#!/bin/bash
#
# ldap	This shell script takes care of starting and stopping
#	ldap servers (slapd and slurpd).
#
# chkconfig: - 39 61
# description: LDAP stands for Lightweight Directory Access Protocol, used \
#              for implementing the industry standard directory services.
# processname: slapd
# config: /etc/openldap/slapd.conf
# pidfile: /var/run/openldap/slapd.pid

# Source function library.
. /etc/init.d/functions

PIDFILE=/var/run/openldap/slapd.pid

# Source networking configuration and check that networking is up.
if [ -r /etc/sysconfig/network ] ; then
	. /etc/sysconfig/network
	[ ${NETWORKING} = "no" ] && exit 1
fi

# Source an auxiliary options file if we have one, and pick up OPTIONS,
# SLAPD_OPTIONS, and SLURPD_OPTIONS.
if [ -r /etc/sysconfig/ldap ] ; then
	. /etc/sysconfig/ldap
fi

slapd=/usr/sbin/slapd
slurpd=/usr/sbin/slurpd
slaptest=/usr/sbin/slaptest
[ -x ${slapd} ] || exit 1
[ -x ${slurpd} ] || exit 1

RETVAL=0

#
# Pass commands given in $2 and later to "test" run as user given in $1.
#
function testasuser() {
    local user= cmd=
    user="$1"
    shift
    cmd="$@"
    if test x"$user" != x ; then
       if test x"$cmd" != x ; then
           /sbin/runuser -f -m -s /bin/sh -c "test $cmd" -- "$user"
       else
           false
       fi
    else
       false
    fi
}


function configtest() {
	local user= ldapuid= dbdir= file=
	# Check for simple-but-common errors.
	user=ldap
	prog=`basename ${slapd}`
	ldapuid=`id -u $user`
	# Unaccessible database files.
	slaptestflags=
	for dbdir in `LANG=C egrep '^directory[[:space:]]+[[:print:]]+$' /etc/openldap/slapd.conf | sed s,^directory,,` ; do
		for file in `find ${dbdir}/ -not -uid $ldapuid -and \( -name "*.dbb" -or -name "*.gdbm" -or -name "*.bdb" -or -name "__db.*" -or -name "log.*" -or -name alock \)` ; do
			echo -n $"$file is not owned by \"$user\"" ; warning ; echo
		done
	done
	# Unaccessible TLS configuration files.
	tlsconfigs=`LANG=C egrep '^(TLSCACertificateFile|TLSCertificateFile|TLSCertificateKeyFile|TLS_CACERT)[[:space:]]' /etc/openldap/slapd.conf | awk '{print $2}'`
	for file in $tlsconfigs ; do
		if ! testasuser $user -r $file ; then
			echo -n $"$file is not readable by \"$user\"" ; warning ; echo
		fi
	done
	# Check the configuration file.
	if ! action $"Checking configuration files for $prog: " /sbin/runuser -m -s "$slaptest" -- "$user" $slaptestflags; then
		exit 1
	fi
	# check stale pid of dead slapd (running slapd is filtered out in start() function)
	if [ -f $PIDFILE ] ; then
		rm -f $PIDFILE
		if ! action $"Stale pid file detected, attempt to recover database: " /usr/sbin/slapd_db_recover -h /var/lib/ldap ; then
			exit 1;
		fi
	fi	
}


function start() {
	# check if we are already running
	PID=`cat $PIDFILE 2>/dev/null`
	if [ -n "$PID" ] ; then
		# .pid file exists
		if  ps -p $PID >/dev/null ; then
			#we are still running
			exit 1;
		fi
	fi

        # Check for simple-but-common errors.
	configtest

	user=ldap
	ldapuid=`id -u $user`
        # Start daemons.
	prog=`basename ${slapd}`
        echo -n $"Starting $prog: "
	if grep -q ^TLS /etc/openldap/slapd.conf ; then
	    daemon ${slapd} -u ldap -h '"ldap:/// ldaps:///"' $OPTIONS $SLAPD_OPTIONS
	    RETVAL=$?
	else
	    daemon ${slapd} -u ldap -h "ldap:///" $OPTIONS $SLAPD_OPTIONS
	    RETVAL=$?
	fi
	echo
	if [ $RETVAL -eq 0 ]; then
            if grep -q "^replogfile" /etc/openldap/slapd.conf; then
		prog=`basename ${slurpd}`
		echo -n $"Starting $prog: "
                daemon ${slurpd} $OPTIONS $SLURPD_OPTIONS
		RETVAL=$?
		echo
            fi
	fi
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ldap
	return $RETVAL
}

function stop() {
        # Stop daemons.
	prog=`basename ${slapd}`
	echo -n $"Stopping $prog: "
	killproc ${slapd}
	RETVAL=$?
	echo
	if [ $RETVAL -eq 0 ]; then
	    if grep -q "^replogfile" /etc/openldap/slapd.conf; then
		prog=`basename ${slurpd}`
		echo -n $"Stopping $prog: "
		killproc ${slurpd}
		RETVAL=$?
		echo
	    fi
	fi
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ldap /var/run/slapd.args
	return $RETVAL
}

# See how we were called.
case "$1" in
    start)
        start
	RETVAL=$?
        ;;
    stop)
        stop
	RETVAL=$?
        ;;
    status)
        status ${slapd}
	RETVAL=$?
        if grep -q "^replogfile" /etc/openldap/slapd.conf ; then
            status ${slurpd}
	    [ $RETVAL -eq 0 ] && RETVAL=$?
	fi
	;;
    restart)
	stop
	start
	RETVAL=$?
	;;
    condrestart)
        if [ -f /var/lock/subsys/ldap ] ; then
            stop
            start
	    RETVAL=$?
        fi
	;;
    *)
	echo $"Usage: $0 {start|stop|restart|status|condrestart}"
	RETVAL=1
esac

exit $RETVAL
