Skip to content

Commit

Permalink
Prevent database creation on Debian
Browse files Browse the repository at this point in the history 
When Debian install slapd, it configure it by default with a database
that match the hostname unless overriden by a preseed file as we did
before.  This however has consequences on the database created by the
module that prevent it from being restored after being dumped.

Remove this custom database name and request no_configuration from the
preseed file.  This requires us to bootstrap the cn=config database, but
also prevent the package from installing correctly ([709472]).
Workaround this issue with some systemd presets.

Fixes #366

[709472]:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709472
  • Loading branch information
@smortex
smortex committed Apr 4, 2023
1 parent 588c271 commit c8242dd
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
10 changes: 10 additions & 0 deletions manifests/server/config.pp
View file
Expand Up @@ -50,6 +50,16 @@
variable => 'SLAPD_SERVICES',
value => $slapd_ldap_urls,
}

# Debian configuration include database creation. We skip this with
# preseeding files so we need to manualy bootstrap cn=config.
exec { 'bootstrap cn=config':
command => "/usr/sbin/slapadd -n 0 -F ${openldap::server::confdir} -l /usr/share/slapd/slapd.init.ldif",
creates => "${openldap::server::confdir}/cn=config.ldif",
user => $openldap::server::owner,
group => $openldap::server::group,
require => File[$openldap::server::confdir],
}
}
'RedHat': {
if versioncmp($facts['os']['release']['major'], '6') <= 0 {
Expand Down
17 changes: 16 additions & 1 deletion manifests/server/install.pp
View file
Expand Up @@ -5,12 +5,27 @@
contain openldap::utils

if $facts['os']['family'] == 'Debian' {
unless defined(File['/etc/systemd/system-preset']) {
file { '/etc/systemd/system-preset':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755',
}
}
file { '/etc/systemd/system-preset/90-slapd.preset':
ensure => 'file',
owner => 'root',
group => 'root',
content => "disable slapd.service\n",
before => Package[$openldap::server::package],
}
file { '/var/cache/debconf/slapd.preseed':
ensure => file,
mode => '0644',
owner => 'root',
group => 'root',
content => "slapd slapd/domain\tstring\tmy-domain.com\n",
content => "slapd slapd/no_configuration\tboolean\ttrue\n",
before => Package[$openldap::server::package],
}
$responsefile = '/var/cache/debconf/slapd.preseed'
Expand Down

0 comments on commit c8242dd

Please sign in to comment.