[new-type] __openldap_server: Add a "schema" optional parameter.

This commit is contained in:
evilham 2019-12-09 19:39:43 +01:00
parent bee95efa43
commit fd430eab62
4 changed files with 31 additions and 20 deletions

View file

@ -74,6 +74,13 @@ module
LDAP module to load. See `slapd.conf(5)`. LDAP module to load. See `slapd.conf(5)`.
Default value is OS-dependent, see manifest. Default value is OS-dependent, see manifest.
schema
Name of LDAP schema to load. Must be the name without extension of a
`.schema` file in slapd's schema directory (usually `/etc/slapd/schema` or
`/usr/local/etc/openldap/schema`).
Example value: `inetorgperson`
The type user must ensure that the schema file is deployed.
This defaults to a sensible subset, for details see the type definition.
BOOLEAN PARAMETERS BOOLEAN PARAMETERS
------------------ ------------------

View file

@ -6,6 +6,7 @@ manager_password_hash=$(cat "${__object}/parameter/manager-password-hash")
serverid=$(cat "${__object}/parameter/serverid") serverid=$(cat "${__object}/parameter/serverid")
suffix=$(cat "${__object}/parameter/suffix") suffix=$(cat "${__object}/parameter/suffix")
slapd_modules=$(cat "${__object}/parameter/module" || true) slapd_modules=$(cat "${__object}/parameter/module" || true)
schemas=$(cat "${__object}/parameter/schema")
OS="$(cat "${__global}/explorer/os")" OS="$(cat "${__global}/explorer/os")"
@ -14,8 +15,8 @@ OS="$(cat "${__global}/explorer/os")"
# TODO: treat other OS better, defaulting to Debian-like # TODO: treat other OS better, defaulting to Debian-like
case "${OS}" in case "${OS}" in
freebsd) freebsd)
PKGS="openldap-server" PKGS="openldap-server"
ETC="/usr/local/etc" ETC="/usr/local/etc"
SLAPD_DIR="/usr/local/etc/openldap" SLAPD_DIR="/usr/local/etc/openldap"
SLAPD_DATA_DIR="/var/db/openldap-data" SLAPD_DATA_DIR="/var/db/openldap-data"
SLAPD_RUN_DIR="/var/run/openldap" SLAPD_RUN_DIR="/var/run/openldap"
@ -27,7 +28,7 @@ case "${OS}" in
;; ;;
*) *)
PKGS="slapd ldap-utils" PKGS="slapd ldap-utils"
ETC="/etc" ETC="/etc"
SLAPD_DIR="/etc/ldap" SLAPD_DIR="/etc/ldap"
SLAPD_DATA_DIR="/var/lib/ldap" SLAPD_DATA_DIR="/var/lib/ldap"
SLAPD_RUN_DIR="/var/run/slapd" SLAPD_RUN_DIR="/var/run/slapd"
@ -39,7 +40,6 @@ case "${OS}" in
esac esac
# Determine if __letsencrypt_cert is to be used and setup vars accordingly # Determine if __letsencrypt_cert is to be used and setup vars accordingly
if [ -f "${__object}/parameter/tls-cert" ]; then if [ -f "${__object}/parameter/tls-cert" ]; then
tls_cert=$(cat "${__object}/parameter/tls-cert") tls_cert=$(cat "${__object}/parameter/tls-cert")
@ -161,24 +161,15 @@ TLSCACertificateFile ${tls_ca}
disallow bind_anon disallow bind_anon
require bind require bind
security tls=1 security tls=1
include ${SLAPD_DIR}/schema/corba.schema
include ${SLAPD_DIR}/schema/core.schema
include ${SLAPD_DIR}/schema/cosine.schema
include ${SLAPD_DIR}/schema/duaconf.schema
include ${SLAPD_DIR}/schema/dyngroup.schema
include ${SLAPD_DIR}/schema/inetorgperson.schema
include ${SLAPD_DIR}/schema/java.schema
include ${SLAPD_DIR}/schema/misc.schema
include ${SLAPD_DIR}/schema/nis.schema
include ${SLAPD_DIR}/schema/openldap.schema
include ${SLAPD_DIR}/schema/ppolicy.schema
include ${SLAPD_DIR}/schema/collective.schema
modulepath ${SLAPD_MODULE_PATH}
EOF EOF
# Add specified schemas
for schema in ${schemas}; do
echo "include ${SLAPD_DIR}/schema/${schema}.schema" >> "${ldapconf}"
done
# Add specified modules # Add specified modules
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
for module in ${slapd_modules}; do for module in ${slapd_modules}; do
echo "moduleload ${module}.la" >> "${ldapconf}" echo "moduleload ${module}.la" >> "${ldapconf}"
done done

View file

@ -0,0 +1,12 @@
corba
core
cosine
duaconf
dyngroup
inetorgperson
java
misc
nis
openldap
ppolicy
collective

View file

@ -1,4 +1,5 @@
description
syncrepl-credentials syncrepl-credentials
syncrepl-searchbase syncrepl-searchbase
tls-cert tls-cert
tls-privkey
tls-ca