From 8826ccc80d0cacb18c942174b6b44522b8121b03 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Tue, 26 Jul 2022 13:30:24 +0200 Subject: openldap (WIP) Signed-off-by: Daniel Baumann --- openldap/Makefile | 138 +++++++++++++++++++++++++++++++++++++++++ openldap/bin/slapd-cron-backup | 33 ++++++++++ openldap/bin/slapd-cron-clean | 29 +++++++++ openldap/share/cron/dehydrated | 4 ++ 4 files changed, 204 insertions(+) create mode 100644 openldap/Makefile create mode 100755 openldap/bin/slapd-cron-backup create mode 100755 openldap/bin/slapd-cron-clean create mode 100755 openldap/share/cron/dehydrated diff --git a/openldap/Makefile b/openldap/Makefile new file mode 100644 index 0000000..e68219e --- /dev/null +++ b/openldap/Makefile @@ -0,0 +1,138 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC1090 -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: share/man/*.rst + $(MAKE) -C share/man + +install: build + mkdir -p $(DESTDIR)/etc/dehydrated/hook.d + + mkdir -p $(DESTDIR)/etc/cron.d + cp -r share/cron/* $(DESTDIR)/etc/cron.d + + mkdir -p $(DESTDIR)/etc/cron.daily + ln -s /usr/bin/dehydrated-cron $(DESTDIR)/etc/cron.daily/dehydrated + + mkdir -p $(DESTDIR)/etc/logrotate.d + cp -r share/logrotate/* $(DESTDIR)/etc/logrotate.d + + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + + mkdir -p $(DESTDIR)/usr/share/dehydrated/hooks + cp -r share/hooks/* $(DESTDIR)/usr/share/dehydrated/hooks + + ln -sf /usr/bin/dehydrated-nsupdate $(DESTDIR)/usr/share/dehydrated/hooks/clean_challenge.nsupdate + ln -sf /usr/bin/dehydrated-nsupdate $(DESTDIR)/usr/share/dehydrated/hooks/deploy_challenge.nsupdate + + for SECTION in $$(seq 1 8); \ + do \ + if ls share/man/*.$${SECTION} > /dev/null 2>&1; \ + then \ + mkdir -p $(DESTDIR)/usr/share/man/man$${SECTION}; \ + cp share/man/*.$${SECTION} $(DESTDIR)/usr/share/man/man$${SECTION}; \ + fi; \ + done + +uninstall: + for SECTION in $$(seq 1 8); \ + do \ + for FILE in share/man/*.$${SECTION}; \ + do \ + rm -f $(DESTDIR)/usr/share/man/man$${SECTION}/$$(basename $${FILE}); \ + done; \ + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/man/man$${SECTION} || true; \ + done + + rm -rf $(DESTDIR)/usr/share/dehydrated/hooks + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/share/dehydrated || true + + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + for FILE in share/logrotate/*; \ + do \ + rm -f $(DESTDIR)/etc/logrotate.d/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/logrotate.d || true + + rm -f $(DESTDIR)/etc/cron.daily/dehydrated + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/cron.daily || true + + for FILE in share/cron/*; \ + do \ + rm -f $(DESTDIR)/etc/cron.d/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/cron.d || true + + rm -rf $(DESTDIR)/etc/dehydrated/hook.d + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/dehydrated || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + $(MAKE) -C share/man clean + +distclean: clean + +reinstall: uninstall install diff --git a/openldap/bin/slapd-cron-backup b/openldap/bin/slapd-cron-backup new file mode 100755 index 0000000..814590e --- /dev/null +++ b/openldap/bin/slapd-cron-backup @@ -0,0 +1,33 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +BFHBCK=bfh-$( date +%y%m%d-%H%M ).ldif +ACCESSBCK=access-$( date +%y%m%d-%H%M ).ldif +BACKUPDIR=/srv/ldap-master.bfh.ch/slapcat + +/usr/sbin/slapcat -v -b "dc=bfh,dc=ch" -l $BACKUPDIR/$BFHBCK +gzip -9 $BACKUPDIR/$BFHBCK +/usr/sbin/slapcat -v -b "cn=accesslog" -l $BACKUPDIR/$ACCESSBCK +gzip -9 $BACKUPDIR/$ACCESSBCK + +find $BACKUPDIR -mtime +14 -exec rm {} + diff --git a/openldap/bin/slapd-cron-clean b/openldap/bin/slapd-cron-clean new file mode 100755 index 0000000..9e915bb --- /dev/null +++ b/openldap/bin/slapd-cron-clean @@ -0,0 +1,29 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +set -e + +for FILE in $(find /var/lib/ldap -type f -name DB_CONFIG) +do + DATABASE="$(dirname "${FILE}")" + + db_archive -d -h "${DATABASE}" +done diff --git a/openldap/share/cron/dehydrated b/openldap/share/cron/dehydrated new file mode 100755 index 0000000..a560985 --- /dev/null +++ b/openldap/share/cron/dehydrated @@ -0,0 +1,4 @@ +# /etc/cron.d/dehydrated + +@daily root /usr/bin/slapd-cron-db +@daily root /usr/bin/slapd-cron-backup -- cgit v1.2.3