summaryrefslogtreecommitdiffstats
path: root/debian/slapd.scripts-common
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:23:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:23:54 +0000
commitfe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173 (patch)
tree5f743c2fcc2c85b0363602a14ac3753bc5a19abc /debian/slapd.scripts-common
parentAdding upstream version 2.4.47+dfsg. (diff)
downloadopenldap-fe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173.tar.xz
openldap-fe2751bf1e0388ddfa3fdfa88ed70b2bc94e2173.zip
Adding debian version 2.4.47+dfsg-3+deb10u7.debian/2.4.47+dfsg-3+deb10u7debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/slapd.scripts-common')
-rw-r--r--debian/slapd.scripts-common847
1 files changed, 847 insertions, 0 deletions
diff --git a/debian/slapd.scripts-common b/debian/slapd.scripts-common
new file mode 100644
index 0000000..071610d
--- /dev/null
+++ b/debian/slapd.scripts-common
@@ -0,0 +1,847 @@
+# -*- sh -*-
+# This file can be included with #SCRIPTSCOMMON#
+
+
+# ===== Dumping and reloading using LDIF files ========================= {{{
+#
+# If incompatible changes are done to the database underlying a LDAP
+# directory we need to dump the contents and reload the data into a newly
+# created database after the new server was installed. The following
+# functions deal with this functionality.
+
+
+# ----- Configuration of this component -------------------------------- {{{
+#
+# Dumping the database can have negative effects on the system we are
+# running on. If there is a lot of data dumping it might fill a partition
+# for example. Therefore we must give the user exact control over what we
+# are doing.
+
+database_dumping_enabled() { # {{{
+# Check if the user has enabled database dumping for the current situation.
+# Return success if yes.
+# Usage: if database_dumping_enabled; then ... fi
+
+ # If the package is being removed, dump unconditionally as we
+ # don't know whether the next version will require reload.
+ [ "$MODE" = remove ] && return 0
+
+ db_get slapd/dump_database
+ case "$RET" in
+ always)
+ ;;
+ "when needed")
+ database_format_changed || return 1
+ ;;
+ never)
+ return 1
+ ;;
+ *)
+ echo >&2 "Unknown value for slapd/dump_database: $RET"
+ echo >&2 "Please report!"
+ exit 1
+ ;;
+ esac
+}
+
+# }}}
+database_format_changed() { # {{{
+# Check if the database format has changed since the old installed version
+# Return success if yes.
+# Usage: if database_format_changed; then
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl 2.4.39-1; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+database_dumping_destdir() { # {{{
+# Figure out the directory we are dumping the database to and create it
+# if it does not exist.
+# Usage: destdir=`database_dumping_destdir`
+
+ local dir
+ db_get slapd/dump_database_destdir
+ dir=`echo "$RET"|sed -e "s/VERSION/$OLD_VERSION/"`
+ mkdir -p -m 700 "$dir"
+ echo $dir
+}
+
+# }}}
+create_new_user() { # {{{
+ if [ -z "`getent group openldap`" ]; then
+ addgroup --quiet --system openldap
+ fi
+ if [ -z "`getent passwd openldap`" ]; then
+ echo -n " Creating new user openldap... " >&2
+ adduser --quiet --system --home /var/lib/ldap --shell /bin/false \
+ --ingroup openldap --disabled-password --disabled-login \
+ --gecos "OpenLDAP Server Account" openldap
+ echo "done." >&2
+ fi
+}
+# }}}
+create_ldap_directories() { # {{{
+ if [ ! -d /var/lib/ldap ]; then
+ mkdir -m 0700 /var/lib/ldap
+ fi
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -m 0755 /var/run/slapd
+ fi
+ update_permissions /var/lib/ldap
+ update_permissions /var/run/slapd
+}
+# }}}
+update_permissions() { # {{{
+ local dir
+ dir="$1"
+ if [ -d "$dir" ]; then
+ [ -z "$SLAPD_USER" ] || chown -R -H "$SLAPD_USER" "$dir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R -H "$SLAPD_GROUP" "$dir"
+ fi
+}
+# }}}
+update_databases_permissions() { # {{{
+ get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ update_permissions "$dbdir"
+ done
+}
+# }}}
+# }}}
+# ----- Dumping and loading the data ------------------------------------ {{{
+
+migrate_to_slapd_d_style() { # {{{
+
+ # Check if we need to migrate to the new style.
+ if previous_version_older 2.4.23-3 && [ -f "${SLAPD_CONF}" ] \
+ && ! [ -d /etc/ldap/slapd.d ]
+ then
+
+ # Create the new configuration directory
+ mkdir /etc/ldap/slapd.d
+
+ echo -n " Migrating slapd.conf to slapd.d configuration style... " >&2
+ capture_diagnostics slaptest -f ${SLAPD_CONF} -F /etc/ldap/slapd.d || failed=1
+ if [ "$failed" ]; then
+
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+Migrating slapd.conf file (${SLAPD_CONF}) to slapd.d failed with the following
+error while running slaptest:
+EOF
+ release_diagnostics " "
+ rm -rf /etc/ldap/slapd.d
+ exit 1
+ fi
+
+ # Backup the old slapd.conf
+ mv ${SLAPD_CONF} ${SLAPD_CONF}.old
+ SLAPD_CONF=/etc/ldap/slapd.d
+
+ # Add olcAccess control to grant local root connections access
+ sed -i '/^olcDatabase: {-1}frontend/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break\
+olcAccess: {1}to dn.exact="" by * read\
+olcAccess: {2}to dn.base="cn=Subschema" by * read' "${SLAPD_CONF}/cn=config/olcDatabase={-1}frontend.ldif"
+ sed -i '/^olcDatabase: {0}config/a\
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break' "${SLAPD_CONF}/cn=config/olcDatabase={0}config.ldif"
+
+ # TODO: Now we are doing something that is not allowed by policy but it
+ # has to be done.
+ sed -i -e "/^[[:space:]]*SLAPD_CONF=.*/ s/^/#/" /etc/default/slapd
+ echo "done." >&2
+ fi
+}
+
+# }}}
+dump_config() { # {{{
+# Dump the cn=config database to the backup directory.
+# This is not the same as backup_config_once, which copies the slapd.d
+# directory verbatim.
+ local dir
+
+ [ -d "$SLAPD_CONF" ] || return 0
+
+ dir="$(database_dumping_destdir)"
+ echo "Saving current slapd configuration to $dir..." >&2
+ slapcat -F "$SLAPD_CONF" -n0 -l "$dir/cn=config.ldif"
+}
+# }}}
+dump_databases() { # {{{
+# If the user wants us to dump the databases they are dumped to the
+# configured directory.
+
+ local db suffix file dir failed
+
+ database_dumping_enabled || return 0
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Dumping to $dir: "
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -n "$dbdir" ]; then
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+ # Need to support slapd.d migration from preinst
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapcat_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapcat_opts="-g -F ${SLAPD_CONF}"
+ fi
+ slapcat ${slapcat_opts} -b "$suffix" > "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$file"
+ echo "failed." >&2
+ db_subst slapd/upgrade_slapcat_failure location "$dir" <&5
+ db_input critical slapd/upgrade_slapcat_failure <&5 || true
+ db_go <&5 || true
+ exit 1
+ fi
+ echo "done." >&2
+ fi
+ done) 5<&0 </dev/null
+}
+
+# }}}
+load_databases() { # {{{
+ local dir file db dbdir backupdir slapadd_opts
+
+ dir=`database_dumping_destdir`
+ echo >&2 " Loading from $dir: "
+ # restore by increasing suffix length due to possibly glued databases
+ get_suffix | awk '{ print length, $0 }' | sort -n | cut -d ' ' -f 2- \
+ | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ if [ -z "$dbdir" ]; then
+ continue
+ fi
+ if ! is_empty_dir "$dbdir"; then
+ echo >&2 \
+ " Directory $dbdir for $suffix not empty, aborting."
+ exit 1
+ fi
+
+ file="$dir/$suffix.ldif"
+ printf ' - directory %s... ' "$suffix" >&2
+
+ # If there is an old DB_CONFIG file, restore it before
+ # running slapadd
+ backupdir="$(compute_backup_path -n "$dbdir" "$suffix")"
+ if [ -e "$backupdir"/DB_CONFIG ]; then
+ cp -a "$backupdir"/DB_CONFIG "$dbdir"/
+ fi
+
+ if [ -f "${SLAPD_CONF}" ]; then
+ slapadd_opts="-g -f ${SLAPD_CONF}"
+ else
+ slapadd_opts="-g -F ${SLAPD_CONF}"
+ fi
+ capture_diagnostics slapadd ${slapadd_opts} \
+ -q -b "$suffix" -l "$file" || failed=1
+ if [ "$failed" ]; then
+ rm -f "$dbdir"/*
+ echo "failed." >&2
+ echo >&2
+ cat <<-EOF
+ Loading the database from the LDIF dump failed with the following
+ error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+ echo "done." >&2
+
+ if [ -n "$SLAPD_USER" ] || [ -n "$SLAPD_GROUP" ]; then
+ echo -n " - chowning database directory ($SLAPD_USER:$SLAPD_GROUP)... "
+ update_permissions "$dbdir"
+ echo "done";
+ fi
+ done
+}
+
+# }}}
+move_incompatible_databases_away() { # {{{
+ echo >&2 " Moving old database directories to /var/backups:"
+ (get_suffix | while read -r suffix; do
+ dbdir=`get_directory "$suffix"`
+ move_old_database_away "$dbdir" "$suffix" <&5
+ done) 5<&0 </dev/null
+}
+# }}}
+# }}}
+# }}}
+
+# ===== Parsing the slapd configuration file ============================ {{{
+#
+# For some operations we have to know the slapd configuration. These
+# functions are for parsing the slapd configuration file.
+
+# The following two functions need to support slapd.conf installations
+# as long as upgrading from slapd.conf environment is supported.
+# They're used to dump database in preinst which may have a slapd.conf file.
+get_suffix() { # {{{
+ if [ -f "${SLAPD_CONF}" ]; then
+ for f in `get_all_slapd_conf_files`; do
+ sed -n -e '/^suffix[[:space:]]/ { s/^suffix[[:space:]]\+"*\([^"]\+\)"*/\1/; s/\\\\/\\/g; p }' $f
+ done
+ else
+ grep -h ^olcSuffix ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif | cut -d: -f 2
+ fi | sort -u
+}
+# }}}
+get_directory() { # {{{
+# Returns the db directory for a given suffix
+ if [ -d "${SLAPD_CONF}" ] && get_suffix | grep -Fq "$1" ; then
+ sed -n 's/^olcDbDirectory: *//p' `grep -Flx "olcSuffix: $1" ${SLAPD_CONF}/cn\=config/olcDatabase*.ldif`
+ elif [ -f "${SLAPD_CONF}" ]; then
+ # Extract the directory for the given suffix ($1)
+ # Quote backslashes once for slapd.conf parser, again for awk
+ quoted="$(printf '%s' "$1" | sed 's/\\/\\\\\\\\/g')"
+ for f in `get_all_slapd_conf_files`; do
+ awk ' BEGIN { DB=0; SUF=""; DIR="" } ;
+ /^database/ { DB=1; SUF=""; DIR="" } ;
+ DB==1 && /^suffix[ \t]+"?'"$quoted"'"?$/ { SUF=$2 ; } ;
+ DB==1 && /^directory/ { DIR=$2 ;} ;
+ DB==1 && SUF!="" && DIR!="" { sub(/^"/,"",DIR) ; sub(/"$/,"",DIR) ; print DIR; SUF=""; DIR="" }' "${f}" | \
+ sed -e's/\([^\\]\|^\)"/\1/g; s/\\"/"/g; s/\\\\/\\/g'
+
+ done
+ else
+ return 1
+ fi
+}
+# }}}
+get_all_slapd_conf_files() { # {{{
+# Returns the list of all the config files: slapd.conf and included files.
+ echo ${SLAPD_CONF}
+ awk '
+BEGIN { I=0 }
+/^include/ {
+ sub(/include/," ");
+ I=1;
+}
+I==1 && /^[ \t]+/ {
+ split($0,F) ;
+ for (f in F)
+ if (!match(F[f],/schema/)) {
+ print F[f]
+ } ;
+ next;
+}
+I==1 { I=0 }
+' ${SLAPD_CONF}
+}
+# }}}
+# }}}
+
+compute_backup_path() { # {{{
+# Compute the path to backup a database directory
+# Usage: compute_backup_path [-n] <dir> <basedn>
+
+# XXX: should ask the user via debconf
+
+ local dirname basedn ok_exists
+ if [ "$1" = "-n" ]; then
+ ok_exists=yes
+ shift
+ fi
+ dirname="$1"
+ basedn="$2"
+
+ # Computing the name of the backup directory from the old version,
+ # the suffix etc. all makes me feel worried. I'd rather have a
+ # directory name which is not going to exist. So the simple
+ # scheme we are using now is to compute the filename from the
+ # directory name and appending date and time. And we check if it
+ # exists to be really sure... -- Torsten
+
+ local target
+ local id
+ id="$OLD_VERSION"
+ [ -n "$id" ] || id=`date +%Y%m%d-%H%M%S`
+ target="/var/backups/$basedn-$id.ldapdb"
+ if [ -e "$target" ] && [ -z "$ok_exists" ]; then
+ echo >&2
+ echo >&2 " Backup path $target exists. Giving up..."
+ exit 1
+ fi
+
+ printf '%s' "$target"
+}
+
+# }}}
+move_old_database_away() { # {{{
+# Move the old database away if it is still there
+#
+# In fact this function makes sure that the database directory is empty
+# with the exception of any DB_CONFIG file
+# and can be populated with a new database. If something is in the way
+# it is moved to a backup directory if the user accepted the debconf
+# option slapd/move_old_database. Otherwise we output a warning and let
+# the user fix it himself.
+# Usage: move_old_database_away <dbdir> [<basedn>]
+
+ local databasedir backupdir
+ databasedir="$1"
+ suffix="${2:-unknown}"
+
+ if [ ! -e "$databasedir" ] || is_empty_dir "$databasedir"; then
+ return 0
+ fi
+
+ # Note that we can't just move the database dir as it might be
+ # a mount point. Instead me move the content which might
+ # include mount points as well anyway, but it's much less likely.
+ db_get slapd/move_old_database
+ if [ "$RET" = true ]; then
+ backupdir="$(compute_backup_path "$databasedir" "$suffix")"
+ printf ' - directory %s... ' "$suffix" >&2
+ mkdir -p "$backupdir"
+ find -H "$databasedir" -mindepth 1 -maxdepth 1 -type f \
+ -exec mv {} "$backupdir" \;
+ echo done. >&2
+ else
+ cat >&2 <<EOF
+ There are leftover files in $databasedir. This will probably break
+ creating the initial directory. If that's the case please move away
+ stuff in there and retry the configuration.
+EOF
+ fi
+}
+# }}}
+manual_configuration_wanted() { # {{{
+# Check if the user wants to configure everything himself (queries debconf)
+# Returns success if yes.
+
+ db_get slapd/no_configuration
+ if [ "$RET" = "true" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+# }}}
+copy_example_DB_CONFIG() { # {{{
+# Copy an example DB_CONFIG file
+# copy_example_DB_CONFIG <directory>
+ local directory srcdir
+
+ directory="$1"
+ srcdir="/usr/share/slapd"
+
+ if ! [ -f "${directory}/DB_CONFIG" ] && [ -d "$directory" ]; then
+ cp $srcdir/DB_CONFIG "${directory}/DB_CONFIG"
+ fi
+}
+
+# }}}
+create_new_configuration() { # {{{
+# Create a new configuration and directory
+
+ local basedn dc backend
+
+ # For the domain really.argh.org we create the basedn
+ # dc=really,dc=argh,dc=org with the dc entry dc: really
+ db_get slapd/domain
+ basedn="dc=`echo $RET | sed 's/^\.//; s/\.$//; s/\./,dc=/g'`"
+ dc="`echo $RET | sed 's/^\.//; s/\..*$//'`"
+
+ db_get slapd/backend
+ backend="`echo $RET|tr A-Z a-z`"
+
+ backup_config_once
+ if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
+ echo >&2 " Moving old database directory to /var/backups:"
+ move_old_database_away /var/lib/ldap
+ fi
+ create_ldap_directories
+ create_new_slapd_conf "$basedn" "$backend"
+ create_new_directory "$basedn" "$dc"
+
+ # Put the right permissions on this directory.
+ update_permissions /var/lib/ldap
+
+ # Now that we created the new directory we don't need the passwords in the
+ # debconf database anymore. So wipe them.
+ wipe_admin_pass
+}
+# }}}
+create_new_slapd_conf() { # {{{
+# Create the new slapd.d directory (configuration)
+# Usage: create_new_slapd_conf <basedn> <backend>
+
+ local initldif failed basedn backend backendobjectclass backendoptions adminpass
+
+ # Fetch configuration
+ basedn="$1"
+ backend="$2"
+ if [ "$backend" = "mdb" ]; then
+ backendoptions="olcDbMaxSize: 1073741824"
+ backendobjectclass="olcMdbConfig"
+ else
+ backendoptions="olcDbConfig: set_cachesize 0 2097152 0\nolcDbConfig: set_lk_max_objects 1500\nolcDbConfig: set_lk_max_locks 1500\nolcDbConfig: set_lk_max_lockers 1500"
+ if [ "$backend" = "hdb" ]; then
+ backendobjectclass="olcHdbConfig"
+ else
+ backendobjectclass="olcBdbConfig"
+ fi
+ fi
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating initial configuration... " >&2
+
+ # Create the slapd.d directory.
+ rm -rf ${SLAPD_CONF}/cn=config ${SLAPD_CONF}/cn=config.ldif
+ mkdir -p ${SLAPD_CONF}
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat /usr/share/slapd/slapd.init.ldif > ${initldif}
+
+ # Change some defaults
+ sed -i -e "s|@BACKEND@|$backend|g" ${initldif}
+ sed -i -e "s|@BACKENDOBJECTCLASS@|$backendobjectclass|g" ${initldif}
+ sed -i -e "s|@BACKENDOPTIONS@|$backendoptions|g" ${initldif}
+ sed -i -e "s|@SUFFIX@|$basedn|g" ${initldif}
+ sed -i -e "s|@PASSWORD@|$adminpass|g" ${initldif}
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "cn=config" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ update_permissions "${SLAPD_CONF}"
+ rm -f "${initldif}"
+ echo "done." >&2
+}
+# }}}
+encode_utf8() { #{{{
+# Make the value utf8 encoded. Takes one argument and utf8 encode it.
+# Usage: val=`encode_utf8 <value>`
+ perl -e 'use Encode; print encode_utf8($ARGV[0]);' "$1"
+} #}}}
+create_new_directory() { # {{{
+# Create a new directory. Takes the basedn and the dc value of that entry.
+# Other information is extracted from debconf.
+# Usage: create_new_directory <basedn> <dc>
+
+ local basedn dc organization adminpass
+ basedn="$1"
+ dc="$2"
+
+ # Encode to utf8 and base64 encode the organization.
+ db_get shared/organization
+ organization=`encode_utf8 "$RET"`
+ db_get slapd/internal/adminpw
+ adminpass="$RET"
+
+ echo -n " Creating LDAP directory... " >&2
+
+ initldif=`mktemp -t slapadd.XXXXXX`
+ cat <<-EOF > "${initldif}"
+ dn: $basedn
+ objectClass: top
+ objectClass: dcObject
+ objectClass: organization
+ o: $organization
+ dc: $dc
+
+ dn: cn=admin,$basedn
+ objectClass: simpleSecurityObject
+ objectClass: organizationalRole
+ cn: admin
+ description: LDAP administrator
+ userPassword: $adminpass
+ EOF
+
+ capture_diagnostics slapadd -F "${SLAPD_CONF}" -b "${basedn}" \
+ -l "${initldif}" || failed=1
+ if [ "$failed" ]; then
+ rm -f ${initldif}
+ echo "failed." >&2
+ cat <<-EOF
+Loading the initial configuration from the ldif file (${init_ldif}) failed with
+the following error while running slapadd:
+EOF
+ release_diagnostics " "
+ exit 1
+ fi
+
+ rm -f ${initldif}
+ echo "done." >&2
+}
+# }}}
+backup_config_once() { # {{{
+# Create a backup of the current configuration files.
+# Usage: backup_config_once
+
+ local backupdir
+
+ if [ -z "$FLAG_CONFIG_BACKED_UP" ]; then
+ if [ -e "$SLAPD_CONF" ]; then
+ backupdir=`database_dumping_destdir`
+ echo -n " Backing up $SLAPD_CONF in ${backupdir}... " >&2
+ cp -a "$SLAPD_CONF" "$backupdir"
+ echo done. >&2
+ fi
+ FLAG_CONFIG_BACKED_UP=yes
+ fi
+}
+
+# }}}
+normalize_ldif() { # {{{
+# Unwrap LDIF lines and strip comments.
+ perl -00 -pe 's/\n[ \t]//g; s/^#.*\n//mg' "$@"
+}
+# }}}
+
+
+set_defaults_for_unseen_entries() { # {{{
+# Set up the defaults for our templates
+ DOMAIN=`hostname -d 2>/dev/null` || true
+ if [ -z "$DOMAIN" ]; then DOMAIN='nodomain'; fi
+
+ db_fget slapd/domain seen
+ if [ "$RET" = false ]; then
+ db_set slapd/domain "$DOMAIN"
+ fi
+
+ db_fget shared/organization seen
+ if [ "$RET" = false ]; then
+ db_set shared/organization "$DOMAIN"
+ fi
+}
+# }}}
+crypt_admin_pass() { # {{{
+# Store the encrypted admin password into the debconf db
+# Usage: crypt_admin_pass
+
+ local adminpw;
+
+ db_get slapd/password1
+ if [ ! -z "$RET" ]; then
+ db_set slapd/internal/adminpw `create_password_hash "$RET"`
+ else
+
+ # Set the password.
+ adminpw=`generate_admin_pass`
+ db_set slapd/internal/generated_adminpw $adminpw
+ db_set slapd/internal/adminpw `create_password_hash "$adminpw"`
+ fi
+}
+
+generate_admin_pass() {
+# Generate a password, if no password given then generate one.
+# Usage: generate_admin_pass
+
+ perl << 'EOF'
+# --------
+sub generatePassword {
+ $length = shift;
+ $possible = 'abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+ $password = '';
+ while(length($password) < $length) {
+ $password.= substr($possible, (int(rand(length($possible)))), 1);
+ }
+ return $password;
+}
+print generatePassword(15);
+EOF
+# --------
+}
+
+wipe_admin_pass() {
+# Remove passwords after creating the initial ldap database.
+# Usage: wipe_admin_pass
+ db_set slapd/password1 ""
+ db_set slapd/password2 ""
+ db_set slapd/internal/adminpw ""
+ db_set slapd/internal/generated_adminpw ""
+}
+
+# }}}
+create_password_hash() { # {{{
+# Create the password hash for the given password
+# Usage: hash=`create_password_hash "$password"`
+
+ slappasswd -s "$1"
+}
+
+# }}}
+previous_version_older() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_older <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" lt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+# }}}
+previous_version_newer() { # {{{
+# Check if the previous version is newer than the reference version passed.
+# If we are not upgrading the previous version is assumed to be newer than
+# any reference version.
+# Usage: previous_version_newer <package version>
+
+ if dpkg --compare-versions "$OLD_VERSION" gt-nl "$1"; then
+ return 0
+ else
+ return 1
+ fi
+} # }}}
+
+is_initial_configuration() { # {{{
+# Check if this is the initial configuration and not an upgrade of an
+# existing configuration
+# Usage: if is_initial_configuration "$@"; then ... fi from top level
+
+ # Plain installation
+ if [ "$1" = configure ] && [ -z "$2" ]; then
+ return 0
+ fi
+ # Configuration via dpkg-reconfigure
+ if [ "$1" = reconfigure ] || [ "$DEBCONF_RECONFIGURE" ]; then
+ return 0
+ fi
+ # Upgrade but slapd.conf doesn't exist. If the user is doing this
+ # intentionally because they want to put it somewhere else, they
+ # should select manual configuration in debconf.
+ if [ "$1" = configure ] && [ ! -e "${SLAPD_CONF}" ]; then
+ return 0
+ fi
+ return 1
+}
+
+# }}}
+is_empty_dir() { # {{{
+# Check if a path refers to a directory that is "empty" from the POV of slapd
+# (i.e., contains no files except for an optional DB_CONFIG).
+# Usage: if is_empty_dir "$dir"; then ... fi
+
+ output=`find -H "$1" -mindepth 1 -maxdepth 1 -type f \! -name DB_CONFIG 2>/dev/null`
+ if [ -n "$output" ]; then
+ return 1
+ else
+ return 0
+ fi
+}
+
+# }}}
+
+find_old_ppolicy_schema() { # {{{
+# Helper for the ppolicy schema update in 2.4.43. Checks whether the
+# exported config includes an old version of the ppolicy schema that
+# needs the new attribute added. If such a schema is found, echos its DN
+# to stdout. If the schema is not loaded or is already up-to-date,
+# returns nothing. The provided LDIF should have its lines unwrapped
+# already.
+# Usage: ppolicy_dn="$(find_old_ppolicy_schema "$exported_ldif")"
+ local ppolicy_dn
+
+ # Is the ppolicy schema loaded?
+ if ! ppolicy_dn="$(grep '^dn: cn={[0-9]\+}ppolicy,cn=schema,cn=config$' "$1")"; then
+ return
+ fi
+
+ # Has the pwdMaxRecordedFailure attribute already been added?
+ # It might have been replicated from a newer server.
+ if grep -q '^olcAttributeTypes: .*NAME '\''pwdMaxRecordedFailure'\' "$1"; then
+ return
+ fi
+
+ # The schema is loaded and needs to be updated.
+ ppolicy_dn="${ppolicy_dn#dn: }"
+ echo "$ppolicy_dn"
+}
+# }}}
+
+# ===== Global variables ================================================ {{{
+#
+# At some points we need to know which version we are upgrading from if
+# any. More precisely we only care about the configuration and data we
+# might have laying around. Some parts also want to know which mode the
+# script is running in.
+
+MODE="$1" # install, upgrade, etc. - see debian-policy
+OLD_VERSION="$2"
+
+# Source the init script configuration
+# See example file debian/slapd.default for variables defined here
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -f "/etc/ldap/slapd.conf" ] && \
+ [ ! -e "/etc/ldap/slapd.d" ]
+ then
+ SLAPD_CONF="/etc/ldap/slapd.conf"
+ else
+ SLAPD_CONF="/etc/ldap/slapd.d"
+ fi
+fi
+
+# }}}
+
+# ----- Handling diagnostic output ------------------------------------ {{{
+#
+# Often you want to run a program while you are showing progress
+# information to the user. If the program you are running outputs some
+# diagnostics it will mess up your screen.
+#
+# This is what the following functions are designed for. When running the
+# program, use capture_diagnostics to store what the program outputs to
+# stderr and use release_diagnostics to write out the captured output.
+
+
+capture_diagnostics() { # {{{
+# Run the command passed and capture the diagnostic output in a temporary
+# file. You can dump that file using release_diagnostics.
+
+ # Create the temporary file
+ local tmpfile
+ tmpfile=`mktemp`
+ exec 7<>"$tmpfile"
+ rm "$tmpfile"
+
+ # Run the program and capture stderr. If the program fails the
+ # function fails with the same status.
+ "$@" 2>&7 || return $?
+}
+
+# }}}
+release_diagnostics() { # {{{
+# Dump the diagnostic output captured via capture_diagnostics, optionally
+# prefixing each line.
+# Usage: release_diagnostics "prefix"
+
+ local script
+ script='
+ seek STDIN, 0, 0;
+ print "$ARGV[0]$_" while (<STDIN>);';
+ perl -e "$script" "$1" <&7
+}
+
+# }}}
+
+
+# }}}
+
+# vim: set sw=8 foldmethod=marker:
+