From 57c9605e832ab795d1a438c1187b2aa9b989c13c Mon Sep 17 00:00:00 2001 From: Thomas NOEL Date: Wed, 18 Feb 2015 17:27:31 +0100 Subject: [PATCH] =?UTF-8?q?installation=20correcte=20des=20cl=C3=A9s=20SSL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- lib/reset | 20 +++++++++++++------- share/config.ldif | 4 ++-- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/lib/reset b/lib/reset index fc3f9b9..d94b7c5 100755 --- a/lib/reset +++ b/lib/reset @@ -2,7 +2,7 @@ # initial configuration of slapd set -e -LDIFDIR=/usr/share/slapd-supann/ +LDIFDIR=/usr/share/slapd-supann SERVICE="/usr/sbin/service slapd" echo "" @@ -44,12 +44,6 @@ fi mkdir -p /etc/ldap/slapd.d mkdir /var/lib/ldap/config-accesslog/ /var/lib/ldap/meta/ -if [ ! -f /var/lib/ldap/ssl.pem -a ! -f /var/lib/ssl.key ]; then - echo -n "Installation des certificats SSL par défaut .." - cp ${LDIFDIR}/ssl.pem ${LDIFDIR}/ssl.key /var/lib/ldap - echo "ok" -fi - echo -n "Installation de la nouvelle configuration .. " slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config.ldif echo "ok" @@ -65,6 +59,18 @@ echo "ok" chown -R openldap:openldap /etc/ldap/slapd.d /var/lib/ldap +if [ ! -s /etc/ldap/ssl/slapd.pem -o ! -s /etc/ldap/ssl/slapd.key ]; then + echo "Pose de certificats SSL par défaut (invalides)" + mkdir -p /etc/ldap/ssl + cp -v ${LDIFDIR}/ssl.pem /etc/ldap/ssl/slapd.pem + cp -v ${LDIFDIR}/ssl.key /etc/ldap/ssl/slapd.key + chown -R root:openldap /etc/ldap/ssl + chmod 0755 /etc/ldap/ssl + chmod 0644 /etc/ldap/ssl/slapd.pem + chmod 0640 /etc/ldap/ssl/slapd.key + echo "ok" +fi + ${SERVICE} start echo "Installation de la racine du méta-annuaire (o=meta) .. " diff --git a/share/config.ldif b/share/config.ldif index aebb000..e58d0ad 100644 --- a/share/config.ldif +++ b/share/config.ldif @@ -6,8 +6,8 @@ olcPidFile: /var/run/slapd/slapd.pid olcToolThreads: 1 olcLogLevel: none olcServerId: 1 -olcTLSCertificateFile: /var/lib/ldap/ssl.pem -olcTLSCertificateKeyFile: /var/lib/ldap/ssl.key +olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem +olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.key dn: cn=module{0},cn=config objectClass: olcModuleList