Automatically rebuild slapd.d configuration when slapd.conf is updated

OpenLDAP 2.4 now uses a newer configuration layout where the files in oapenldap_dir/slapd.d take precedence over slapd.conf. To workaround that, when slapd.conf is updated, we should purge that folder and run slaptest which regenerates the files in slapd.d as needed. This only runs on systems that has a slapd.d directory which should only be OpenLDAP 2.4 systems. Signed-off-by: Lance Albertson <[email protected]>
sous-chefs · Dec 3, 2020 · bc9a1e5 · bc9a1e5
1 parent cca9b5e
commit bc9a1e5
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Move platform attributes and resource methods to library helpers
 - Add `install_client` and `install_server` properties to `openldap_install` resource
 - Improve ChefSpec tests
+- Automatically rebuild slapd.d configuration when slapd.conf is updated
 
 ## 4.3.0 - *2020-11-23*
 

diff --git a/libraries/helpers.rb b/libraries/helpers.rb
@@ -84,6 +84,10 @@ def openldap_module_dir
         end
       end
 
+      def openldap_slapd_d_dir
+        "#{openldap_dir}/slapd.d"
+      end
+
       def openldap_system_acct
         case node['platform_family']
         when 'rhel', 'fedora', 'suse', 'amazon', 'freebsd'
@@ -152,6 +156,10 @@ def openldap_el8_systemd_unit
       def openldap_el8_systemd_unit?
         (platform_family?('rhel') && node['platform_version'].to_i >= 8) || platform_family?('fedora')
       end
+
+      def openldap_slapd_d_dir?
+        ::File.exist?(openldap_slapd_d_dir)
+      end
     end
   end
 end

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -31,6 +31,11 @@
 node.default_unless['openldap']['syncrepl_consumer_config']['binddn'] = "\"#{node['openldap']['syncrepl_cn']},#{node['openldap']['basedn']}\""
 node.default_unless['openldap']['syncrepl_consumer_config']['credentials'] = "\"#{node['openldap']['slapd_replpw']}\""
 
+systemd_unit 'slapd.service' do
+  content openldap_el8_systemd_unit
+  action [:create]
+end if openldap_el8_systemd_unit?
+
 template "#{openldap_dir}/slapd.conf" do
   source 'slapd.conf.erb'
   helpers(::Openldap::Cookbook::Helpers)
@@ -39,13 +44,17 @@
   group openldap_system_group
   sensitive true
   notifies :restart, 'service[slapd]', :immediately
+  notifies :run, 'execute[rebuild slapd.d files]', :immediately if lazy { openldap_slapd_d_dir? }
 end
 
-systemd_unit 'slapd.service' do
-  content openldap_el8_systemd_unit
-  action [:create]
-end if openldap_el8_systemd_unit?
-
 service 'slapd' do
   action [:enable, :start]
 end
+
+execute 'rebuild slapd.d files' do
+  command "rm -rf #{openldap_slapd_d_dir}/* && slaptest -f #{openldap_dir}/slapd.conf -F #{openldap_slapd_d_dir}"
+  user openldap_system_acct
+  group openldap_system_group
+  action :nothing
+  notifies :restart, 'service[slapd]', :immediately
+end