-
Notifications
You must be signed in to change notification settings - Fork 4k
Expand file tree
/
Copy pathinit-slapd.sh
More file actions
executable file
·136 lines (111 loc) · 3.6 KB
/
init-slapd.sh
File metadata and controls
executable file
·136 lines (111 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
#!/bin/sh
# vim:sw=4:et:
set -eux
readonly slapd_data_dir="$1"
readonly tcp_port="$2"
readonly tls_port="$3"
readonly cacertfile="$4"
readonly server_certfile="$5"
readonly server_keyfile="$6"
readonly pidfile="$slapd_data_dir/slapd.pid"
readonly tcp_uri="ldap://localhost:$tcp_port"
readonly tls_uri="ldaps://localhost:$tls_port"
readonly binddn="cn=config"
readonly passwd=secret
case "$(uname -s)" in
Linux)
if [ -x /usr/bin/slapd ]
then
readonly slapd=/usr/bin/slapd
elif [ -x /usr/sbin/slapd ]
then
readonly slapd=/usr/sbin/slapd
fi
if [ -d /usr/lib/openldap ]
then
readonly modulepath=/usr/lib/openldap
elif [ -d /usr/lib/ldap ]
then
readonly modulepath=/usr/lib/ldap
fi
if [ -d /etc/openldap/schema ]
then
readonly schema_dir=/etc/openldap/schema
elif [ -d /etc/ldap/schema ]
then
readonly schema_dir=/etc/ldap/schema
fi
;;
FreeBSD)
readonly slapd=/usr/local/libexec/slapd
readonly modulepath=/usr/local/libexec/openldap
readonly schema_dir=/usr/local/etc/openldap/schema
;;
*)
exit 1
;;
esac
# --------------------------------------------------------------------
# slapd(8) configuration + start
# --------------------------------------------------------------------
rm -rf "$slapd_data_dir"
mkdir -p "$slapd_data_dir"
readonly conf_file="$slapd_data_dir/slapd.conf"
cat <<EOF > "$conf_file"
include $schema_dir/core.schema
include $schema_dir/cosine.schema
include $schema_dir/nis.schema
include $schema_dir/inetorgperson.schema
pidfile $pidfile
modulepath $modulepath
loglevel 7
database config
rootdn "$binddn"
rootpw $passwd
TLSCACertificateFile $cacertfile
TLSCertificateFile $server_certfile
TLSCertificateKeyFile $server_keyfile
EOF
cat "$conf_file"
readonly conf_dir="$slapd_data_dir/slapd.d"
mkdir -p "$conf_dir"
# Start slapd(8).
"$slapd" \
-f "$conf_file" \
-F "$conf_dir" \
-h "$tcp_uri $tls_uri"
readonly auth="-x -D $binddn -w $passwd"
# We wait for the server to start.
# shellcheck disable=SC2034
for seconds in 1 2 3 4 5 6 7 8 9 10; do
# shellcheck disable=SC2086
ldapsearch $auth -H "$tcp_uri" -LLL -b cn=config dn && break;
sleep 1
done
# --------------------------------------------------------------------
# Load the example LDIFs for the testsuite.
# --------------------------------------------------------------------
tmp="$(cd "$(dirname "$0")" && pwd)"
readonly script_dir="$tmp"
readonly example_ldif_dir="$script_dir/ldif"
readonly example_data_dir="$slapd_data_dir/ldif-data"
mkdir -p "$example_data_dir"
# We update the hard-coded database directory with the one we computed
# here, so the data is located inside the test directory.
# shellcheck disable=SC2086
sed -E -e "s,^olcDbDirectory:.*,olcDbDirectory: $example_data_dir," \
< "$example_ldif_dir/global.ldif" | \
ldapadd $auth -H "$tcp_uri"
# We remove the module path from the example LDIF as it was already
# configured.
# shellcheck disable=SC2086
sed -E -e "s,^olcModulePath:.*,olcModulePath: $modulepath," \
< "$example_ldif_dir/memberof_init.ldif" | \
ldapadd $auth -H "$tcp_uri"
# shellcheck disable=SC2086
ldapmodify $auth -H "$tcp_uri" -f "$example_ldif_dir/refint_1.ldif"
# shellcheck disable=SC2086
ldapadd $auth -H "$tcp_uri" -f "$example_ldif_dir/refint_2.ldif"
# shellcheck disable=SC2086
ldapsearch $auth -H "$tcp_uri" -LLL -b cn=config dn
echo SLAPD_PID="$(cat "$pidfile")"