diff options
3 files changed, 157 insertions, 0 deletions
diff --git a/meta-openstack/recipes-support/openldap/files/initscript b/meta-openstack/recipes-support/openldap/files/initscript new file mode 100644 index 00000000..f9c343a3 --- /dev/null +++ b/meta-openstack/recipes-support/openldap/files/initscript @@ -0,0 +1,62 @@ +#! /bin/sh +# +# This is an init script for openembedded +# Copy it to /etc/init.d/openldap and type +# > update-rc.d openldap defaults 60 +# + + +slapd=/usr/libexec/slapd +test -x "$slapd" || exit 0 + +src_data_dir=/etc/openldap/ +data_dir=%LDAP_DATADIR% +pidfile=%LDAP_DATADIR%/slapd.pid + +start() +{ + need_init=0 + if [ ! -e $data_dir/DB_CONFIG ]; then + cp $src_data_dir/DB_CONFIG.example $data_dir/DB_CONFIG + need_init=1 + fi + echo -n "Starting OpenLDAP: " + start-stop-daemon --start --quiet --exec $slapd + echo "." + + if [ $need_init -eq 1 ]; then + sleep 1 + ldapadd -x -D "cn=Manager,%DEFAULT_DN%" -w secret -f /etc/openldap/ops-base.ldif -c + fi +} + +stop() +{ + echo -n "Stopping OpenLDAP: " + start-stop-daemon --stop --quiet --pidfile $pidfile + echo "." +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + reset) + stop + sleep 1 + rm $data_dir/* + start + ;; + restart) + stop + start + ;; + *) + echo "Usage: /etc/init.d/openldap {start|stop|reset|restart|reset}" + exit 1 +esac + +exit 0 diff --git a/meta-openstack/recipes-support/openldap/files/ops-base.ldif b/meta-openstack/recipes-support/openldap/files/ops-base.ldif new file mode 100644 index 00000000..cfbb94b7 --- /dev/null +++ b/meta-openstack/recipes-support/openldap/files/ops-base.ldif @@ -0,0 +1,28 @@ +dn: dc=my-domain,dc=com +objectclass: dcObject +objectclass: top +objectclass: organization +o: my-domain Company +dc: my-domain + +dn: cn=Manager,dc=my-domain,dc=com +objectclass: organizationalRole +cn: Manager +description: LDAP administratior +roleOccupant: dc=my-domain,dc=com + +dn: ou=Roles,dc=my-domain,dc=com +objectclass:organizationalunit +ou: Roles +description: generic groups branch + +dn: ou=Users,dc=my-domain,dc=com +objectclass:organizationalunit +ou: Users +description: generic groups branch + +dn: ou=Groups,dc=my-domain,dc=com +objectclass:organizationalunit +ou: Groups +description: generic groups branch + diff --git a/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend new file mode 100644 index 00000000..d8166ce8 --- /dev/null +++ b/meta-openstack/recipes-support/openldap/openldap_2.4.39.bbappend @@ -0,0 +1,67 @@ +PRINC = "2" + +DEPEND_${PN} += "cyrus-sasl" +RDEPEND_${PN} += "libsasl2-modules" + +FILESEXTRAPATHS_prepend := "${THISDIR}/files:" +SRC_URI += "file://initscript" +SRC_URI += "file://ops-base.ldif" + +LDAP_DN ?= "dc=my-domain,dc=com" +LDAP_DATADIR ?= "/etc/openldap-data/" + +do_install_append() { + install -D -m 0755 ${WORKDIR}/initscript ${D}${sysconfdir}/init.d/openldap + sed -i -e 's/%DEFAULT_DN%/${LDAP_DN}/g' ${D}${sysconfdir}/init.d/openldap + sed -i -e 's#%LDAP_DATADIR%#${LDAP_DATADIR}#g' ${D}${sysconfdir}/init.d/openldap + + # This is duplicated in /etc/openldap and is for slapd + rm -f ${D}${localstatedir}/openldap-data/DB_CONFIG.example + rmdir "${D}${localstatedir}/run" + rmdir --ignore-fail-on-non-empty "${D}${localstatedir}" + + # remove symlinks for backends, recreating in postinstall + rm ${D}/${libexecdir}/openldap/*.so + + sed -i -e '/^include\s*/a \ +include /etc/openldap/schema/cosine.schema \ +include /etc/openldap/schema/nis.schema \ +include /etc/openldap/schema/inetorgperson.schema \ +include /etc/openldap/schema/misc.schema' \ + ${D}/etc/openldap/slapd.conf + + sed -i -e '/^# Load dynamic backend modules:/a \ +modulepath /usr/libexec/openldap \ +moduleload back_bdb.la' \ + ${D}/etc/openldap/slapd.conf + + sed -i -e 's#^pidfile\s*.*$#pidfile ${LDAP_DATADIR}/slapd.pid#' ${D}/etc/openldap/slapd.conf + sed -i -e 's#^argsfile\s*.*$#argsfile ${LDAP_DATADIR}/slapd.args#' ${D}/etc/openldap/slapd.conf + sed -i -e 's#^directory\s*.*$#directory ${LDAP_DATADIR}/#' ${D}/etc/openldap/slapd.conf + + sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/slapd.conf + + # modify access perms for ldap/authentication + sed -i -e '$a\ +\ +access to attrs=userPassword \ + by self write \ + by anonymous auth \ + by * none \ +\ +access to * \ + by self write \ + by * read' \ + ${D}/etc/openldap/slapd.conf + + install -D -m 0644 ${WORKDIR}/ops-base.ldif ${D}/etc/openldap/ops-base.ldif + sed -i -e 's/dc=my-domain,dc=com/${LDAP_DN}/g' ${D}/etc/openldap/ops-base.ldif + + mkdir ${D}/${LDAP_DATADIR} +} + +inherit update-rc.d + +INITSCRIPT_NAME = "openldap" +INITSCRIPT_PARAMS = "defaults" + |