installation correcte des clés SSL

lib/reset

@@ -2,7 +2,7 @@
 # initial configuration of slapd
 
 set -e
-LDIFDIR=/usr/share/slapd-supann/
+LDIFDIR=/usr/share/slapd-supann
 SERVICE="/usr/sbin/service slapd"
 
 echo ""
@@ -44,12 +44,6 @@ fi
 mkdir -p /etc/ldap/slapd.d
 mkdir /var/lib/ldap/config-accesslog/ /var/lib/ldap/meta/
 
-if [ ! -f /var/lib/ldap/ssl.pem -a ! -f /var/lib/ssl.key ]; then
-	echo -n "Installation des certificats SSL par défaut .."
-	cp ${LDIFDIR}/ssl.pem ${LDIFDIR}/ssl.key /var/lib/ldap
-	echo "ok"
-fi
-
 echo -n "Installation de la nouvelle configuration .. "
 slapadd -n0 -F/etc/ldap/slapd.d -l${LDIFDIR}/config.ldif
 echo "ok"
@@ -65,6 +59,18 @@ echo "ok"
 
 chown -R openldap:openldap /etc/ldap/slapd.d /var/lib/ldap
 
+if [ ! -s /etc/ldap/ssl/slapd.pem -o ! -s /etc/ldap/ssl/slapd.key ]; then
+	echo "Pose de certificats SSL par défaut (invalides)"
+	mkdir -p /etc/ldap/ssl
+	cp -v ${LDIFDIR}/ssl.pem /etc/ldap/ssl/slapd.pem
+	cp -v ${LDIFDIR}/ssl.key /etc/ldap/ssl/slapd.key
+	chown -R root:openldap /etc/ldap/ssl
+	chmod 0755 /etc/ldap/ssl
+	chmod 0644 /etc/ldap/ssl/slapd.pem
+	chmod 0640 /etc/ldap/ssl/slapd.key
+	echo "ok"
+fi
+
 ${SERVICE} start
 
 echo "Installation de la racine du méta-annuaire (o=meta) .. "

share/config.ldif

@@ -6,8 +6,8 @@ olcPidFile: /var/run/slapd/slapd.pid
 olcToolThreads: 1
 olcLogLevel: none
 olcServerId: 1
-olcTLSCertificateFile: /var/lib/ldap/ssl.pem
-olcTLSCertificateKeyFile: /var/lib/ldap/ssl.key
+olcTLSCertificateFile: /etc/ldap/ssl/slapd.pem
+olcTLSCertificateKeyFile: /etc/ldap/ssl/slapd.key
 
 dn: cn=module{0},cn=config
 objectClass: olcModuleList