From bc9a1e5d9de755c01bf0514b4a9093728ca6ce3d Mon Sep 17 00:00:00 2001
From: Lance Albertson <lance@osuosl.org>
Date: Thu, 3 Dec 2020 15:27:40 -0800
Subject: [PATCH] Automatically rebuild slapd.d configuration when slapd.conf
 is updated

OpenLDAP 2.4 now uses a newer configuration layout where the files in
oapenldap_dir/slapd.d take precedence over slapd.conf. To workaround that, when
slapd.conf is updated, we should purge that folder and run slaptest which
regenerates the files in slapd.d as needed.

This only runs on systems that has a slapd.d directory which should only be
OpenLDAP 2.4 systems.

Signed-off-by: Lance Albertson <lance@osuosl.org>
---
 CHANGELOG.md         |  1 +
 libraries/helpers.rb |  8 ++++++++
 recipes/default.rb   | 19 ++++++++++++++-----
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1dc112b..05f1f9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Move platform attributes and resource methods to library helpers
 - Add `install_client` and `install_server` properties to `openldap_install` resource
 - Improve ChefSpec tests
+- Automatically rebuild slapd.d configuration when slapd.conf is updated
 
 ## 4.3.0 - *2020-11-23*
 
diff --git a/libraries/helpers.rb b/libraries/helpers.rb
index 2f4c9f5..e1f6e34 100644
--- a/libraries/helpers.rb
+++ b/libraries/helpers.rb
@@ -84,6 +84,10 @@ def openldap_module_dir
         end
       end
 
+      def openldap_slapd_d_dir
+        "#{openldap_dir}/slapd.d"
+      end
+
       def openldap_system_acct
         case node['platform_family']
         when 'rhel', 'fedora', 'suse', 'amazon', 'freebsd'
@@ -152,6 +156,10 @@ def openldap_el8_systemd_unit
       def openldap_el8_systemd_unit?
         (platform_family?('rhel') && node['platform_version'].to_i >= 8) || platform_family?('fedora')
       end
+
+      def openldap_slapd_d_dir?
+        ::File.exist?(openldap_slapd_d_dir)
+      end
     end
   end
 end
diff --git a/recipes/default.rb b/recipes/default.rb
index 0ea90f7..c887126 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -31,6 +31,11 @@
 node.default_unless['openldap']['syncrepl_consumer_config']['binddn'] = "\"#{node['openldap']['syncrepl_cn']},#{node['openldap']['basedn']}\""
 node.default_unless['openldap']['syncrepl_consumer_config']['credentials'] = "\"#{node['openldap']['slapd_replpw']}\""
 
+systemd_unit 'slapd.service' do
+  content openldap_el8_systemd_unit
+  action [:create]
+end if openldap_el8_systemd_unit?
+
 template "#{openldap_dir}/slapd.conf" do
   source 'slapd.conf.erb'
   helpers(::Openldap::Cookbook::Helpers)
@@ -39,13 +44,17 @@
   group openldap_system_group
   sensitive true
   notifies :restart, 'service[slapd]', :immediately
+  notifies :run, 'execute[rebuild slapd.d files]', :immediately if lazy { openldap_slapd_d_dir? }
 end
 
-systemd_unit 'slapd.service' do
-  content openldap_el8_systemd_unit
-  action [:create]
-end if openldap_el8_systemd_unit?
-
 service 'slapd' do
   action [:enable, :start]
 end
+
+execute 'rebuild slapd.d files' do
+  command "rm -rf #{openldap_slapd_d_dir}/* && slaptest -f #{openldap_dir}/slapd.conf -F #{openldap_slapd_d_dir}"
+  user openldap_system_acct
+  group openldap_system_group
+  action :nothing
+  notifies :restart, 'service[slapd]', :immediately
+end