2 # Author: Jan Vcelak <jvcelak@redhat.com>
4 . /usr/libexec/openldap/functions
6 function check_config_syntax()
9 tmp_slaptest=`mktemp --tmpdir=/var/run/openldap`
10 run_as_ldap "/usr/sbin/slaptest $SLAPD_GLOBAL_OPTIONS -u" &>$tmp_slaptest
12 error "Checking configuration file failed:"
20 function check_certs_perms()
23 for cert in `certificates`; do
24 run_as_ldap "/usr/bin/test -e \"$cert\""
26 error "TLS certificate/key/DB '%s' was not found." "$cert"
30 run_as_ldap "/usr/bin/test -r \"$cert\""
32 error "TLS certificate/key/DB '%s' is not readable." "$cert"
39 function check_db_perms()
42 for dbdir in `databases`; do
43 [ -d "$dbdir" ] || continue
44 for dbfile in `find ${dbdir} -maxdepth 1 -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name "alock"`; do
45 run_as_ldap "/usr/bin/test -r \"$dbfile\" -a -w \"$dbfile\""
47 error "Read/write permissions for DB file '%s' are required." "$dbfile"
55 function check_everything()
58 check_config_syntax || retcode=1
59 # TODO: need support for Mozilla NSS, disabling temporarily
60 #check_certs_perms || retcode=1
61 check_db_perms || retcode=1
65 if [ `id -u` -ne 0 ]; then
66 error "You have to be root to run this script."
72 if [ -n "$SLAPD_CONFIG_DIR" ]; then
73 if [ ! -d "$SLAPD_CONFIG_DIR" ]; then
74 error "Configuration directory '%s' does not exist." "$SLAPD_CONFIG_DIR"
81 if [ -n "$SLAPD_CONFIG_FILE" ]; then
82 if [ ! -f "$SLAPD_CONFIG_FILE" ]; then
83 error "Configuration file '%s' does not exist." "$SLAPD_CONFIG_FILE"
85 error "Warning: Usage of a configuration file is obsolete!"