Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 7191c5e7e7edb1e2f28c0ce71294f61b409cf16b / . / lib / ldap
blob: ea5faa1fe97bbf3900b2abbc7231dd7627d12381 [file] [log] [blame]
Sean Daguee263c822014-12-05 14:25:28 -0500[diff] [blame]1#!/bin/bash
2#
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]3# lib/ldap
4# Functions to control the installation and configuration of **ldap**
5
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]6# ``lib/keystone`` calls the entry points in this order:
Adam Spiers6a5aa7c2013-10-24 11:27:02 +0100[diff] [blame]7#
8# - install_ldap()
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]9
10# Save trace setting
Ian Wienand523f4882015-10-13 11:03:03 +1100[diff] [blame]11_XTRACE_LDAP=$(set +o | grep xtrace)
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]12set +o xtrace
13
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]14
15LDAP_DOMAIN=${LDAP_DOMAIN:-openstack.org}
16# Make an array of domain components
17DC=(${LDAP_DOMAIN/./ })
18
19# Leftmost domain component used in top-level entry
20LDAP_BASE_DC=${DC[0]}
21
22# Build the base DN
23dn=""
24for dc in ${DC[*]}; do
25 dn="$dn,dc=$dc"
26done
27LDAP_BASE_DN=${dn#,}
28
29LDAP_MANAGER_DN="${LDAP_MANAGER_DN:-cn=Manager,${LDAP_BASE_DN}}"
30LDAP_URL=${LDAP_URL:-ldap://localhost}
31
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]32LDAP_SERVICE_NAME=slapd
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]33
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]34if is_ubuntu; then
35 LDAP_OLCDB_NUMBER=1
Grzegorz Grasza26f81492021-08-16 10:36:03 +0200[diff] [blame]36 LDAP_OLCDB_TYPE=mdb
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]37 LDAP_ROOTPW_COMMAND=replace
38elif is_fedora; then
39 LDAP_OLCDB_NUMBER=2
Grzegorz Grasza26f81492021-08-16 10:36:03 +0200[diff] [blame]40 LDAP_OLCDB_TYPE=hdb
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]41 LDAP_ROOTPW_COMMAND=add
42elif is_suse; then
43 # SUSE has slappasswd in /usr/sbin/
44 PATH=$PATH:/usr/sbin/
45 LDAP_OLCDB_NUMBER=1
Grzegorz Grasza26f81492021-08-16 10:36:03 +0200[diff] [blame]46 LDAP_OLCDB_TYPE=hdb
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]47 LDAP_ROOTPW_COMMAND=add
48 LDAP_SERVICE_NAME=ldap
49fi
50
51
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]52# Functions
53# ---------
54
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]55# Perform common variable substitutions on the data files
56# _ldap_varsubst file
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]57function _ldap_varsubst {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]58 local infile=$1
Julie Pichona3d60c82014-11-21 14:57:16 +0000[diff] [blame]59 local slappass=$2
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]60 sed -e "
61 s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
Grzegorz Grasza26f81492021-08-16 10:36:03 +0200[diff] [blame]62 s|\${LDAP_OLCDB_TYPE}|$LDAP_OLCDB_TYPE|
Julie Pichona3d60c82014-11-21 14:57:16 +0000[diff] [blame]63 s|\${SLAPPASS}|$slappass|
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]64 s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
65 s|\${BASE_DC}|$LDAP_BASE_DC|
66 s|\${BASE_DN}|$LDAP_BASE_DN|
67 s|\${MANAGER_DN}|$LDAP_MANAGER_DN|
68 " $infile
69}
70
71# clean_ldap() - Remove ldap server
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]72function cleanup_ldap {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]73 uninstall_package $(get_packages ldap)
74 if is_ubuntu; then
75 uninstall_package slapd ldap-utils libslp1
76 sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
77 elif is_fedora; then
78 sudo rm -rf /etc/openldap /var/lib/ldap
79 elif is_suse; then
80 sudo rm -rf /var/lib/ldap
81 fi
82}
83
84# init_ldap
85# init_ldap() - Initialize databases, etc.
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]86function init_ldap {
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]87 local keystone_ldif
88
Ian Wienandada886d2015-10-07 14:06:26 +1100[diff] [blame]89 local tmp_ldap_dir
90 tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]91
92 # Remove data but not schemas
93 clear_ldap_state
94
95 # Add our top level ldap nodes
96 if ldapsearch -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -b "$LDAP_BASE_DN" | grep -q "Success"; then
97 printf "LDAP already configured for $LDAP_BASE_DC\n"
98 else
99 printf "Configuring LDAP for $LDAP_BASE_DC\n"
100 # If BASE_DN is changed, the user may override the default file
101 if [[ -r $FILES/ldap/${LDAP_BASE_DC}.ldif.in ]]; then
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]102 local keystone_ldif=${LDAP_BASE_DC}.ldif
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]103 else
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]104 local keystone_ldif=keystone.ldif
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]105 fi
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]106 _ldap_varsubst $FILES/ldap/${keystone_ldif}.in >$tmp_ldap_dir/${keystone_ldif}
107 if [[ -r $tmp_ldap_dir/${keystone_ldif} ]]; then
108 ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $tmp_ldap_dir/${keystone_ldif}
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]109 fi
110 fi
111
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]112 rm -rf $tmp_ldap_dir
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]113}
114
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]115# install_ldap
116# install_ldap() - Collect source and prepare
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]117function install_ldap {
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]118 echo "Installing LDAP inside function"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]119 echo "os_VENDOR is $os_VENDOR"
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]120
Ian Wienandada886d2015-10-07 14:06:26 +1100[diff] [blame]121 local tmp_ldap_dir
122 tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]123
124 printf "installing OpenLDAP"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]125 if is_ubuntu; then
Leticia Wanderleycc363972017-06-26 23:52:52 -0300[diff] [blame]126 configure_ldap
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]127 elif is_fedora; then
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]128 start_ldap
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]129 elif is_suse; then
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]130 _ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
131 sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]132 sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
133 start_ldap
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]134 fi
135
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]136 echo "LDAP_PASSWORD is $LDAP_PASSWORD"
Ian Wienandada886d2015-10-07 14:06:26 +1100[diff] [blame]137 local slappass
138 slappass=$(slappasswd -s $LDAP_PASSWORD)
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]139 printf "LDAP secret is $slappass\n"
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]140
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]141 # Create manager.ldif and add to olcdb
Julie Pichona3d60c82014-11-21 14:57:16 +0000[diff] [blame]142 _ldap_varsubst $FILES/ldap/manager.ldif.in $slappass >$tmp_ldap_dir/manager.ldif
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]143 sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $tmp_ldap_dir/manager.ldif
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]144
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]145 # On fedora we need to manually add cosine and inetorgperson schemas
Dean Troyerb9e25132013-10-01 14:45:04 -0500[diff] [blame]146 if is_fedora; then
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]147 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
148 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
149 fi
150
Dean Troyeref66a772014-07-25 14:45:34 -0500[diff] [blame]151 rm -rf $tmp_ldap_dir
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]152}
153
Leticia Wanderleycc363972017-06-26 23:52:52 -0300[diff] [blame]154# configure_ldap() - Configure LDAP - reconfigure slapd
155function configure_ldap {
156 sudo debconf-set-selections <<EOF
157 slapd slapd/internal/generated_adminpw password $LDAP_PASSWORD
158 slapd slapd/internal/adminpw password $LDAP_PASSWORD
159 slapd slapd/password2 password $LDAP_PASSWORD
160 slapd slapd/password1 password $LDAP_PASSWORD
161 slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
162 slapd slapd/domain string Users
163 slapd shared/organization string $LDAP_DOMAIN
Grzegorz Grasza26f81492021-08-16 10:36:03 +0200[diff] [blame]164 slapd slapd/backend string ${LDAP_OLCDB_TYPE^^}
Leticia Wanderleycc363972017-06-26 23:52:52 -0300[diff] [blame]165 slapd slapd/purge_database boolean true
166 slapd slapd/move_old_database boolean true
167 slapd slapd/allow_ldap_v2 boolean false
168 slapd slapd/no_configuration boolean false
169 slapd slapd/dump_database select when needed
170EOF
171 sudo apt-get install -y slapd ldap-utils
172 sudo dpkg-reconfigure -f noninteractive $LDAP_SERVICE_NAME
173}
174
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]175# start_ldap() - Start LDAP
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]176function start_ldap {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]177 sudo service $LDAP_SERVICE_NAME restart
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]178}
179
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]180# stop_ldap() - Stop LDAP
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]181function stop_ldap {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]182 sudo service $LDAP_SERVICE_NAME stop
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]183}
184
185# clear_ldap_state() - Clear LDAP State
Ian Wienandaee18c72014-02-21 15:35:08 +1100[diff] [blame]186function clear_ldap_state {
Dean Troyerb44a8ef2014-03-06 11:25:04 -0600[diff] [blame]187 ldapdelete -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -r "$LDAP_BASE_DN" || :
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]188}
189
190# Restore xtrace
Ian Wienand523f4882015-10-13 11:03:03 +1100[diff] [blame]191$_XTRACE_LDAP
Sean Dague584d90e2013-03-29 14:34:53 -0400[diff] [blame]192
Adam Spiers6a5aa7c2013-10-24 11:27:02 +0100[diff] [blame]193# Tell emacs to use shell-script-mode
194## Local variables:
195## mode: shell-script
196## End: