[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Upgrading on RedHat 7.3
If you satisfied everything and only need to change slapd, it's simple:
compile it and install in, for example, /chroot/ldap/, then correct my script
and use it to find all necessary libs and so on to build correct chroot
environment. In this case you will have your RH server untouched, so You can
use up2date.
17 Август 2003 18:12, Вы написали:
> On Sun, 2003-08-17 at 11:28, tsg wrote:
> > Please tell more what do you want? Do you need ldap server, client,
> > ldap-enabled application?
> > By default RH installs only libs for password package which depends on
> > them. If you need a new slapd, you can leave everything as it is and
> > install it in chroot environment in /chroot/ldap.
>
> I already have an ldap server up and running for a while as I said version
> 2.0.27 installed by rpm package. Should I install as you're saying without
> removing the package?
>
> --
> Robert
# !bin/sh
source eval
source $STEPFILE
##################################################################
# Installing Linux LDAP Server in a chroot jail #
##################################################################
if [ -d $LDAP_CHROOT ]; then
chattr -i $LDAP_CHROOT/etc/openldap/slapd.conf
chattr -i $LDAP_CHROOT/etc/passwd
chattr -i $LDAP_CHROOT/etc/group
chattr -i $LDAP_CHROOT/etc/resolv.conf
chattr -i $LDAP_CHROOT/etc/hosts
chattr -i $LDAP_CHROOT/etc/nsswitch.conf
rm -rf $LDAP_CHROOT
fi
mkdir -p $LDAP_CHROOT
mkdir -p $LDAP_CHROOT/dev
mkdir -p $LDAP_CHROOT/lib/i686
mkdir -p $LDAP_CHROOT/etc
mkdir -p $LDAP_CHROOT/home
mkdir -p $LDAP_CHROOT/tmp
mkdir -p $LDAP_CHROOT/bin
chmod 777 $LDAP_CHROOT/tmp
chmod +t $LDAP_CHROOT/tmp
mkdir -p $LDAP_CHROOT/usr/sbin
mkdir -p $LDAP_CHROOT/usr/share
mkdir -p $LDAP_CHROOT/usr/lib
mkdir -p $LDAP_CHROOT/var/run
mkdir -p $LDAP_CHROOT/var/log
mkdir -p $LDAP_CHROOT/var/lib
cp -p /bin/bash $LDAP_CHROOT/bin/
cp -p /lib/libtermcap.so.* $LDAP_CHROOT/lib/
mv $PREFIX/sbin/slapindex $LDAP_CHROOT/usr/sbin/
cat > /etc/cron.daily/ldapindex << EOF
chroot $LDAP_CHROOT/
/usr/sbin/slapindex
exit
exit 0
EOF
chmod 700 /etc/cron.daily/ldapindex
chown 0.0 /etc/cron.daily/ldapindex
mv /etc/openldap $LDAP_CHROOT/etc/
mkdir -p /etc/openldap
cp $LDAP_CHROOT/etc/openldap/ldap.conf /etc/openldap/
ln -fs /etc/openldap/ldap.conf /etc/
mv /usr/share/openldap $LDAP_CHROOT/usr/share/
mv /var/lib/ldap $LDAP_CHROOT/var/lib
mv /usr/sbin/slapd $LDAP_CHROOT/usr/sbin/
if [ -f /usr/sbin/slurd ] ; then
mv /usr/sbin/slurpd $LDAP_CHROOT/usr/sbin/
fi
mknod $LDAP_CHROOT/dev/null c 1 3
chmod 666 $LDAP_CHROOT/dev/null
mknod $LDAP_CHROOT/dev/urandom c 1 9
mkdir -p $LDAP_CHROOT/usr/share/ssl/certs
mkdir -p $LDAP_CHROOT/usr/share/ssl/private
cp -r /usr/share/ssl/certs/ldap.crt $LDAP_CHROOT/usr/share/ssl/certs
cp -r /usr/share/ssl/certs/ca.crt $LDAP_CHROOT/usr/share/ssl/certs
cp -r /usr/share/ssl/private/ldap.key $LDAP_CHROOT/usr/share/ssl/private
cp -r /usr/share/ssl/crl $LDAP_CHROOT/usr/share/ssl/
chmod 400 $LDAP_CHROOT/usr/share/ssl/private/ldap.key
less /etc/passwd | grep ldap > $LDAP_CHROOT/etc/passwd
less /etc/group | grep ldap > $LDAP_CHROOT/etc/group
FILES=`ldd $LDAP_CHROOT/usr/sbin/slapd | awk '{ print $3 }'`
for file in $FILES; do
cp ${file} $LDAP_CHROOT$file
done
cp /lib/libnss_compat* $LDAP_CHROOT/lib/
cp /lib/libnss_dns* $LDAP_CHROOT/lib/
cp /lib/libnss_files* $LDAP_CHROOT/lib/
#strip -R .comment $LDAP_CHROOT/usr/lib/lib*
strip -R .comment $LDAP_CHROOT/lib/lib*
# Configure and install new /etc/logrotate.d/ldap file #
cat > /etc/logrotate.d/ldap <<EOF
$LDAP_CHROOT/var/log/ldap.log {
missingok
postrotate
/usr/bin/killall -HUP $LDAP_CHROOT/usr/sbin/slapd
endscript
}
EOF
chmod 644 $LDAP_CHROOT/etc/passwd
chmod 644 $LDAP_CHROOT/etc/group
cp /etc/resolv.conf $LDAP_CHROOT/etc/
cp /etc/nsswitch.conf $LDAP_CHROOT/etc/
cp /etc/localtime $LDAP_CHROOT/etc/
cp /etc/hosts $LDAP_CHROOT/etc/
chown -R ldap.ldap $LDAP_CHROOT
chattr +i $LDAP_CHROOT/etc/passwd
chattr +i $LDAP_CHROOT/etc/group
#chattr +i $LDAP_CHROOT/etc/openldap/slapd.conf
chattr +i $LDAP_CHROOT/etc/resolv.conf
chattr +i $LDAP_CHROOT/etc/hosts
chattr +i $LDAP_CHROOT/etc/nsswitch.conf
if [ $LDAP_LOG -eq $YES ] ; then
cat >> /etc/syslog.conf << EOF
local4.* /var/log/ldap.log
EOF
$START_DIR/syslog restart
fi
file=$START_DIR/openldap
cat > $START_DIR/ldap <<EOF
#!/bin/bash
#
# ldap This shell script takes care of starting and stopping
# ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \\
# for implementing the industry standard directory services.
# processname: slapd
# config: $LDAP_CHROOT/etc/openldap/slapd.conf
# pidfile: $LDAP_CHROOT/var/run/slapd.pid
# Source function library.
. /etc/init.d/functions
# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
. /etc/sysconfig/network
[ \${NETWORKING} = "no" ] && exit 0
fi
slapd=$LDAP_CHROOT/usr/sbin/slapd
slurpd=$LDAP_CHROOT/usr/sbin/slurpd
[ -x \${slapd} ] || exit 0
#[ -x \${slurpd} ] || exit 0
RETVAL=0
function start() {
# Start daemons.
echo -n \$"Starting slapd: "
if grep -q ^TLS $LDAP_CHROOT/etc/openldap/slapd.conf ; then
daemon \${slapd} -u ldap -r $LDAP_CHROOT -h '"ldap:/// ldaps:///"'
RETVAL=\$?
else
daemon \${slapd} -u ldap -r $LDAP_CHROOT
RETVAL=\$?
fi
echo
if [ \$RETVAL -eq 0 ]; then
if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
echo -n \$"Starting slurpd: "
daemon \${slurpd} -r $LDAP_CHROOT
RETVAL=\$?
echo
fi
fi
[ \$RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
return \$RETVAL
}
function stop() {
# Stop daemons.
echo -n \$"Stopping slapd: "
killproc \${slapd}
RETVAL=\$?
echo
if [ \$RETVAL -eq 0 ]; then
if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
echo -n \$"Stopping slurpd: "
killproc \${slurpd}
RETVAL=\$?
echo
fi
fi
[ \$RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
return \$RETVAL
}
# See how we were called.
case "\$1" in
start)
start
;;
stop)
stop
;;
status)
status \${slapd}
if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf ; then
status \${slurpd}
fi
;;
restart)
stop
start
;;
reload)
killall -HUP \${slapd}
RETVAL=\$?
if [ \$RETVAL -eq 0 ]; then
if grep -q "^replogfile" $LDAP_CHROOT/etc/openldap/slapd.conf; then
killall -HUP \${slurpd}
RETVAL=\$?
fi
fi
;;
condrestart)
if [ -f /var/lock/subsys/ldap ] ; then
stop
start
fi
;;
*)
echo \$"Usage: \$0 {start|stop|restart|status|condrestart}"
RETVAL=1
esac
exit \$RETVAL
EOF
chmod 700 $START_DIR/ldap &&
chown 0.0 $START_DIR/ldap &&
$START_DIR/ldap start
if [ "$print_serv" = "yes" ]; then
cp $EDITED/pdc.ldif /tmp/ldap.ldif
elif [ "$mail_serv" = "yes" ]; then
cp $EDITED/mail_hub.ldif /tmp/ldap.ldif
fi
cat > ed << EOF
s/\$LDAP_SUFFIX/$LDAP_SUFFIX/
s/\$DOMAIN/$DOMAIN/
s/\$ADMIN_MAIL_ADDRESS/$ADMIN_MAIL_ADDRESS/
EOF
sed -f ed < /tmp/ldap.ldif > /tmp/ldap.ldif.ed && mv /tmp/ldap.ldif.ed /tmp/ldap.ldif
rm -f ed
sleep 150
ldapadd -D "$LDAP_ROOTDN" -W -h localhost -f /tmp/ldap.ldif -Z
rm -f /tmp/ldap.ldif
exit 0