mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
a5568311db
As Wheezy is not supported anymore by next YunoHost releases, the slapd.conf now comes with MDB as backend. The LDAP database is also saved before switching to MDB backend and imported after the configuration re-generation to prevent data loss.
70 lines
2.2 KiB
Bash
70 lines
2.2 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
force=$1
|
|
|
|
function safe_copy () {
|
|
if [ ! -f /etc/yunohost/installed ]; then
|
|
sudo cp $1 $2
|
|
else
|
|
if [[ "$force" == "True" ]]; then
|
|
sudo yunohost service safecopy \
|
|
-s slapd $1 $2 --force
|
|
else
|
|
sudo yunohost service safecopy \
|
|
-s slapd $1 $2
|
|
fi
|
|
fi
|
|
}
|
|
|
|
cd /usr/share/yunohost/templates/slapd
|
|
|
|
# Remove legacy configuration file
|
|
[ ! -f /etc/yunohost/installed ] \
|
|
|| sudo yunohost service saferemove -s slapd \
|
|
/etc/ldap/slapd-yuno.conf
|
|
|
|
# Retrieve current backend
|
|
backend=$(sudo slapcat -n 0 | sed -n 's/^dn: olcDatabase={1}\(.*\),cn=config$/\1/p')
|
|
|
|
# Save current database in case of a backend change
|
|
BACKEND_CHANGE=0
|
|
BACKUP_DIR="/var/backups/dc=yunohost,dc=org-${backend}-$(date +%s)"
|
|
if [[ "$backend" != "mdb" && "$force" == "True" ]]; then
|
|
BACKEND_CHANGE=1
|
|
sudo mkdir -p "$BACKUP_DIR"
|
|
sudo slapcat -b dc=yunohost,dc=org \
|
|
-l "${BACKUP_DIR}/dc=yunohost-dc=org.ldif"
|
|
fi
|
|
|
|
safe_copy sudo.schema /etc/ldap/schema/sudo.schema
|
|
safe_copy mailserver.schema /etc/ldap/schema/mailserver.schema
|
|
safe_copy ldap.conf /etc/ldap/ldap.conf
|
|
safe_copy slapd.default /etc/default/slapd
|
|
safe_copy slapd.conf /etc/ldap/slapd.conf
|
|
|
|
# Fix some permissions
|
|
sudo chown root:openldap /etc/ldap/slapd.conf
|
|
sudo chown -R openldap:openldap /etc/ldap/schema/
|
|
sudo chown -R openldap:openldap /etc/ldap/slapd.d/
|
|
|
|
if [[ $BACKEND_CHANGE -eq 1 ]]; then
|
|
# Regenerate LDAP configuration and import database as root
|
|
# since the admin user may be unavailable
|
|
sudo sh -c "rm -Rf /etc/ldap/slapd.d;
|
|
mkdir /etc/ldap/slapd.d;
|
|
slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d;
|
|
chown -R openldap:openldap /etc/ldap/slapd.d;
|
|
slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org \
|
|
-l '${BACKUP_DIR}/dc=yunohost-dc=org.ldif';
|
|
chown -R openldap:openldap /var/lib/ldap" 2>&1
|
|
else
|
|
# Regenerate LDAP configuration from slapd.conf if it is valid
|
|
sudo slaptest -u -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ \
|
|
&& (sudo rm -Rf /etc/ldap/slapd.d \
|
|
&& sudo mkdir /etc/ldap/slapd.d \
|
|
&& sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d/ 2>&1)
|
|
sudo chown -R openldap:openldap /etc/ldap/slapd.d/
|
|
fi
|
|
|
|
sudo service slapd force-reload
|