* Add openldap user and group.
* Add a system tmpfile for /run/openldap directory.
* Add /etc/openldap/slapd.d and /var/lib/ldap as datafiles,
to be sure they never will be removed or overwritten by pakfire.
* Add new permissions and owernships for ldap user.
* Run slapd as user "ldap".
* Add openldap.socket file to create and listen on the unix socket.
This socket is placed in /run/openldap/ldapi.
* Enable ldapi ( the local ldap unix socket) on systemd service file.
Also listen on the existing unix socket and use socket-based activation.
As a result of this kind of activation we do not have longer to enable the
openldap service on startup and so I've removed lines on the service file for
that.
Fixes #10224.
name = openldap
version = 2.4.32
name = openldap
version = 2.4.32
groups = System/Daemons
url = http://www.openldap.org/
groups = System/Daemons
url = http://www.openldap.org/
libtool-devel
openssl-devel
pth-devel
libtool-devel
openssl-devel
pth-devel
end
configure_options += \
end
configure_options += \
--enable-ndb=no \
--disable-static
--enable-ndb=no \
--disable-static
+ prepare_cmds
+ %{create_user}
+ end
+
install_cmds
mv -v %{BUILDROOT}%{libdir}/slapd %{BUILDROOT}/usr/sbin/slapd
ln -svf slapd %{BUILDROOT}/usr/sbin/slapacl
install_cmds
mv -v %{BUILDROOT}%{libdir}/slapd %{BUILDROOT}/usr/sbin/slapd
ln -svf slapd %{BUILDROOT}/usr/sbin/slapacl
ln -svf slapd %{BUILDROOT}/usr/sbin/slapschema
ln -svf slapd %{BUILDROOT}/usr/sbin/slaptest
ln -svf slapd %{BUILDROOT}/usr/sbin/slapschema
ln -svf slapd %{BUILDROOT}/usr/sbin/slaptest
- rm -rvf %{BUILDROOT}/var/openldap-data
+ # Remove unneeded files.
+ rm -rvf %{BUILDROOT}%{localstatedir}/openldap-data
+ rm -rvf %{BUILDROOT}%{localstatedir}/run
for LINK in lber ldap ldap_r; do
chmod -v 0755 %{BUILDROOT}%{libdir}/$(readlink %{BUILDROOT}%{libdir}/lib${LINK}.so)
for LINK in lber ldap ldap_r; do
chmod -v 0755 %{BUILDROOT}%{libdir}/$(readlink %{BUILDROOT}%{libdir}/lib${LINK}.so)
# Install configuration
mkdir -pv %{BUILDROOT}/etc/%{name}
# Install configuration
mkdir -pv %{BUILDROOT}/etc/%{name}
- cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}/etc/%{name}/slapd.conf
-
- mkdir -pv %{BUILDROOT}/var/lib/ldap
- chmod 700 -Rv %{BUILDROOT}/var/lib/ldap
+ cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}%{sysconfdir}/%{name}/slapd.conf
+
+ # Create directoires.
+ mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/slapd.d
+ mkdir -pv %{BUILDROOT}%{localstatedir}/%{name}
+ mkdir -pv %{BUILDROOT}%{sharedstatedir}/ldap
+
+ # Fix permissions and ownerships.
+ chown -Rv ldap:ldap %{BUILDROOT}%{sysconfdir}/%{name}
+ chown ldap:ldap %{BUILDROOT}/run/%{name}
+ chown ldap:ldap %{BUILDROOT}%{sharedstatedir}/ldap
+ chmod 700 -Rv %{BUILDROOT}%{sharedstatedir}/ldap
+create_user
+ getent group ldap >/dev/null || groupadd -r ldap
+ getent passwd ldap >/dev/null || useradd -r -g ldap \
+ -d /var/lib/ldap -s /sbin/nologin -c "OpenLDAP server" ldap
+end
+
+ prerequires += shadow-utils
+
+ script prein
+ %{create_user}
+ end
+
+ datafiles
+ %{sysconfdir}/%{name}/slapd.d
+ %{sharedstatedir}/ldap
+ end
+
script postin
systemctl daemon-reload >/dev/null 2>&1 || :
script postin
systemctl daemon-reload >/dev/null 2>&1 || :
+ systemctl enable openldap.socket >/dev/null 2>&1 || :
end
script preun
systemctl --no-reload disable openldap.service >/dev/null 2>&1 || :
end
script preun
systemctl --no-reload disable openldap.service >/dev/null 2>&1 || :
+ systemctl --no-reload disable openldap.socket >/dev/null 2>&1 || :
systemctl stop openldap.service >/dev/null 2>&1 || :
systemctl stop openldap.service >/dev/null 2>&1 || :
+ systemctl stop openldap.socket >/dev/null 2>&1 || :
--- /dev/null
+d /run/openldap 0755 ldap ldap -
[Unit]
Description=OpenLDAP
[Unit]
Description=OpenLDAP
+After=basic.target sockets.target
-Type=forking
-ExecStart=/usr/sbin/slapd
-
-[Install]
-WantedBy=multi-user.target
+ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://%2Frun%2Fopenldap%2Fldapi'
--- /dev/null
+[Socket]
+ListenStream=/run/openldap/ldapi
+
+[Install]
+WantedBy=sockets.target