2 # This script serves one purpose, to add a possibly missing attribute
3 # to a ppolicy schema in a dynamic configuration of OpenLDAP. This
4 # attribute was introduced in openldap-2.4.43 and slapd will not
5 # start without it later on.
7 # The script tries to update in a directory given as first parameter,
8 # or in /etc/openldap/slapd.d implicitly.
10 # Author: Matus Honek <mhonek@redhat.com>
14 echo "Update dynamic configuration: " $@
31 ORIGINAL="${1:-/etc/openldap/slapd.d}"
32 ORIGINAL="${ORIGINAL%*(/)}"
34 ### check if necessary
35 grep -r "pwdMaxRecordedFail" "${ORIGINAL}/cn=config/cn=schema" >/dev/null
36 [ $? -eq 0 ] && log "Schemas look up to date. Ok. Quitting." && return 0
39 log "Prepare environment."
42 iferr "Could not create a temporary directory. Quitting." && return 1
44 SUBDBDIR="${DBDIR}/cn=temporary"
47 iferr "Could not create temporary configuration directory. Quitting." && return 1
48 cp -r --no-target-directory "${ORIGINAL}" "${SUBDBDIR}"
49 iferr "Could not copy configuration. Quitting." && return 1
51 pushd "$TEMPDIR" >/dev/null
57 access to * by * manage
60 SOCKET="$(pwd)/socket"
61 LISTENER="ldapi://${SOCKET//\//%2F}"
62 CONN_PARAMS=("-Y" "EXTERNAL" "-H" "${LISTENER}")
64 slapd -f temp.conf -h "$LISTENER" -d 0 >/dev/null 2>&1 &
68 ldapadd ${CONN_PARAMS[@]} -d 0 >/dev/null 2>&1 <<EOF
70 objectClass: olcGlobal
73 iferr "Could not populate the temporary database. Quitting." && return 1
76 log "Update with new pwdMaxRecordedFailure attribute."
78 FILTER+="(olcObjectClasses=*'pwdPolicy'*)"
79 FILTER+="(!(olcObjectClasses=*'pwdPolicy'*'pwdMaxRecordedFailure'*))"
80 FILTER+="(!(olcAttributeTypes=*'pwdMaxRecordedFailure'*))"
82 RES=$(ldapsearch ${CONN_PARAMS[@]} \
83 -b cn=schema,cn=config,cn=temporary \
90 DN=$(printf "$RES" | grep '^dn:')
91 OC=$(printf "$RES" | grep "^olcObjectClasses:.*'pwdPolicy'")
92 NEWOC="${OC//$ pwdSafeModify /$ pwdSafeModify $ pwdMaxRecordedFailure }"
94 test $(echo "$DN" | wc -l) = 1
95 iferr "Received more than one DN. Cannot continue. Quitting." && return 1
96 test "$NEWOC" != "$OC"
97 iferr "Updating pwdPolicy objectClass definition failed. Quitting." && return 1
99 ldapmodify ${CONN_PARAMS[@]} -d 0 >/dev/null 2>&1 <<EOF
102 add: olcAttributeTypes
103 olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.30 NAME 'pwdMaxRecordedFailur
104 e' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.
105 1466.115.121.1.27 SINGLE-VALUE )
107 delete: olcObjectClasses
110 add: olcObjectClasses
113 iferr "Updating with new attribute failed. Quitting." && return 1
119 cp -r --no-target-directory "$ORIGINAL" "$ORIGINAL~backup"
120 iferr "Backing up old configuration failed. Quitting." && return 1
121 cp -r --no-target-directory "$SUBDBDIR" "$ORIGINAL"
122 iferr "Applying new configuration failed. Quitting." && return 1
135 if [ $? -ne 0 ]; then