diff -Nur e-smith-ldap-5.6.0.old/createlinks e-smith-ldap-5.6.0/createlinks --- e-smith-ldap-5.6.0.old/createlinks 2016-02-05 11:04:35.000000000 -0500 +++ e-smith-ldap-5.6.0/createlinks 2020-12-11 22:14:09.069000000 -0500 @@ -11,9 +11,19 @@ bootstrap-console-save console-save ldap-update + e-smith-ldap-update )); } +templates2events("/etc/sysconfig/slapd", + qw( + bootstrap-console-save + console-save + ldap-update + e-smith-ldap-update + )); +} + event_link("ldap-update-simple", "group-create", "95"); event_link("ldap-update-simple", "group-modify", "95"); event_link("ldap-delete", "group-delete", "55"); @@ -42,18 +52,21 @@ templates2events("/etc/hosts.allow", "ldap-update"); safe_symlink("restart", "root/etc/e-smith/events/ldap-update/services2adjust/ldap"); safe_symlink("reload", "root/etc/e-smith/events/ssl-update/services2adjust/ldap"); -safe_symlink("adjust", "root/etc/e-smith/events/ldap-update/services2adjust/masq"); -safe_symlink("sigusr1", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith"); +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/masq"); +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith"); event_link("ldap-delete-dumps", "pre-restore", "25"); event_link("set-ldap-bootstrap", "bootstrap-console-save", "95"); event_link("reset-ldap-bootstrap", "bootstrap-ldap-save", "95"); -safe_symlink("/usr/bin/sv", "root/etc/rc.d/init.d/ldap"); -service_link_enhanced("ldap", "S48", "7"); -service_link_enhanced("ldap.init", "S49", "7"); -service_link_enhanced("ldap", "K10", "6"); -service_link_enhanced("ldap", "K10", "0"); + +my $event="e-smith-ldap-update"; + +# systemd-specific action mandatory for this package-update event +event_link("systemd-reload", $event, "89"); +event_link("systemd-default", $event, "88"); +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap"); +event_link("ldap-update", $event , "80"); exit 0; diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 16:55:21.406000000 -0500 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 21:29:21.667000000 -0500 @@ -11,8 +11,8 @@ $OUT = " 3.3"; } } -TLSCACertificateFile /var/service/ldap/ssl/slapd.pem -TLSCertificateFile /var/service/ldap/ssl/slapd.pem -TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem +TLSCACertificateFile /etc/openldap/ssl/slapd.pem +TLSCertificateFile /etc/openldap//ssl/slapd.pem +TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem TLSVerifyClient never diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 2020-12-11 22:02:00.774000000 -0500 @@ -0,0 +1,3 @@ +# OpenLDAP server configuration +# see 'man slapd' for additional information + diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 2020-12-11 22:03:09.117000000 -0500 @@ -0,0 +1,8 @@ + +# Where the server will run (-h option) +# - ldapi:/// is required for on-the-fly configuration using client tools +# (use SASL with EXTERNAL mechanism for authentication) +# - default: ldapi:/// ldap:/// +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// +SLAPD_URLS="ldap:/// ldaps:/// ldapi:///" + diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 2020-12-11 22:05:21.507000000 -0500 @@ -0,0 +1,4 @@ + +# Any custom options +SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 " + diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 2020-12-11 22:03:57.926000000 -0500 @@ -0,0 +1,4 @@ + +# Keytab location for GSSAPI Kerberos authentication +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" + diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix 2020-12-11 21:59:11.686000000 -0500 @@ -0,0 +1,415 @@ +#!/usr/bin/perl -T + +use strict; +use warnings; +use Net::LDAP; +use Net::LDAP::LDIF; +use Date::Parse; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Getopt::Long qw(:config bundling); + +$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin'; +$ENV{'LANG'} = 'C'; +$ENV{'TZ'} = ''; + +sub dnsort { + my %type = ( add => 1, modrdn => 2, moddn => 2, modify => 3, delete => 4); + my %attr = ( dc => 1, ou => 2, cn => 3, uid => 4); + + my ($oa) = ($a->get_value('newrdn') || $a->dn) =~ /^([^=]+)=/; + my ($ob) = ($b->get_value('newrdn') || $b->dn) =~ /^([^=]+)=/; + my ($ua, $ub) = map { my $tu = $_->get_value('uidnumber'); defined $tu && $tu ne '' ? $tu : -1 } ($a, $b); + my ($ga, $gb) = map { my $tg = $_->get_value('gidnumber'); defined $tg && $tg ne '' ? $tg : -1 } ($a, $b); + + ($attr{$oa} || 9) <=> ($attr{$ob} || 9) || ($type{$a->changetype} || 9) <=> ($type{$b->changetype} || 9) || + $ua <=> $ub || $ga <=> $gb || ($a->get_value('newrdn') || $a->dn) cmp ($b->get_value('newrdn') || $b->dn); +} + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $auth = $c->get('ldap')->prop('Authentication') || 'disabled'; +my $schema = '/etc/openldap/schema/samba.schema'; + +my $domain = $c->get('DomainName')->value; +my $basedn = esmith::util::ldapBase($domain); + +my $userou = 'ou=Users'; +my $groupou = 'ou=Groups'; +my $compou = 'ou=Computers'; + +my ($dc) = split /\./, $domain; +my $company = $c->get_prop('ldap', 'defaultCompany') || $domain; + +my %opt; +GetOptions ( \%opt, "diff|d", "update|u", "input|i=s", "output|o=s" ); +$opt{input} = '/usr/sbin/slapcat -c 2> /dev/null|' unless $opt{input} && ($opt{input} eq '-' || -f "$opt{input}" || -c "$opt{input}"); +$opt{diff} = 1 if $opt{update}; +if ( $opt{output} && $opt{output} =~ m{^([-\w/.]+)$}) { + $opt{output} = $1; +} else { + $opt{output} = '-'; +} + +my ($data, $dn); + +# Top object (base) +$data->{$basedn} = { + objectclass => [qw/organization dcObject top/], + dc => $dc, + o => $company, +}; + +# Top containers for users/groups/computers +foreach (qw/Users Groups Computers/) { + $data->{"ou=$_,$basedn"} = { + objectclass => [qw/organizationalUnit top/], + ou => $_, + }; +} + +# Common accounts needed for SME to work properly +$data->{"cn=nobody,$groupou,$basedn"}->{objectclass} = [ qw/posixGroup/ ]; +$data->{"uid=www,$userou,$basedn"}->{objectclass} = [ qw/account/ ]; +$data->{"cn=www,$groupou,$basedn"} = { objectclass => [ qw/posixGroup/ ], memberuid => [ qw/admin/ ] }; +$data->{"cn=shared,$groupou,$basedn"} = { + objectclass => [ qw/posixGroup mailboxRelatedObject/ ], + mail => "everyone\@$domain", + memberuid => [ qw/www/ ] +}; + +# Read in accounts database information +foreach my $acct ($a->get('admin'), $a->users, $a->groups, $a->ibays, $a->get_all_by_prop(type => 'machine')) { + my $key = $acct->key; + my $type = $acct->prop('type'); + + next if $key eq 'Primary'; + + $dn = "uid=$key,".($type eq 'machine' ? $compou : $userou).",$basedn"; + if ($type =~ /^(?:user|group|machine|ibay)$/ || $key eq 'admin') { + if ($type eq 'user' || $key eq 'admin') { + # Allow removal of obsolete person objectclass and samba attributes + push @{$data->{$dn}->{_delete}->{objectclass}}, 'person'; + + + push @{$data->{$dn}->{objectclass}}, 'inetOrgPerson'; + $data->{$dn}->{mail} = "$key\@$domain"; + @{$data->{$dn}}{qw/givenname sn telephonenumber o ou l street/} = + map { $acct->prop($_) || [] } qw/FirstName LastName Phone Company Dept City Street/; + $data->{$dn}->{cn} = $acct->prop('FirstName').' '.$acct->prop('LastName'); + } + else { + push @{$data->{$dn}->{objectclass}}, 'account'; + } + + # users/ibays need to be a member of shared + push @{$data->{"cn=shared,$groupou,$basedn"}->{memberuid}}, $key if $type =~ /^(user|ibay)$/ || $key eq 'admin'; + + if ($auth ne 'enabled') { + # Allow removal of shadow properties + push @{$data->{$dn}->{_delete}->{objectclass}}, 'shadowAccount'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/userPassword shadowLastChange shadowMin shadowMax + shadowWarning shadowInactive shadowExpire shadowFlag/; + + if ( -f "$schema" ) { + # If we will be adding samba properties then allow removal + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaSamAccount'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaAcctFlags sambaLMPassword sambaNTPassword + sambaNTPassword sambaPrimaryGroupSID sambaPwdLastSet sambaSID/; + } + } + } + + $dn = "cn=$key,$groupou,$basedn"; + push @{$data->{$dn}->{objectclass}}, 'posixGroup'; + if ($type eq 'group') { + # Allways replace memberuid with new set + $data->{$dn}->{_delete}->{memberuid} = 1; + + push @{$data->{$dn}->{objectclass}}, 'mailboxRelatedObject'; + + $data->{$dn}->{mail} = "$key\@$domain"; + $data->{$dn}->{description} = $acct->prop('Description') || []; + push @{$data->{$dn}->{memberuid}}, split /,/, ($acct->prop('Members') || ''); + + # www needs to be a memeber of every group + push @{$data->{$dn}->{memberuid}}, 'www'; + + if ($auth ne 'enabled' && -f "$schema" ) { + # If we will be adding samba properties then allow removal + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaGroupMapping'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaGroupType sambaSID/; + } + } + elsif ($type eq 'ibay') { + $dn = "cn=".$acct->prop('Group').",$groupou,$basedn"; + push @{$data->{$dn}->{memberuid}}, $acct->key; + } +} + +if ($auth ne 'enabled') { + # Read in information from unix (passwd) system + open PASSWD, '/etc/passwd'; + while () { + chomp; + my @passwd = split /:/, $_; + next unless scalar @passwd == 7; + + $dn = "uid=$passwd[0],".($passwd[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'posixAccount'; + @{$data->{$dn}}{qw/cn uid uidnumber gidnumber homedirectory loginshell/} = + map { $passwd[$_] ? $passwd[$_] : [] } (4,0,2,3,5,6); + } + close (PASSWD); + + # Shadow file defaults (pulled from cpu.conf) + my %shadow_def = ( 1 => [], 2 => 11192, 3 => -1, 4 => 99999, 5 => 7, 6 => -1, 7 => -1, 8 => 134538308 ); + + # Read in information from unix (shadow) system + open SHADOW, '/etc/shadow'; + while () { + chomp; + my @shadow = split /:/, $_; + next unless scalar @shadow >= 6; + $shadow[1] = '!*' if $shadow[1] eq '!!'; + $shadow[1] = "{CRYPT}$shadow[1]" unless $shadow[1] =~ /^\{/; + + $dn = "uid=$shadow[0],".($shadow[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'shadowAccount'; + @{$data->{$dn}}{ map { lc($_) } qw/userPassword shadowLastChange shadowMin shadowMax shadowWarning shadowInactive + shadowExpire shadowFlag/} = map { $shadow[$_] ? $shadow[$_] : $shadow_def{$_} } (1..8); + } + close (SHADOW); + + # Read in information from unix (group) system + open GROUP, '/etc/group'; + while () { + chomp; + my @group = split /:/, $_; + next unless scalar @group >= 3; + $group[3] = [ split /,/, ($group[3] || '') ]; + + $dn = "cn=$group[0],$groupou,$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'posixGroup'; + @{$data->{$dn}}{qw/cn gidnumber/} = map { $group[$_] ? $group[$_] : [] } (0,2); + push @{$data->{$dn}->{memberuid}}, @{$group[3]}; + } + close (GROUP); + + my %smbprop = ( + 'User SID' => 'sambasid', + 'Account Flags' => 'sambaacctflags', + 'Primary Group SID' => 'sambaprimarygroupsid', + 'Full Name' => 'displayname', + 'Password last set' => 'sambapwdlastset', + ); + + # Read in information from unix (smbpasswd) system + if ( -f "$schema" && -x '/usr/bin/pdbedit' ) { + $dn = undef; + open SMBDETAIL, '/usr/bin/pdbedit -vL 2> /dev/null|'; + while () { + chomp; + + $dn = ("uid=$1,".($1 =~ /\$$/ ? $compou : $userou).",$basedn") if m/^Unix username:\s+(\S.*)$/; + next unless $dn && exists $data->{$dn}; + + # Map the samba account properties that we care about + $data->{$dn}->{$smbprop{$1}} = ($2 ? str2time($2) : (defined $3 ? $3 : [])) + if m/^(.+):\s+(?:(\S.*\d{4} \d{2}:\d{2}:\d{2}.*)|(.*))$/ && exists $smbprop{$1}; + } + close (SMBDETAIL); + + open SMBPASSWD, '/usr/bin/pdbedit -wL 2> /dev/null|'; + while () { + chomp; + my @smbpasswd = split /:/, $_; + next unless scalar @smbpasswd >= 6; + + $dn = "uid=$smbpasswd[0],".($smbpasswd[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn} && exists $data->{$dn}->{uidnumber} && $data->{$dn}->{uidnumber} eq $smbpasswd[1]; + + push @{$data->{$dn}->{objectclass}}, 'sambaSamAccount'; + @{$data->{$dn}}{qw/sambalmpassword sambantpassword/} = map { $smbpasswd[$_] ? $smbpasswd[$_] : [] } (2,3); + } + close (SMBPASSWD); + } + + if ( -f "$schema" && -x '/usr/bin/net' ) { + open GROUPMAP, '/usr/bin/net groupmap list 2> /dev/null|'; + while () { + chomp; + + if (m/^(.+) \((.+)\) -> (.+)$/) { + # Skip local machine accounts + next if $2 =~ /S-1-5-32-\d+/; + + $dn = "cn=$3,$groupou,$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'sambaGroupMapping'; + @{$data->{$dn}}{qw/displayname sambasid sambagrouptype/} = ($1, $2, 2); + } + } + close (GROUPMAP); + } +} + +my @ldif; + +# Loop through ldap data and update as necessary +my $reader = Net::LDAP::LDIF->new( $opt{input}, 'r', onerror => 'undef' ); +while( not $reader->eof()) { + my $entry = $reader->read_entry() || next; + $dn = $entry->dn; + + # Ensure the basedn is correct + $dn = "$1$basedn" if $dn =~ /^((?:(?!dc=)[^,]+,)*)dc=/; + + # Ensure correct ou is part of user/groups/computers + if ($dn =~ /^(uid=([^,\$]+)(\$)?),((?:(?!dc=)[^,]+,)*)dc=/) { + if ( defined $3 && $3 eq '$') { + $dn = "$1,$compou,$basedn"; + } + elsif (grep /posixGroup/, @{$entry->get_value('objectclass', asref => 1) || []}) { + $dn = "cn=$2,$groupou,$basedn"; + + # Cleanup attributes that the modrdn will perform + $entry->add(cn => $2); + $entry->delete(uid => [$2]); + } + else { + $dn = "$1,$userou,$basedn"; + } + } + elsif ($dn =~ /^(cn=[^,]+),((?:(?!dc=)[^,]+,)*)dc=/) { + $dn = "$1,$groupou,$basedn" unless $2 =~ /^ou=auto\./; + } + + # Don't process records twice + next if $data->{$dn}->{_done}; + + # Rename existing entry into place if we can + if ($dn ne $entry->dn) { + my $rdn = Net::LDAP::Entry->new; + $rdn->dn($entry->dn); + $rdn->changetype('modrdn'); + my ($newdn, $newbase) = split /,/, $dn, 2; + $rdn->add(newrdn => $newdn, deleteoldrdn => 1, newsuperior => $newbase); + push @ldif, $rdn; + + # Now we can change the entry to new dn + $entry->dn($dn); + } + + # Change type to modify so that we can keep track of changes we make + $entry->changetype('modify'); + + # Hack to make upgrades work (add calEntry if calFGUrl attributes exists) + if ($entry->exists('calFBURL') && -f "/etc/openldap/schema/rfc2739.schema") { + push @{$data->{$dn}->{objectclass}}, 'calEntry'; + } + + my %attributes = (); + @attributes{ keys %{$data->{$dn}}, exists $data->{$dn}->{_delete} ? map { lc($_) } keys %{$data->{$dn}->{_delete}} : () } = (); + + foreach my $attr (sort keys %attributes) { + # Skip the pseudo attributes + next if $attr =~ /^_/; + + my @l = @{$entry->get_value($attr, asref => 1) || []}; + my @u = exists $data->{$dn}->{$attr} ? (ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})) : (); + + # Figure out differences between attributes + my (@lonly, @uonly, @donly, %lseen, %useen, %dseen) = () x 6; + + # Unique lists of what is in ldap and what needs to be in ldap + @lseen{@l} = (); + @useen{@u} = (); + + # Create list of attributes that aren't in the other + @uonly = grep { ! exists $lseen{$_} } keys %useen; + @lonly = grep { ! exists $useen{$_} } keys %lseen; + + # Determine which of the ldap only attributes we need to remove + if ((keys %useen == 1 && keys %lseen == 1) || (keys %useen == 0 && exists $data->{$dn}->{$attr})) { + # Replacing a single entry or erasing entire entry + @donly = @lonly; + } + elsif ($data->{$dn}->{_delete} && $data->{$dn}->{_delete}->{$attr}) { + if (my $ref = ref($data->{$dn}->{_delete}->{$attr})) { + # Map hash keys or array elemts to valid values to delete + @dseen{$ref eq 'HASH' ? keys %{$data->{$dn}->{_delete}->{$attr}} : @{$data->{$dn}->{_delete}->{$attr}}} = (); + @donly = grep { exists $dseen{$_} } @lonly; + } + else { + # Permission to remove all values + @donly = @lonly; + } + } + + if (@donly && @donly == keys %lseen) { + # If we are removing all ldap attributes do a remove or full delete + if (@uonly) { + $entry->replace($attr => [ @uonly ]); + } + else { + $entry->delete($attr => []); + } + } + else { + $entry->delete($attr => [ @donly ]) if @donly; + $entry->add($attr => [ @uonly ]) if @uonly; + } + } + + $data->{$dn}->{_done} = 1; + push @ldif, $entry; +} +$reader->done(); + +# Add missing records that didn't exist in ldap yet +foreach $dn (grep { ! exists $data->{$_}->{_done} } sort keys %$data) { + my $entry = Net::LDAP::Entry->new; + $entry->dn($dn); + + foreach my $attr (sort keys %{$data->{$dn}}) { + # Skip the pseudo attributes + next if $attr =~ /^_/; + + my %seen = (); + @seen{ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})} = (); + $entry->add($attr => [ sort keys %seen ]) if keys %seen != 0; + } + + push @ldif, $entry; +} + +#------------------------------------------------------------ +# Update LDAP database entry. +#------------------------------------------------------------ +my $ldap; +if ($opt{update}) { + $ldap = Net::LDAP->new('localhost') or die "$@"; + $ldap->bind( dn => "cn=root,$basedn", password => esmith::util::LdapPassword() ); +} + +my $writer = Net::LDAP::LDIF->new( $opt{output}, 'w', onerror => 'undef', wrap => 0, sort => 1, change => $opt{diff} ); +foreach my $entry (sort dnsort @ldif) { + if ($opt{update} && ($entry->changetype ne 'modify' || @{$entry->{changes}}) ) { + my $result = $entry->update($ldap); + warn "Failure to ",$entry->changetype," ",$entry->dn,": ",$result->error,"\n" if $result->code; + } + + if ($writer->{change} || $entry->changetype !~ /modr?dn/) { + $writer->write_entry($entry); + } +} diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate 2020-12-11 21:30:01.775000000 -0500 @@ -0,0 +1,40 @@ +#!/usr/bin/perl -w + +#---------------------------------------------------------------------- +# copyright (C) 2005 Mitel Networks Corporation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# +# Technical support for this program is available from Mitel Networks +# Please visit our web site www.mitel.com/sme/ for details. +#---------------------------------------------------------------------- + +use esmith::util; +use esmith::ConfigDB; +use File::Copy; + +my $c = esmith::ConfigDB->open_ro; +my $s = $c->get('SystemName')->value; +my $d = $c->get('DomainName')->value; + +my $pem = "/etc/openldap/ssl/slapd.pem"; +# Now copy system pem file into jail used by ldap +copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$") + or die "failed to copy SSL PEM: $!"; +chmod 0640, "$pem.$$"; +esmith::util::chownFile("root", "ldap", "$pem.$$"); +rename("$pem.$$", "$pem") + or die "failed to rename $pem.$$ to $pem: $!"; + diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish 2020-12-11 21:51:25.883000000 -0500 @@ -0,0 +1,21 @@ +#! /bin/sh + +exec 2>&1 + +LDIF=$(readlink -n /etc/openldap/ldif) +TMP=$LDIF.$$ +if /usr/sbin/slapcat -l $TMP +then + mv -f $TMP $LDIF +else + echo slapcat dump of ldif failed - shutting down ldap service >&2 + echo probable corruption of ldap backend files >&2 + + # Don't bother to keep a zero length dump file + if test ! -s $TMP + then + rm -f $TMP + fi + +fi + diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare 2020-12-11 22:22:52.071000000 -0500 @@ -0,0 +1,54 @@ +#! /bin/sh + + +domain=$(/sbin/e-smith/config get DomainName) +ldif="/home/e-smith/db/ldap/$domain.ldif" + +if [ -e /etc/openldap/ldif ] +then + old_ldif=$(readlink /etc/openldap/ldif) + if [ "$old_ldif" != "$ldif" ] + then + # The domain name has changed, so we need to delete + # the old directory contents. We still have the old + # dump. + mv -f $old_ldif $ldif + find /var/lib/ldap -type f | xargs rm -f + fi +fi + +if [ -f /var/lib/ldap/nextid.dbb ] +then + # We are upgrading from an earlier version which used + # ldbm backend format. Delete the backend files, and + # restore from ldif + find /var/lib/ldap -type f | xargs rm -f +fi + +# Set up symlink for ldap dump at shutdown +ln -sf $ldif /etc/openldap/ldif + +/sbin/e-smith/expand-template /var/lib/ldap/DB_CONFIG + +# Make sure we use the slapd.conf file instead of the new slapd.d +touch /etc/openldap/slapd.d/unused +find /etc/openldap/slapd.d/ -mindepth 1 -maxdepth 1 -not -name unused -exec rm -rf {} \; +/sbin/e-smith/expand-template /etc/openldap/slapd.conf + +# Prime directory if required +if [ \! -f /var/lib/ldap/id2entry.bdb ] +then + if [ -e /etc/openldap/ldif ] + then + /sbin/e-smith/ldif-fix -i /etc/openldap/ldif | setuidgid ldap slapadd -c + else + /sbin/e-smith/ldif-fix -i /dev/null | setuidgid ldap slapadd -c + fi +else + setuidgid ldap /usr/bin/db_recover -v -h /var/lib/ldap +fi + +# Make sure all DB files belongs to ldap:ldap +find /var/lib/ldap -not -name DB_CONFIG -exec chown ldap:ldap {} \; + +exit 0 diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service 2020-12-11 22:18:46.616000000 -0500 @@ -0,0 +1,21 @@ +[Unit] +Description=Koozali SME Server ldap.init +After=syslog.target network-online.target ldap.service + +[Service] +Type=forking +Restart=no +TimeoutSec=5min +IgnoreSIGPIPE=no +KillMode=process +GuessMainPID=no +RemainAfterExit=yes +ExecStartPre=/sbin/e-smith/service-status ldap.init +ExecStart=/etc/rc.d/init.d/ldap.init start +ExecStop=/etc/rc.d/init.d/ldap.init stop + + +[Install] +WantedBy=sme-server.target +Alias=slapd.service + diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service 2020-12-11 22:18:52.999000000 -0500 @@ -0,0 +1,25 @@ +[Unit] +Description=Koozali SME Server OpenLDAP Server Daemon +After=syslog.target network-online.target +Documentation=man:slapd +Documentation=man:slapd-config +Documentation=man:slapd-hdb +Documentation=man:slapd-mdb +Documentation=file:///usr/share/doc/openldap-servers/guide.html + +[Service] +Type=forking +PIDFile=/var/run/openldap/slapd.pid +Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0" +EnvironmentFile=/etc/sysconfig/slapd +ExecStartPre=/sbin/e-smith/service-status ldap +ExecStartPre=/sbin/e-smith/systemd/ldap-certificate +ExecStartPre=/sbin/e-smith/systemd/ldap-prepare +#ExecStartPre=/usr/libexec/openldap/check-config.sh +ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS + +ExecStopPost=/sbin/e-smith/systemd/ldap-finish + +[Install] +WantedBy=sme-server.target +Alias=slapd.service diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 2020-12-11 22:09:10.565000000 -0500 @@ -0,0 +1,5 @@ +# disabled +# we are using ldap.service +ExecStart=/usr/bin/true +ExecStartPre= +PIDFile=