1. devstack
  2. lib
  3. ldap
Raw Blame History 
# lib/ldap
# Functions to control the installation and configuration of **ldap**

# ``lib/keystone`` calls the entry points in this order:
# install_ldap()

# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace


# Functions
# ---------

# install_ldap
# install_ldap() - Collect source and prepare
function install_ldap() {
    echo "Installing LDAP inside function"
    echo "LDAP_PASSWORD is $LDAP_PASSWORD"
    echo "os_VENDOR is $os_VENDOR"
    printf "installing"
    if is_ubuntu; then
        LDAP_OLCDB_NUMBER=1
        LDAP_ROOTPW_COMMAND=replace
        sudo DEBIAN_FRONTEND=noninteractive apt-get install slapd ldap-utils
        #automatically starts LDAP on ubuntu so no need to call start_ldap
    elif is_fedora || is_suse; then
        LDAP_OLCDB_NUMBER=2
        LDAP_ROOTPW_COMMAND=add
        start_ldap
    fi

    printf "generate password file"
    SLAPPASS=`slappasswd -s $LDAP_PASSWORD`

    printf "secret is $SLAPPASS\n"
    #create manager.ldif
    TMP_MGR_DIFF_FILE=`mktemp -t manager_ldiff.$$.XXXXXXXXXX.ldif`
    sed -e "s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|" -e "s|\${SLAPPASS}|$SLAPPASS|" -e "s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|" $FILES/ldap/manager.ldif.in >> $TMP_MGR_DIFF_FILE

    #update ldap olcdb
    sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f $TMP_MGR_DIFF_FILE

    # On fedora we need to manually add cosine and inetorgperson schemas
    if is_fedora; then
        sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
        sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
    fi

    # add our top level ldap nodes
    if ldapsearch -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -b dc=openstack,dc=org | grep -q "Success"; then
        printf "LDAP already configured for OpenStack\n"
        if [[ "$KEYSTONE_CLEAR_LDAP" == "yes" ]]; then
            # clear LDAP state
            clear_ldap_state
            # reconfigure LDAP for OpenStack
            ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f  $FILES/ldap/openstack.ldif
        fi
    else
        printf "Configuring LDAP for OpenStack\n"
        ldapadd -c -x -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -w $LDAP_PASSWORD -f  $FILES/ldap/openstack.ldif
    fi
}

# start_ldap() - Start LDAP
function start_ldap() {
    sudo service slapd restart
}


# stop_ldap() - Stop LDAP
function stop_ldap() {
    sudo service slapd stop
}

# clear_ldap_state() - Clear LDAP State
function clear_ldap_state() {
    ldapdelete -x -w $LDAP_PASSWORD -H ldap://localhost -D dc=Manager,dc=openstack,dc=org -x -r "dc=openstack,dc=org"
}

# Restore xtrace
$XTRACE

# Local variables:
# mode: shell-script
# End: