PREIN

/bin/sh

# Take care to only do ownership-changing if we're adding the user.
if /usr/sbin/useradd -c "LDAP User" -u 55 \
	-s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null ; then
	if [ -d /var/lib/ldap ] ; then
		for dbfile in /var/lib/ldap/* ; do
			if [ -f $dbfile ] ; then
				chown ldap:ldap $dbfile
			fi
		done
	fi
fi

if [ "$1" = "2" ]; then
    # Log progress into /var/lib/ldap/openldap-severs-update.log
    echo "Updating openldap-servers, %pre section" >/var/lib/ldap/openldap-severs-update.log 2>&1
    date >>/var/lib/ldap/openldap-severs-update.log 2>&1

    # Guess, if database upgrade is necessary
    OLD_BDB_VERSION=$( slapd_db_upgrade -V | sed 's/.* \([0-9\.]*\)\.[0-9]*:.*/\1/' )
    NEW_BDB_VERSION=$( echo 4.4.20 | sed 's/.[0-9]*$//' )
    echo "Old BDB version: $OLD_BDB_VERSION, new BDB version: $NEW_BDB_VERSION" >>/var/lib/ldap/openldap-severs-update.log 2>&1

    OLD_SLAPD_VERSION=$( rpm -q --qf "%{VERSION}" openldap-servers | sed 's/\.[0-9]*$//' )
    NEW_SLAPD_VERSION=$( echo 2.3.43 | sed 's/\.[0-9]*$//' )
    echo "Old OpenLDAP version: $OLD_SLAPD_VERSION, new OpenLDAP version: $NEW_SLAPD_VERSION" >>/var/lib/ldap/openldap-severs-update.log 2>&1

    if [ "$OLD_SLAPD_VERSION" != "$NEW_SLAPD_VERSION" ]; then
        # Minor version number has changed -> slapcat/slapadd of the BDB database 
        # is necessary. Save an ldif of the database where the "% post servers" 
        # scriptlet can restore it.  Also save the database files to a "rpmorig" 
        # directory - Just In Case (TM)

        echo "-> complete dump and restore of BDB database is necessary" >>/var/lib/ldap/openldap-severs-update.log 2>&1

        # stop the server
        if /sbin/service ldap status &>/dev/null; then 
            touch /var/lib/ldap/need_start
            /sbin/service ldap stop &>/dev/null
        fi

        # Upgrade it only if the database was configured and used. Check only
        # for default location, database in custom directories must be migrated
        # manually by admin.
        files=$(echo /var/lib/ldap/{log.*,__db.*,[a]lock})
        if [ "$files" != '/var/lib/ldap/log.* /var/lib/ldap/__db.* /var/lib/ldap/[a]lock' ] ; then
            echo "Dumping database in /var/lib/ldap" >>/var/lib/ldap/openldap-severs-update.log 2>&1
            if /usr/sbin/slapcat -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1 ; then
                if [ -f /var/lib/ldap/upgrade.ldif ] ; then
                    echo "Storing original database in /var/lib/ldap/rpmorig" >>/var/lib/ldap/openldap-severs-update.log 2>&1
                    /bin/rm -fr /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                    mkdir /var/lib/ldap/rpmorig
                    mv /var/lib/ldap/{alock,*.bdb,__db.*,log.*} /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                    cp -f /var/lib/ldap/DB_CONFIG /var/lib/ldap/rpmorig > /dev/null 2>&1 || :
                else
                    echo "Dump failed!" >>/var/lib/ldap/openldap-severs-update.log 2>&1
                    /bin/rm -f /var/lib/ldap/upgrade.ldif
                fi
            fi
        fi
    else
        if [ "$OLD_BDB_VERSION" != "$NEW_BDB_VERSION" ]; then
            # Minor version number of bdb has changed -> run db_upgrade in % post script 
            # stop the server
            echo "-> db-upgrade is necessary" >>/var/lib/ldap/openldap-severs-update.log 2>&1

            if /sbin/service ldap status &>/dev/null; then 
                touch /var/lib/ldap/need_start
                /sbin/service ldap stop &>/dev/null
            fi

            # Ensure, that the database is valid
            echo "Running /slapd_db_recover" >>/var/lib/ldap/openldap-severs-update.log 2>&1
            /sbin/runuser -m -s /usr/sbin/slapd_db_recover -- "ldap" -h /var/lib/ldap >>/var/lib/ldap/openldap-severs-update.log 2>&1
            # Just create /var/lib/ldap/need_db_upgrade so % post knows
            touch /var/lib/ldap/need_db_upgrade &>/dev/null
        fi
    fi
    echo "%pre done" >>/var/lib/ldap/openldap-severs-update.log 2>&1
fi
exit 0

PREUN

/bin/sh

if [ "$1" = "0" ] ; then
	/sbin/service ldap stop > /dev/null 2>&1 || :
	/sbin/chkconfig --del ldap
fi

POSTIN

/bin/sh

/sbin/ldconfig
/sbin/chkconfig --add ldap

echo "Entering %post section..." >>/var/lib/ldap/openldap-severs-update.log 2>&1
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the %pre and contains data of the previous version.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
    echo "Restoring /var/lib/ldap database from dump" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    /sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1
    if [ "$?" == "0" ]; then
        rm -f /var/lib/ldap/upgrade.ldif
        echo "Database restored successfully" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    else
        echo "Database restore failed. Old database can be found in /var/lib/ldap/rpmorig/ and in /var/lib/ldap/upgrade.ldif" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    fi
fi

# If there's a /var/lib/ldap/need_db_upgrade file, run db_upgrade and delete it.
# It was created by the % pre above.
if [ -f /var/lib/ldap/need_db_upgrade ]; then
    echo "Running db_upgrade on /var/lib/ldap/*.bdb" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    /sbin/runuser -m -s /usr/sbin/slapd_db_upgrade -- "ldap"  -h /var/lib/ldap /var/lib/ldap/*.bdb >>/var/lib/ldap/openldap-severs-update.log 2>&1
    echo "Creating checkpoint" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    /sbin/runuser -m -s /usr/sbin/slapd_db_checkpoint -- "ldap" -h /var/lib/ldap -1 >>/var/lib/ldap/openldap-severs-update.log 2>&1
    rm -f /var/lib/ldap/need_db_upgrade
fi

exec > /dev/null 2> /dev/null
if [ ! -f /etc/pki/tls/certs/slapd.pem ] ; then
pushd /etc/pki/tls/certs
umask 077
cat << EOF | make slapd.pem
--
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
localhost.localdomain
root@localhost.localdomain
EOF
chown root:ldap slapd.pem
chmod 640 slapd.pem
popd
fi

echo "%post done" >>/var/lib/ldap/openldap-severs-update.log 2>&1
exit 0

POSTUN

/bin/sh

/sbin/ldconfig
if [ $1 -ge 1 ] ; then
	/sbin/service ldap condrestart > /dev/null 2>&1 || :
fi

POSTTRANS

/bin/sh

# prev. versions of openldap-servers package exported the database
# to /var/lib/ldap/upgrade.ldif and moved the database to
# /var/lib/rpmorig in %preun, assuming that %post will be called
# later and restore the DB from there. Unfortunatelly this
# assumption is wrong, %preun is called after %post ->
# in the end the database is moved to /var/lib/rpmorig
# and nobody restores it.
# Let's restore it here:
# If there's a /var/lib/ldap/upgrade.ldif file, slapadd it and delete it.
# It was created by the uninstall of the previous version.
if [ -f /var/lib/ldap/upgrade.ldif ] ; then
    echo "Entering %posttrans section, /var/lib/ldap/upgrade.ldif created by %postun of prev. version detected" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    STARTAGAIN=0
    /sbin/service ldap status >/dev/null 2>/dev/null
    if [ "$?" = "0" ] ; then
        service ldap stop
        STARTAGAIN=1
    fi

    # set the database owner - #preun of prev. version could create
    # the database with root:root owner (!)
    if [ -d /var/lib/ldap ] ; then
        for dbfile in /var/lib/ldap/* ; do
            if [ -f $dbfile ] ; then
                chown ldap:ldap $dbfile
            fi
        done
    fi
    echo "Restoring database" >>/var/lib/ldap/openldap-severs-update.log 2>&1
    /sbin/runuser -m -s /usr/sbin/slapadd -- "ldap" -l /var/lib/ldap/upgrade.ldif >>/var/lib/ldap/openldap-severs-update.log 2>&1
    rm /var/lib/ldap/upgrade.ldif
    if [ "$STARTAGAIN" = 1 ] ; then
        service ldap start
    fi
fi
exec > /dev/null 2> /dev/null