steffen: server/kolab/kolab kolab_bootstrap,1.58,1.59
cvs at intevation.de
cvs at intevation.de
Sun Sep 5 14:52:22 CEST 2004
Author: steffen
Update of /kolabrepository/server/kolab/kolab
In directory doto:/tmp/cvs-serv22034/kolab/kolab
Modified Files:
kolab_bootstrap
Log Message:
handle issue 374 and issue354 and openldap restart
Index: kolab_bootstrap
===================================================================
RCS file: /kolabrepository/server/kolab/kolab/kolab_bootstrap,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- kolab_bootstrap 1 Sep 2004 00:25:33 -0000 1.58
+++ kolab_bootstrap 5 Sep 2004 12:52:20 -0000 1.59
@@ -585,98 +585,101 @@
copy("$kolab_prefix/etc/kolab/templates/smtpd.conf.template", $confname) || die "could not write to $confname";
print "Checking server info...\n";
- my $ldap = Net::LDAP->new($ldap_uri, verify => 'none' ) || warn "could not connect ldap server at $ldap_uri";
- if ($ldap) {
- $ldap->bind($bind_dn, password=> $bind_pw) || warn "could not bind to ldap";
- my $mesg = $ldap->search(base=> "$base_dn", scope=> 'exact', filter=> "(objectclass=*)");
- if ($mesg && $mesg->count != 1) {
- print "No $base_dn object found, please check your input\n";
- goto SLAVESTART;
- }
- $php_dn = "cn=nobody,cn=internal,$base_dn";
- $mesg = $ldap->search(base=> $php_dn, scope=> 'exact', filter=> "(objectclass=*)");
- if ($mesg && $mesg->count != 1) {
- print "Nobody object not found, please check your input\n";
- goto SLAVESTART;
- }
- my $entry = $mesg->entry(0);
- $php_pw = $entry->get_value( 'userPassword' );
-
- $mesg = $ldap->search(base=> "k=kolab,$base_dn", scope=> 'exact',
- filter=> "(objectClass=*)");
- if ($mesg && $mesg->count != 1) {
- print "No Kolab object found, please check your input\n";
- goto SLAVESTART;
- }
- my $kolabhosts = $mesg->entry(0)->get_value( 'kolabhost', asref => 1 );
- foreach(@$kolabhosts) {
- if( lc($_) eq lc($fqdn) ) {
- goto SLAVEOK;
- }
- }
- print "$fqdn is not listed on the master, please correct that and try again\n";
+ my $ldap = Net::LDAP->new($ldap_uri, verify => 'none', onerror => 'undef' )
+ || warn "could not connect to ldap server at $ldap_uri";
+ if (!defined($ldap)) {
+ print "Could not connect to ldap server at $ldap_uri\n";
goto SLAVESTART;
+ }
+ $ldap->bind($bind_dn, password=> $bind_pw) || warn "could not bind to ldap";
+ my $mesg = $ldap->search(base=> "$base_dn", scope=> 'exact', filter=> "(objectclass=*)");
+ if ($mesg && $mesg->count != 1) {
+ print "No $base_dn object found, please check your input\n";
+ goto SLAVESTART;
+ }
+ $php_dn = "cn=nobody,cn=internal,$base_dn";
+ $mesg = $ldap->search(base=> $php_dn, scope=> 'exact', filter=> "(objectclass=*)");
+ if ($mesg && $mesg->count != 1) {
+ print "Nobody object not found, please check your input\n";
+ goto SLAVESTART;
+ }
+ my $entry = $mesg->entry(0);
+ $php_pw = $entry->get_value( 'userPassword' );
- SLAVEOK:
-
- my $master_host = $ldapuri->host();
+ $mesg = $ldap->search(base=> "k=kolab,$base_dn", scope=> 'exact',
+ filter=> "(objectClass=*)");
+ if ($mesg && $mesg->count != 1) {
+ print "No Kolab object found, please check your input\n";
+ goto SLAVESTART;
+ }
+ my $kolabhosts = $mesg->entry(0)->get_value( 'kolabhost', asref => 1 );
+ foreach(@$kolabhosts) {
+ if( lc($_) eq lc($fqdn) ) {
+ goto SLAVEOK;
+ }
+ }
+ print "$fqdn is not listed on the master, please correct that and try again\n";
+ goto SLAVESTART;
+ SLAVEOK:
- $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
- print $fd "fqdnhostname : $fqdn\n";
- print $fd "is_master : $is_master\n";
- print $fd "base_dn : $base_dn\n";
- print $fd "bind_dn : $bind_dn\n";
- print $fd "bind_pw : $bind_pw\n";
- print $fd "ldap_uri : $ldap_uri\n";
- print $fd "ldap_master_uri : $ldap_uri\n";
- print $fd "php_dn : $php_dn\n";
- print $fd "php_pw : $php_pw\n";
- undef $fd;
- print "done modifying $kolab_config\n\n";
- chmod 0600, $kolab_config;
+ my $master_host = $ldapuri->host();
- print << 'EOS';
+ $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
+ print $fd "fqdnhostname : $fqdn\n";
+ print $fd "is_master : $is_master\n";
+ print $fd "base_dn : $base_dn\n";
+ print $fd "bind_dn : $bind_dn\n";
+ print $fd "bind_pw : $bind_pw\n";
+ print $fd "ldap_uri : $ldap_uri\n";
+ print $fd "ldap_master_uri : $ldap_uri\n";
+ print $fd "php_dn : $php_dn\n";
+ print $fd "php_pw : $php_pw\n";
+ undef $fd;
+ print "done modifying $kolab_config\n\n";
+ chmod 0600, $kolab_config;
+
+ print << 'EOS';
Now the master server needs to be stopped briefly while the contents of the LDAP database
is copied over to this slave. Please make sure that this slave is entered into the list
of kolabhosts on the master before proceeding.
EOS
- kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap stop");
- kolab_system("ssh -CA $master_host $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pcf - openldap-data | $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pxf -");
- kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap start");
-
- print "Updating configuration, please ignore any initial errors from kolabconf\n\n";
- my $cfg;
- open(FH, "<$kolab_prefix/etc/rc.conf") || die;
- $cfg .= $_ while (<FH>);
- close(FH);
-
- $cfg =~ s/\n((openldap_url|sasl_authmech|openldap_enable)\S*=[^\n]*)/#$1\n/sg;
- # $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
- $cfg .= "\nopenldap_url=\"ldap:// ldaps://\"\nsasl_authmech=\"ldap\"\n";
-
- open(FH, ">$kolab_prefix/etc/rc.conf") || die;
- print FH $cfg;
- close(FH);
- undef $cfg;
+ kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap stop");
+ kolab_system("ssh -CA $master_host $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pcf - openldap-data | $kolab_prefix/lib/openpkg/tar -C $kolab_prefix/var/openldap -pxf -");
+ kolab_system("ssh -CA $master_host $kolab_prefix/bin/openpkg rc openldap start");
- print <<'EOS';
+ print "Updating configuration, please ignore any initial errors from kolabconf\n\n";
+ my $cfg;
+ open(FH, "<$kolab_prefix/etc/rc.conf") || die;
+ $cfg .= $_ while (<FH>);
+ close(FH);
+
+ $cfg =~ s/\n((openldap_url|sasl_authmech|openldap_enable)\S*=[^\n]*)/#$1\n/sg;
+ # $cfg .= "openldap_enable=\"no\"\nopenldap_url=\"\"\nsasl_authmech=\"ldap\"\n";
+ $cfg .= "\nopenldap_url=\"ldap:// ldaps://\"\nsasl_authmech=\"ldap\"\n";
+
+ open(FH, ">$kolab_prefix/etc/rc.conf") || die;
+ print FH $cfg;
+ close(FH);
+ undef $cfg;
+
+ print <<'EOS';
If you chose to create a CA on the master server, you will now need to create
a certificate request and copy it to the master to get it signed. If you already
have a certificate for this server, you can choose to skip this section.
EOS
- my $tmp = getUserInput( "Do you want to create a certificate request and sign it",
- "y", "y", "n");
- if( lc $tmp eq 'n' ) {
- print <<'EOS';
+ my $tmp = getUserInput( "Do you want to create a certificate request and sign it",
+ "y", "y", "n");
+ if( lc $tmp eq 'n' ) {
+ print <<'EOS';
Skipping certificate creation. Please copy your certificate to
@l_prefix@/etc/kolab/cert.pem and private key to
@l_prefix@/etc/kolab/key.pem when the bootstrap script is finished.
EOS
- } else {
-
- print <<'EOS';
+ } else {
+
+ print <<'EOS';
Now we need to create a cerificate request for this slave
and then ssh to the master server to have the request signed.
You will be asked multiple times for the root password of the
@@ -684,56 +687,50 @@
################################################################################
EOS
- # Create cert req
- kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
- kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
- # Log into master and sign cert request
- kolab_system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
- kolab_system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
- kolab_system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
- kolab_system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
- die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
- kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
- kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
- kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
- kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
-
- print <<'EOS';
+ # Create cert req
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newkey $fqdn $kolab_prefix/etc/kolab/key.pem");
+ kolab_system("$kolab_prefix/etc/kolab/kolab_ca.sh -newreq $fqdn $kolab_prefix/etc/kolab/key.pem $kolab_prefix/etc/kolab/newreq.pem ");
+ # Log into master and sign cert request
+ kolab_system("scp $kolab_prefix/etc/kolab/newreq.pem $master_host:$kolab_prefix/etc/kolab/$fqdn-req.pem");
+ kolab_system("ssh -CA $master_host \"$kolab_prefix/etc/kolab/kolab_ca.sh -sign $kolab_prefix/etc/kolab/$fqdn-req.pem $kolab_prefix/etc/kolab/$fqdn.pem;\"");
+ kolab_system("scp $master_host:$kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/cert.pem");
+ kolab_system("ssh -CA $master_host \"rm $kolab_prefix/etc/kolab/$fqdn.pem $kolab_prefix/etc/kolab/$fqdn-req.pem\"");
+ die("Creation of $kolab_prefix/etc/kolab/cert.pem failed") unless -f "$kolab_prefix/etc/kolab/cert.pem";
+ kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/key.pem;");
+ kolab_system("chgrp @l_rgrp@ $kolab_prefix/etc/kolab/cert.pem;");
+ kolab_system("chmod 0640 $kolab_prefix/etc/kolab/cert.pem;");
+
+ print <<'EOS';
################################################################################
Certificate creation done!
EOS
- }
+ }
- print <<'EOS';
+ print <<'EOS';
To be able to encrypt and decrypt passwords for group and resource accounts
we need to copy the RSA keypair used for that purpose from the master server.
EOS
+ kolab_system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
+ ."$master_host:$kolab_prefix/etc/kolab/res_pub.pem "
+ ."$kolab_prefix/etc/kolab/");
+ kolab_system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
+ kolab_system("$kolab_prefix/sbin/kolabconf -n");
- kolab_system("scp $master_host:$kolab_prefix/etc/kolab/res_priv.pem "
- ."$master_host:$kolab_prefix/etc/kolab/res_pub.pem "
- ."$kolab_prefix/etc/kolab/");
- kolab_system("chgrp @l_ngrp@ $kolab_prefix/etc/kolab/res_priv.pem $kolab_prefix/etc/kolab/res_priv.pem;");
-
- kolab_system("$kolab_prefix/sbin/kolabconf -n");
-
- $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
- print $fd "fqdnhostname : $fqdn\n";
- print $fd "is_master : $is_master\n";
- print $fd "base_dn : $base_dn\n";
- print $fd "bind_dn : $bind_dn\n";
- print $fd "bind_pw : $bind_pw\n";
- print $fd "ldap_uri : ldap://127.0.0.1\n";
- print $fd "ldap_master_uri : $ldap_uri\n";
- print $fd "php_dn : $php_dn\n";
- print $fd "php_pw : $php_pw\n";
- undef $fd;
- print "done modifying $kolab_config\n\n";
- chmod 0600, $kolab_config;
-
- } else {
- die "Error contacting LDAP server\n";
- }
+ $fd = IO::File->new($kolab_config, "w+") || die "could not open $kolab_config";
+ print $fd "fqdnhostname : $fqdn\n";
+ print $fd "is_master : $is_master\n";
+ print $fd "base_dn : $base_dn\n";
+ print $fd "bind_dn : $bind_dn\n";
+ print $fd "bind_pw : $bind_pw\n";
+ print $fd "ldap_uri : ldap://127.0.0.1\n";
+ print $fd "ldap_master_uri : $ldap_uri\n";
+ print $fd "php_dn : $php_dn\n";
+ print $fd "php_pw : $php_pw\n";
+ undef $fd;
+ print "done modifying $kolab_config\n\n";
+ chmod 0600, $kolab_config;
}
#system("$kolab_prefix/etc/kolab/kolab_sslcert.sh $fqdn");
More information about the commits
mailing list