[evolvis-commits] r7549: Try of a new version, port from 2. 5↵

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Feb 24 15:43:21 CET 2011


Author: mirabilos
Date: 2011-02-24 15:43:21 +0100 (Thu, 24 Feb 2011)
New Revision: 7549

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/install-ldap.sh
   trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
Log:
Try of a new version, port from 2.5


Modified: trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/install-ldap.sh
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/install-ldap.sh	2011-02-24 14:43:19 UTC (rev 7548)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/deb-specific/install-ldap.sh	2011-02-24 14:43:21 UTC (rev 7549)
@@ -24,8 +24,10 @@
     cp -a /etc/libnss-ldap.conf /etc/libnss-ldap.conf.sourceforge-new
 	dn=$1
 	# Check if DN is correct
-	if ! grep -q "^base.[ 	]*$dc=" /etc/libnss-ldap.conf.sourceforge-new ; then
+	if ! grep -q "^base[ 	]*$dn" /etc/libnss-ldap.conf.sourceforge-new ; then
 		echo "WARNING: Probably incorrect base line in /etc/libnss-ldap.conf"
+		grep "^base" /etc/libnss-ldap.conf
+		echo "Should be: base $dn"
 	fi
 	# Check bindpw
 	# Should contain the secret
@@ -38,10 +40,10 @@
 #	fi
 	# Check rootbinddn
 	# This seems to be necessary to display uid/gid
-	# Should be cn=admin,ou=People,dc=...
+	# Should be cn=admin,dc=...
 	if ! grep -q "^rootbinddn" /etc/libnss-ldap.conf.sourceforge-new ; then
 		echo "# Next line added by Sourceforge install" >>/etc/libnss-ldap.conf.sourceforge-new
-		echo "rootbinddn cn=admin,ou=People,$dn" >>/etc/libnss-ldap.conf.sourceforge-new
+		echo "rootbinddn cn=admin,$dn" >>/etc/libnss-ldap.conf.sourceforge-new
 	fi
 }
 
@@ -96,19 +98,19 @@
 
 		perl -pi -e "s/access to \*/# Next lines added by Sourceforge install
 access to dn=\".*,ou=People,$dn\"		
-	by dn=\"cn=admin,ou=People,$dn\" write	
+	by dn=\"cn=admin,$dn\" write	
 	by dn=\"cn=SF_robot,$dn\" write		
 	by * read				
 access to dn=\"ou=People,$dn\"		
-	by dn=\"cn=admin,ou=People,$dn\" write	
+	by dn=\"cn=admin,$dn\" write	
 	by dn=\"cn=SF_robot,$dn\" write		
 	by * read				
 access to dn=\"ou=Group,$dn\"		
-	by dn=\"cn=admin,ou=People,$dn\" write	
+	by dn=\"cn=admin,$dn\" write	
 	by dn=\"cn=SF_robot,$dn\" write		
 	by * read				
 access to dn=\"ou=cvsGroup,$dn\"		
-	by dn=\"cn=admin,ou=People,$dn\" write	
+	by dn=\"cn=admin,$dn\" write	
 	by dn=\"cn=SF_robot,$dn\" write		
 	by * read				
 # End of sourceforge add
@@ -208,8 +210,8 @@
 		# authentication.
 		# -r Replace existing values by default.
 		# add with -r don't modify and modify don't add so i do add and modify
- 		ldapadd $VERBOSE -r -c -D "cn=admin,ou=People,$naming_context" -x -w"$secret" -f $tmpldif > /dev/null 2>&1 || true
- 		ldapmodify $VERBOSE -r -c -D "cn=admin,ou=People,$naming_context" -x -w"$secret" -f $tmpldif > /dev/null 2>&1 || true
+ 		ldapadd $VERBOSE -r -c -D "cn=admin,$naming_context" -x -w"$secret" -f $tmpldif > /dev/null 2>&1 || true
+ 		ldapmodify $VERBOSE -r -c -D "cn=admin,$naming_context" -x -w"$secret" -f $tmpldif > /dev/null 2>&1 || true
 		rm -f $tmpldif
 	else
 		echo "WARNING: Can't load ldap table without /etc/lapd.secret file"
@@ -219,31 +221,34 @@
 
 print_ldif_default(){
 	dn=$1
+	dc=`echo $1 | sed 's/dc=\(.[^,]*\),.*/\1/'`
 	cryptedpasswd=$2
 	cat <<-FIN
 dn: $dn
 objectClass: top
 objectClass: domain
-dc: rd
+dc: $dc
 
+dn: cn=admin,$dn
+objectClass: organizationalRole
+objectClass: simpleSecurityObject
+cn: admin
+userPassword: $cryptedpasswd
+description: LDAP administrator
+
 dn: ou=People, $dn
-objectClass: top
 objectClass: organizationalUnit
 ou: People
 
-dn: cn=admin, ou=People, $dn
-objectClass: top
-userPassword: $cryptedpasswd
-cn: admin
-
 dn: ou=Roaming, $dn
-objectClass: top
 objectCLass: organizationalUnit
+ou=Roaming
 FIN
 }
 
 setup_vars() {
 	sys_ldap_base_dn=$(grep sys_ldap_base_dn /etc/sourceforge/local.inc | cut -d\" -f2)
+	[ "x$sys_ldap_base_dn" == "x" ] && sys_ldap_base_dn=`grep suffix /etc/ldap/slapd.conf | cut -d\" -f2`
 	#echo "=====>sys_ldap_base_dn=$sys_ldap_base_dn"
 	sys_ldap_admin_dn=$(grep sys_ldap_admin_dn /etc/sourceforge/local.inc | cut -d\" -f2)
 	#echo "=====>sys_ldap_admin_dn=$sys_ldap_admin_dn"
@@ -257,9 +262,9 @@
 }
 # Check Server
 check_server() {
-		naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
-		[ "x$naming_context" == "x" ] && invoke-rc.d slapd restart && sleep 5 && naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
-		[ "x$naming_context" == "x" ] && echo KO || echo $naming_context
+	naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
+	[ "x$naming_context" == "x" ] && invoke-rc.d slapd restart && sleep 5 && naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
+	[ "x$naming_context" == "x" ] && echo "LDAP Server KO" || echo "LDAP Server OK : dn=$naming_context"
 }
 
 # Setup SF_robot Passwd
@@ -269,36 +274,33 @@
 	# The first account is only used in a multiserver SF
 	echo "Adding robot accounts"
 
-	{ ldapadd -r -c -D "$sys_ldap_admin_dn" -x -w"$secret" > /dev/null 2>&1 || true ; } <<-FIN
+	{ ldapadd -r -c -D "$sys_ldap_admin_dn" -x -w"$secret" || true ; } <<-FIN
 dn: cn=Replicator,$sys_ldap_base_dn
+description: Replicator the Robot
+objectClass: organizationalRole
+objectClass: simpleSecurityObject
+userPassword: {crypt}xxxxx
 cn: Replicator
-sn: Replicator the Robot
-description: empty
-objectClass: top
-objectClass: person
-userPassword: {crypt}x
 
 dn: cn=SF_robot,$sys_ldap_base_dn
+description: SF the Robot
+objectClass: organizationalRole
+objectClass: simpleSecurityObject
+userPassword: {crypt}xxxxx
 cn: SF_robot
-sn: SF the Robot
-description: empty
-objectClass: top
-objectClass: person
-userPassword: {crypt}x
 FIN
-
+	check_server
 	echo "Changing SF_robot passwd using admin account"
-	{ ldapmodify -v -c -D "$sys_ldap_admin_dn" -x -w"$secret" > /dev/null 2>&1 || true ; } <<-FIN
+	ldapmodify -v -c -D "$sys_ldap_admin_dn" -x -w"$secret" <<-FIN
 dn: $sys_ldap_bind_dn
 changetype: modify
 replace: userPassword
 userPassword: $cryptedpasswd
 FIN
-
+	check_server
 	echo "Testing LDAP"
-	check_server
 	echo "Changing dummy cn using SF_robot account"
-	{ ldapmodify -v -c -D "$sys_ldap_bind_dn" -x -w"$secret" > /dev/null 2>&1 || true ; } <<-FIN
+	ldapmodify -v -c -D "$sys_ldap_bind_dn" -x -w"$secret" <<-FIN
 dn: uid=dummy,ou=People,$sys_ldap_base_dn
 changetype: modify
 replace: cn
@@ -327,7 +329,6 @@
 		sleep 5		# Sometimes it takes a bit of time to get out of bed
 		echo "Load ldap"
 		load_ldap $dn "$secret"
-		check_server
 		echo "Setup SF_robot account"
 		setup_robot
 		;;
@@ -358,7 +359,7 @@
 	        setup_vars
 		naming_context=$(ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts | grep "namingContexts:" | cut -d" " -f2)
 		admin_regexp=$(echo $sys_ldap_base_dn | sed 's/, */, */g')
-		admin_regexp="^cn=admin, *ou=People, *$admin_regexp"
+		admin_regexp="^cn=admin, *$admin_regexp"
 		get_our_entries () {
 		    slapcat \
 			| grep "^dn:" \
@@ -375,7 +376,7 @@
 			| grep -v "$admin_regexp"
 		}
 		get_our_entries || true
-		get_our_entries | ldapdelete -D "cn=admin,ou=People,$sys_ldap_base_dn" -x -w"$secret" > /dev/null 2>&1 || true
+		get_our_entries | ldapdelete -D "cn=admin,$sys_ldap_base_dn" -x -w"$secret" > /dev/null 2>&1 || true
 		;;
 	reset)
 		setup_vars

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog	2011-02-24 14:43:19 UTC (rev 7548)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/debian/changelog	2011-02-24 14:43:21 UTC (rev 7549)
@@ -8,7 +8,7 @@
   * [Roland] [From 2.5] Moved templates to a Policy-compliant location
     (/etc/sourceforge/templates).
 
- --
+ -- Christian Bayle <bayle at aist.enst.fr>  Thu,  7 Feb 2002 18:30:27 +0100
 
 sourceforge (2.6-0+6) unstable; urgency=low
 



More information about the evolvis-commits mailing list