Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 116023f8e4a6857321a0ea245e91695e203541b0 / . / lib / ldap
blob: efe2f096d7568b90f562c6cf5ab554b22d69c357 [file] [log] [blame]
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]1# lib/ldap
2# Functions to control the installation and configuration of **ldap**
3
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]4# ``lib/keystone`` calls the entry points in this order:
Adam Spiers6a5aa7c2013-10-24 11:27:02 +0100[diff] [blame]5#
6# - install_ldap()
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]7
8# Save trace setting
9XTRACE=$(set +o | grep xtrace)
10set +o xtrace
11
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]12
13LDAP_DOMAIN=${LDAP_DOMAIN:-openstack.org}
14# Make an array of domain components
15DC=(${LDAP_DOMAIN/./ })
16
17# Leftmost domain component used in top-level entry
18LDAP_BASE_DC=${DC[0]}
19
20# Build the base DN
21dn=""
22for dc in ${DC[*]}; do
23 dn="$dn,dc=$dc"
24done
25LDAP_BASE_DN=${dn#,}
26
27LDAP_MANAGER_DN="${LDAP_MANAGER_DN:-cn=Manager,${LDAP_BASE_DN}}"
28LDAP_URL=${LDAP_URL:-ldap://localhost}
29
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]30LDAP_SERVICE_NAME=slapd
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]31
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]32if is_ubuntu; then
33 LDAP_OLCDB_NUMBER=1
34 LDAP_ROOTPW_COMMAND=replace
35elif is_fedora; then
36 LDAP_OLCDB_NUMBER=2
37 LDAP_ROOTPW_COMMAND=add
38elif is_suse; then
39 # SUSE has slappasswd in /usr/sbin/
40 PATH=$PATH:/usr/sbin/
41 LDAP_OLCDB_NUMBER=1
42 LDAP_ROOTPW_COMMAND=add
43 LDAP_SERVICE_NAME=ldap
44fi
45
46
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]47# Functions
48# ---------
49
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]50# Perform common variable substitutions on the data files
51# _ldap_varsubst file
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]52function _ldap_varsubst {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]53 local infile=$1
54 sed -e "
55 s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
56 s|\${SLAPPASS}|$SLAPPASS|
57 s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
58 s|\${BASE_DC}|$LDAP_BASE_DC|
59 s|\${BASE_DN}|$LDAP_BASE_DN|
60 s|\${MANAGER_DN}|$LDAP_MANAGER_DN|
61 " $infile
62}
63
64# clean_ldap() - Remove ldap server
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]65function cleanup_ldap {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]66 uninstall_package $(get_packages ldap)
67 if is_ubuntu; then
68 uninstall_package slapd ldap-utils libslp1
69 sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
70 elif is_fedora; then
71 sudo rm -rf /etc/openldap /var/lib/ldap
72 elif is_suse; then
73 sudo rm -rf /var/lib/ldap
74 fi
75}
76
77# init_ldap
78# init_ldap() - Initialize databases, etc.
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]79function init_ldap {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]80 local keystone_ldif
81
82 TMP_LDAP_DIR=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
83
84 # Remove data but not schemas
85 clear_ldap_state
86
87 # Add our top level ldap nodes
88 if ldapsearch -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -b "$LDAP_BASE_DN" | grep -q "Success"; then
89 printf "LDAP already configured for $LDAP_BASE_DC\n"
90 else
91 printf "Configuring LDAP for $LDAP_BASE_DC\n"
92 # If BASE_DN is changed, the user may override the default file
93 if [[ -r $FILES/ldap/${LDAP_BASE_DC}.ldif.in ]]; then
94 keystone_ldif=${LDAP_BASE_DC}.ldif
95 else
96 keystone_ldif=keystone.ldif
97 fi
98 _ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$TMP_LDAP_DIR/${keystone_ldif}
99 if [[ -r $TMP_LDAP_DIR/${keystone_ldif} ]]; then
100 ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $TMP_LDAP_DIR/${keystone_ldif}
101 fi
102 fi
103
104 rm -rf TMP_LDAP_DIR
105}
106
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]107# install_ldap
108# install_ldap() - Collect source and prepare
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]109function install_ldap {
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]110 echo "Installing LDAP inside function"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]111 echo "os_VENDOR is $os_VENDOR"
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]112
113 TMP_LDAP_DIR=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
114
115 printf "installing OpenLDAP"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]116 if is_ubuntu; then
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]117 # Ubuntu automatically starts LDAP so no need to call start_ldap()
118 :
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]119 elif is_fedora; then
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]120 start_ldap
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]121 elif is_suse; then
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]122 _ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$TMP_LDAP_DIR/suse-base-config.ldif
123 sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $TMP_LDAP_DIR/suse-base-config.ldif
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]124 sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
125 start_ldap
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]126 fi
127
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]128 echo "LDAP_PASSWORD is $LDAP_PASSWORD"
129 SLAPPASS=$(slappasswd -s $LDAP_PASSWORD)
130 printf "LDAP secret is $SLAPPASS\n"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]131
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]132 # Create manager.ldif and add to olcdb
133 _ldap_varsubst $FILES/ldap/manager.ldif.in >$TMP_LDAP_DIR/manager.ldif
134 sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_LDAP_DIR/manager.ldif
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]135
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]136 # On fedora we need to manually add cosine and inetorgperson schemas
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]137 if is_fedora; then
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]138 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
139 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
140 fi
141
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]142 rm -rf TMP_LDAP_DIR
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]143}
144
145# start_ldap() - Start LDAP
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]146function start_ldap {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]147 sudo service $LDAP_SERVICE_NAME restart
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]148}
149
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]150# stop_ldap() - Stop LDAP
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]151function stop_ldap {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]152 sudo service $LDAP_SERVICE_NAME stop
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]153}
154
155# clear_ldap_state() - Clear LDAP State
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]156function clear_ldap_state {
Dean Troyerb44a8ef2014-03-06 11:25:04 -0600[diff] [blame]157 ldapdelete -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -r "$LDAP_BASE_DN" || :
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]158}
159
160# Restore xtrace
161$XTRACE
Sean Dague584d90e2013-03-29 14:34:53 -0400[diff] [blame]162
Adam Spiers6a5aa7c2013-10-24 11:27:02 +0100[diff] [blame]163# Tell emacs to use shell-script-mode
164## Local variables:
165## mode: shell-script
166## End: