Hello community, here is the log from the commit of package openldap2 for openSUSE:Factory checked in at 2018-04-07 20:54:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openldap2 (Old) and /work/SRC/openSUSE:Factory/.openldap2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openldap2" Sat Apr 7 20:54:22 2018 rev:132 rq:593981 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/openldap2/openldap2.changes 2018-04-03 12:11:44.952141894 +0200 +++ /work/SRC/openSUSE:Factory/.openldap2.new/openldap2.changes 2018-04-07 20:54:24.588139463 +0200 @@ -1,0 +2,13 @@ +Fri Apr 6 11:29:22 UTC 2018 - zsolt.kal...@suse.com + +- bsc#1085064 Add script "openldap_update_modules_path.sh" which + which removes the configuration item olcModulePath in cn=config + which is after upgrade from SLE12 to SLE15 holds inappropriate + information. If the cn=config is being used on a system, the + conflicting items in slapd.conf are ignored, despite of it, the + backend DB configuration section has been also commented out in + the default slapd.conf. + In case of correct cn=config (the olcModulePath has been already + removed), the script stops without touching anything. + +------------------------------------------------------------------- New: ---- openldap_update_modules_path.sh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openldap2.spec ++++++ --- /var/tmp/diff_new_pack.EZvX76/_old 2018-04-07 20:54:26.068085898 +0200 +++ /var/tmp/diff_new_pack.EZvX76/_new 2018-04-07 20:54:26.068085898 +0200 @@ -55,6 +55,7 @@ Source14: slapd.service Source15: SuSEfirewall2.openldap Source16: sysconfig.openldap +Source17: openldap_update_modules_path.sh Patch3: 0003-LDAPI-socket-location.dif Patch5: 0005-pie-compile.dif Patch6: 0006-No-Build-date-and-time-in-binaries.dif @@ -365,6 +366,7 @@ chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/liblber.so* chmod a+x ${RPM_BUILD_ROOT}/%{_libdir}/libldap_r.so* install -m 755 %{SOURCE6} ${RPM_BUILD_ROOT}/usr/sbin/schema2ldif +install -m 755 %{SOURCE17} ${RPM_BUILD_ROOT}/usr/sbin # Install ppolicy check module make -C contrib/slapd-modules/ppolicy-check-password STRIP="" "DESTDIR=${RPM_BUILD_ROOT}" "sysconfdir=%{_sysconfdir}/openldap" "libdir=%{_libdir}" "libexecdir=%{_libexecdir}" install @@ -442,6 +444,10 @@ cp /etc/sasl2/slapd.conf /etc/sasl2/slapd.conf.rpmnew cp %{_libdir}/sasl2/slapd.conf /etc/sasl2/slapd.conf fi + +if [ ${1:-0} -gt 1 ! -e /var/adm/openldap_modules_path_updated ] ; then + /usr/sbin/openldap_update_modules_path.sh +fi %{fillup_only -n openldap ldap} %service_add_post slapd.service @@ -476,6 +482,7 @@ %{_fillupdir}/sysconfig.openldap %{_sbindir}/slap* %{_sbindir}/rcslapd +%{_sbindir}/openldap_update_modules_path.sh %{_libdir}/openldap/back_bdb* %{_libdir}/openldap/back_hdb* %{_libdir}/openldap/back_ldap* ++++++ openldap_update_modules_path.sh ++++++ #!/bin/bash # This script has been created to update the OpenLDAP modules path in cn=config # For details of changing the configuration items' location read these: # https://www.openldap.org/lists/openldap-software/200812/msg00080.html # This script writes over the config entry of backend databases location, which files are necessary to run LDAP. The procedure has been created upon this description: # https://serverfault.com/questions/863274/modify-openldap-cn-config-without-slapd-running # Author: Zsolt KALMAR (SUSE Linux GmbH) zkal...@suse.com conf_dir='/etc/openldap/slapd.d' tmp_file='/tmp/ldap_conf_tmp.ldif' backup='/tmp/slapd.d' res=0 rm -f ${tmp_file} # Check if the configuration is containing the inappropriate entry /usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no res=$? if [ $res -ne 0 ] then logger -p user.error "Creating ${tmp_file} has failed." exit 1 fi entry_cnt=`cat ${tmp_file} | grep ^[^#\;] | grep olcModulePath | wc -l` if [ $entry_cnt -eq 0 ] then logger -p user.info "The current LDAP configuration does not contain the wrong item. Stop applying this script. Bye." exit 0 fi rm -rf ${tmp_file} # Make sure the LDAP is not running: /usr/bin/systemctl stop slapd.service # Creating symlinks for the modules required for the slapcat and slapadd ln -s /usr/lib64/openldap/back_bdb.so /usr/lib/openldap/back_bdb.so ln -s /usr/lib64/openldap/back_hdb.so /usr/lib/openldap/back_hdb.so ln -s /usr/lib64/openldap/back_mdb.so /usr/lib/openldap/back_mdb.so ln -s /usr/lib64/openldap/syncprov.so /usr/lib/openldap/syncprov.so # Export the config to a text /usr/sbin/slapcat -n0 -F ${conf_dir} -l ${tmp_file} -o ldif-wrap=no res=$? if [ $res -ne 0 ] then logger -p user.error "Creating ${tmp_file} has failed." exit 1 fi # Create a backup of LDAP config mkdir ${backup} cp -r ${conf_dir}/* ${backup}/ res=$? if [ $res -ne 0 ] then logger -p user.error "LDAP Update script: Backing up ${conf_dir} has failed." exit 1 fi # Remove the configuration item "olcModulePath" sed -n -i '/olcModulePath/!p' ${tmp_file} res=$? if [ $res -ne 0 ] then logger -p user.error "LDAP Update script: Removing of entry in ${tmp_file} has failed." exit 1 fi # Remove the current configuration rm -rf ${conf_dir}/* # Load the modified configuration /usr/sbin/slapadd -n0 -F ${conf_dir} -l ${tmp_file} res=$? # Catch result code of slapadd if [ $res -ne 0 ] then logger -p user.error "LDAP Update script: Implementing new configuration has failed." exit 1 else # Remove temporary symlinks rm -rf /usr/lib/openldap/back_bdb.so rm -rf /usr/lib/openldap/back_hdb.so rm -rf /usr/lib/openldap/back_mdb.so rm -rf /usr/lib/openldap/syncprov.so fi # Start the SLAPD with the new configuration /usr/bin/systemctl start slapd.service res=$? if [ $res -ne 0 ] then logger -p user.error "LDAP Update script: Starting updated LDAP server has been failed." exit 1 else # Remove backups rm -rf ${backup} rm -rf ${tmp_file} # Create "/var/adm/openldap_update_modules" touch /var/adm/openldap_update_modules exit 0 fi ++++++ slapd.conf ++++++ --- /var/tmp/diff_new_pack.EZvX76/_old 2018-04-07 20:54:26.284078080 +0200 +++ /var/tmp/diff_new_pack.EZvX76/_new 2018-04-07 20:54:26.288077935 +0200 @@ -37,8 +37,8 @@ include /etc/openldap/schema/yast.schema # Load backend modules such as databas engines -modulepath /usr/lib64/openldap -moduleload back_mdb.la +#modulepath /usr/lib64/openldap +#moduleload back_mdb.la #moduleload back_hdb.la #moduleload back_bdb.la ++++++ slapd.conf.olctemplate ++++++ --- /var/tmp/diff_new_pack.EZvX76/_old 2018-04-07 20:54:26.324076632 +0200 +++ /var/tmp/diff_new_pack.EZvX76/_new 2018-04-07 20:54:26.324076632 +0200 @@ -33,10 +33,10 @@ include /etc/openldap/schema/yast.schema # Load backend modules such as database engines -modulepath /usr/lib64/openldap -moduleload back_mdb.la -#moduleload back_hdb.la -#moduleload back_bdb.la +# modulepath /usr/lib64/openldap +# moduleload back_mdb.la +# moduleload back_hdb.la +# moduleload back_bdb.la # Define the config database that holds all online configurations database config