/[smeserver]/rpms/e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz11140-bz11099-bz11096-systemd-update.patch
ViewVC logotype

Contents of /rpms/e-smith-ldap/sme10/e-smith-ldap-5.6.0-bz11140-bz11099-bz11096-systemd-update.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Sat Dec 12 03:26:36 2020 UTC (3 years, 11 months ago) by jpp
Branch: MAIN
* Fri Dec 11 2020 Jean-Philipe Pialasse <tests@pialasse.com> 5.6.0-8.sme
- add -update event [SME: 11140]
- move ldap to systemd [SME: 11099]
- move ldap.init to systemd [SME: 11096]

1 diff -Nur e-smith-ldap-5.6.0.old/createlinks e-smith-ldap-5.6.0/createlinks
2 --- e-smith-ldap-5.6.0.old/createlinks 2016-02-05 11:04:35.000000000 -0500
3 +++ e-smith-ldap-5.6.0/createlinks 2020-12-11 22:14:09.069000000 -0500
4 @@ -11,9 +11,19 @@
5 bootstrap-console-save
6 console-save
7 ldap-update
8 + e-smith-ldap-update
9 ));
10 }
11
12 +templates2events("/etc/sysconfig/slapd",
13 + qw(
14 + bootstrap-console-save
15 + console-save
16 + ldap-update
17 + e-smith-ldap-update
18 + ));
19 +}
20 +
21 event_link("ldap-update-simple", "group-create", "95");
22 event_link("ldap-update-simple", "group-modify", "95");
23 event_link("ldap-delete", "group-delete", "55");
24 @@ -42,18 +52,21 @@
25 templates2events("/etc/hosts.allow", "ldap-update");
26 safe_symlink("restart", "root/etc/e-smith/events/ldap-update/services2adjust/ldap");
27 safe_symlink("reload", "root/etc/e-smith/events/ssl-update/services2adjust/ldap");
28 -safe_symlink("adjust", "root/etc/e-smith/events/ldap-update/services2adjust/masq");
29 -safe_symlink("sigusr1", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith");
30 +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/masq");
31 +safe_symlink("reload", "root/etc/e-smith/events/ldap-update/services2adjust/httpd-e-smith");
32
33 event_link("ldap-delete-dumps", "pre-restore", "25");
34
35 event_link("set-ldap-bootstrap", "bootstrap-console-save", "95");
36 event_link("reset-ldap-bootstrap", "bootstrap-ldap-save", "95");
37
38 -safe_symlink("/usr/bin/sv", "root/etc/rc.d/init.d/ldap");
39 -service_link_enhanced("ldap", "S48", "7");
40 -service_link_enhanced("ldap.init", "S49", "7");
41 -service_link_enhanced("ldap", "K10", "6");
42 -service_link_enhanced("ldap", "K10", "0");
43 +
44 +my $event="e-smith-ldap-update";
45 +
46 +# systemd-specific action mandatory for this package-update event
47 +event_link("systemd-reload", $event, "89");
48 +event_link("systemd-default", $event, "88");
49 +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ldap");
50 +event_link("ldap-update", $event , "80");
51
52 exit 0;
53 diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls
54 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 16:55:21.406000000 -0500
55 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/openldap/slapd.conf/12tls 2020-12-11 21:29:21.667000000 -0500
56 @@ -11,8 +11,8 @@
57 $OUT = " 3.3";
58 }
59 }
60 -TLSCACertificateFile /var/service/ldap/ssl/slapd.pem
61 -TLSCertificateFile /var/service/ldap/ssl/slapd.pem
62 -TLSCertificateKeyFile /var/service/ldap/ssl/slapd.pem
63 +TLSCACertificateFile /etc/openldap/ssl/slapd.pem
64 +TLSCertificateFile /etc/openldap//ssl/slapd.pem
65 +TLSCertificateKeyFile /etc/openldap/ssl/slapd.pem
66 TLSVerifyClient never
67
68 diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head
69 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 1969-12-31 19:00:00.000000000 -0500
70 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/05head 2020-12-11 22:02:00.774000000 -0500
71 @@ -0,0 +1,3 @@
72 +# OpenLDAP server configuration
73 +# see 'man slapd' for additional information
74 +
75 diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS
76 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 1969-12-31 19:00:00.000000000 -0500
77 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/20SLAPD_URLS 2020-12-11 22:03:09.117000000 -0500
78 @@ -0,0 +1,8 @@
79 +
80 +# Where the server will run (-h option)
81 +# - ldapi:/// is required for on-the-fly configuration using client tools
82 +# (use SASL with EXTERNAL mechanism for authentication)
83 +# - default: ldapi:/// ldap:///
84 +# - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:///
85 +SLAPD_URLS="ldap:/// ldaps:/// ldapi:///"
86 +
87 diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS
88 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 1969-12-31 19:00:00.000000000 -0500
89 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/40OPTIONS 2020-12-11 22:05:21.507000000 -0500
90 @@ -0,0 +1,4 @@
91 +
92 +# Any custom options
93 +SLAPD_OPTIONS=" -4 -d { $ldap{LogLevel} || 256 } -s 0 "
94 +
95 diff -Nur e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5
96 --- e-smith-ldap-5.6.0.old/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 1969-12-31 19:00:00.000000000 -0500
97 +++ e-smith-ldap-5.6.0/root/etc/e-smith/templates/etc/sysconfig/slapd/60KRB5 2020-12-11 22:03:57.926000000 -0500
98 @@ -0,0 +1,4 @@
99 +
100 +# Keytab location for GSSAPI Kerberos authentication
101 +#KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab"
102 +
103 diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix
104 --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/ldif-fix 1969-12-31 19:00:00.000000000 -0500
105 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/ldif-fix 2020-12-11 21:59:11.686000000 -0500
106 @@ -0,0 +1,415 @@
107 +#!/usr/bin/perl -T
108 +
109 +use strict;
110 +use warnings;
111 +use Net::LDAP;
112 +use Net::LDAP::LDIF;
113 +use Date::Parse;
114 +use esmith::ConfigDB;
115 +use esmith::AccountsDB;
116 +use esmith::util;
117 +use Getopt::Long qw(:config bundling);
118 +
119 +$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin';
120 +$ENV{'LANG'} = 'C';
121 +$ENV{'TZ'} = '';
122 +
123 +sub dnsort {
124 + my %type = ( add => 1, modrdn => 2, moddn => 2, modify => 3, delete => 4);
125 + my %attr = ( dc => 1, ou => 2, cn => 3, uid => 4);
126 +
127 + my ($oa) = ($a->get_value('newrdn') || $a->dn) =~ /^([^=]+)=/;
128 + my ($ob) = ($b->get_value('newrdn') || $b->dn) =~ /^([^=]+)=/;
129 + my ($ua, $ub) = map { my $tu = $_->get_value('uidnumber'); defined $tu && $tu ne '' ? $tu : -1 } ($a, $b);
130 + my ($ga, $gb) = map { my $tg = $_->get_value('gidnumber'); defined $tg && $tg ne '' ? $tg : -1 } ($a, $b);
131 +
132 + ($attr{$oa} || 9) <=> ($attr{$ob} || 9) || ($type{$a->changetype} || 9) <=> ($type{$b->changetype} || 9) ||
133 + $ua <=> $ub || $ga <=> $gb || ($a->get_value('newrdn') || $a->dn) cmp ($b->get_value('newrdn') || $b->dn);
134 +}
135 +
136 +my $c = esmith::ConfigDB->open_ro;
137 +my $a = esmith::AccountsDB->open_ro;
138 +
139 +my $auth = $c->get('ldap')->prop('Authentication') || 'disabled';
140 +my $schema = '/etc/openldap/schema/samba.schema';
141 +
142 +my $domain = $c->get('DomainName')->value;
143 +my $basedn = esmith::util::ldapBase($domain);
144 +
145 +my $userou = 'ou=Users';
146 +my $groupou = 'ou=Groups';
147 +my $compou = 'ou=Computers';
148 +
149 +my ($dc) = split /\./, $domain;
150 +my $company = $c->get_prop('ldap', 'defaultCompany') || $domain;
151 +
152 +my %opt;
153 +GetOptions ( \%opt, "diff|d", "update|u", "input|i=s", "output|o=s" );
154 +$opt{input} = '/usr/sbin/slapcat -c 2> /dev/null|' unless $opt{input} && ($opt{input} eq '-' || -f "$opt{input}" || -c "$opt{input}");
155 +$opt{diff} = 1 if $opt{update};
156 +if ( $opt{output} && $opt{output} =~ m{^([-\w/.]+)$}) {
157 + $opt{output} = $1;
158 +} else {
159 + $opt{output} = '-';
160 +}
161 +
162 +my ($data, $dn);
163 +
164 +# Top object (base)
165 +$data->{$basedn} = {
166 + objectclass => [qw/organization dcObject top/],
167 + dc => $dc,
168 + o => $company,
169 +};
170 +
171 +# Top containers for users/groups/computers
172 +foreach (qw/Users Groups Computers/) {
173 + $data->{"ou=$_,$basedn"} = {
174 + objectclass => [qw/organizationalUnit top/],
175 + ou => $_,
176 + };
177 +}
178 +
179 +# Common accounts needed for SME to work properly
180 +$data->{"cn=nobody,$groupou,$basedn"}->{objectclass} = [ qw/posixGroup/ ];
181 +$data->{"uid=www,$userou,$basedn"}->{objectclass} = [ qw/account/ ];
182 +$data->{"cn=www,$groupou,$basedn"} = { objectclass => [ qw/posixGroup/ ], memberuid => [ qw/admin/ ] };
183 +$data->{"cn=shared,$groupou,$basedn"} = {
184 + objectclass => [ qw/posixGroup mailboxRelatedObject/ ],
185 + mail => "everyone\@$domain",
186 + memberuid => [ qw/www/ ]
187 +};
188 +
189 +# Read in accounts database information
190 +foreach my $acct ($a->get('admin'), $a->users, $a->groups, $a->ibays, $a->get_all_by_prop(type => 'machine')) {
191 + my $key = $acct->key;
192 + my $type = $acct->prop('type');
193 +
194 + next if $key eq 'Primary';
195 +
196 + $dn = "uid=$key,".($type eq 'machine' ? $compou : $userou).",$basedn";
197 + if ($type =~ /^(?:user|group|machine|ibay)$/ || $key eq 'admin') {
198 + if ($type eq 'user' || $key eq 'admin') {
199 + # Allow removal of obsolete person objectclass and samba attributes
200 + push @{$data->{$dn}->{_delete}->{objectclass}}, 'person';
201 +
202 +
203 + push @{$data->{$dn}->{objectclass}}, 'inetOrgPerson';
204 + $data->{$dn}->{mail} = "$key\@$domain";
205 + @{$data->{$dn}}{qw/givenname sn telephonenumber o ou l street/} =
206 + map { $acct->prop($_) || [] } qw/FirstName LastName Phone Company Dept City Street/;
207 + $data->{$dn}->{cn} = $acct->prop('FirstName').' '.$acct->prop('LastName');
208 + }
209 + else {
210 + push @{$data->{$dn}->{objectclass}}, 'account';
211 + }
212 +
213 + # users/ibays need to be a member of shared
214 + push @{$data->{"cn=shared,$groupou,$basedn"}->{memberuid}}, $key if $type =~ /^(user|ibay)$/ || $key eq 'admin';
215 +
216 + if ($auth ne 'enabled') {
217 + # Allow removal of shadow properties
218 + push @{$data->{$dn}->{_delete}->{objectclass}}, 'shadowAccount';
219 + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/userPassword shadowLastChange shadowMin shadowMax
220 + shadowWarning shadowInactive shadowExpire shadowFlag/;
221 +
222 + if ( -f "$schema" ) {
223 + # If we will be adding samba properties then allow removal
224 + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaSamAccount';
225 + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaAcctFlags sambaLMPassword sambaNTPassword
226 + sambaNTPassword sambaPrimaryGroupSID sambaPwdLastSet sambaSID/;
227 + }
228 + }
229 + }
230 +
231 + $dn = "cn=$key,$groupou,$basedn";
232 + push @{$data->{$dn}->{objectclass}}, 'posixGroup';
233 + if ($type eq 'group') {
234 + # Allways replace memberuid with new set
235 + $data->{$dn}->{_delete}->{memberuid} = 1;
236 +
237 + push @{$data->{$dn}->{objectclass}}, 'mailboxRelatedObject';
238 +
239 + $data->{$dn}->{mail} = "$key\@$domain";
240 + $data->{$dn}->{description} = $acct->prop('Description') || [];
241 + push @{$data->{$dn}->{memberuid}}, split /,/, ($acct->prop('Members') || '');
242 +
243 + # www needs to be a memeber of every group
244 + push @{$data->{$dn}->{memberuid}}, 'www';
245 +
246 + if ($auth ne 'enabled' && -f "$schema" ) {
247 + # If we will be adding samba properties then allow removal
248 + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaGroupMapping';
249 + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaGroupType sambaSID/;
250 + }
251 + }
252 + elsif ($type eq 'ibay') {
253 + $dn = "cn=".$acct->prop('Group').",$groupou,$basedn";
254 + push @{$data->{$dn}->{memberuid}}, $acct->key;
255 + }
256 +}
257 +
258 +if ($auth ne 'enabled') {
259 + # Read in information from unix (passwd) system
260 + open PASSWD, '/etc/passwd';
261 + while (<PASSWD>) {
262 + chomp;
263 + my @passwd = split /:/, $_;
264 + next unless scalar @passwd == 7;
265 +
266 + $dn = "uid=$passwd[0],".($passwd[0] =~ /\$$/ ? $compou : $userou).",$basedn";
267 + next unless exists $data->{$dn};
268 +
269 + push @{$data->{$dn}->{objectclass}}, 'posixAccount';
270 + @{$data->{$dn}}{qw/cn uid uidnumber gidnumber homedirectory loginshell/} =
271 + map { $passwd[$_] ? $passwd[$_] : [] } (4,0,2,3,5,6);
272 + }
273 + close (PASSWD);
274 +
275 + # Shadow file defaults (pulled from cpu.conf)
276 + my %shadow_def = ( 1 => [], 2 => 11192, 3 => -1, 4 => 99999, 5 => 7, 6 => -1, 7 => -1, 8 => 134538308 );
277 +
278 + # Read in information from unix (shadow) system
279 + open SHADOW, '/etc/shadow';
280 + while (<SHADOW>) {
281 + chomp;
282 + my @shadow = split /:/, $_;
283 + next unless scalar @shadow >= 6;
284 + $shadow[1] = '!*' if $shadow[1] eq '!!';
285 + $shadow[1] = "{CRYPT}$shadow[1]" unless $shadow[1] =~ /^\{/;
286 +
287 + $dn = "uid=$shadow[0],".($shadow[0] =~ /\$$/ ? $compou : $userou).",$basedn";
288 + next unless exists $data->{$dn};
289 +
290 + push @{$data->{$dn}->{objectclass}}, 'shadowAccount';
291 + @{$data->{$dn}}{ map { lc($_) } qw/userPassword shadowLastChange shadowMin shadowMax shadowWarning shadowInactive
292 + shadowExpire shadowFlag/} = map { $shadow[$_] ? $shadow[$_] : $shadow_def{$_} } (1..8);
293 + }
294 + close (SHADOW);
295 +
296 + # Read in information from unix (group) system
297 + open GROUP, '/etc/group';
298 + while (<GROUP>) {
299 + chomp;
300 + my @group = split /:/, $_;
301 + next unless scalar @group >= 3;
302 + $group[3] = [ split /,/, ($group[3] || '') ];
303 +
304 + $dn = "cn=$group[0],$groupou,$basedn";
305 + next unless exists $data->{$dn};
306 +
307 + push @{$data->{$dn}->{objectclass}}, 'posixGroup';
308 + @{$data->{$dn}}{qw/cn gidnumber/} = map { $group[$_] ? $group[$_] : [] } (0,2);
309 + push @{$data->{$dn}->{memberuid}}, @{$group[3]};
310 + }
311 + close (GROUP);
312 +
313 + my %smbprop = (
314 + 'User SID' => 'sambasid',
315 + 'Account Flags' => 'sambaacctflags',
316 + 'Primary Group SID' => 'sambaprimarygroupsid',
317 + 'Full Name' => 'displayname',
318 + 'Password last set' => 'sambapwdlastset',
319 + );
320 +
321 + # Read in information from unix (smbpasswd) system
322 + if ( -f "$schema" && -x '/usr/bin/pdbedit' ) {
323 + $dn = undef;
324 + open SMBDETAIL, '/usr/bin/pdbedit -vL 2> /dev/null|';
325 + while (<SMBDETAIL>) {
326 + chomp;
327 +
328 + $dn = ("uid=$1,".($1 =~ /\$$/ ? $compou : $userou).",$basedn") if m/^Unix username:\s+(\S.*)$/;
329 + next unless $dn && exists $data->{$dn};
330 +
331 + # Map the samba account properties that we care about
332 + $data->{$dn}->{$smbprop{$1}} = ($2 ? str2time($2) : (defined $3 ? $3 : []))
333 + if m/^(.+):\s+(?:(\S.*\d{4} \d{2}:\d{2}:\d{2}.*)|(.*))$/ && exists $smbprop{$1};
334 + }
335 + close (SMBDETAIL);
336 +
337 + open SMBPASSWD, '/usr/bin/pdbedit -wL 2> /dev/null|';
338 + while (<SMBPASSWD>) {
339 + chomp;
340 + my @smbpasswd = split /:/, $_;
341 + next unless scalar @smbpasswd >= 6;
342 +
343 + $dn = "uid=$smbpasswd[0],".($smbpasswd[0] =~ /\$$/ ? $compou : $userou).",$basedn";
344 + next unless exists $data->{$dn} && exists $data->{$dn}->{uidnumber} && $data->{$dn}->{uidnumber} eq $smbpasswd[1];
345 +
346 + push @{$data->{$dn}->{objectclass}}, 'sambaSamAccount';
347 + @{$data->{$dn}}{qw/sambalmpassword sambantpassword/} = map { $smbpasswd[$_] ? $smbpasswd[$_] : [] } (2,3);
348 + }
349 + close (SMBPASSWD);
350 + }
351 +
352 + if ( -f "$schema" && -x '/usr/bin/net' ) {
353 + open GROUPMAP, '/usr/bin/net groupmap list 2> /dev/null|';
354 + while (<GROUPMAP>) {
355 + chomp;
356 +
357 + if (m/^(.+) \((.+)\) -> (.+)$/) {
358 + # Skip local machine accounts
359 + next if $2 =~ /S-1-5-32-\d+/;
360 +
361 + $dn = "cn=$3,$groupou,$basedn";
362 + next unless exists $data->{$dn};
363 +
364 + push @{$data->{$dn}->{objectclass}}, 'sambaGroupMapping';
365 + @{$data->{$dn}}{qw/displayname sambasid sambagrouptype/} = ($1, $2, 2);
366 + }
367 + }
368 + close (GROUPMAP);
369 + }
370 +}
371 +
372 +my @ldif;
373 +
374 +# Loop through ldap data and update as necessary
375 +my $reader = Net::LDAP::LDIF->new( $opt{input}, 'r', onerror => 'undef' );
376 +while( not $reader->eof()) {
377 + my $entry = $reader->read_entry() || next;
378 + $dn = $entry->dn;
379 +
380 + # Ensure the basedn is correct
381 + $dn = "$1$basedn" if $dn =~ /^((?:(?!dc=)[^,]+,)*)dc=/;
382 +
383 + # Ensure correct ou is part of user/groups/computers
384 + if ($dn =~ /^(uid=([^,\$]+)(\$)?),((?:(?!dc=)[^,]+,)*)dc=/) {
385 + if ( defined $3 && $3 eq '$') {
386 + $dn = "$1,$compou,$basedn";
387 + }
388 + elsif (grep /posixGroup/, @{$entry->get_value('objectclass', asref => 1) || []}) {
389 + $dn = "cn=$2,$groupou,$basedn";
390 +
391 + # Cleanup attributes that the modrdn will perform
392 + $entry->add(cn => $2);
393 + $entry->delete(uid => [$2]);
394 + }
395 + else {
396 + $dn = "$1,$userou,$basedn";
397 + }
398 + }
399 + elsif ($dn =~ /^(cn=[^,]+),((?:(?!dc=)[^,]+,)*)dc=/) {
400 + $dn = "$1,$groupou,$basedn" unless $2 =~ /^ou=auto\./;
401 + }
402 +
403 + # Don't process records twice
404 + next if $data->{$dn}->{_done};
405 +
406 + # Rename existing entry into place if we can
407 + if ($dn ne $entry->dn) {
408 + my $rdn = Net::LDAP::Entry->new;
409 + $rdn->dn($entry->dn);
410 + $rdn->changetype('modrdn');
411 + my ($newdn, $newbase) = split /,/, $dn, 2;
412 + $rdn->add(newrdn => $newdn, deleteoldrdn => 1, newsuperior => $newbase);
413 + push @ldif, $rdn;
414 +
415 + # Now we can change the entry to new dn
416 + $entry->dn($dn);
417 + }
418 +
419 + # Change type to modify so that we can keep track of changes we make
420 + $entry->changetype('modify');
421 +
422 + # Hack to make upgrades work (add calEntry if calFGUrl attributes exists)
423 + if ($entry->exists('calFBURL') && -f "/etc/openldap/schema/rfc2739.schema") {
424 + push @{$data->{$dn}->{objectclass}}, 'calEntry';
425 + }
426 +
427 + my %attributes = ();
428 + @attributes{ keys %{$data->{$dn}}, exists $data->{$dn}->{_delete} ? map { lc($_) } keys %{$data->{$dn}->{_delete}} : () } = ();
429 +
430 + foreach my $attr (sort keys %attributes) {
431 + # Skip the pseudo attributes
432 + next if $attr =~ /^_/;
433 +
434 + my @l = @{$entry->get_value($attr, asref => 1) || []};
435 + my @u = exists $data->{$dn}->{$attr} ? (ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})) : ();
436 +
437 + # Figure out differences between attributes
438 + my (@lonly, @uonly, @donly, %lseen, %useen, %dseen) = () x 6;
439 +
440 + # Unique lists of what is in ldap and what needs to be in ldap
441 + @lseen{@l} = ();
442 + @useen{@u} = ();
443 +
444 + # Create list of attributes that aren't in the other
445 + @uonly = grep { ! exists $lseen{$_} } keys %useen;
446 + @lonly = grep { ! exists $useen{$_} } keys %lseen;
447 +
448 + # Determine which of the ldap only attributes we need to remove
449 + if ((keys %useen == 1 && keys %lseen == 1) || (keys %useen == 0 && exists $data->{$dn}->{$attr})) {
450 + # Replacing a single entry or erasing entire entry
451 + @donly = @lonly;
452 + }
453 + elsif ($data->{$dn}->{_delete} && $data->{$dn}->{_delete}->{$attr}) {
454 + if (my $ref = ref($data->{$dn}->{_delete}->{$attr})) {
455 + # Map hash keys or array elemts to valid values to delete
456 + @dseen{$ref eq 'HASH' ? keys %{$data->{$dn}->{_delete}->{$attr}} : @{$data->{$dn}->{_delete}->{$attr}}} = ();
457 + @donly = grep { exists $dseen{$_} } @lonly;
458 + }
459 + else {
460 + # Permission to remove all values
461 + @donly = @lonly;
462 + }
463 + }
464 +
465 + if (@donly && @donly == keys %lseen) {
466 + # If we are removing all ldap attributes do a remove or full delete
467 + if (@uonly) {
468 + $entry->replace($attr => [ @uonly ]);
469 + }
470 + else {
471 + $entry->delete($attr => []);
472 + }
473 + }
474 + else {
475 + $entry->delete($attr => [ @donly ]) if @donly;
476 + $entry->add($attr => [ @uonly ]) if @uonly;
477 + }
478 + }
479 +
480 + $data->{$dn}->{_done} = 1;
481 + push @ldif, $entry;
482 +}
483 +$reader->done();
484 +
485 +# Add missing records that didn't exist in ldap yet
486 +foreach $dn (grep { ! exists $data->{$_}->{_done} } sort keys %$data) {
487 + my $entry = Net::LDAP::Entry->new;
488 + $entry->dn($dn);
489 +
490 + foreach my $attr (sort keys %{$data->{$dn}}) {
491 + # Skip the pseudo attributes
492 + next if $attr =~ /^_/;
493 +
494 + my %seen = ();
495 + @seen{ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})} = ();
496 + $entry->add($attr => [ sort keys %seen ]) if keys %seen != 0;
497 + }
498 +
499 + push @ldif, $entry;
500 +}
501 +
502 +#------------------------------------------------------------
503 +# Update LDAP database entry.
504 +#------------------------------------------------------------
505 +my $ldap;
506 +if ($opt{update}) {
507 + $ldap = Net::LDAP->new('localhost') or die "$@";
508 + $ldap->bind( dn => "cn=root,$basedn", password => esmith::util::LdapPassword() );
509 +}
510 +
511 +my $writer = Net::LDAP::LDIF->new( $opt{output}, 'w', onerror => 'undef', wrap => 0, sort => 1, change => $opt{diff} );
512 +foreach my $entry (sort dnsort @ldif) {
513 + if ($opt{update} && ($entry->changetype ne 'modify' || @{$entry->{changes}}) ) {
514 + my $result = $entry->update($ldap);
515 + warn "Failure to ",$entry->changetype," ",$entry->dn,": ",$result->error,"\n" if $result->code;
516 + }
517 +
518 + if ($writer->{change} || $entry->changetype !~ /modr?dn/) {
519 + $writer->write_entry($entry);
520 + }
521 +}
522 diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate
523 --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-certificate 1969-12-31 19:00:00.000000000 -0500
524 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-certificate 2020-12-11 21:30:01.775000000 -0500
525 @@ -0,0 +1,40 @@
526 +#!/usr/bin/perl -w
527 +
528 +#----------------------------------------------------------------------
529 +# copyright (C) 2005 Mitel Networks Corporation
530 +#
531 +# This program is free software; you can redistribute it and/or modify
532 +# it under the terms of the GNU General Public License as published by
533 +# the Free Software Foundation; either version 2 of the License, or
534 +# (at your option) any later version.
535 +#
536 +# This program is distributed in the hope that it will be useful,
537 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
538 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
539 +# GNU General Public License for more details.
540 +#
541 +# You should have received a copy of the GNU General Public License
542 +# along with this program; if not, write to the Free Software
543 +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
544 +#
545 +# Technical support for this program is available from Mitel Networks
546 +# Please visit our web site www.mitel.com/sme/ for details.
547 +#----------------------------------------------------------------------
548 +
549 +use esmith::util;
550 +use esmith::ConfigDB;
551 +use File::Copy;
552 +
553 +my $c = esmith::ConfigDB->open_ro;
554 +my $s = $c->get('SystemName')->value;
555 +my $d = $c->get('DomainName')->value;
556 +
557 +my $pem = "/etc/openldap/ssl/slapd.pem";
558 +# Now copy system pem file into jail used by ldap
559 +copy("/home/e-smith/ssl.pem/$s.$d.pem", "$pem.$$")
560 + or die "failed to copy SSL PEM: $!";
561 +chmod 0640, "$pem.$$";
562 +esmith::util::chownFile("root", "ldap", "$pem.$$");
563 +rename("$pem.$$", "$pem")
564 + or die "failed to rename $pem.$$ to $pem: $!";
565 +
566 diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish
567 --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-finish 1969-12-31 19:00:00.000000000 -0500
568 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-finish 2020-12-11 21:51:25.883000000 -0500
569 @@ -0,0 +1,21 @@
570 +#! /bin/sh
571 +
572 +exec 2>&1
573 +
574 +LDIF=$(readlink -n /etc/openldap/ldif)
575 +TMP=$LDIF.$$
576 +if /usr/sbin/slapcat -l $TMP
577 +then
578 + mv -f $TMP $LDIF
579 +else
580 + echo slapcat dump of ldif failed - shutting down ldap service >&2
581 + echo probable corruption of ldap backend files >&2
582 +
583 + # Don't bother to keep a zero length dump file
584 + if test ! -s $TMP
585 + then
586 + rm -f $TMP
587 + fi
588 +
589 +fi
590 +
591 diff -Nur e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare
592 --- e-smith-ldap-5.6.0.old/root/sbin/e-smith/systemd/ldap-prepare 1969-12-31 19:00:00.000000000 -0500
593 +++ e-smith-ldap-5.6.0/root/sbin/e-smith/systemd/ldap-prepare 2020-12-11 22:22:52.071000000 -0500
594 @@ -0,0 +1,54 @@
595 +#! /bin/sh
596 +
597 +
598 +domain=$(/sbin/e-smith/config get DomainName)
599 +ldif="/home/e-smith/db/ldap/$domain.ldif"
600 +
601 +if [ -e /etc/openldap/ldif ]
602 +then
603 + old_ldif=$(readlink /etc/openldap/ldif)
604 + if [ "$old_ldif" != "$ldif" ]
605 + then
606 + # The domain name has changed, so we need to delete
607 + # the old directory contents. We still have the old
608 + # dump.
609 + mv -f $old_ldif $ldif
610 + find /var/lib/ldap -type f | xargs rm -f
611 + fi
612 +fi
613 +
614 +if [ -f /var/lib/ldap/nextid.dbb ]
615 +then
616 + # We are upgrading from an earlier version which used
617 + # ldbm backend format. Delete the backend files, and
618 + # restore from ldif
619 + find /var/lib/ldap -type f | xargs rm -f
620 +fi
621 +
622 +# Set up symlink for ldap dump at shutdown
623 +ln -sf $ldif /etc/openldap/ldif
624 +
625 +/sbin/e-smith/expand-template /var/lib/ldap/DB_CONFIG
626 +
627 +# Make sure we use the slapd.conf file instead of the new slapd.d
628 +touch /etc/openldap/slapd.d/unused
629 +find /etc/openldap/slapd.d/ -mindepth 1 -maxdepth 1 -not -name unused -exec rm -rf {} \;
630 +/sbin/e-smith/expand-template /etc/openldap/slapd.conf
631 +
632 +# Prime directory if required
633 +if [ \! -f /var/lib/ldap/id2entry.bdb ]
634 +then
635 + if [ -e /etc/openldap/ldif ]
636 + then
637 + /sbin/e-smith/ldif-fix -i /etc/openldap/ldif | setuidgid ldap slapadd -c
638 + else
639 + /sbin/e-smith/ldif-fix -i /dev/null | setuidgid ldap slapadd -c
640 + fi
641 +else
642 + setuidgid ldap /usr/bin/db_recover -v -h /var/lib/ldap
643 +fi
644 +
645 +# Make sure all DB files belongs to ldap:ldap
646 +find /var/lib/ldap -not -name DB_CONFIG -exec chown ldap:ldap {} \;
647 +
648 +exit 0
649 diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service
650 --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.init.service 1969-12-31 19:00:00.000000000 -0500
651 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.init.service 2020-12-11 22:18:46.616000000 -0500
652 @@ -0,0 +1,21 @@
653 +[Unit]
654 +Description=Koozali SME Server ldap.init
655 +After=syslog.target network-online.target ldap.service
656 +
657 +[Service]
658 +Type=forking
659 +Restart=no
660 +TimeoutSec=5min
661 +IgnoreSIGPIPE=no
662 +KillMode=process
663 +GuessMainPID=no
664 +RemainAfterExit=yes
665 +ExecStartPre=/sbin/e-smith/service-status ldap.init
666 +ExecStart=/etc/rc.d/init.d/ldap.init start
667 +ExecStop=/etc/rc.d/init.d/ldap.init stop
668 +
669 +
670 +[Install]
671 +WantedBy=sme-server.target
672 +Alias=slapd.service
673 +
674 diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service
675 --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/ldap.service 1969-12-31 19:00:00.000000000 -0500
676 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/ldap.service 2020-12-11 22:18:52.999000000 -0500
677 @@ -0,0 +1,25 @@
678 +[Unit]
679 +Description=Koozali SME Server OpenLDAP Server Daemon
680 +After=syslog.target network-online.target
681 +Documentation=man:slapd
682 +Documentation=man:slapd-config
683 +Documentation=man:slapd-hdb
684 +Documentation=man:slapd-mdb
685 +Documentation=file:///usr/share/doc/openldap-servers/guide.html
686 +
687 +[Service]
688 +Type=forking
689 +PIDFile=/var/run/openldap/slapd.pid
690 +Environment="SLAPD_URLS=ldap:/// ldaps:/// ldapi:///" "SLAPD_OPTIONS=-4 -d 256 -s 0"
691 +EnvironmentFile=/etc/sysconfig/slapd
692 +ExecStartPre=/sbin/e-smith/service-status ldap
693 +ExecStartPre=/sbin/e-smith/systemd/ldap-certificate
694 +ExecStartPre=/sbin/e-smith/systemd/ldap-prepare
695 +#ExecStartPre=/usr/libexec/openldap/check-config.sh
696 +ExecStart=/usr/sbin/slapd -u ldap -h ${SLAPD_URLS} $SLAPD_OPTIONS
697 +
698 +ExecStopPost=/sbin/e-smith/systemd/ldap-finish
699 +
700 +[Install]
701 +WantedBy=sme-server.target
702 +Alias=slapd.service
703 diff -Nur e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf
704 --- e-smith-ldap-5.6.0.old/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 1969-12-31 19:00:00.000000000 -0500
705 +++ e-smith-ldap-5.6.0/root/usr/lib/systemd/system/slapd.service.d/50koozali.conf 2020-12-11 22:09:10.565000000 -0500
706 @@ -0,0 +1,5 @@
707 +# disabled
708 +# we are using ldap.service
709 +ExecStart=/usr/bin/true
710 +ExecStartPre=
711 +PIDFile=

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed