117 lines
3.0 KiB
Bash
117 lines
3.0 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
. /scripts/utils.sh
|
|
|
|
log_info "Loading schemas..."
|
|
|
|
SCHEMA_DIR="/etc/openldap/schema"
|
|
|
|
# We use slaptest to convert all schemas at once into the cn=config format
|
|
# This is more reliable than trying to load individual schemas
|
|
|
|
log_info "Converting schemas using slaptest..."
|
|
|
|
# Create a temporary slapd.conf with all schemas
|
|
TEMP_DIR="/tmp/schema-convert-$$"
|
|
mkdir -p "$TEMP_DIR/slapd.d"
|
|
|
|
cat > "$TEMP_DIR/slapd.conf" << EOF
|
|
# Core schemas (built-in)
|
|
include ${SCHEMA_DIR}/core.schema
|
|
include ${SCHEMA_DIR}/cosine.schema
|
|
include ${SCHEMA_DIR}/inetorgperson.schema
|
|
|
|
# Custom schemas - rfc2307bis replaces nis.schema
|
|
include ${SCHEMA_DIR}/rfc2307bis.schema
|
|
EOF
|
|
|
|
# Add openssh-lpk if it exists
|
|
if [ -f "${SCHEMA_DIR}/openssh-lpk.schema" ]; then
|
|
echo "include ${SCHEMA_DIR}/openssh-lpk.schema" >> "$TEMP_DIR/slapd.conf"
|
|
fi
|
|
|
|
# Add kerberos if it exists
|
|
if [ -f "${SCHEMA_DIR}/kerberos.schema" ]; then
|
|
echo "include ${SCHEMA_DIR}/kerberos.schema" >> "$TEMP_DIR/slapd.conf"
|
|
fi
|
|
|
|
# Add enterprise if it exists
|
|
if [ -f "${SCHEMA_DIR}/enterprise.schema" ]; then
|
|
echo "include ${SCHEMA_DIR}/enterprise.schema" >> "$TEMP_DIR/slapd.conf"
|
|
fi
|
|
|
|
log_info "Schema config file:"
|
|
cat "$TEMP_DIR/slapd.conf"
|
|
|
|
# Convert schemas to cn=config format using slaptest
|
|
log_info "Running slaptest to convert schemas..."
|
|
if /usr/sbin/slaptest -f "$TEMP_DIR/slapd.conf" -F "$TEMP_DIR/slapd.d" 2>&1; then
|
|
log_info "Schema conversion successful"
|
|
else
|
|
log_error "Schema conversion failed"
|
|
rm -rf "$TEMP_DIR"
|
|
exit 1
|
|
fi
|
|
|
|
# Copy the converted schema files to our slapd.d
|
|
log_info "Installing converted schemas..."
|
|
if [ -d "$TEMP_DIR/slapd.d/cn=config/cn=schema" ]; then
|
|
mkdir -p /etc/openldap/slapd.d/cn=config/cn=schema
|
|
cp -a "$TEMP_DIR/slapd.d/cn=config/cn=schema/"* /etc/openldap/slapd.d/cn=config/cn=schema/
|
|
log_info "Schemas installed:"
|
|
ls -la /etc/openldap/slapd.d/cn=config/cn=schema/
|
|
else
|
|
log_error "No schema directory found after conversion"
|
|
rm -rf "$TEMP_DIR"
|
|
exit 1
|
|
fi
|
|
|
|
# Cleanup
|
|
rm -rf "$TEMP_DIR"
|
|
|
|
# Fix ownership
|
|
chown -R ldap:ldap /etc/openldap/slapd.d
|
|
|
|
# Now add indexes for schema-defined attributes
|
|
log_info "Adding database indexes..."
|
|
|
|
# Socket URL for ldapi - must use URL-encoded path
|
|
LDAPI_SOCKET="ldapi://%2Frun%2Fopenldap%2Fldapi"
|
|
|
|
# Start slapd temporarily to add indexes
|
|
/usr/sbin/slapd -h "$LDAPI_SOCKET" -F /etc/openldap/slapd.d -u ldap -g ldap
|
|
sleep 2
|
|
wait_for_slapd 30 "$LDAPI_SOCKET"
|
|
|
|
cat > /tmp/add-indexes.ldif << EOF
|
|
dn: olcDatabase={1}mdb,cn=config
|
|
changetype: modify
|
|
add: olcDbIndex
|
|
olcDbIndex: uid eq,pres,sub
|
|
-
|
|
add: olcDbIndex
|
|
olcDbIndex: uidNumber eq
|
|
-
|
|
add: olcDbIndex
|
|
olcDbIndex: gidNumber eq
|
|
-
|
|
add: olcDbIndex
|
|
olcDbIndex: mail eq,pres,sub
|
|
-
|
|
add: olcDbIndex
|
|
olcDbIndex: memberOf eq
|
|
-
|
|
add: olcDbIndex
|
|
olcDbIndex: member eq
|
|
EOF
|
|
|
|
ldapmodify -Y EXTERNAL -H "$LDAPI_SOCKET" -f /tmp/add-indexes.ldif || log_warn "Some indexes may already exist"
|
|
|
|
# Stop temporary slapd
|
|
pkill slapd || true
|
|
sleep 2
|
|
rm -f /tmp/add-indexes.ldif
|
|
|
|
log_info "Schema loading complete"
|