openldap/libexec-check-config.sh
Simon Pichugin 004e302f0d Update to new major release OpenLDAP 2.6.1
- rediff all patches and remove patches now upstream
- use upstream source location for check password module
  and rediff patch due to this
- add patch to fix build issue in 2.5.4 (from upstream)
- clean and sort buildreqs
- remove various refs to bdb
- remove now default -DLDAP_USE_NON_BLOCKING_TLS
- add new modules and enable load balancer as module
- disable wiredtired backend due to missing build deps
- don't remove files that don't exist
- let check-config work on *.mdb over legacy files
- remove refs to old-style config
- new soname names
- remove libldap_r link as the library was merged with libldap
- refactor openldap-compat package to support the transition from 2.4
- add UPGRADE_INSTRUCTIONS for openldap-server upgrade

The original patch was submitted by Fedora user - terjeros
https://src.fedoraproject.org/rpms/openldap/pull-request/6

Resolves: #1955293
2022-01-31 14:59:38 -08:00

103 lines
2.2 KiB
Bash
Executable File

#! /usr/bin/sh
# Author: Jan Vcelak <jvcelak@redhat.com>
. /usr/libexec/openldap/functions
function check_config_syntax()
{
retcode=0
tmp_slaptest=`mktemp --tmpdir=/var/run/openldap`
run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
if [ $? -ne 0 ]; then
error "Checking configuration file failed:"
cat $tmp_slaptest >&2
retcode=1
fi
rm $tmp_slaptest
return $retcode
}
function check_certs_perms()
{
retcode=0
for cert in `certificates`; do
run_as_ldap "/usr/bin/test -e \"$cert\""
if [ $? -ne 0 ]; then
error "TLS certificate/key/DB '%s' was not found." "$cert"
retcoder=1
continue
fi
run_as_ldap "/usr/bin/test -r \"$cert\""
if [ $? -ne 0 ]; then
error "TLS certificate/key/DB '%s' is not readable." "$cert"
retcode=1
fi
done
return $retcode
}
function check_db_perms()
{
retcode=0
for dbdir in `databases`; do
[ -d "$dbdir" ] || continue
for dbfile in `find ${dbdir} -maxdepth 1 -name "*.mdb"` ; do
run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
if [ $? -ne 0 ]; then
error "Read/write permissions for DB file '%s' are required." "$dbfile"
retcode=1
fi
done
done
return $retcode
}
function check_major_upgrade()
{
retcode=0
if [ -f "/usr/share/openldap-servers/UPGRADE_INSTRUCTIONS" ]; then
error "You have upgraded your openldap-servers package. There are actions that need to be performed. Please, read the /usr/share/openldap-servers/UPGRADE_INSTRUCTIONS file"
retcode=1
fi
return $retcode
}
function check_everything()
{
retcode=0
check_config_syntax || retcode=1
check_certs_perms || retcode=1
check_db_perms || retcode=1
return $retcode
}
if [ `id -u` -ne 0 ]; then
error "You have to be root to run this script."
exit 4
fi
check_major_upgrade || return 1
load_sysconfig
if [ -n "$SLAPD_CONFIG_DIR" ]; then
if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
else
check_everything
exit $?
fi
fi
if [ -n "$SLAPD_CONFIG_FILE" ]; then
if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
else
error "Warning: Usage of a configuration file is obsolete!"
check_everything
exit $?
fi
fi
exit 1