Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[6218] branches/1.0
|
From: <abe...@us...> - 2013-10-07 02:39:51
|
Revision: 6218
http://sourceforge.net/p/astlinux/code/6218
Author: abelbeck
Date: 2013-10-07 02:39:47 +0000 (Mon, 07 Oct 2013)
Log Message:
-----------
slapd, move to ldif ldap backend, add 'ldap' user/group to run slapd under
Modified Paths:
--------------
branches/1.0/package/openldap/openldap.mk
branches/1.0/package/openldap/slapd.init
branches/1.0/project/astlinux/target_skeleton/etc/group
branches/1.0/project/astlinux/target_skeleton/etc/init.d/FIRSTRUN
branches/1.0/project/astlinux/target_skeleton/etc/passwd
branches/1.0/project/astlinux/target_skeleton/etc/shadow
branches/1.0/project/astlinux/target_skeleton/etc/shadow-
Modified: branches/1.0/package/openldap/openldap.mk
===================================================================
--- branches/1.0/package/openldap/openldap.mk 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/package/openldap/openldap.mk 2013-10-07 02:39:47 UTC (rev 6218)
@@ -23,11 +23,11 @@
--without-fetch \
--without-cyrus-sasl \
--enable-slapd \
- --enable-mdb \
--enable-null \
--disable-local \
--disable-bdb \
--disable-hdb \
+ --disable-mdb \
--disable-monitor \
--disable-relay
Modified: branches/1.0/package/openldap/slapd.init
===================================================================
--- branches/1.0/package/openldap/slapd.init 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/package/openldap/slapd.init 2013-10-07 02:39:47 UTC (rev 6218)
@@ -2,8 +2,6 @@
. /etc/rc.conf
-LISTEN_URLS="ldap://"
-
gen_slapd_conf()
{
local cert key
@@ -14,15 +12,17 @@
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
+
+logfile /var/log/slapd/slapd.log
+loglevel stats
"
- cert="${LDAP_SERVER_CERT:-/mnt/kd/ssl/sip-tls/keys/server.crt}"
- key="${LDAP_SERVER_KEY:-/mnt/kd/ssl/sip-tls/keys/server.key}"
- if [ -f "$cert" -a -f "$key" ]; then
+ cert="${LDAP_SERVER_CERT:-/mnt/kd/ldap/certs/server.crt}"
+ key="${LDAP_SERVER_KEY:-/mnt/kd/ldap/certs/server.key}"
+ if [ -f "$cert" -a -f "$key" ] && [ "$(stat -c '%U:%G' "$cert")" = "ldap:ldap" -a "$(stat -c '%U:%G' "$key")" = "ldap:ldap" ]; then
echo "TLSCertificateFile $cert
TLSCertificateKeyFile $key
"
- LISTEN_URLS="ldap:// ldaps://"
else
logger -t slapd -p kern.info "LDAP Server SSL configuration error, continuing..."
logger -t slapd -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which LDAP Server will use by default."
@@ -37,17 +37,11 @@
by users write
"
- echo "database mdb
+ echo "database ldif
suffix \"dc=example,dc=com\"
rootdn \"cn=Manager,dc=example,dc=com\"
rootpw astlinux
-
directory /var/lib/ldap
-
-index objectClass eq,pres
-
-maxreaders 64
-maxsize 10485760
"
}
@@ -60,6 +54,24 @@
return
fi
+ if [ ! -d /mnt/kd/ldap/data ]; then
+ mkdir -m 0700 -p /mnt/kd/ldap/data
+ mkdir -m 0755 -p /mnt/kd/ldap/certs
+ chown -R ldap:ldap /mnt/kd/ldap
+ fi
+ ln -snf /mnt/kd/ldap/data /var/lib/ldap
+ chown ldap:ldap /var/lib/ldap
+
+ # Use SIP TLS certs if they exist and ours don't exist
+ if [ -f /mnt/kd/ssl/sip-tls/keys/server.crt ] && [ ! -f /mnt/kd/ldap/certs/server.crt ]; then
+ cp -a /mnt/kd/ssl/sip-tls/keys/server.crt /mnt/kd/ldap/certs/server.crt
+ chown ldap:ldap /mnt/kd/ldap/certs/server.crt
+ fi
+ if [ -f /mnt/kd/ssl/sip-tls/keys/server.key ] && [ ! -f /mnt/kd/ldap/certs/server.key ]; then
+ cp -a /mnt/kd/ssl/sip-tls/keys/server.key /mnt/kd/ldap/certs/server.key
+ chown ldap:ldap /mnt/kd/ldap/certs/server.key
+ fi
+
# Generate /etc/openldap/slapd.conf configuration file
if [ -f /mnt/kd/slapd.conf ]; then
echo "# Autogenerated. Edit /mnt/kd/slapd.conf file.
@@ -73,25 +85,27 @@
fi
chmod 600 /tmp/etc/openldap/slapd.conf
+ chown ldap:ldap /tmp/etc/openldap/slapd.conf
mkdir -p /var/run/slapd
+ chown ldap:ldap /var/run/slapd
- if [ ! -d /var/lib/ldap ]; then
- mkdir -m 0700 -p /var/lib/ldap
- fi
- if [ ! -d /mnt/kd/ldap ]; then
- mkdir -m 0700 -p /mnt/kd/ldap
- fi
- if [ -d /mnt/kd/ldap ]; then
- ln -sf /mnt/kd/ldap/data.mdb /var/lib/ldap/data.mdb
- fi
+ mkdir -p /var/log/slapd
+ chown ldap:ldap /var/log/slapd
}
start () {
+ local LISTEN_URLS
if [ -f /etc/openldap/slapd.conf ]; then
echo "Starting LDAP Server (slapd)..."
- slapd -h "$LISTEN_URLS"
+
+ if grep -q '^TLSCertificateKeyFile' /etc/openldap/slapd.conf; then
+ LISTEN_URLS="ldap:/// ldaps:///"
+ else
+ LISTEN_URLS="ldap:///"
+ fi
+ slapd -u ldap -g ldap -h "$LISTEN_URLS"
fi
}
Modified: branches/1.0/project/astlinux/target_skeleton/etc/group
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/group 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/project/astlinux/target_skeleton/etc/group 2013-10-07 02:39:47 UTC (rev 6218)
@@ -13,5 +13,6 @@
video:x:44:
users:x:100:
prosody:x:130:
+ldap:x:439:
zabbix:x:906:
nobody:x:65535:
Modified: branches/1.0/project/astlinux/target_skeleton/etc/init.d/FIRSTRUN
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/init.d/FIRSTRUN 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/project/astlinux/target_skeleton/etc/init.d/FIRSTRUN 2013-10-07 02:39:47 UTC (rev 6218)
@@ -10,7 +10,7 @@
local base="$1" user file IFS
unset IFS
- for user in zabbix prosody; do
+ for user in zabbix prosody ldap; do
for file in passwd shadow group; do
if ! grep -q "^${user}:" "/etc/${file}"; then
grep "^${user}:" "${base}/etc/${file}" >> "/etc/${file}"
Modified: branches/1.0/project/astlinux/target_skeleton/etc/passwd
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/passwd 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/project/astlinux/target_skeleton/etc/passwd 2013-10-07 02:39:47 UTC (rev 6218)
@@ -2,5 +2,6 @@
sshd:x:22:22:sshd:/dev/null:/bin/false
ftp:x:21:21:ftp user:/home/ftp:/bin/false
prosody:x:130:130:XMPP-server:/etc/prosody/data:/bin/false
+ldap:x:439:439:LDAP-server:/var/lib/ldap:/bin/false
zabbix:x:906:906:Zabbix User:/dev/null:/bin/false
nobody:x:1000:1000:no one:/dev/null:/bin/false
Modified: branches/1.0/project/astlinux/target_skeleton/etc/shadow
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/shadow 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/project/astlinux/target_skeleton/etc/shadow 2013-10-07 02:39:47 UTC (rev 6218)
@@ -2,5 +2,6 @@
sshd:!:0:0:99999:7:::
ftp:!:0:0:99999:7:::
prosody:!:0:0:99999:7:::
+ldap:!:0:0:99999:7:::
zabbix:!:0:0:99999:7:::
nobody:!:0:0:99999:7:::
Modified: branches/1.0/project/astlinux/target_skeleton/etc/shadow-
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/etc/shadow- 2013-10-05 18:46:23 UTC (rev 6217)
+++ branches/1.0/project/astlinux/target_skeleton/etc/shadow- 2013-10-07 02:39:47 UTC (rev 6218)
@@ -2,5 +2,6 @@
sshd:!:0:0:99999:7:::
ftp:!:0:0:99999:7:::
prosody:!:0:0:99999:7:::
+ldap:!:0:0:99999:7:::
zabbix:!:0:0:99999:7:::
nobody:!:0:0:99999:7:::
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
