commit openldap2 for openSUSE:Factory

Sat, 07 Apr 2018 11:54:41 -0700 

Hello community,

here is the log from the commit of package openldap2 for openSUSE:Factory 
checked in at 2018-04-07 20:54:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openldap2 (Old)
 and      /work/SRC/openSUSE:Factory/.openldap2.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openldap2"

Sat Apr  7 20:54:22 2018 rev:132 rq:593981 version:unknown

Changes:
--------
--- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes      2018-04-03 
12:11:44.952141894 +0200
+++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2.changes 2018-04-07 
20:54:24.588139463 +0200
@@ -1,0 +2,13 @@
+Fri Apr  6 11:29:22 UTC 2018 - zsolt.kal...@suse.com
+
+- bsc#1085064 Add script "openldap_update_modules_path.sh" which
+  which removes the configuration item olcModulePath in cn=config
+  which is after upgrade from SLE12 to SLE15 holds inappropriate
+  information. If the cn=config is being used on a system, the
+  conflicting items in slapd.conf are ignored, despite of it, the
+  backend DB configuration section has been also commented out in
+  the default slapd.conf.
+  In case of correct cn=config (the olcModulePath has been already
+  removed), the script stops without touching anything.
+
+-------------------------------------------------------------------

New:
----
  openldap_update_modules_path.sh

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openldap2.spec ++++++
--- /var/tmp/diff_new_pack.EZvX76/_old  2018-04-07 20:54:26.068085898 +0200
+++ /var/tmp/diff_new_pack.EZvX76/_new  2018-04-07 20:54:26.068085898 +0200
@@ -55,6 +55,7 @@
 Source14:       slapd.service
 Source15:       SuSEfirewall2.openldap
 Source16:       sysconfig.openldap
+Source17:       openldap_update_modules_path.sh
 Patch3:         0003-LDAPI-socket-location.dif
 Patch5:         0005-pie-compile.dif
 Patch6:         0006-No-Build-date-and-time-in-binaries.dif
@@ -365,6 +366,7 @@
 chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so*
 chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so*
 install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif
+install -m 755 %{SOURCE17} ${RPM_BUILD_ROOT}/usr/sbin
 
 # Install ppolicy check module
 make -C contrib/slapd-modules/ppolicy-check-password STRIP="" 
"DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" 
"libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install
@@ -442,6 +444,10 @@
   cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew
   cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf
 fi
+
+if [ ${1:-0} -gt 1 ! -e /var/adm/openldap_modules_path_updated ] ; then
+    /usr/sbin/openldap_update_modules_path.sh
+fi
 %{fillup_only -n openldap ldap}
 %service_add_post slapd.service
 
@@ -476,6 +482,7 @@
 %{_fillupdir}/sysconfig.openldap
 %{_sbindir}/slap*
 %{_sbindir}/rcslapd
+%{_sbindir}/openldap_update_modules_path.sh
 %{_libdir}/openldap/back_bdb*
 %{_libdir}/openldap/back_hdb*
 %{_libdir}/openldap/back_ldap*

++++++ openldap_update_modules_path.sh ++++++
#!/bin/bash
# This script has been created to update the OpenLDAP modules path in cn=config
# For details of changing the configuration items' location read these:
# https://www.openldap.org/lists/openldap-software/200812/msg00080.html
# This script writes over the config entry of backend databases location, which 
files are necessary to run LDAP. The procedure has been created upon this 
description:
# 
https://serverfault.com/questions/863274/modify-openldap-cn-config-without-slapd-running

# Author: Zsolt KALMAR (SUSE Linux GmbH) zkal...@suse.com

conf_dir='/etc/openldap/slapd.d'
tmp_file='/tmp/ldap_conf_tmp.ldif'
backup='/tmp/slapd.d'
res=0

rm -f ${tmp_file}

# Check if the configuration is containing the inappropriate entry

/usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no
res=$?

if [ $res -ne 0 ]
then
    logger -p user.error "Creating ${tmp_file} has failed."
    exit 1
fi

entry_cnt=`cat ${tmp_file} | grep ^[^#\;] | grep olcModulePath | wc -l`

if [ $entry_cnt -eq 0 ]
then
    logger -p user.info "The current LDAP configuration does not contain the 
wrong item. Stop applying this script. Bye."
    exit 0
fi

rm -rf ${tmp_file}

# Make sure the LDAP is not running:
/usr/bin/systemctl stop slapd.service

# Creating symlinks for the modules required for the slapcat and slapadd
ln -s /usr/lib64/openldap/back_bdb.so /usr/lib/openldap/back_bdb.so
ln -s /usr/lib64/openldap/back_hdb.so /usr/lib/openldap/back_hdb.so
ln -s /usr/lib64/openldap/back_mdb.so /usr/lib/openldap/back_mdb.so
ln -s /usr/lib64/openldap/syncprov.so /usr/lib/openldap/syncprov.so

# Export the config to a text
/usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no
res=$?

if [ $res -ne 0 ]
then
    logger -p user.error "Creating ${tmp_file} has failed."
    exit 1
fi

# Create a backup of LDAP config
mkdir ${backup}
cp -r ${conf_dir}/* ${backup}/
res=$?

if [ $res -ne 0 ]
then
    logger -p user.error "LDAP Update script: Backing up ${conf_dir} has 
failed."
    exit 1
fi

# Remove the configuration item "olcModulePath"
sed -n -i '/olcModulePath/!p'  ${tmp_file}
res=$?

if [ $res -ne 0 ]
then
    logger -p user.error "LDAP Update script: Removing of entry in ${tmp_file} 
has failed."
    exit 1
fi

# Remove the current configuration
rm -rf ${conf_dir}/*

# Load the modified configuration
/usr/sbin/slapadd -n0 -F ${conf_dir} -l ${tmp_file}
res=$?

# Catch result code of slapadd
if [ $res -ne 0 ]
then
    logger -p user.error "LDAP Update script: Implementing new configuration 
has failed."
    exit 1
else
# Remove temporary symlinks
    rm -rf /usr/lib/openldap/back_bdb.so
    rm -rf /usr/lib/openldap/back_hdb.so
    rm -rf /usr/lib/openldap/back_mdb.so
    rm -rf /usr/lib/openldap/syncprov.so
fi

# Start the SLAPD with the new configuration
/usr/bin/systemctl start slapd.service
res=$?

if [ $res -ne 0 ]
then
    logger -p user.error "LDAP Update script: Starting updated LDAP server has 
been failed."
    exit 1
else
    # Remove backups
    rm -rf ${backup}
    rm -rf ${tmp_file}
    # Create "/var/adm/openldap_update_modules"
    touch /var/adm/openldap_update_modules
    exit 0
fi
++++++ slapd.conf ++++++
--- /var/tmp/diff_new_pack.EZvX76/_old  2018-04-07 20:54:26.284078080 +0200
+++ /var/tmp/diff_new_pack.EZvX76/_new  2018-04-07 20:54:26.288077935 +0200
@@ -37,8 +37,8 @@
 include /etc/openldap/schema/yast.schema
 
 # Load backend modules such as databas engines
-modulepath /usr/lib64/openldap
-moduleload back_mdb.la
+#modulepath /usr/lib64/openldap
+#moduleload back_mdb.la
 #moduleload back_hdb.la
 #moduleload back_bdb.la
 

++++++ slapd.conf.olctemplate ++++++
--- /var/tmp/diff_new_pack.EZvX76/_old  2018-04-07 20:54:26.324076632 +0200
+++ /var/tmp/diff_new_pack.EZvX76/_new  2018-04-07 20:54:26.324076632 +0200
@@ -33,10 +33,10 @@
 include /etc/openldap/schema/yast.schema
 
 # Load backend modules such as database engines
-modulepath /usr/lib64/openldap
-moduleload back_mdb.la
-#moduleload back_hdb.la
-#moduleload back_bdb.la
+# modulepath /usr/lib64/openldap
+# moduleload back_mdb.la
+# moduleload back_hdb.la
+# moduleload back_bdb.la
 
 # Define the config database that holds all online configurations
 database config

Reply via email to