#!/bin/sh set -e . /scripts/utils.sh log_info "Loading schemas..." SCHEMA_DIR="/etc/openldap/schema" # We use slaptest to convert all schemas at once into the cn=config format # This is more reliable than trying to load individual schemas log_info "Converting schemas using slaptest..." # Create a temporary slapd.conf with all schemas TEMP_DIR="/tmp/schema-convert-$$" mkdir -p "$TEMP_DIR/slapd.d" cat > "$TEMP_DIR/slapd.conf" << EOF # Core schemas (built-in) include ${SCHEMA_DIR}/core.schema include ${SCHEMA_DIR}/cosine.schema include ${SCHEMA_DIR}/inetorgperson.schema # Custom schemas - rfc2307bis replaces nis.schema include ${SCHEMA_DIR}/rfc2307bis.schema EOF # Add openssh-lpk if it exists if [ -f "${SCHEMA_DIR}/openssh-lpk.schema" ]; then echo "include ${SCHEMA_DIR}/openssh-lpk.schema" >> "$TEMP_DIR/slapd.conf" fi # Add kerberos if it exists if [ -f "${SCHEMA_DIR}/kerberos.schema" ]; then echo "include ${SCHEMA_DIR}/kerberos.schema" >> "$TEMP_DIR/slapd.conf" fi # Add enterprise if it exists if [ -f "${SCHEMA_DIR}/enterprise.schema" ]; then echo "include ${SCHEMA_DIR}/enterprise.schema" >> "$TEMP_DIR/slapd.conf" fi log_info "Schema config file:" cat "$TEMP_DIR/slapd.conf" # Convert schemas to cn=config format using slaptest log_info "Running slaptest to convert schemas..." if /usr/sbin/slaptest -f "$TEMP_DIR/slapd.conf" -F "$TEMP_DIR/slapd.d" 2>&1; then log_info "Schema conversion successful" else log_error "Schema conversion failed" rm -rf "$TEMP_DIR" exit 1 fi # Copy the converted schema files to our slapd.d log_info "Installing converted schemas..." if [ -d "$TEMP_DIR/slapd.d/cn=config/cn=schema" ]; then mkdir -p /etc/openldap/slapd.d/cn=config/cn=schema cp -a "$TEMP_DIR/slapd.d/cn=config/cn=schema/"* /etc/openldap/slapd.d/cn=config/cn=schema/ log_info "Schemas installed:" ls -la /etc/openldap/slapd.d/cn=config/cn=schema/ else log_error "No schema directory found after conversion" rm -rf "$TEMP_DIR" exit 1 fi # Cleanup rm -rf "$TEMP_DIR" # Fix ownership chown -R ldap:ldap /etc/openldap/slapd.d # Now add indexes for schema-defined attributes log_info "Adding database indexes..." # Socket URL for ldapi - must use URL-encoded path LDAPI_SOCKET="ldapi://%2Frun%2Fopenldap%2Fldapi" # Start slapd temporarily to add indexes /usr/sbin/slapd -h "$LDAPI_SOCKET" -F /etc/openldap/slapd.d -u ldap -g ldap sleep 2 wait_for_slapd 30 "$LDAPI_SOCKET" cat > /tmp/add-indexes.ldif << EOF dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcDbIndex olcDbIndex: uid eq,pres,sub - add: olcDbIndex olcDbIndex: uidNumber eq - add: olcDbIndex olcDbIndex: gidNumber eq - add: olcDbIndex olcDbIndex: mail eq,pres,sub - add: olcDbIndex olcDbIndex: memberOf eq - add: olcDbIndex olcDbIndex: member eq EOF ldapmodify -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/add-indexes.ldif || log_warn "Some indexes may already exist" # Stop temporary slapd pkill slapd || true sleep 2 rm -f /tmp/add-indexes.ldif log_info "Schema loading complete"