[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Upgrading on RedHat 7.3



If you satisfied everything and only need to change slapd, it's simple:
compile it and install in, for example, /chroot/ldap/, then correct my script 
and use it to find all necessary libs and so on to build correct chroot 
environment. In this case you will have your RH server untouched, so You can 
use up2date. 
17 Август 2003 18:12, Вы написали:
> On Sun, 2003-08-17 at 11:28, tsg wrote:
> > Please tell more what do you want? Do you need ldap server, client,
> > ldap-enabled application?
> > By default RH installs only libs for password package which depends on
> > them. If you need a new slapd, you can leave everything as it is and
> > install it in chroot environment in /chroot/ldap.
>
> I already have an ldap server up and running for a while as I said version
> 2.0.27 installed by rpm package. Should I install as you're saying without
> removing the package?
>
> --
> Robert
# !bin/sh
source eval
source $STEPFILE
##################################################################
# Installing Linux LDAP Server in a chroot jail                  #
##################################################################
if [ -d $LDAP_CHROOT ]; then
	chattr -i $LDAP_CHROOT/etc/openldap/slapd.conf
	chattr -i $LDAP_CHROOT/etc/passwd
	chattr -i $LDAP_CHROOT/etc/group
	chattr -i $LDAP_CHROOT/etc/resolv.conf
	chattr -i $LDAP_CHROOT/etc/hosts
	chattr -i $LDAP_CHROOT/etc/nsswitch.conf
	rm -rf $LDAP_CHROOT
fi
mkdir -p $LDAP_CHROOT
mkdir -p $LDAP_CHROOT/dev
mkdir -p $LDAP_CHROOT/lib/i686
mkdir -p $LDAP_CHROOT/etc
mkdir -p $LDAP_CHROOT/home
mkdir -p $LDAP_CHROOT/tmp
mkdir -p $LDAP_CHROOT/bin
chmod 777 $LDAP_CHROOT/tmp
chmod +t $LDAP_CHROOT/tmp
mkdir -p $LDAP_CHROOT/usr/sbin
mkdir -p $LDAP_CHROOT/usr/share
mkdir -p $LDAP_CHROOT/usr/lib
mkdir -p $LDAP_CHROOT/var/run
mkdir -p $LDAP_CHROOT/var/log
mkdir -p $LDAP_CHROOT/var/lib
cp -p /bin/bash $LDAP_CHROOT/bin/
cp -p /lib/libtermcap.so.* $LDAP_CHROOT/lib/
mv $PREFIX/sbin/slapindex $LDAP_CHROOT/usr/sbin/
cat > /etc/cron.daily/ldapindex << EOF
chroot $LDAP_CHROOT/
/usr/sbin/slapindex
exit
exit 0
EOF
chmod 700 /etc/cron.daily/ldapindex
chown 0.0 /etc/cron.daily/ldapindex
mv /etc/openldap $LDAP_CHROOT/etc/
mkdir -p /etc/openldap
cp $LDAP_CHROOT/etc/openldap/ldap.conf /etc/openldap/
ln -fs /etc/openldap/ldap.conf /etc/
mv /usr/share/openldap $LDAP_CHROOT/usr/share/
mv /var/lib/ldap $LDAP_CHROOT/var/lib
mv /usr/sbin/slapd $LDAP_CHROOT/usr/sbin/
if [ -f /usr/sbin/slurd ] ; then 
	mv /usr/sbin/slurpd $LDAP_CHROOT/usr/sbin/
fi
mknod $LDAP_CHROOT/dev/null c 1 3
chmod 666 $LDAP_CHROOT/dev/null
mknod $LDAP_CHROOT/dev/urandom c 1 9
mkdir -p $LDAP_CHROOT/usr/share/ssl/certs
mkdir -p $LDAP_CHROOT/usr/share/ssl/private
cp -r /usr/share/ssl/certs/ldap.crt $LDAP_CHROOT/usr/share/ssl/certs
cp -r /usr/share/ssl/certs/ca.crt $LDAP_CHROOT/usr/share/ssl/certs
cp -r /usr/share/ssl/private/ldap.key $LDAP_CHROOT/usr/share/ssl/private
cp -r /usr/share/ssl/crl $LDAP_CHROOT/usr/share/ssl/
chmod 400 $LDAP_CHROOT/usr/share/ssl/private/ldap.key
less /etc/passwd | grep ldap > $LDAP_CHROOT/etc/passwd
less /etc/group | grep ldap > $LDAP_CHROOT/etc/group

FILES=`ldd $LDAP_CHROOT/usr/sbin/slapd | awk '{ print $3 }'`
for file in $FILES; do
	cp ${file} $LDAP_CHROOT$file
done
cp /lib/libnss_compat* $LDAP_CHROOT/lib/
cp /lib/libnss_dns* $LDAP_CHROOT/lib/
cp /lib/libnss_files* $LDAP_CHROOT/lib/
#strip -R .comment $LDAP_CHROOT/usr/lib/lib*
strip -R .comment $LDAP_CHROOT/lib/lib*
# Configure and install new /etc/logrotate.d/ldap file            #
cat > /etc/logrotate.d/ldap <<EOF
$LDAP_CHROOT/var/log/ldap.log {
    missingok
    postrotate
        /usr/bin/killall -HUP $LDAP_CHROOT/usr/sbin/slapd
    endscript
}

EOF
chmod 644 $LDAP_CHROOT/etc/passwd
chmod 644 $LDAP_CHROOT/etc/group
cp /etc/resolv.conf $LDAP_CHROOT/etc/
cp /etc/nsswitch.conf $LDAP_CHROOT/etc/
cp /etc/localtime $LDAP_CHROOT/etc/
cp /etc/hosts $LDAP_CHROOT/etc/
chown -R ldap.ldap $LDAP_CHROOT
chattr +i $LDAP_CHROOT/etc/passwd
chattr +i $LDAP_CHROOT/etc/group
#chattr +i $LDAP_CHROOT/etc/openldap/slapd.conf
chattr +i $LDAP_CHROOT/etc/resolv.conf
chattr +i $LDAP_CHROOT/etc/hosts
chattr +i $LDAP_CHROOT/etc/nsswitch.conf
if [ $LDAP_LOG -eq $YES ] ; then
	cat >> /etc/syslog.conf << EOF
local4.*				/var/log/ldap.log
EOF
	$START_DIR/syslog restart
fi
file=$START_DIR/openldap
cat > $START_DIR/ldap <<EOF
#!/bin/bash
#
# ldap  This shell script takes care of starting and stopping
#       ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \\
#              for implementing the industry standard directory services.
# processname: slapd
# config: $LDAP_CHROOT/etc/openldap/slapd.conf
# pidfile: $LDAP_CHROOT/var/run/slapd.pid

# Source function library.
. /etc/init.d/functions

# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
        . /etc/sysconfig/network
        [ \${NETWORKING} = "no" ] && exit 0
fi

slapd=$LDAP_CHROOT/usr/sbin/slapd
slurpd=$LDAP_CHROOT/usr/sbin/slurpd
[ -x \${slapd} ] || exit 0
#[ -x \${slurpd} ] || exit 0

RETVAL=0

function start() {
        # Start daemons.
        echo -n \$"Starting slapd: "
        if grep -q ^TLS $LDAP_CHROOT/etc/openldap/slapd.conf ; then
            daemon \${slapd} -u ldap -r $LDAP_CHROOT -h '"ldap:/// ldaps:///"'
            RETVAL=\$?
        else
            daemon \${slapd} -u ldap -r $LDAP_CHROOT
            RETVAL=\$?
        fi
        echo
        if [ \$RETVAL -eq 0 ]; then
            if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
                echo -n \$"Starting slurpd: "
                daemon \${slurpd} -r $LDAP_CHROOT
                RETVAL=\$?
                echo
            fi
        fi
        [ \$RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
        return \$RETVAL
}

function stop() {
        # Stop daemons.
        echo -n \$"Stopping slapd: "
        killproc \${slapd}
        RETVAL=\$?
        echo
        if [ \$RETVAL -eq 0 ]; then
            if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
                echo -n \$"Stopping slurpd: "
                killproc \${slurpd}
                RETVAL=\$?
                echo
            fi
        fi
        [ \$RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
        return \$RETVAL
}

# See how we were called.
case "\$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status \${slapd}
        if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf ; then
            status \${slurpd}
        fi
        ;;
    restart)
        stop
        start
        ;;
    reload)
        killall -HUP \${slapd}
        RETVAL=\$?
        if [ \$RETVAL -eq 0 ]; then
            if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
                killall -HUP \${slurpd}
                RETVAL=\$?
            fi
        fi
        ;;
    condrestart)
        if [ -f /var/lock/subsys/ldap ] ; then
            stop
            start
        fi
        ;;
    *)
        echo \$"Usage: \$0 {start|stop|restart|status|condrestart}"
        RETVAL=1
esac

exit \$RETVAL
EOF
chmod 700 $START_DIR/ldap &&
chown 0.0 $START_DIR/ldap &&

$START_DIR/ldap start
if [ "$print_serv" = "yes" ]; then
	cp $EDITED/pdc.ldif /tmp/ldap.ldif
elif [ "$mail_serv" = "yes" ]; then
	cp $EDITED/mail_hub.ldif /tmp/ldap.ldif
fi
cat > ed << EOF
s/\$LDAP_SUFFIX/$LDAP_SUFFIX/
s/\$DOMAIN/$DOMAIN/
s/\$ADMIN_MAIL_ADDRESS/$ADMIN_MAIL_ADDRESS/
EOF
sed -f ed < /tmp/ldap.ldif > /tmp/ldap.ldif.ed && mv /tmp/ldap.ldif.ed /tmp/ldap.ldif
rm -f ed
sleep 150
ldapadd -D "$LDAP_ROOTDN" -W -h localhost -f /tmp/ldap.ldif -Z 
rm -f /tmp/ldap.ldif 

exit 0