Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / e0f4065afdd591d2511a4d8689dacab98392b331 / . / lib / ldap
blob: 2a24ccddf7498fbd8aece9a8fbb0f2ce2b20b023 [file] [log] [blame]
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]1# lib/ldap
2# Functions to control the installation and configuration of **ldap**
3
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]4# ``lib/keystone`` calls the entry points in this order:
5# install_ldap()
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]6
7# Save trace setting
8XTRACE=$(set +o | grep xtrace)
9set +o xtrace
10
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]11LDAP_SERVICE_NAME=slapd
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]12
13# Functions
14# ---------
15
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]16# install_ldap
17# install_ldap() - Collect source and prepare
18function install_ldap() {
19 echo "Installing LDAP inside function"
20 echo "LDAP_PASSWORD is $LDAP_PASSWORD"
21 echo "os_VENDOR is $os_VENDOR"
22 printf "installing"
23 if is_ubuntu; then
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]24 LDAP_OLCDB_NUMBER=1
25 LDAP_ROOTPW_COMMAND=replace
26 sudo DEBIAN_FRONTEND=noninteractive apt-get install slapd ldap-utils
27 #automatically starts LDAP on ubuntu so no need to call start_ldap
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]28 elif is_fedora; then
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]29 LDAP_OLCDB_NUMBER=2
30 LDAP_ROOTPW_COMMAND=add
31 start_ldap
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]32 elif is_suse; then
33 LDAP_OLCDB_NUMBER=1
34 LDAP_ROOTPW_COMMAND=add
35 LDAP_SERVICE_NAME=ldap
36 # SUSE has slappasswd in /usr/sbin/
37 PATH=$PATH:/usr/sbin/
38 sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $FILES/ldap/base-config.ldif
39 sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
40 start_ldap
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]41 fi
42
43 printf "generate password file"
44 SLAPPASS=`slappasswd -s $LDAP_PASSWORD`
45
46 printf "secret is $SLAPPASS\n"
47 #create manager.ldif
48 TMP_MGR_DIFF_FILE=`mktemp -t manager_ldiff.$$.XXXXXXXXXX.ldif`
49 sed -e "s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|" -e "s|\${SLAPPASS}|$SLAPPASS|" -e "s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|" $FILES/ldap/manager.ldif.in >> $TMP_MGR_DIFF_FILE
50
51 #update ldap olcdb
52 sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_MGR_DIFF_FILE
53
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]54 # On fedora we need to manually add cosine and inetorgperson schemas
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]55 if is_fedora || is_suse; then
Brad Topol0c2c3fc2013-03-19 03:01:30 -0500[diff] [blame]56 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
57 sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
58 fi
59
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]60 # add our top level ldap nodes
Dean Troyercc6b4432013-04-08 15:38:03 -0500[diff] [blame]61 if ldapsearch -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -b dc=openstack,dc=org | grep -q "Success"; then
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]62 printf "LDAP already configured for OpenStack\n"
63 if [[ "$KEYSTONE_CLEAR_LDAP" == "yes" ]]; then
64 # clear LDAP state
65 clear_ldap_state
66 # reconfigure LDAP for OpenStack
67 ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f $FILES/ldap/openstack.ldif
68 fi
69 else
70 printf "Configuring LDAP for OpenStack\n"
71 ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f $FILES/ldap/openstack.ldif
72 fi
73}
74
75# start_ldap() - Start LDAP
76function start_ldap() {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]77 sudo service $LDAP_SERVICE_NAME restart
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]78}
79
80
81# stop_ldap() - Stop LDAP
82function stop_ldap() {
Ralf Haferkamp704106a2013-09-12 14:24:47 +0200[diff] [blame]83 sudo service $LDAP_SERVICE_NAME stop
Brad Topolf127e2f2013-01-22 10:17:50 -0600[diff] [blame]84}
85
86# clear_ldap_state() - Clear LDAP State
87function clear_ldap_state() {
88 ldapdelete -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -r "dc=openstack,dc=org"
89}
90
91# Restore xtrace
92$XTRACE
Sean Dague584d90e2013-03-29 14:34:53 -0400[diff] [blame]93
94# Local variables:
95# mode: shell-script
96# End: