
|
|| touch "${pending_dir}/etc/ldap/slapd-yuno.conf"
|
|
|
|
# remove temporary backup file
|
|
rm -f "$tmp_backup_dir_file"
|
|
|
|
# retrieve current and new backends
|
|
curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2>/dev/null | awk '{print $2}')
|
|
new_backend=$(grep '^database' slapd.conf | awk '{print $2}')
|
|
|
|
# save current database before any conf changes
|
|
if [[ -n "$curr_backend" && "$curr_backend" != "$new_backend" ]]; then
|
|
backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
|
|
mkdir -p "$backup_dir"
|
|
slapcat -b dc=yunohost,dc=org \
|
|
-l "${backup_dir}/dc=yunohost-dc=org.ldif"
|
|
echo "$backup_dir" > "$tmp_backup_dir_file"
|
|
fi
|
|
|
|
# copy configuration files
|
|
cp -a ldap.conf slapd.conf "$ldap_dir"
|
|
cp -a sudo.schema mailserver.schema yunohost.schema "$schema_dir"
|
|
|
|
install -D -m 644 slapd.default "${pending_dir}/etc/default/slapd"
|
|
}
|
|
|
|
do_post_regen() {
|
|
regen_conf_files=$1
|
|
|
|
# ensure that slapd.d exists
|
|
mkdir -p /etc/ldap/slapd.d
|
|
|
|
# fix some permissions
|
|
echo "Making sure we have the right permissions needed ..."
|
|
# penldap user should be in the ssl-cert group to let it access the certificate for TLS
|
|
usermod -aG ssl-cert openldap
|
|
chown root:openldap /etc/ldap/slapd.conf
|
|
chown -R openldap:openldap /etc/ldap/schema/
|
|
chown -R openldap:openldap /etc/ldap/slapd.d/
|
|
chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
|
|
chmod o-rwx /etc/yunohost/certs/yunohost.org/
|
|
|
|
[ -z "$regen_conf_files" ] && exit 0
|
|
|
|
# check the slapd config file at first
|
|
slaptest -Q -u -f /etc/ldap/slapd.conf
|
|
|
|
# check if a backup should be restored
|
|
backup_dir=$(cat "$tmp_backup_dir_file" 2>/dev/null || true)
|
|
if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
|
|
# regenerate LDAP config directory and import database as root
|
|
# since the admin user may be unavailable
|
|
echo "Regenerate LDAP config directory and import the database using slapadd"
|
|
sh -c "rm -Rf /etc/ldap/slapd.d;
|
|
mkdir /etc/ldap/slapd.d;
|
|
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
|
|
chown -R openldap:openldap /etc/ldap/slapd.d;
|
|
slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
|
|
-l '${backup_dir}/dc=yunohost-dc=org.ldif';
|
|
chown -R openldap:openldap /var/lib/ldap" 2>&1
|
|
else
|
|
# regenerate LDAP config directory from slapd.conf
|
|
echo "Regenerate LDAP config directory from slapd.conf"
|
|
rm -Rf /etc/ldap/slapd.d
|
|
mkdir /etc/ldap/slapd.d
|
|
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1
|
|
chown -R openldap:openldap /etc/ldap/slapd.d/
|
|
fi
|
|
|
|
echo "Running slapdindex"
|
|
su openldap -s "/bin/bash" -c "/usr/sbin/slapindex"
|
|
|
|
echo "Reloading slapd"
|
|
service slapd force-reload
|
|
|
|
# on slow hardware/vm this regen conf would exit before the admin user that
|
|
# is stored in ldap is available because ldap seems to slow to restart
|
|
# so we'll wait either until we are able to log as admin or until a timeout
|
|
# is reached
|
|
# we need to do this because the next hooks executed after this one during
|
|
# postinstall requires to run as admin thus breaking postinstall on slow
|
|
# hardware which mean yunohost can't be correctly installed on those hardware
|
|
# and this sucks
|
|
# wait a maximum time of 5 minutes
|
|
# yes, force-reload behave like a restart
|
|
number_of_wait=0
|
|
while ! sudo su admin -c '' && ((number_of_wait < 60))
|
|
do
|
|
sleep 5
|
|
((number_of_wait += 1))
|
|
done
|
|
}
|
|
|
|
FORCE=${2:-0}
|
|
DRY_RUN=${3:-0}
|
|
|
|
case "$1" in
|
|
pre)
|
|
do_pre_regen $4
|
|
;;
|
|
post)
|
|
do_post_regen $4
|
|
;;
|
|
init)
|
|
do_init_regen
|
|
;;
|
|
*)
|
|
echo "hook called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exit 0
|