forked from ungleich-public/cdist
Merge branch 'openldap-alpine' into 'master'
Add Alpine support to __openldap_server See merge request ungleich-public/cdist!909
This commit is contained in:
commit
1d5e3a5b06
2 changed files with 38 additions and 8 deletions
|
@ -103,8 +103,8 @@ syncrepl-host
|
||||||
Set once per host that will replicate the directory.
|
Set once per host that will replicate the directory.
|
||||||
|
|
||||||
module
|
module
|
||||||
LDAP module to load. See `slapd.conf(5)`.
|
LDAP module to load. See `slapd.conf(5)`. Some dependencies might have to
|
||||||
Default value is OS-dependent, see manifest.
|
be installed beforehand. Default value is OS-dependent, see manifest.
|
||||||
|
|
||||||
schema
|
schema
|
||||||
Name of LDAP schema to load. Must be the name without extension of a
|
Name of LDAP schema to load. Must be the name without extension of a
|
||||||
|
|
|
@ -25,6 +25,7 @@ case "${os}" in
|
||||||
SLAPD_DATA_DIR="/var/db/openldap-data"
|
SLAPD_DATA_DIR="/var/db/openldap-data"
|
||||||
SLAPD_RUN_DIR="/var/run/openldap"
|
SLAPD_RUN_DIR="/var/run/openldap"
|
||||||
SLAPD_MODULE_PATH="/usr/local/libexec/openldap"
|
SLAPD_MODULE_PATH="/usr/local/libexec/openldap"
|
||||||
|
SLAPD_MODULE_TYPE="la"
|
||||||
if [ -z "${slapd_modules}" ]; then
|
if [ -z "${slapd_modules}" ]; then
|
||||||
# It looks like ppolicy and syncprov must be compiled
|
# It looks like ppolicy and syncprov must be compiled
|
||||||
slapd_modules="back_mdb back_monitor"
|
slapd_modules="back_mdb back_monitor"
|
||||||
|
@ -43,13 +44,34 @@ case "${os}" in
|
||||||
SLAPD_DATA_DIR="/var/lib/ldap"
|
SLAPD_DATA_DIR="/var/lib/ldap"
|
||||||
SLAPD_RUN_DIR="/var/run/slapd"
|
SLAPD_RUN_DIR="/var/run/slapd"
|
||||||
SLAPD_MODULE_PATH="/usr/lib/ldap"
|
SLAPD_MODULE_PATH="/usr/lib/ldap"
|
||||||
|
SLAPD_MODULE_TYPE="la"
|
||||||
if [ -z "${slapd_modules}" ]; then
|
if [ -z "${slapd_modules}" ]; then
|
||||||
slapd_modules="back_mdb ppolicy syncprov back_monitor"
|
slapd_modules="back_mdb ppolicy syncprov back_monitor"
|
||||||
fi
|
fi
|
||||||
|
CONF_OWNER="openldap"
|
||||||
|
CONF_GROUP="openldap"
|
||||||
if [ -z "${tls_cipher_suite}" ]; then
|
if [ -z "${tls_cipher_suite}" ]; then
|
||||||
tls_cipher_suite="NORMAL"
|
tls_cipher_suite="NORMAL"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
alpine)
|
||||||
|
PKGS="openldap openldap-clients"
|
||||||
|
ETC="/etc"
|
||||||
|
SLAPD_DIR="/etc/openldap"
|
||||||
|
SLAPD_DATA_DIR="/var/lib/openldap"
|
||||||
|
SLAPD_RUN_DIR="/var/run/openldap"
|
||||||
|
SLAPD_MODULE_PATH="/usr/lib/openldap"
|
||||||
|
SLAPD_MODULE_TYPE="so"
|
||||||
|
if [ -z "${slapd_modules}" ]; then
|
||||||
|
slapd_modules="back_mdb ppolicy syncprov back_monitor"
|
||||||
|
PKGS="$PKGS openldap-back-mdb openldap-back-monitor openldap-overlay-all"
|
||||||
|
fi
|
||||||
|
CONF_OWNER="ldap"
|
||||||
|
CONF_GROUP="$SLAPD_USER"
|
||||||
|
if [ -z "${tls_cipher_suite}" ]; then
|
||||||
|
tls_cipher_suite="DEFAULT"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
echo "Don't know the openldap defaults for: $os" >&2
|
echo "Don't know the openldap defaults for: $os" >&2
|
||||||
exit 1
|
exit 1
|
||||||
|
@ -156,6 +178,12 @@ case "${os}" in
|
||||||
--line "SLAPD_SERVICES=\"${slapd_urls}\"" \
|
--line "SLAPD_SERVICES=\"${slapd_urls}\"" \
|
||||||
--state present
|
--state present
|
||||||
;;
|
;;
|
||||||
|
alpine)
|
||||||
|
require="__package/${PKG_MAIN}" __line add_slapd_services \
|
||||||
|
--file ${ETC}/conf.d/slapd \
|
||||||
|
--line "command_args=\"-h '${slapd_urls}'\"" \
|
||||||
|
--state present
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
# Nothing to do here, move on.
|
# Nothing to do here, move on.
|
||||||
;;
|
;;
|
||||||
|
@ -170,20 +198,22 @@ if [ -z "${_skip_letsencrypt_cert}" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
__letsencrypt_cert "${name}" --admin-email "${admin_email}" \
|
__directory ${SLAPD_DIR}/sasl2
|
||||||
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R openldap:openldap ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
require="__directory/${SLAPD_DIR}/sasl2" __letsencrypt_cert "${name}" \
|
||||||
--automatic-renewal ${staging}
|
--admin-email "${admin_email}" \
|
||||||
|
--renew-hook "cp ${ETC}/letsencrypt/live/${name}/*.pem ${SLAPD_DIR}/sasl2 && chown -R ${CONF_OWNER}:${CONF_GROUP} ${SLAPD_DIR}/sasl2 && service slapd restart" \
|
||||||
|
--automatic-renewal "${staging}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent
|
require="__package/${PKG_MAIN}" __directory ${SLAPD_DIR}/slapd.d --state absent
|
||||||
|
|
||||||
if [ -z "${_skip_letsencrypt_cert}" ]; then
|
if [ -z "${_skip_letsencrypt_cert}" ]; then
|
||||||
require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \
|
require="__package/${PKG_MAIN} __letsencrypt_cert/${name}" \
|
||||||
__file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
|
__file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \
|
||||||
--source "${ldapconf}"
|
--source "${ldapconf}"
|
||||||
else
|
else
|
||||||
require="__package/${PKG_MAIN}" \
|
require="__package/${PKG_MAIN}" \
|
||||||
__file ${SLAPD_DIR}/slapd.conf --owner ${CONF_OWNER} --group ${CONF_GROUP} --mode 644 \
|
__file "${SLAPD_DIR}/slapd.conf" --owner "${CONF_OWNER}" --group "${CONF_GROUP}" --mode 644 \
|
||||||
--source "${ldapconf}"
|
--source "${ldapconf}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -210,7 +240,7 @@ done
|
||||||
# Add specified modules
|
# Add specified modules
|
||||||
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
|
echo "modulepath ${SLAPD_MODULE_PATH}" >> "${ldapconf}"
|
||||||
for module in ${slapd_modules}; do
|
for module in ${slapd_modules}; do
|
||||||
echo "moduleload ${module}.la" >> "${ldapconf}"
|
echo "moduleload ${module}.${SLAPD_MODULE_TYPE}" >> "${ldapconf}"
|
||||||
done
|
done
|
||||||
|
|
||||||
# Rest of the config
|
# Rest of the config
|
||||||
|
|
Loading…
Reference in a new issue