[Astlinux-commits] SF.net SVN: astlinux:[6220] branches/1.0

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6220
          http://sourceforge.net/p/astlinux/code/6220
Author:   abelbeck
Date:     2013-10-10 05:35:04 +0000 (Thu, 10 Oct 2013)
Log Message:
-----------
slapd, add variables LDAP_SERVER_BASEDN, LDAP_SERVER_PASS and LDAP_SERVER_ANONYMOUS as well as auto creating address book schema

Modified Paths:
--------------
    branches/1.0/package/openldap/openldap.mk
    branches/1.0/package/openldap/slapd.init
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/openldap/openldap.mk
===================================================================

--- branches/1.0/package/openldap/openldap.mk	2013-10-09 04:39:01 UTC (rev 6219)
+++ branches/1.0/package/openldap/openldap.mk	2013-10-10 05:35:04 UTC (rev 6220)
@@ -18,6 +18,7 @@
 	--disable-debug \
 	--enable-syslog \
 	--enable-ipv6 \
+	--enable-crypt \
 	--with-tls \
 	--with-yielding_select=yes \
 	--without-fetch \

Modified: branches/1.0/package/openldap/slapd.init
===================================================================
--- branches/1.0/package/openldap/slapd.init	2013-10-09 04:39:01 UTC (rev 6219)
+++ branches/1.0/package/openldap/slapd.init	2013-10-10 05:35:04 UTC (rev 6220)
@@ -2,12 +2,83 @@
 
 . /etc/rc.conf
 
+set_local_vars()
+{
+  local i base pass IFS
+
+  if [ -n "$LDAP_SERVER_BASEDN" ]; then
+    BASE="$LDAP_SERVER_BASEDN"
+  else
+    if [ -n "$DOMAIN" ]; then
+      base=""
+      IFS='. '
+      for i in $DOMAIN; do
+        base="$base${base:+,}dc=$i"
+      done
+      unset IFS
+      BASE="$base"
+    else
+      BASE="astlinux"
+    fi
+  fi
+
+  if [ -n "$LDAP_SERVER_PASS" ]; then
+    PASS="$(slapd -T passwd -s "$LDAP_SERVER_PASS")"
+  else
+    pass="$(sed -n -r -e 's/^admin:(.*)$/\1/p' /var/www/admin/.htpasswd 2>/dev/null)"
+    if [ -n "$pass" ]; then
+      PASS="{CRYPT}$pass"
+    else
+      PASS=""
+    fi
+  fi
+}
+
 gen_default_schema()
 {
+  local BASE="$1" pass dc STAFF_PW DIRECTORY_PW
 
-  slapd -T add <<EOF
-EOF
+  pass="$(sed -n -r -e 's/^staff:(.*)$/\1/p' /var/www/admin/.htpasswd 2>/dev/null)"
+  if [ -n "$pass" ]; then
+    STAFF_PW="{CRYPT}$pass"
+  else
+    STAFF_PW="{SSHA}cCIf4iVXSEMZn5E/8xBMrSyggWmIIyOM"
+  fi
 
+  DIRECTORY_PW="{SSHA}cCIf4iVXSEMZn5E/8xBMrSyggWmIIyOM"
+
+  dc="$(echo "$BASE" | sed -n -r -e 's/^dc=([^,]*).*$/\1/p')"
+
+  echo "#
+dn: ${BASE}
+objectClass: dcObject
+objectClass: organization
+dc: ${dc}
+o: AstLinux LDAP Server
+
+dn: ou=addressbook,${BASE}
+objectClass: organizationalUnit
+ou: addressbook
+
+dn: ou=users,${BASE}
+objectClass: organizationalUnit
+ou: users
+
+dn: cn=staff,ou=users,${BASE}
+objectClass: person
+cn: staff
+sn: Staff
+description: Addressbook read/write user
+userPassword: ${STAFF_PW}
+
+dn: cn=directory,ou=users,${BASE}
+objectClass: person
+cn: directory
+sn: Directory
+description: Addressbook read-only user
+userPassword: ${DIRECTORY_PW}
+" | slapd -T add
+
   chown -H ldap:ldap /var/lib/ldap/*.mdb
 }
 
@@ -15,6 +86,8 @@
 {
   local cert key
 
+  set_local_vars
+
   echo "include /etc/openldap/schema/core.schema
 include /etc/openldap/schema/cosine.schema
 include /etc/openldap/schema/inetorgperson.schema
@@ -24,40 +97,43 @@
 argsfile /var/run/slapd/slapd.args
 
 logfile /var/log/slapd/slapd.log
-loglevel stats
-"
+loglevel stats"
 
   cert="${LDAP_SERVER_CERT:-/mnt/kd/ldap/certs/server.crt}"
   key="${LDAP_SERVER_KEY:-/mnt/kd/ldap/certs/server.key}"
   if [ -f "$cert" -a -f "$key" ] && [ "$(stat -c '%U:%G' "$cert")" = "ldap:ldap" -a "$(stat -c '%U:%G' "$key")" = "ldap:ldap" ]; then
-    echo "TLSCertificateFile $cert
-TLSCertificateKeyFile $key
-"
+    echo "
+TLSCertificateFile $cert
+TLSCertificateKeyFile $key"
   else
     logger -t slapd -p kern.info "LDAP Server SSL configuration error, continuing..."
     logger -t slapd -p kern.info "Try generating an Asterisk SIP-TLS Server Certificate, which LDAP Server will use by default."
   fi
 
-  echo "disallow bind_anon
+  if [ "$LDAP_SERVER_ANONYMOUS" != "yes" ]; then
+    echo "
+disallow bind_anon"
+  fi
+  echo "
 access to attrs=userpassword
       by self write
       by anonymous auth
       by * none
-access to dn.subtree="ou=addressbook,dc=example,dc=com"
-      by dn.exact="uid=directory,ou=users,dc=example,dc=com" read
+access to dn.subtree=\"ou=addressbook,${BASE}\"
+      by dn.exact=\"cn=directory,ou=users,${BASE}\" read
       by users write
       by anonymous read
       by * none
 access to *
       by self write
       by users read
-      by * none
-"
+      by * none"
 
-  echo "database mdb
-suffix \"dc=example,dc=com\"
-rootdn \"cn=Manager,dc=example,dc=com\"
-rootpw astlinux
+  echo "
+database mdb
+suffix \"${BASE}\"
+rootdn \"cn=admin,${BASE}\"${PASS:+
+rootpw $PASS}
 directory /var/lib/ldap
 
 index objectClass eq,pres
@@ -123,15 +199,21 @@
 }
 
 start () {
-  local LISTEN_URLS
+  local LISTEN_URLS BASE
 
   if [ -f /etc/openldap/slapd.conf ]; then
     echo "Starting LDAP Server (slapd)..."
 
-    if [ ! -f /mnt/kd/ldap/data/data.mdb ]; then
-      echo "  Generating default LDAP schema..."
-      gen_default_schema
+    # Extract the first Base DN suffix
+    BASE="$(sed -n -r -e 's/^suffix.*"(.*)".*$/\1/p' /etc/openldap/slapd.conf | head -n1)"
+    if [ -z "$(echo "$BASE" | sed -n -r -e 's/^dc=([^,]*).*$/\1/p')" ]; then
+      echo "slapd: Invalid Base DN, slapd failed to start."
+      return;
     fi
+    if [ ! -f /mnt/kd/ldap/data/data.mdb ] || ! slapd -T cat -H "ldap:///???(ou=addressbook)" | grep -qi "^dn:.*ou=addressbook,${BASE}"; then
+      echo "  Generating default LDAP schema for Base DN \"${BASE}\"..."
+      gen_default_schema "$BASE"
+    fi
 
     if grep -q '^TLSCertificateKeyFile' /etc/openldap/slapd.conf; then
       LISTEN_URLS="ldap:/// ldaps:///"

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-09 04:39:01 UTC (rev 6219)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2013-10-10 05:35:04 UTC (rev 6220)
@@ -484,8 +484,11 @@
 #LDAP_TLS_REQCERT="never"                          # TLS certificate check: "never", "allow", "try" or "demand", defaults to "demand"
 ## LDAP Server - OpenLDAP (slapd)
 #LDAP_SERVER="yes"                                 # Enable LDAP server slapd with "yes", defaults to "no"
-#LDAP_SERVER_CERT=""                               # Defaults to "/mnt/kd/ssl/sip-tls/keys/server.crt"
-#LDAP_SERVER_KEY=""                                # Defaults to "/mnt/kd/ssl/sip-tls/keys/server.key"
+#LDAP_SERVER_BASEDN="dc=example,dc=com"            # suffix and must begin with 'dc=', defaults to using DOMAIN, ex. foo.com -> "dc=foo,dc=com"
+#LDAP_SERVER_PASS=""                               # rootpw, defaults to web interface admin password
+#LDAP_SERVER_ANONYMOUS="yes"                       # If "yes" allow anonymous read-only access, defaults to "no"
+#LDAP_SERVER_CERT=""                               # Defaults to "/mnt/kd/ldap/certs/server.crt" using SIP-TLS cert
+#LDAP_SERVER_KEY=""                                # Defaults to "/mnt/kd/ldap/certs/server.key" using SIP-TLS key
 
 ## Proxy ENV variables (http_proxy, ftp_proxy, etc.) for curl, wget, etc.
 ## Format: http://user:pass@proxyhost:proxyport"

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



