From ded29bf9eb3fa40c56eb9ace365d13e6348e215c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 20 Aug 2012 01:53:16 +0200 Subject: A little test suite for LDAP ACLs. --- ldap/Makefile | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 ldap/Makefile (limited to 'ldap/Makefile') diff --git a/ldap/Makefile b/ldap/Makefile new file mode 100644 index 0000000..8d6868f --- /dev/null +++ b/ldap/Makefile @@ -0,0 +1,88 @@ +DIR := $(shell grep -i '^olcDbDirectory: ' database.ldif | sed -e 's/^olcDbDirectory: //') +SUFFIX := $(shell grep -i '^olcSuffix: ' database.ldif | sed -e 's/^olcSuffix: //') +TMPSLAPD := /tmp/$(shell mktemp -u slapd.d-XXXXXX) +BACKUPDB := /tmp/$(shell mktemp -u db-XXXXXX.ldif) +BACKUPCONFIG := /tmp/$(shell mktemp -u config-XXXXXX.ldif) +NUM := $(shell ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b "cn=config" "olcSuffix=$(SUFFIX)" dn | sed -e '/^$$/d' -e 's/^dn: //') +SCHEMA := $(shell grep -i '^dn: ' fripost.ldif | sed -re 's/^dn: cn=([^,]+),.*/\1/') + +all: + @echo "make install-schema: install the LDAP schema" + @echo "make install-db: install the database" + @echo "make install-mx: " + + +init: + @echo "Suffix: \`$(SUFFIX)\'" + @echo "Location: \`$(DIR)\'" + @test -e "$(DIR)" && (echo "Error: \`$(DIR)' exists." ; false); true + @mkdir -m 0700 "$(DIR)" + @chown openldap:openldap "$(DIR)" + @ldapadd -Q -Y EXTERNAL -H ldapi:/// -f database.ldif +# @if test -d "$(SUFFIX)" ; then echo nop ; fi + + +install-mx: + + rm -f -- "$(BACKUPDB)" "$(BACKUPCONFIG)" + @mkdir -m 0700 "$(BACKUPSLAPD)" + + @rmdir "$(BACKUPSLAPD)" + + +install-schema: + @ldapadd -Q -Y EXTERNAL -H ldapi:/// -f fripost.ldif + + +install-acl: + @sed "s/^dn: olcDatabase={.*}hdb,cn=config$$/dn: $(NUM)/" acl.ldif | ldapmodify -Q -Y EXTERNAL -H ldapi:/// + + +uninstall: + @echo "The database - suffix \"$(SUFFIX)\" - will be saved into \`$(BACKUPDB)' (if non-empty), and then *cleared* (but not deleted)." + @echo "Also, its ACLs and indexes will be cleared as well, if there are any." + @echo "Global configuration will be saved into \`$(BACKUPCONFIG)'." + @echo "slapd will be offline for a moment - at best." + @/bin/echo -n "Are you sure you want to continue [y/N] " + @read A && if [ "x$$A" = "xY" -o "x$$A" = "xy" ]; then true; else echo Aborted; false; fi +# + @if slapcat -b "$(SUFFIX)" 2>/dev/null | grep -q '.'; then \ + echo "Saving database" && slapcat -b "$(SUFFIX)" -l "$(BACKUPDB)" && echo "Clearing database" && ldapdelete -Q -Y EXTERNAL -H ldapi:/// -r "$(SUFFIX)" \ + ;else \ + echo "Empty database, not saving anything." \ + ;fi +# + @echo "Saving configuration"; slapcat -n0 -l "$(BACKUPCONFIG)" +# + @if (ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "$(NUM)" "(olcAccess=*)" | grep -q '^dn: '); then \ + echo "Removing ACLs" && /bin/echo -e "dn: $(NUM)\nchangetype: modify\ndelete: olcAccess" | ldapmodify -Q -Y EXTERNAL -H ldapi:/// >/dev/null \ + ;else \ + echo "No ACLs to remove" \ + ;fi +# + @if (ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -s base -b "$(NUM)" "(olcDbIndex=*)" | grep -q '^dn: '); then \ + echo "Removing indexes" && /bin/echo -e "dn: $(NUM)\nchangetype: modify\ndelete: olcDbIndex" | ldapmodify -Q -Y EXTERNAL -H ldapi:/// >/dev/null \ + ;else \ + echo "No indexes to remove" \ + ;fi + + @echo "Making a new configuration directory at \`$(TMPSLAPD)'" + @mkdir -m0700 "$(TMPSLAPD)" && slapcat -n0 | slapadd -F "$(TMPSLAPD)" -n0 && chown -R 'openldap:openldap' "$(TMPSLAPD)" + + @echo "Deleting schema \"cn=$(SCHEMA),cn=config\"" && find "$(TMPSLAPD)" -name "cn={*}$(SCHEMA).ldif" -delete +# + @/etc/init.d/slapd stop +# + @echo "Replacing the old \`slapd.d'" + rm -rf /etc/ldap/slapd.d/ && mv "$(TMPSLAPD)" /etc/ldap/slapd.d/ +# + @/etc/init.d/slapd start +# + @echo "Don't forget to repopulate the database (if non-empty) from \`$(BACKUPDB)'" + + + + + + +.PHONY: all backup-db backup-config -- cgit v1.2.3