~mathiaz/openldap/debian-cnconfig : contents of /debian/slapd.config at revision 224

~mathiaz/openldap/debian-cnconfig : (revision 224)

#! /bin/sh

set -e

# Load debconf
. /usr/share/debconf/confmodule

# This will be replaced with debian/slapd.scripts-common which includes
# various helper functions and $OLD_VERSION and $SLAPD_CONF
#SCRIPTSCOMMON#

# Check if the user wants to configure slapd manually
want_manual_configuration() {
  db_input medium slapd/no_configuration || true
  db_go || true
  db_get slapd/no_configuration
  no_configuration="$RET"
  
  if [ "$no_configuration" = "true" ]; then
    return 0
  fi
  return 1
}

# Make sure the values entered make sense
validate_initial_config() {
  local invalid
  invalid=""
 
  # Make sure the domain name is valid
  # The regexp doesn't work for UTF-8 domain names, but for that to
  # work, we would also need to Base64 encode it in the LDIF; since
  # we're not doing it at the moment, this should be fine for now
  db_get slapd/domain
  if [ -z "$RET" ] || ! echo "$RET" | grep -q '^[a-zA-Z0-9.-]*$'; then
    db_fset slapd/domain seen false
    invalid=true
  fi
 
  # Suffix and Organization may not be empty
  db_get shared/organization
  if [ -z "$RET" ]; then
    db_fset shared/organization seen false
    invalid=true
  fi

  # Tell the user
  if [ "$invalid" ]; then
    db_fset slapd/invalid_config seen false
    db_input critical slapd/invalid_config || true
    db_go || true
    db_get slapd/invalid_config
    if [ "$RET" != "true" ]; then
      db_set slapd/no_configuration true
      invalid=
    fi
  fi

  if [ "$invalid" ]; then 
    return 1
  else
    return 0
  fi
}

# Query the information we need to create an initial directory
query_initial_config() {
  while true; do
    db_input medium slapd/domain || true
    db_input medium shared/organization || true
    db_input low slapd/backend || true
    db_input low slapd/purge_database || true
    # XXX - should be done more general, but for now this should do
    # the trick
    if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
      db_input low slapd/move_old_database || true
    fi
    db_go || true

    get_admin_password

    if validate_initial_config; then
      break
    fi
  done
}

# Get the admin password
get_admin_password() {
  while true; do
    db_input high slapd/password1 || true
    db_input high slapd/password2 || true
    db_go || true

    # Make sure the passwords match
    local pass1 pass2
    db_get slapd/password1
    pass1="$RET"
    db_get slapd/password2
    pass2="$RET"

    if [ "$pass1" = "$pass2" ]; then
      break;
    fi
    db_fset slapd/password1 seen false
    db_fset slapd/password2 seen false
    db_input critical slapd/password_mismatch
    wipe_admin_pass
    db_go
  done
  crypt_admin_pass
}


configure_allow_v2_binds() {                        # {{{
# Ask if the user would like their package to support LDAPv2..
# This was the default in older versions but we want to ask
# for new installs too in case the user needs it..

    db_input medium slapd/allow_ldap_v2 || true
}
# }}}

# ----- Configuration of LDIF dumping and reloading---------------------  {{{
#
# Dumping the database can have negative effects on the system we are
# running on. If there is a lot of data dumping it might fill a partition
# for example. Therefore we must give the user exact control over what we
# are doing.

configure_dumping() {							# {{{
# Ask the user for the configuration of the dumping component
# Usage: configure_dumping

  # Look if the user wants to migrate to the BDB backend
  if ! database_dumping_enabled; then
    return 0
  fi

	# Configure if and where to dump the LDAP databases
	db_input medium slapd/dump_database || true
	db_go || true
	db_get slapd/dump_database

	# Abort if the user does not want dumping
	if [ "$RET" = never ]; then
		return 0
	fi

	db_input medium slapd/dump_database_destdir || true
	db_go || true

	# If the user entered the empty value, go back to the default
	db_get slapd/dump_database_destdir 
	if [ "$RET" = "" ]; then
		db_reset slapd/dump_database_destdir
	fi
}

# }}}
# }}}

# Create an initial directory on fresh install
if is_initial_configuration "$@"; then
	if ! want_manual_configuration; then
		set_defaults_for_unseen_entries
		query_initial_config
		configure_allow_v2_binds
	fi
fi

# Configure the dumping component if we are upgrading some older version
if [ "$1" = configure ] && [ -n "$2" ]; then
	configure_dumping
	configure_allow_v2_binds
	# Ask the admin password when migrating to a cn=config environment.
	if previous_version_older 2.4.10-3 && [ -f "${SLAPD_CONF}" ]; then
	    	# wipe_admin_pass doesn't set slapd/password{1,2} to seen false
    		# need to do it in order to get prompted for the admin password
    		db_fset slapd/password1 seen false
    		db_fset slapd/password2 seen false
		get_admin_password
	fi
fi
   
db_go || true

exit 0

1 by matthijs * Move trunk-2.3 to tags.	1	#! /bin/sh
	2
	3	set -e
	4
	5	# Load debconf
	6	. /usr/share/debconf/confmodule
	7
	8	# This will be replaced with debian/slapd.scripts-common which includes
	9	# various helper functions and $OLD_VERSION and $SLAPD_CONF
	10	#SCRIPTSCOMMON#
	11
24 by vorlon three more shell functions, want_manual_configuration, query_initial_config,	12	# Check if the user wants to configure slapd manually
	13	want_manual_configuration() {
	14	db_input medium slapd/no_configuration \|\| true
	15	db_go \|\| true
	16	db_get slapd/no_configuration
	17	no_configuration="$RET"
	18
	19	if [ "$no_configuration" = "true" ]; then
	20	return 0
	21	fi
	22	return 1
	23	}
	24
	25	# Make sure the values entered make sense
	26	validate_initial_config() {
	27	local invalid
	28	invalid=""
	29
	30	# Make sure the domain name is valid
	31	# The regexp doesn't work for UTF-8 domain names, but for that to
	32	# work, we would also need to Base64 encode it in the LDIF; since
	33	# we're not doing it at the moment, this should be fine for now
	34	db_get slapd/domain
	35	if [ -z "$RET" ] \|\| ! echo "$RET" \| grep -q '^[a-zA-Z0-9.-]*$'; then
	36	db_fset slapd/domain seen false
	37	invalid=true
	38	fi
	39
	40	# Suffix and Organization may not be empty
	41	db_get shared/organization
	42	if [ -z "$RET" ]; then
	43	db_fset shared/organization seen false
	44	invalid=true
	45	fi
	46
	47	# Tell the user
	48	if [ "$invalid" ]; then
	49	db_fset slapd/invalid_config seen false
	50	db_input critical slapd/invalid_config \|\| true
	51	db_go \|\| true
	52	db_get slapd/invalid_config
	53	if [ "$RET" != "true" ]; then
	54	db_set slapd/no_configuration true
	55	invalid=
	56	fi
	57	fi
	58
	59	if [ "$invalid" ]; then
	60	return 1
	61	else
	62	return 0
	63	fi
	64	}
	65
	66	# Query the information we need to create an initial directory
	67	query_initial_config() {
	68	while true; do
	69	db_input medium slapd/domain \|\| true
	70	db_input medium shared/organization \|\| true
	71	db_input low slapd/backend \|\| true
	72	db_input low slapd/purge_database \|\| true
	73	# XXX - should be done more general, but for now this should do
	74	# the trick
	75	if [ -e "/var/lib/ldap" ] && ! is_empty_dir /var/lib/ldap; then
76	db_input low slapd/move_old_database \|\| true
77	fi
78	db_go \|\| true
79
222 by Mathias Gug Ask for cn=config password on upgrades.	80	get_admin_password
222 by Mathias Gug Ask for cn=config password on upgrades.	81
24 by vorlon three more shell functions, want_manual_configuration, query_initial_config,	82	if validate_initial_config; then
	83	break
	84	fi
	85	done
	86	}
	87
222 by Mathias Gug Ask for cn=config password on upgrades.	88	# Get the admin password
	89	get_admin_password() {
	90	while true; do
	91	db_input high slapd/password1 \|\| true
	92	db_input high slapd/password2 \|\| true
	93	db_go \|\| true
	94
	95	# Make sure the passwords match
	96	local pass1 pass2
	97	db_get slapd/password1
	98	pass1="$RET"
	99	db_get slapd/password2
	100	pass2="$RET"
	101
	102	if [ "$pass1" = "$pass2" ]; then
	103	break;
	104	fi
	105	db_fset slapd/password1 seen false
	106	db_fset slapd/password2 seen false
	107	db_input critical slapd/password_mismatch
	108	wipe_admin_pass
	109	db_go
	110	done
223 by Mathias Gug Fix config script to prompt for admin password on upgrades. Delete /etc/ldap/slapd.d/ if the migration doesn't work.	111	crypt_admin_pass
222 by Mathias Gug Ask for cn=config password on upgrades.	112	}
	113
	114
22 by vorlon several shell functions (configure_dumping, configure_ldbm_to_bdb_migration,	115	configure_allow_v2_binds() { # {{{
	116	# Ask if the user would like their package to support LDAPv2..
	117	# This was the default in older versions but we want to ask
	118	# for new installs too in case the user needs it..
	119
	120	db_input medium slapd/allow_ldap_v2 \|\| true
	121	}
	122	# }}}
	123
	124	# ----- Configuration of LDIF dumping and reloading--------------------- {{{
	125	#
	126	# Dumping the database can have negative effects on the system we are
	127	# running on. If there is a lot of data dumping it might fill a partition
	128	# for example. Therefore we must give the user exact control over what we
	129	# are doing.
	130
	131	configure_dumping() { # {{{
	132	# Ask the user for the configuration of the dumping component
	133	# Usage: configure_dumping
	134
	135	# Look if the user wants to migrate to the BDB backend
	136	if ! database_dumping_enabled; then
	137	return 0
	138	fi
	139
	140	# Configure if and where to dump the LDAP databases
	141	db_input medium slapd/dump_database \|\| true
	142	db_go \|\| true
	143	db_get slapd/dump_database
	144
	145	# Abort if the user does not want dumping
	146	if [ "$RET" = never ]; then
	147	return 0
	148	fi
	149
	150	db_input medium slapd/dump_database_destdir \|\| true
	151	db_go \|\| true
	152
	153	# If the user entered the empty value, go back to the default
	154	db_get slapd/dump_database_destdir
	155	if [ "$RET" = "" ]; then
	156	db_reset slapd/dump_database_destdir
	157	fi
	158	}
	159
	160	# }}}
	161	# }}}
	162
1 by matthijs * Move trunk-2.3 to tags.	163	# Create an initial directory on fresh install
	164	if is_initial_configuration "$@"; then
	165	if ! want_manual_configuration; then
	166	set_defaults_for_unseen_entries
	167	query_initial_config
	168	configure_allow_v2_binds
	169	fi
	170	fi
	171
	172	# Configure the dumping component if we are upgrading some older version
	173	if [ "$1" = configure ] && [ -n "$2" ]; then
	174	configure_dumping
	175	configure_allow_v2_binds
222 by Mathias Gug Ask for cn=config password on upgrades.	176	# Ask the admin password when migrating to a cn=config environment.
222 by Mathias Gug Ask for cn=config password on upgrades.	177	if previous_version_older 2.4.10-3 && [ -f "${SLAPD_CONF}" ]; then
224 by Mathias Gug Only set adminpassword seen to false on cn=config migration.	178	# wipe_admin_pass doesn't set slapd/password{1,2} to seen false
	179	# need to do it in order to get prompted for the admin password
	180	db_fset slapd/password1 seen false
	181	db_fset slapd/password2 seen false
222 by Mathias Gug Ask for cn=config password on upgrades.	182	get_admin_password
222 by Mathias Gug Ask for cn=config password on upgrades.	183	fi
1 by matthijs * Move trunk-2.3 to tags.	184	fi
	185
	186	db_go \|\| true
	187
	188	exit 0