summaryrefslogtreecommitdiffstats
path: root/debian/slapd.init
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit2886df93860f983d875b7d6acb418faa31491d5a (patch)
treeb596ddcbb70247c1994f3b1d8ba9e793b9788a9d /debian/slapd.init
parentAdding upstream version 2.4.57+dfsg. (diff)
downloadopenldap-2886df93860f983d875b7d6acb418faa31491d5a.tar.xz
openldap-2886df93860f983d875b7d6acb418faa31491d5a.zip
Adding debian version 2.4.57+dfsg-3+deb11u1.debian/2.4.57+dfsg-3+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/slapd.init202
-rw-r--r--debian/slapd.init.ldif96
2 files changed, 298 insertions, 0 deletions
diff --git a/debian/slapd.init b/debian/slapd.init
new file mode 100644
index 0000000..581f0a4
--- /dev/null
+++ b/debian/slapd.init
@@ -0,0 +1,202 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: slapd
+# Required-Start: $remote_fs $network $syslog
+# Required-Stop: $remote_fs $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OpenLDAP standalone server (Lightweight Directory Access Protocol)
+### END INIT INFO
+
+# Specify path variable
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+. /lib/lsb/init-functions
+
+# Kill me on all errors
+set -e
+
+# Set the paths to slapd as a variable so that someone who really
+# wants to can override the path in /etc/default/slapd.
+SLAPD=/usr/sbin/slapd
+
+# Stop processing if slapd is not there
+[ -x $SLAPD ] || exit 0
+
+# debconf may have this file descriptor open and it makes things work a bit
+# more reliably if we redirect it as a matter of course. db_stop will take
+# care of this, but this won't hurt.
+exec 3>/dev/null
+
+# Source the init script configuration
+if [ -f "/etc/default/slapd" ]; then
+ . /etc/default/slapd
+fi
+
+# Load the default location of the slapd config file
+if [ -z "$SLAPD_CONF" ]; then
+ if [ -e /etc/ldap/slapd.d ]; then
+ SLAPD_CONF=/etc/ldap/slapd.d
+ else
+ SLAPD_CONF=/etc/ldap/slapd.conf
+ fi
+fi
+
+# Stop processing if the config file is not there
+if [ ! -r "$SLAPD_CONF" ]; then
+ log_warning_msg "No configuration file was found for slapd at $SLAPD_CONF."
+ # if there is no config at all, we should assume slapd is not running
+ # and exit 0 on stop so that unconfigured packages can be removed.
+ [ "x$1" = xstop ] && exit 0 || exit 1
+fi
+
+# extend options depending on config type
+if [ -f "$SLAPD_CONF" ]; then
+ SLAPD_OPTIONS="-f $SLAPD_CONF $SLAPD_OPTIONS"
+elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_OPTIONS="-F $SLAPD_CONF $SLAPD_OPTIONS"
+fi
+
+# Find out the name of slapd's pid file
+if [ -z "$SLAPD_PIDFILE" ]; then
+ # If using old one-file configuration scheme
+ if [ -f "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne 's/^pidfile[[:space:]]\+\(.\+\)/\1/p' \
+ "$SLAPD_CONF"`
+ # Else, if using new directory configuration scheme
+ elif [ -d "$SLAPD_CONF" ] ; then
+ SLAPD_PIDFILE=`sed -ne \
+ 's/^olcPidFile:[[:space:]]\+\(.\+\)[[:space:]]*/\1/p' \
+ "$SLAPD_CONF"/'cn=config.ldif'`
+ fi
+fi
+
+# XXX: Breaks upgrading if there is no pidfile (invoke-rc.d stop will fail)
+# -- Torsten
+if [ -z "$SLAPD_PIDFILE" ]; then
+ log_failure_msg "The pidfile for slapd has not been specified"
+ exit 1
+fi
+
+# Pass the user and group to run under to slapd
+if [ "$SLAPD_USER" ]; then
+ SLAPD_OPTIONS="-u $SLAPD_USER $SLAPD_OPTIONS"
+fi
+
+if [ "$SLAPD_GROUP" ]; then
+ SLAPD_OPTIONS="-g $SLAPD_GROUP $SLAPD_OPTIONS"
+fi
+
+# Check whether we were configured to not start the services.
+check_for_no_start() {
+ if [ -n "$SLAPD_NO_START" ]; then
+ echo 'Not starting slapd: SLAPD_NO_START set in /etc/default/slapd' >&2
+ exit 0
+ fi
+ if [ -n "$SLAPD_SENTINEL_FILE" ] && [ -e "$SLAPD_SENTINEL_FILE" ]; then
+ echo "Not starting slapd: $SLAPD_SENTINEL_FILE exists" >&2
+ exit 0
+ fi
+}
+
+# Tell the user that something went wrong and give some hints for
+# resolving the problem.
+report_failure() {
+ log_end_msg 1
+ if [ -n "$reason" ]; then
+ log_failure_msg "$reason"
+ else
+ log_failure_msg "The operation failed but no output was produced."
+
+ if [ -n "$SLAPD_OPTIONS" -o \
+ -n "$SLAPD_SERVICES" ]; then
+ if [ -z "$SLAPD_SERVICES" ]; then
+ if [ -n "$SLAPD_OPTIONS" ]; then
+ log_failure_msg "Command line used: slapd $SLAPD_OPTIONS"
+ fi
+ else
+ log_failure_msg "Command line used: slapd -h '$SLAPD_SERVICES' $SLAPD_OPTIONS"
+ fi
+ fi
+ fi
+}
+
+# Start the slapd daemon and capture the error message if any to
+# $reason.
+start_slapd() {
+ # Make sure /var/run/slapd exists with correct permissions
+ if [ ! -d /var/run/slapd ]; then
+ mkdir -p /var/run/slapd
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" /var/run/slapd
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" /var/run/slapd
+ fi
+
+ # Make sure the pidfile directory exists with correct permissions
+ piddir=`dirname "$SLAPD_PIDFILE"`
+ if [ ! -d "$piddir" ]; then
+ mkdir -p "$piddir"
+ [ -z "$SLAPD_USER" ] || chown -R "$SLAPD_USER" "$piddir"
+ [ -z "$SLAPD_GROUP" ] || chgrp -R "$SLAPD_GROUP" "$piddir"
+ fi
+
+ if [ -z "$SLAPD_SERVICES" ]; then
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- $SLAPD_OPTIONS 2>&1`"
+ else
+ reason="`start-stop-daemon --start --quiet --oknodo \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD -- -h "$SLAPD_SERVICES" $SLAPD_OPTIONS 2>&1`"
+ fi
+
+ # Backward compatibility with OpenLDAP 2.1 client libraries.
+ if [ ! -h /var/run/ldapi ] && [ ! -e /var/run/ldapi ] ; then
+ ln -s slapd/ldapi /var/run/ldapi
+ fi
+}
+
+# Stop the slapd daemon and capture the error message (if any) to
+# $reason.
+stop_slapd() {
+ reason="`start-stop-daemon --stop --quiet --oknodo --retry TERM/10 \
+ --pidfile "$SLAPD_PIDFILE" \
+ --exec $SLAPD 2>&1`"
+}
+
+# Start the OpenLDAP daemons
+start_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Starting OpenLDAP" "slapd"
+ start_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+# Stop the OpenLDAP daemons
+stop_ldap() {
+ trap 'report_failure' 0
+ log_daemon_msg "Stopping OpenLDAP" "slapd"
+ stop_slapd
+ trap "-" 0
+ log_end_msg 0
+}
+
+case "$1" in
+ start)
+ check_for_no_start
+ start_ldap ;;
+ stop)
+ stop_ldap ;;
+ restart|force-reload)
+ check_for_no_start
+ stop_ldap
+ start_ldap
+ ;;
+ status)
+ status_of_proc -p $SLAPD_PIDFILE $SLAPD slapd
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
new file mode 100644
index 0000000..eacb116
--- /dev/null
+++ b/debian/slapd.init.ldif
@@ -0,0 +1,96 @@
+# Global config:
+dn: cn=config
+objectClass: olcGlobal
+cn: config
+# Where the pid file is put. The init.d script
+# will not stop the server if you change this.
+olcPidFile: /var/run/slapd/slapd.pid
+# List of arguments that were passed to the server
+olcArgsFile: /var/run/slapd/slapd.args
+# Read slapd-config(5) for possible values
+olcLogLevel: none
+# The tool-threads parameter sets the actual amount of cpu's that is used
+# for indexing.
+olcToolThreads: 1
+
+# Frontend settings
+dn: olcDatabase={-1}frontend,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcFrontendConfig
+olcDatabase: {-1}frontend
+# The maximum number of entries that is returned for a search operation
+olcSizeLimit: 500
+# Allow unlimited access to local connection from the local root user
+olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+# Allow unauthenticated read access for schema and base DN autodiscovery
+olcAccess: {1}to dn.exact="" by * read
+olcAccess: {2}to dn.base="cn=Subschema" by * read
+
+# Config db settings
+dn: olcDatabase=config,cn=config
+objectClass: olcDatabaseConfig
+olcDatabase: config
+# Allow unlimited access to local connection from the local root user
+olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break
+olcRootDN: cn=admin,cn=config
+
+# Load schemas
+dn: cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: schema
+
+include: file:///etc/ldap/schema/core.ldif
+include: file:///etc/ldap/schema/cosine.ldif
+include: file:///etc/ldap/schema/nis.ldif
+include: file:///etc/ldap/schema/inetorgperson.ldif
+
+# Load module
+dn: cn=module{0},cn=config
+objectClass: olcModuleList
+cn: module{0}
+# Where the dynamically loaded modules are stored
+olcModulePath: /usr/lib/ldap
+olcModuleLoad: back_mdb
+
+# The database definition.
+dn: olcDatabase=mdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcMdbConfig
+olcDatabase: mdb
+# Default to a 1 GiB database for compatibility with 32-bit systems.
+olcDbMaxSize: 1073741824
+# Checkpoint the database periodically in case of system
+# failure and to speed slapd shutdown.
+olcDbCheckpoint: 512 30
+# Save the time that the entry gets modified, for database #1
+olcLastMod: TRUE
+# The base of your directory in database #1
+olcSuffix: @SUFFIX@
+# Where the database file are physically stored for database #1
+olcDbDirectory: /var/lib/ldap
+# Database superuser credentials
+olcRootDN: cn=admin,@SUFFIX@
+olcRootPW: @PASSWORD@
+# Indexing options for database #1
+olcDbIndex: objectClass eq
+olcDbIndex: cn,uid eq
+olcDbIndex: uidNumber,gidNumber eq
+olcDbIndex: member,memberUid eq
+# The userPassword by default can be changed by the entry owning it if
+# they are authenticated. Others should not be able to see it, except
+# the admin entry above.
+olcAccess: to attrs=userPassword
+ by self write
+ by anonymous auth
+ by * none
+# Allow update of authenticated user's shadowLastChange attribute.
+# Updating it on password change is implemented at least by libpam-ldap,
+# libpam-ldapd, and the slapo-smbk5pwd overlay.
+olcAccess: to attrs=shadowLastChange
+ by self write
+ by * read
+# The admin dn (olcRootDN) bypasses ACLs and so has total access,
+# everyone else can read everything.
+olcAccess: to *
+ by * read
+