/[smeserver]/rpms/e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz11140-bz11099-bz11096-systemd-update.patch
ViewVC logotype

Annotation of /rpms/e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz11140-bz11099-bz11096-systemd-update.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sat Dec 12 03:31:03 2020 UTC (3 years, 10 months ago) by jpp
Branch: MAIN
Changes since 1.1: +1 -1 lines
* Fri Dec 11 2020 Jean-Philipe Pialasse <tests@pialasse.com> 5.6.0-8.sme
- add -update event [SME: 11140]
- move ldap to systemd [SME: 11099]
- move ldap.init to systemd [SME: 11096]

1 jpp 1.1 diff -Nur e-smith-ldap-5.6.0.old/createlinks e-smith-ldap-5.6.0/createlinks
2     --- e-smith-ldap-5.6.0.old/createlinks 2016-02-05 11:04:35.000000000 -0500
3     +++ e-smith-ldap-5.6.0/createlinks 2020-12-11 22:14:09.069000000 -0500
4     @@ -11,9 +11,19 @@
5     bootstrap-console-save
6     console-save
7     ldap-update
8     + e-smith-ldap-update
9     ));
10     }
11    
12     +templates2events("/etc/sysconfig/slapd",
13     + qw(
14     + bootstrap-console-save
15     + console-save
16     + ldap-update
17     + e-smith-ldap-update
18     + ));
19 jpp 1.2 +
20 jpp 1.1 +
21     event_link("ldap-update-simple", "group-create", "95");
22     event_link("ldap-update-simple", "group-modify", "95");
23     event_link("ldap-delete", "group-delete", "55");
24     @@ -42,18 +52,21 @@
25     templates2events("/etc/hosts.allow", "ldap-update");
26     safe_symlink("restart", "root/etc/e-smith/events/ldap-update/services2adjust/ldap");
27     safe_symlink("reload", "root/etc/e-smith/events/ssl-update/services2adjust/ldap");
28     -safe_symlink("adjust", "root/etc/e-smith/events/ldap-update/services2adjust/masq");
29     -safe_symlink("sigusr1", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith");
30     +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/masq");
31     +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith");
32    
33     event_link("ldap-delete-dumps", "pre-restore", "25");
34    
35     event_link("set-ldap-bootstrap", "bootstrap-console-save", "95");
36     event_link("reset-ldap-bootstrap", "bootstrap-ldap-save", "95");
37    
38     -safe_symlink("/usr/bin/sv", "root/etc/rc.d/init.d/ldap");
39     -service_link_enhanced("ldap", "S48", "7");
40     -service_link_enhanced("ldap.init", "S49", "7");
41     -service_link_enhanced("ldap", "K10", "6");
42     -service_link_enhanced("ldap", "K10", "0");
43     +
44     +my $event="e-smith-ldap-update";
45     +
46     +# systemd-specific action mandatory for this package-update event
47     +event_link("systemd-reload", $event, "89");
48     +event_link("systemd-default", $event, "88");
49     +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap");
50     +event_link("ldap-update", $event , "80");
51    
52     exit 0;
53     diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
54     --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 16:55:21.406000000 -0500
55     +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 21:29:21.667000000 -0500
56     @@ -11,8 +11,8 @@
57     $OUT = " 3.3";
58     }
59     }
60     -TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
61     -TLSCertificateFile /var/service/ldap/ssl/slapd.pem
62     -TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem
63     +TLSCACertificateFile /etc/openldap/ssl/slapd.pem
64     +TLSCertificateFile /etc/openldap//ssl/slapd.pem
65     +TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
66     TLSVerifyClient never
67    
68     diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head
69     --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 1969-12-31 19:00:00.000000000 -0500
70     +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 2020-12-11 22:02:00.774000000 -0500
71     @@ -0,0 +1,3 @@
72     +# OpenLDAP server configuration
73     +# see 'man slapd' for additional information
74     +
75     diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS
76     --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 1969-12-31 19:00:00.000000000 -0500
77     +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 2020-12-11 22:03:09.117000000 -0500
78     @@ -0,0 +1,8 @@
79     +
80     +# Where the server will run (-h option)
81     +# - ldapi:/// is required for on-the-fly configuration using client tools
82     +# (use SASL with EXTERNAL mechanism for authentication)
83     +# - default: ldapi:/// ldap:///
84     +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
85     +SLAPD_URLS="ldap:/// ldaps:/// ldapi:///"
86     +
87     diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS
88     --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 1969-12-31 19:00:00.000000000 -0500
89     +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 2020-12-11 22:05:21.507000000 -0500
90     @@ -0,0 +1,4 @@
91     +
92     +# Any custom options
93     +SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "
94     +
95     diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5
96     --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 1969-12-31 19:00:00.000000000 -0500
97     +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 2020-12-11 22:03:57.926000000 -0500
98     @@ -0,0 +1,4 @@
99     +
100     +# Keytab location for GSSAPI Kerberos authentication
101     +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
102     +
103     diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix
104     --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix 1969-12-31 19:00:00.000000000 -0500
105     +++ e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix 2020-12-11 21:59:11.686000000 -0500
106     @@ -0,0 +1,415 @@
107     +#!/usr/bin/perl -T
108     +
109     +use strict;
110     +use warnings;
111     +use Net::LDAP;
112     +use Net::LDAP::LDIF;
113     +use Date::Parse;
114     +use esmith::ConfigDB;
115     +use esmith::AccountsDB;
116     +use esmith::util;
117     +use Getopt::Long qw(:config bundling);
118     +
119     +$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin';
120     +$ENV{'LANG'} = 'C';
121     +$ENV{'TZ'} = '';
122     +
123     +sub dnsort {
124     + my %type = ( add => 1, modrdn => 2, moddn => 2, modify => 3, delete => 4);
125     + my %attr = ( dc => 1, ou => 2, cn => 3, uid => 4);
126     +
127     + my ($oa) = ($a->get_value('newrdn') || $a->dn) =~ /^([^=]+)=/;
128     + my ($ob) = ($b->get_value('newrdn') || $b->dn) =~ /^([^=]+)=/;
129     + my ($ua, $ub) = map { my $tu = $_->get_value('uidnumber'); defined $tu && $tu ne '' ? $tu : -1 } ($a, $b);
130     + my ($ga, $gb) = map { my $tg = $_->get_value('gidnumber'); defined $tg && $tg ne '' ? $tg : -1 } ($a, $b);
131     +
132     + ($attr{$oa} || 9) <=> ($attr{$ob} || 9) || ($type{$a->changetype} || 9) <=> ($type{$b->changetype} || 9) ||
133     + $ua <=> $ub || $ga <=> $gb || ($a->get_value('newrdn') || $a->dn) cmp ($b->get_value('newrdn') || $b->dn);
134     +}
135     +
136     +my $c = esmith::ConfigDB->open_ro;
137     +my $a = esmith::AccountsDB->open_ro;
138     +
139     +my $auth = $c->get('ldap')->prop('Authentication') || 'disabled';
140     +my $schema = '/etc/openldap/schema/samba.schema';
141     +
142     +my $domain = $c->get('DomainName')->value;
143     +my $basedn = esmith::util::ldapBase($domain);
144     +
145     +my $userou = 'ou=Users';
146     +my $groupou = 'ou=Groups';
147     +my $compou = 'ou=Computers';
148     +
149     +my ($dc) = split /\./, $domain;
150     +my $company = $c->get_prop('ldap', 'defaultCompany') || $domain;
151     +
152     +my %opt;
153     +GetOptions ( \%opt, "diff|d", "update|u", "input|i=s", "output|o=s" );
154     +$opt{input} = '/usr/sbin/slapcat -c 2> /dev/null|' unless $opt{input} && ($opt{input} eq '-' || -f "$opt{input}" || -c "$opt{input}");
155     +$opt{diff} = 1 if $opt{update};
156     +if ( $opt{output} && $opt{output} =~ m{^([-\w/.]+)$}) {
157     + $opt{output} = $1;
158     +} else {
159     + $opt{output} = '-';
160     +}
161     +
162     +my ($data, $dn);
163     +
164     +# Top object (base)
165     +$data->{$basedn} = {
166     + objectclass => [qw/organization dcObject top/],
167     + dc => $dc,
168     + o => $company,
169     +};
170     +
171     +# Top containers for users/groups/computers
172     +foreach (qw/Users Groups Computers/) {
173     + $data->{"ou=$_,$basedn"} = {
174     + objectclass => [qw/organizationalUnit top/],
175     + ou => $_,
176     + };
177     +}
178     +
179     +# Common accounts needed for SME to work properly
180     +$data->{"cn=nobody,$groupou,$basedn"}->{objectclass} = [ qw/posixGroup/ ];
181     +$data->{"uid=www,$userou,$basedn"}->{objectclass} = [ qw/account/ ];
182     +$data->{"cn=www,$groupou,$basedn"} = { objectclass => [ qw/posixGroup/ ], memberuid => [ qw/admin/ ] };
183     +$data->{"cn=shared,$groupou,$basedn"} = {
184     + objectclass => [ qw/posixGroup mailboxRelatedObject/ ],
185     + mail => "everyone\@$domain",
186     + memberuid => [ qw/www/ ]
187     +};
188     +
189     +# Read in accounts database information
190     +foreach my $acct ($a->get('admin'), $a->users, $a->groups, $a->ibays, $a->get_all_by_prop(type => 'machine')) {
191     + my $key = $acct->key;
192     + my $type = $acct->prop('type');
193     +
194     + next if $key eq 'Primary';
195     +
196     + $dn = "uid=$key,".($type eq 'machine' ? $compou : $userou).",$basedn";
197     + if ($type =~ /^(?:user|group|machine|ibay)$/ || $key eq 'admin') {
198     + if ($type eq 'user' || $key eq 'admin') {
199     + # Allow removal of obsolete person objectclass and samba attributes
200     + push @{$data->{$dn}->{_delete}->{objectclass}}, 'person';
201     +
202     +
203     + push @{$data->{$dn}->{objectclass}}, 'inetOrgPerson';
204     + $data->{$dn}->{mail} = "$key\@$domain";
205     + @{$data->{$dn}}{qw/givenname sn telephonenumber o ou l street/} =
206     + map { $acct->prop($_) || [] } qw/FirstName LastName Phone Company Dept City Street/;
207     + $data->{$dn}->{cn} = $acct->prop('FirstName').' '.$acct->prop('LastName');
208     + }
209     + else {
210     + push @{$data->{$dn}->{objectclass}}, 'account';
211     + }
212     +
213     + # users/ibays need to be a member of shared
214     + push @{$data->{"cn=shared,$groupou,$basedn"}->{memberuid}}, $key if $type =~ /^(user|ibay)$/ || $key eq 'admin';
215     +
216     + if ($auth ne 'enabled') {
217     + # Allow removal of shadow properties
218     + push @{$data->{$dn}->{_delete}->{objectclass}}, 'shadowAccount';
219     + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/userPassword shadowLastChange shadowMin shadowMax
220     + shadowWarning shadowInactive shadowExpire shadowFlag/;
221     +
222     + if ( -f "$schema" ) {
223     + # If we will be adding samba properties then allow removal
224     + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaSamAccount';
225     + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaAcctFlags sambaLMPassword sambaNTPassword
226     + sambaNTPassword sambaPrimaryGroupSID sambaPwdLastSet sambaSID/;
227     + }
228     + }
229     + }
230     +
231     + $dn = "cn=$key,$groupou,$basedn";
232     + push @{$data->{$dn}->{objectclass}}, 'posixGroup';
233     + if ($type eq 'group') {
234     + # Allways replace memberuid with new set
235     + $data->{$dn}->{_delete}->{memberuid} = 1;
236     +
237     + push @{$data->{$dn}->{objectclass}}, 'mailboxRelatedObject';
238     +
239     + $data->{$dn}->{mail} = "$key\@$domain";
240     + $data->{$dn}->{description} = $acct->prop('Description') || [];
241     + push @{$data->{$dn}->{memberuid}}, split /,/, ($acct->prop('Members') || '');
242     +
243     + # www needs to be a memeber of every group
244     + push @{$data->{$dn}->{memberuid}}, 'www';
245     +
246     + if ($auth ne 'enabled' && -f "$schema" ) {
247     + # If we will be adding samba properties then allow removal
248     + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaGroupMapping';
249     + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaGroupType sambaSID/;
250     + }
251     + }
252     + elsif ($type eq 'ibay') {
253     + $dn = "cn=".$acct->prop('Group').",$groupou,$basedn";
254     + push @{$data->{$dn}->{memberuid}}, $acct->key;
255     + }
256     +}
257     +
258     +if ($auth ne 'enabled') {
259     + # Read in information from unix (passwd) system
260     + open PASSWD, '/etc/passwd';
261     + while (<PASSWD>) {
262     + chomp;
263     + my @passwd = split /:/, $_;
264     + next unless scalar @passwd == 7;
265     +
266     + $dn = "uid=$passwd[0],".($passwd[0] =~ /\$$/ ? $compou : $userou).",$basedn";
267     + next unless exists $data->{$dn};
268     +
269     + push @{$data->{$dn}->{objectclass}}, 'posixAccount';
270     + @{$data->{$dn}}{qw/cn uid uidnumber gidnumber homedirectory loginshell/} =
271     + map { $passwd[$_] ? $passwd[$_] : [] } (4,0,2,3,5,6);
272     + }
273     + close (PASSWD);
274     +
275     + # Shadow file defaults (pulled from cpu.conf)
276     + my %shadow_def = ( 1 => [], 2 => 11192, 3 => -1, 4 => 99999, 5 => 7, 6 => -1, 7 => -1, 8 => 134538308 );
277     +
278     + # Read in information from unix (shadow) system
279     + open SHADOW, '/etc/shadow';
280     + while (<SHADOW>) {
281     + chomp;
282     + my @shadow = split /:/, $_;
283     + next unless scalar @shadow >= 6;
284     + $shadow[1] = '!*' if $shadow[1] eq '!!';
285     + $shadow[1] = "{CRYPT}$shadow[1]" unless $shadow[1] =~ /^\{/;
286     +
287     + $dn = "uid=$shadow[0],".($shadow[0] =~ /\$$/ ? $compou : $userou).",$basedn";
288     + next unless exists $data->{$dn};
289     +
290     + push @{$data->{$dn}->{objectclass}}, 'shadowAccount';
291     + @{$data->{$dn}}{ map { lc($_) } qw/userPassword shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
292     + shadowExpire shadowFlag/} = map { $shadow[$_] ? $shadow[$_] : $shadow_def{$_} } (1..8);
293     + }
294     + close (SHADOW);
295     +
296     + # Read in information from unix (group) system
297     + open GROUP, '/etc/group';
298     + while (<GROUP>) {
299     + chomp;
300     + my @group = split /:/, $_;
301     + next unless scalar @group >= 3;
302     + $group[3] = [ split /,/, ($group[3] || '') ];
303     +
304     + $dn = "cn=$group[0],$groupou,$basedn";
305     + next unless exists $data->{$dn};
306     +
307     + push @{$data->{$dn}->{objectclass}}, 'posixGroup';
308     + @{$data->{$dn}}{qw/cn gidnumber/} = map { $group[$_] ? $group[$_] : [] } (0,2);
309     + push @{$data->{$dn}->{memberuid}}, @{$group[3]};
310     + }
311     + close (GROUP);
312     +
313     + my %smbprop = (
314     + 'User SID' => 'sambasid',
315     + 'Account Flags' => 'sambaacctflags',
316     + 'Primary Group SID' => 'sambaprimarygroupsid',
317     + 'Full Name' => 'displayname',
318     + 'Password last set' => 'sambapwdlastset',
319     + );
320     +
321     + # Read in information from unix (smbpasswd) system
322     + if ( -f "$schema" && -x '/usr/bin/pdbedit' ) {
323     + $dn = undef;
324     + open SMBDETAIL, '/usr/bin/pdbedit -vL 2> /dev/null|';
325     + while (<SMBDETAIL>) {
326     + chomp;
327     +
328     + $dn = ("uid=$1,".($1 =~ /\$$/ ? $compou : $userou).",$basedn") if m/^Unix username:\s+(\S.*)$/;
329     + next unless $dn && exists $data->{$dn};
330     +
331     + # Map the samba account properties that we care about
332     + $data->{$dn}->{$smbprop{$1}} = ($2 ? str2time($2) : (defined $3 ? $3 : []))
333     + if m/^(.+):\s+(?:(\S.*\d{4} \d{2}:\d{2}:\d{2}.*)|(.*))$/ && exists $smbprop{$1};
334     + }
335     + close (SMBDETAIL);
336     +
337     + open SMBPASSWD, '/usr/bin/pdbedit -wL 2> /dev/null|';
338     + while (<SMBPASSWD>) {
339     + chomp;
340     + my @smbpasswd = split /:/, $_;
341     + next unless scalar @smbpasswd >= 6;
342     +
343     + $dn = "uid=$smbpasswd[0],".($smbpasswd[0] =~ /\$$/ ? $compou : $userou).",$basedn";
344     + next unless exists $data->{$dn} && exists $data->{$dn}->{uidnumber} && $data->{$dn}->{uidnumber} eq $smbpasswd[1];
345     +
346     + push @{$data->{$dn}->{objectclass}}, 'sambaSamAccount';
347     + @{$data->{$dn}}{qw/sambalmpassword sambantpassword/} = map { $smbpasswd[$_] ? $smbpasswd[$_] : [] } (2,3);
348     + }
349     + close (SMBPASSWD);
350     + }
351     +
352     + if ( -f "$schema" && -x '/usr/bin/net' ) {
353     + open GROUPMAP, '/usr/bin/net groupmap list 2> /dev/null|';
354     + while (<GROUPMAP>) {
355     + chomp;
356     +
357     + if (m/^(.+) \((.+)\) -> (.+)$/) {
358     + # Skip local machine accounts
359     + next if $2 =~ /S-1-5-32-\d+/;
360     +
361     + $dn = "cn=$3,$groupou,$basedn";
362     + next unless exists $data->{$dn};
363     +
364     + push @{$data->{$dn}->{objectclass}}, 'sambaGroupMapping';
365     + @{$data->{$dn}}{qw/displayname sambasid sambagrouptype/} = ($1, $2, 2);
366     + }
367     + }
368     + close (GROUPMAP);
369     + }
370     +}
371     +
372     +my @ldif;
373     +
374     +# Loop through ldap data and update as necessary
375     +my $reader = Net::LDAP::LDIF->new( $opt{input}, 'r', onerror => 'undef' );
376     +while( not $reader->eof()) {
377     + my $entry = $reader->read_entry() || next;
378     + $dn = $entry->dn;
379     +
380     + # Ensure the basedn is correct
381     + $dn = "$1$basedn" if $dn =~ /^((?:(?!dc=)[^,]+,)*)dc=/;
382     +
383     + # Ensure correct ou is part of user/groups/computers
384     + if ($dn =~ /^(uid=([^,\$]+)(\$)?),((?:(?!dc=)[^,]+,)*)dc=/) {
385     + if ( defined $3 && $3 eq '$') {
386     + $dn = "$1,$compou,$basedn";
387     + }
388     + elsif (grep /posixGroup/, @{$entry->get_value('objectclass', asref => 1) || []}) {
389     + $dn = "cn=$2,$groupou,$basedn";
390     +
391     + # Cleanup attributes that the modrdn will perform
392     + $entry->add(cn => $2);
393     + $entry->delete(uid => [$2]);
394     + }
395     + else {
396     + $dn = "$1,$userou,$basedn";
397     + }
398     + }
399     + elsif ($dn =~ /^(cn=[^,]+),((?:(?!dc=)[^,]+,)*)dc=/) {
400     + $dn = "$1,$groupou,$basedn" unless $2 =~ /^ou=auto\./;
401     + }
402     +
403     + # Don't process records twice
404     + next if $data->{$dn}->{_done};
405     +
406     + # Rename existing entry into place if we can
407     + if ($dn ne $entry->dn) {
408     + my $rdn = Net::LDAP::Entry->new;
409     + $rdn->dn($entry->dn);
410     + $rdn->changetype('modrdn');
411     + my ($newdn, $newbase) = split /,/, $dn, 2;
412     + $rdn->add(newrdn => $newdn, deleteoldrdn => 1, newsuperior => $newbase);
413     + push @ldif, $rdn;
414     +
415     + # Now we can change the entry to new dn
416     + $entry->dn($dn);
417     + }
418     +
419     + # Change type to modify so that we can keep track of changes we make
420     + $entry->changetype('modify');
421     +
422     + # Hack to make upgrades work (add calEntry if calFGUrl attributes exists)
423     + if ($entry->exists('calFBURL') && -f "/etc/openldap/schema/rfc2739.schema") {
424     + push @{$data->{$dn}->{objectclass}}, 'calEntry';
425     + }
426     +
427     + my %attributes = ();
428     + @attributes{ keys %{$data->{$dn}}, exists $data->{$dn}->{_delete} ? map { lc($_) } keys %{$data->{$dn}->{_delete}} : () } = ();
429     +
430     + foreach my $attr (sort keys %attributes) {
431     + # Skip the pseudo attributes
432     + next if $attr =~ /^_/;
433     +
434     + my @l = @{$entry->get_value($attr, asref => 1) || []};
435     + my @u = exists $data->{$dn}->{$attr} ? (ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})) : ();
436     +
437     + # Figure out differences between attributes
438     + my (@lonly, @uonly, @donly, %lseen, %useen, %dseen) = () x 6;
439     +
440     + # Unique lists of what is in ldap and what needs to be in ldap
441     + @lseen{@l} = ();
442     + @useen{@u} = ();
443     +
444     + # Create list of attributes that aren't in the other
445     + @uonly = grep { ! exists $lseen{$_} } keys %useen;
446     + @lonly = grep { ! exists $useen{$_} } keys %lseen;
447     +
448     + # Determine which of the ldap only attributes we need to remove
449     + if ((keys %useen == 1 && keys %lseen == 1) || (keys %useen == 0 && exists $data->{$dn}->{$attr})) {
450     + # Replacing a single entry or erasing entire entry
451     + @donly = @lonly;
452     + }
453     + elsif ($data->{$dn}->{_delete} && $data->{$dn}->{_delete}->{$attr}) {
454     + if (my $ref = ref($data->{$dn}->{_delete}->{$attr})) {
455     + # Map hash keys or array elemts to valid values to delete
456     + @dseen{$ref eq 'HASH' ? keys %{$data->{$dn}->{_delete}->{$attr}} : @{$data->{$dn}->{_delete}->{$attr}}} = ();
457     + @donly = grep { exists $dseen{$_} } @lonly;
458     + }
459     + else {
460     + # Permission to remove all values
461     + @donly = @lonly;
462     + }
463     + }
464     +
465     + if (@donly && @donly == keys %lseen) {
466     + # If we are removing all ldap attributes do a remove or full delete
467     + if (@uonly) {
468     + $entry->replace($attr => [ @uonly ]);
469     + }
470     + else {
471     + $entry->delete($attr => []);
472     + }
473     + }
474     + else {
475     + $entry->delete($attr => [ @donly ]) if @donly;
476     + $entry->add($attr => [ @uonly ]) if @uonly;
477     + }
478     + }
479     +
480     + $data->{$dn}->{_done} = 1;
481     + push @ldif, $entry;
482     +}
483     +$reader->done();
484     +
485     +# Add missing records that didn't exist in ldap yet
486     +foreach $dn (grep { ! exists $data->{$_}->{_done} } sort keys %$data) {
487     + my $entry = Net::LDAP::Entry->new;
488     + $entry->dn($dn);
489     +
490     + foreach my $attr (sort keys %{$data->{$dn}}) {
491     + # Skip the pseudo attributes
492     + next if $attr =~ /^_/;
493     +
494     + my %seen = ();
495     + @seen{ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})} = ();
496     + $entry->add($attr => [ sort keys %seen ]) if keys %seen != 0;
497     + }
498     +
499     + push @ldif, $entry;
500     +}
501     +
502     +#------------------------------------------------------------
503     +# Update LDAP database entry.
504     +#------------------------------------------------------------
505     +my $ldap;
506     +if ($opt{update}) {
507     + $ldap = Net::LDAP->new('localhost') or die "$@";
508     + $ldap->bind( dn => "cn=root,$basedn", password => esmith::util::LdapPassword() );
509     +}
510     +
511     +my $writer = Net::LDAP::LDIF->new( $opt{output}, 'w', onerror => 'undef', wrap => 0, sort => 1, change => $opt{diff} );
512     +foreach my $entry (sort dnsort @ldif) {
513     + if ($opt{update} && ($entry->changetype ne 'modify' || @{$entry->{changes}}) ) {
514     + my $result = $entry->update($ldap);
515     + warn "Failure to ",$entry->changetype," ",$entry->dn,": ",$result->error,"\n" if $result->code;
516     + }
517     +
518     + if ($writer->{change} || $entry->changetype !~ /modr?dn/) {
519     + $writer->write_entry($entry);
520     + }
521     +}
522     diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate
523     --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate 1969-12-31 19:00:00.000000000 -0500
524     +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate 2020-12-11 21:30:01.775000000 -0500
525     @@ -0,0 +1,40 @@
526     +#!/usr/bin/perl -w
527     +
528     +#----------------------------------------------------------------------
529     +# copyright (C) 2005 Mitel Networks Corporation
530     +#
531     +# This program is free software; you can redistribute it and/or modify
532     +# it under the terms of the GNU General Public License as published by
533     +# the Free Software Foundation; either version 2 of the License, or
534     +# (at your option) any later version.
535     +#
536     +# This program is distributed in the hope that it will be useful,
537     +# but WITHOUT ANY WARRANTY; without even the implied warranty of
538     +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
539     +# GNU General Public License for more details.
540     +#
541     +# You should have received a copy of the GNU General Public License
542     +# along with this program; if not, write to the Free Software
543     +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
544     +#
545     +# Technical support for this program is available from Mitel Networks
546     +# Please visit our web site www.mitel.com/sme/ for details.
547     +#----------------------------------------------------------------------
548     +
549     +use esmith::util;
550     +use esmith::ConfigDB;
551     +use File::Copy;
552     +
553     +my $c = esmith::ConfigDB->open_ro;
554     +my $s = $c->get('SystemName')->value;
555     +my $d = $c->get('DomainName')->value;
556     +
557     +my $pem = "/etc/openldap/ssl/slapd.pem";
558     +# Now copy system pem file into jail used by ldap
559     +copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
560     + or die "failed to copy SSL PEM: $!";
561     +chmod 0640, "$pem.$$";
562     +esmith::util::chownFile("root", "ldap", "$pem.$$");
563     +rename("$pem.$$", "$pem")
564     + or die "failed to rename $pem.$$ to $pem: $!";
565     +
566     diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish
567     --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish 1969-12-31 19:00:00.000000000 -0500
568     +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish 2020-12-11 21:51:25.883000000 -0500
569     @@ -0,0 +1,21 @@
570     +#! /bin/sh
571     +
572     +exec 2>&1
573     +
574     +LDIF=$(readlink -n /etc/openldap/ldif)
575     +TMP=$LDIF.$$
576     +if /usr/sbin/slapcat -l $TMP
577     +then
578     + mv -f $TMP $LDIF
579     +else
580     + echo slapcat dump of ldif failed - shutting down ldap service >&2
581     + echo probable corruption of ldap backend files >&2
582     +
583     + # Don't bother to keep a zero length dump file
584     + if test ! -s $TMP
585     + then
586     + rm -f $TMP
587     + fi
588     +
589     +fi
590     +
591     diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare
592     --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare 1969-12-31 19:00:00.000000000 -0500
593     +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare 2020-12-11 22:22:52.071000000 -0500
594     @@ -0,0 +1,54 @@
595     +#! /bin/sh
596     +
597     +
598     +domain=$(/sbin/e-smith/config get DomainName)
599     +ldif="/home/e-smith/db/ldap/$domain.ldif"
600     +
601     +if [ -e /etc/openldap/ldif ]
602     +then
603     + old_ldif=$(readlink /etc/openldap/ldif)
604     + if [ "$old_ldif" != "$ldif" ]
605     + then
606     + # The domain name has changed, so we need to delete
607     + # the old directory contents. We still have the old
608     + # dump.
609     + mv -f $old_ldif $ldif
610     + find /var/lib/ldap -type f | xargs rm -f
611     + fi
612     +fi
613     +
614     +if [ -f /var/lib/ldap/nextid.dbb ]
615     +then
616     + # We are upgrading from an earlier version which used
617     + # ldbm backend format. Delete the backend files, and
618     + # restore from ldif
619     + find /var/lib/ldap -type f | xargs rm -f
620     +fi
621     +
622     +# Set up symlink for ldap dump at shutdown
623     +ln -sf $ldif /etc/openldap/ldif
624     +
625     +/sbin/e-smith/expand-template /var/lib/ldap/DB_CONFIG
626     +
627     +# Make sure we use the slapd.conf file instead of the new slapd.d
628     +touch /etc/openldap/slapd.d/unused
629     +find /etc/openldap/slapd.d/ -mindepth 1 -maxdepth 1 -not -name unused -exec rm -rf {} \;
630     +/sbin/e-smith/expand-template /etc/openldap/slapd.conf
631     +
632     +# Prime directory if required
633     +if [ \! -f /var/lib/ldap/id2entry.bdb ]
634     +then
635     + if [ -e /etc/openldap/ldif ]
636     + then
637     + /sbin/e-smith/ldif-fix -i /etc/openldap/ldif | setuidgid ldap slapadd -c
638     + else
639     + /sbin/e-smith/ldif-fix -i /dev/null | setuidgid ldap slapadd -c
640     + fi
641     +else
642     + setuidgid ldap /usr/bin/db_recover -v -h /var/lib/ldap
643     +fi
644     +
645     +# Make sure all DB files belongs to ldap:ldap
646     +find /var/lib/ldap -not -name DB_CONFIG -exec chown ldap:ldap {} \;
647     +
648     +exit 0
649     diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service
650     --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service 1969-12-31 19:00:00.000000000 -0500
651     +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service 2020-12-11 22:18:46.616000000 -0500
652     @@ -0,0 +1,21 @@
653     +[Unit]
654     +Description=Koozali SME Server ldap.init
655     +After=syslog.target network-online.target ldap.service
656     +
657     +[Service]
658     +Type=forking
659     +Restart=no
660     +TimeoutSec=5min
661     +IgnoreSIGPIPE=no
662     +KillMode=process
663     +GuessMainPID=no
664     +RemainAfterExit=yes
665     +ExecStartPre=/sbin/e-smith/service-status ldap.init
666     +ExecStart=/etc/rc.d/init.d/ldap.init start
667     +ExecStop=/etc/rc.d/init.d/ldap.init stop
668     +
669     +
670     +[Install]
671     +WantedBy=sme-server.target
672     +Alias=slapd.service
673     +
674     diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service
675     --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service 1969-12-31 19:00:00.000000000 -0500
676     +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service 2020-12-11 22:18:52.999000000 -0500
677     @@ -0,0 +1,25 @@
678     +[Unit]
679     +Description=Koozali SME Server OpenLDAP Server Daemon
680     +After=syslog.target network-online.target
681     +Documentation=man:slapd
682     +Documentation=man:slapd-config
683     +Documentation=man:slapd-hdb
684     +Documentation=man:slapd-mdb
685     +Documentation=file:///usr/share/doc/openldap-servers/guide.html
686     +
687     +[Service]
688     +Type=forking
689     +PIDFile=/var/run/openldap/slapd.pid
690     +Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"
691     +EnvironmentFile=/etc/sysconfig/slapd
692     +ExecStartPre=/sbin/e-smith/service-status ldap
693     +ExecStartPre=/sbin/e-smith/systemd/ldap-certificate
694     +ExecStartPre=/sbin/e-smith/systemd/ldap-prepare
695     +#ExecStartPre=/usr/libexec/openldap/check-config.sh
696     +ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
697     +
698     +ExecStopPost=/sbin/e-smith/systemd/ldap-finish
699     +
700     +[Install]
701     +WantedBy=sme-server.target
702     +Alias=slapd.service
703     diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf
704     --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 1969-12-31 19:00:00.000000000 -0500
705     +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 2020-12-11 22:09:10.565000000 -0500
706     @@ -0,0 +1,5 @@
707     +# disabled
708     +# we are using ldap.service
709     +ExecStart=/usr/bin/true
710     +ExecStartPre=
711     +PIDFile=

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed