[Pkg-openldap-devel] r669 - openldap/trunk-2.3/debian

Matthijs Mohlmann active2-guest at costa.debian.org
Fri Jun 2 20:34:15 UTC 2006


Author: active2-guest
Date: 2006-06-02 20:34:14 +0000 (Fri, 02 Jun 2006)
New Revision: 669

Modified:
   openldap/trunk-2.3/debian/changelog
   openldap/trunk-2.3/debian/slapd.conf
   openldap/trunk-2.3/debian/slapd.default
   openldap/trunk-2.3/debian/slapd.postinst
   openldap/trunk-2.3/debian/slapd.scripts-common
Log:
 * Update default config param argsfile to be in /var/run/slapd/
 * Added functions update_permissions, create_new_user and create_directories to   slapd.scripts-common (Only create_new_user is used at the moment)
 * postinst will call create_new_user


Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog	2006-06-01 20:28:42 UTC (rev 668)
+++ openldap/trunk-2.3/debian/changelog	2006-06-02 20:34:14 UTC (rev 669)
@@ -1,3 +1,9 @@
+openldap2.3 (2.3.24-2) UNRELEASED; urgency=low
+
+  * Switch slapd from running as root to running as user.
+
+ -- Matthijs Mohlmann <matthijs at cacholong.nl>  Fri,  2 Jun 2006 18:56:08 +0200
+
 openldap2.3 (2.3.24-1) unstable; urgency=low
 
   [ Matthijs Mohlmann ]

Modified: openldap/trunk-2.3/debian/slapd.conf
===================================================================
--- openldap/trunk-2.3/debian/slapd.conf	2006-06-01 20:28:42 UTC (rev 668)
+++ openldap/trunk-2.3/debian/slapd.conf	2006-06-02 20:34:14 UTC (rev 669)
@@ -22,7 +22,7 @@
 pidfile         /var/run/slapd/slapd.pid
 
 # List of arguments that were passed to the server
-argsfile        /var/run/slapd.args
+argsfile        /var/run/slapd/slapd.args
 
 # Read slapd.conf(5) for possible values
 loglevel        0

Modified: openldap/trunk-2.3/debian/slapd.default
===================================================================
--- openldap/trunk-2.3/debian/slapd.default	2006-06-01 20:28:42 UTC (rev 668)
+++ openldap/trunk-2.3/debian/slapd.default	2006-06-02 20:34:14 UTC (rev 669)
@@ -3,11 +3,11 @@
 
 # System account to run the slapd server under. If empty the server
 # will run as root.
-SLAPD_USER=
+SLAPD_USER="openldap"
 
 # System group to run the slapd server under. If empty the server will
 # run in the primary group of its user.
-SLAPD_GROUP=
+SLAPD_GROUP="openldap"
 
 # Path to the pid file of the slapd server. If not set the init.d script
 # will try to figure it out from $SLAPD_CONF (/etc/ldap/slapd.conf)

Modified: openldap/trunk-2.3/debian/slapd.postinst
===================================================================
--- openldap/trunk-2.3/debian/slapd.postinst	2006-06-01 20:28:42 UTC (rev 668)
+++ openldap/trunk-2.3/debian/slapd.postinst	2006-06-02 20:34:14 UTC (rev 669)
@@ -53,6 +53,10 @@
 
 # }}}
 
+# Create a new user
+create_new_user
+
+# Configuration.
 if is_initial_configuration "$@"; then
 	postinst_initial_configuration
 else

Modified: openldap/trunk-2.3/debian/slapd.scripts-common
===================================================================
--- openldap/trunk-2.3/debian/slapd.scripts-common	2006-06-01 20:28:42 UTC (rev 668)
+++ openldap/trunk-2.3/debian/slapd.scripts-common	2006-06-02 20:34:14 UTC (rev 669)
@@ -131,9 +131,38 @@
 }
 
 # }}}
-
-
+create_new_user() { # {{{
+	if [ "$MODE" = "configure" ]; then
+		if [ -z "`getent group openldap`" ]; then
+			addgroup --quiet --system openldap
+		fi
+		if [ -z "`getent passwd openldap`" ]; then
+			echo -n "  Creating new user openldap " >&2
+			adduser --quiet --system --home /var/lib/ldap --shell /bin/false --ingroup openldap --disabled-password --disabled-login --gecos "OpenLDAP" openldap
+			echo "done." >&2
+		fi
+	fi
+}
 # }}}
+create_ldap_directories() {	# {{{
+	if [ ! -d /var/lib/ldap && ! -z $SLAPD_USER && ! -z $SLAPD_GROUP ]; then
+		mkdir /var/lib/ldap
+	fi
+	if [ ! -d /var/spool/slurpd && ! -z $SLAPD_USER && ! -z $SLAPD_GROUP ]; then
+		mkdir /var/spool/slurpd
+	fi
+}
+# }}}
+update_permissions() {	# {{{
+	if [ -d /var/lib/ldap && ! -z $SLAPD_USER && ! -z $SLAPD_GROUP ]; then
+		chown -R $SLAPD_USER:$SLAPD_GROUP /var/lib/ldap
+	fi
+	if [ -d /var/spool/slurpd && ! -z $SLAPD_USER && ! -z $SLAPD_GROUP ]; then
+		chown -R $SLAPD_USER:$SLAPD_GROUP /var/spool/slurpd
+	fi
+}
+# }}}
+# }}}
 # ----- Dumping and loading the data ------------------------------------ {{{
 
 automatic_ldif_fixing_wanted_for() {					# {{{ 




More information about the Pkg-openldap-devel mailing list