* [Buildroot] [PATCH 1/1] openldap: add support to build the server
@ 2015-12-17 20:41 Andreas Ehmanns
2015-12-29 11:19 ` Thomas Petazzoni
0 siblings, 1 reply; 13+ messages in thread
From: Andreas Ehmanns @ 2015-12-17 20:41 UTC (permalink / raw)
To: buildroot
Signed-off-by: Andreas Ehmanns <universeII@gmx.de>
---
package/openldap/Config.in | 8 ++++++-
package/openldap/S75slapd | 51 ++++++++++++++++++++++++++++++++++++++++++++
package/openldap/openldap.mk | 17 ++++++++++++++-
3 files changed, 74 insertions(+), 2 deletions(-)
create mode 100644 package/openldap/S75slapd
diff --git a/package/openldap/Config.in b/package/openldap/Config.in
index 3085a5c..30c0f65 100644
--- a/package/openldap/Config.in
+++ b/package/openldap/Config.in
@@ -6,12 +6,18 @@ config BR2_PACKAGE_OPENLDAP
OpenLDAP Software is an open source implementation of
the Lightweight Directory Access Protocol.
- This only installs client-side support.
+ This only installs library support.
http://www.openldap.org/
if BR2_PACKAGE_OPENLDAP
+config BR2_PACKAGE_OPENLDAP_SERVER
+ bool "openldap server binary"
+ select BR2_PACKAGE_BERKELEYDB
+ help
+ Installs the OpenLDAP server slapd
+
config BR2_PACKAGE_OPENLDAP_CLIENTS
bool "openldap client binaries"
default y
diff --git a/package/openldap/S75slapd b/package/openldap/S75slapd
new file mode 100644
index 0000000..1365d4b
--- /dev/null
+++ b/package/openldap/S75slapd
@@ -0,0 +1,51 @@
+#!/bin/sh
+DAEMON=/usr/libexec/slapd
+NAME=slapd
+DESC="OpenLDAP server"
+CONF=/etc/openldap/slapd.conf
+
+ARGS="-u ldap -g ldap"
+
+set -e
+
+case "$1" in
+ start)
+ if [ ! -d /var/run/openldap ]; then
+ install -d -o ldap -g ldap -m 755 /var/run/openldap
+ fi
+
+ if [ ! -d /var/openldap-data ]; then
+ install -d -o ldap -g ldap -m 755 /var/openldap-data
+ else
+ chown -R ldap:ldap /var/openldap-data
+ fi
+
+ printf "Starting $DESC: $NAME: "
+ start-stop-daemon -S -b -n $NAME -a $DAEMON -- $ARGS
+ echo "done."
+ ;;
+ stop)
+ printf "Stopping $DESC: $NAME: "
+ start-stop-daemon -K -n $NAME
+ echo "done."
+ ;;
+ restart)
+ printf "Restarting $DESC: $NAME: "
+ $0 stop
+ $0 start
+ echo "done."
+ ;;
+ reload)
+ printf "Reloading $DESC: $NAME: "
+ killall -HUP $(basename ${DAEMON})
+ echo "done."
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
+
+
diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
index 17bf991..bcb285a 100644
--- a/package/openldap/openldap.mk
+++ b/package/openldap/openldap.mk
@@ -12,6 +12,17 @@ OPENLDAP_LICENSE_FILES = LICENSE
OPENLDAP_INSTALL_STAGING = YES
OPENLDAP_DEPENDENCIES = host-pkgconf
+ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
+define OPENLDAP_USERS
+ ldap -1 ldap -1 * /var/run/openldap - - OpenLDAP server user
+endef
+
+define OPENLDAP_COPY_INITSCRIPT
+ $(INSTALL) -D -m 755 $(@D)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
+endef
+OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_COPY_INITSCRIPT
+endif
+
ifeq ($(BR2_PACKAGE_OPENSSL),y)
OPENLDAP_TLS = openssl
OPENLDAP_DEPENDENCIES += openssl
@@ -44,7 +55,6 @@ OPENLDAP_CONF_ENV += ac_cv_func_memcmp_working=yes
OPENLDAP_CONF_OPTS += \
--enable-syslog \
--disable-proctitle \
- --disable-slapd \
--with-yielding-select \
--sysconfdir=/etc \
--enable-dynamic=$(if $(BR2_STATIC_LIBS),no,yes) \
@@ -52,6 +62,11 @@ OPENLDAP_CONF_OPTS += \
--with-mp=$(OPENLDAP_MP) \
CPPFLAGS="$(TARGET_CPPFLAGS) $(OPENLDAP_CPPFLAGS)"
+ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),)
+OPENLDAP_CONF_OPTS += \
+ --disable-slapd
+endif
+
# Somehow, ${STRIP} does not percolates through to the shtool script
# used to install the executables; thus, that script tries to run the
# executable it is supposed to install, resulting in an error.
--
2.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2015-12-17 20:41 [Buildroot] [PATCH 1/1] openldap: add support to build the server Andreas Ehmanns
@ 2015-12-29 11:19 ` Thomas Petazzoni
2016-01-03 14:07 ` Andreas Ehmanns
2016-01-12 21:02 ` Andreas Ehmanns
0 siblings, 2 replies; 13+ messages in thread
From: Thomas Petazzoni @ 2015-12-29 11:19 UTC (permalink / raw)
To: buildroot
Andreas,
Thanks for this patch. I tried it, but there are a number of remaining
issues to be resolved I believe.
First, if you disable BR2_PACKAGE_OPENLDAP_CLIENTS,
the /etc/openldap/slapd.conf file gets removed in a post installation
hook, so slapd cannot start.
If you fix this, then the path to the pidfile (and argsfile) in
slapd.conf are wrong, because they point to /var/run/, to which the
ldap user has not write access.
If you fix this again, when you start slapd, it complains:
bdb_db_open: warning - no DB_CONFIG file found in
directory /var/openldap-data: (2). Expect poor performance for suffix
"dc=my-domain,dc=com".
It should probably be fixed by using DB_CONFIG.example as DB_CONFIG
in /var/openldap-data/.
Some more comments below.
On Thu, 17 Dec 2015 21:41:19 +0100, Andreas Ehmanns wrote:
> +case "$1" in
> + start)
> + if [ ! -d /var/run/openldap ]; then
> + install -d -o ldap -g ldap -m 755 /var/run/openldap
> + fi
> +
> + if [ ! -d /var/openldap-data ]; then
> + install -d -o ldap -g ldap -m 755 /var/openldap-data
This directory should be 700 according to the slapd documentation:
==
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory %LOCALSTATEDIR%/openldap-data
==
> + else
> + chown -R ldap:ldap /var/openldap-data
> + fi
It is not clear why you need this. /var is a persistent directory, so I
believe all you need here is an unconditional:
chown -R ldap:ldap /var/openldap-data
Setting the permission to 700 can be done by a OPENLDAP_PERMISSIONS
variable in the .mk file. Ideally, we would also be able to define the
user/group, but we currently can't do this by referencing symbolic
user/groups, only by explicit UID/GID, and we don't know the UID/GID
that will be allocated to the ldap user/group. So I think we should:
1/ Set the permission in OPENLDAP_PERMISSIONS
2/ Set the owner/group in the S75slapd script
> +
> + printf "Starting $DESC: $NAME: "
> + start-stop-daemon -S -b -n $NAME -a $DAEMON -- $ARGS
You can add:
-p /var/run/slapd/slapd.pid
Why do you pass -n ? And why do you use -a instead of -x ?
See S50dropbear in the Buildroot sources for a good example of an init
script.
> + echo "done."
> + ;;
> + stop)
> + printf "Stopping $DESC: $NAME: "
> + start-stop-daemon -K -n $NAME
Same here.
Also add the "-q" option
> + echo "done."
> + ;;
> + restart)
> + printf "Restarting $DESC: $NAME: "
> + $0 stop
> + $0 start
> + echo "done."
> + ;;
> + reload)
> + printf "Reloading $DESC: $NAME: "
> + killall -HUP $(basename ${DAEMON})
I think it's better to use the pid file here, no?
kill -HUP $(cat /var/run/slapd/slapd.pid)
> + echo "done."
> + ;;
> + *)
> + echo "Usage: $0 {start|stop|restart|reload}"
> + exit 1
> + ;;
> +esac
> +
> +exit 0
> +
> +
> diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
> index 17bf991..bcb285a 100644
> --- a/package/openldap/openldap.mk
> +++ b/package/openldap/openldap.mk
> @@ -12,6 +12,17 @@ OPENLDAP_LICENSE_FILES = LICENSE
> OPENLDAP_INSTALL_STAGING = YES
> OPENLDAP_DEPENDENCIES = host-pkgconf
>
> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
> +define OPENLDAP_USERS
> + ldap -1 ldap -1 * /var/run/openldap - - OpenLDAP server user
> +endef
> +
> +define OPENLDAP_COPY_INITSCRIPT
> + $(INSTALL) -D -m 755 $(@D)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
$(@D)/S75slapd does not exist. So this means you never rebuilt your
package :-)
$(@D) is the source directory of openldap. You want to replace this
with: $(OPENLDAP_PKGDIR)/S75slapd
> +endef
> +OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_COPY_INITSCRIPT
Shouldn't be a post install target hook. Instead, do this:
define OPENLDAP_INIT_SYSV
$(INSTALL) -D -m 755 $(OPENLDAP_PKGDIR)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
endef
and it will automatically install the init script of the chosen init
system is sysV compatible.
> +endif
> +
> ifeq ($(BR2_PACKAGE_OPENSSL),y)
> OPENLDAP_TLS = openssl
> OPENLDAP_DEPENDENCIES += openssl
> @@ -44,7 +55,6 @@ OPENLDAP_CONF_ENV += ac_cv_func_memcmp_working=yes
> OPENLDAP_CONF_OPTS += \
> --enable-syslog \
> --disable-proctitle \
> - --disable-slapd \
> --with-yielding-select \
> --sysconfdir=/etc \
> --enable-dynamic=$(if $(BR2_STATIC_LIBS),no,yes) \
> @@ -52,6 +62,11 @@ OPENLDAP_CONF_OPTS += \
> --with-mp=$(OPENLDAP_MP) \
> CPPFLAGS="$(TARGET_CPPFLAGS) $(OPENLDAP_CPPFLAGS)"
>
> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),)
> +OPENLDAP_CONF_OPTS += \
> + --disable-slapd
> +endif
Please do:
ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
OPENLDAP_CONF_OPTS += --enable-slapd
else
OPENLDAP_CONF_OPTS += --disable-slapd
endif
Which is a bit more explicit.
Could you rework your patch to solve those different issues, and send
an updated version?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2015-12-29 11:19 ` Thomas Petazzoni
@ 2016-01-03 14:07 ` Andreas Ehmanns
2016-01-12 21:02 ` Andreas Ehmanns
1 sibling, 0 replies; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-03 14:07 UTC (permalink / raw)
To: buildroot
Thomas,
thanks for your detailed answer. Actually I'm on holiday but will be
back on 11th of January.
Then I will have a look at all your comments, fix the issues and prepare
a new patch.
Regards,
Andreas
Am 29.12.2015 um 12:19 schrieb Thomas Petazzoni:
> Andreas,
>
> Thanks for this patch. I tried it, but there are a number of remaining
> issues to be resolved I believe.
>
> First, if you disable BR2_PACKAGE_OPENLDAP_CLIENTS,
> the /etc/openldap/slapd.conf file gets removed in a post installation
> hook, so slapd cannot start.
>
> If you fix this, then the path to the pidfile (and argsfile) in
> slapd.conf are wrong, because they point to /var/run/, to which the
> ldap user has not write access.
>
> If you fix this again, when you start slapd, it complains:
>
> bdb_db_open: warning - no DB_CONFIG file found in
> directory /var/openldap-data: (2). Expect poor performance for suffix
> "dc=my-domain,dc=com".
>
> It should probably be fixed by using DB_CONFIG.example as DB_CONFIG
> in /var/openldap-data/.
>
> Some more comments below.
>
> On Thu, 17 Dec 2015 21:41:19 +0100, Andreas Ehmanns wrote:
>
>> +case "$1" in
>> + start)
>> + if [ ! -d /var/run/openldap ]; then
>> + install -d -o ldap -g ldap -m 755 /var/run/openldap
>> + fi
>> +
>> + if [ ! -d /var/openldap-data ]; then
>> + install -d -o ldap -g ldap -m 755 /var/openldap-data
> This directory should be 700 according to the slapd documentation:
>
> ==
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory %LOCALSTATEDIR%/openldap-data
> ==
>
>> + else
>> + chown -R ldap:ldap /var/openldap-data
>> + fi
> It is not clear why you need this. /var is a persistent directory, so I
> believe all you need here is an unconditional:
>
> chown -R ldap:ldap /var/openldap-data
>
> Setting the permission to 700 can be done by a OPENLDAP_PERMISSIONS
> variable in the .mk file. Ideally, we would also be able to define the
> user/group, but we currently can't do this by referencing symbolic
> user/groups, only by explicit UID/GID, and we don't know the UID/GID
> that will be allocated to the ldap user/group. So I think we should:
>
> 1/ Set the permission in OPENLDAP_PERMISSIONS
> 2/ Set the owner/group in the S75slapd script
>
>> +
>> + printf "Starting $DESC: $NAME: "
>> + start-stop-daemon -S -b -n $NAME -a $DAEMON -- $ARGS
> You can add:
>
> -p /var/run/slapd/slapd.pid
>
> Why do you pass -n ? And why do you use -a instead of -x ?
>
> See S50dropbear in the Buildroot sources for a good example of an init
> script.
>
>> + echo "done."
>> + ;;
>> + stop)
>> + printf "Stopping $DESC: $NAME: "
>> + start-stop-daemon -K -n $NAME
> Same here.
>
> Also add the "-q" option
>
>> + echo "done."
>> + ;;
>> + restart)
>> + printf "Restarting $DESC: $NAME: "
>> + $0 stop
>> + $0 start
>> + echo "done."
>> + ;;
>> + reload)
>> + printf "Reloading $DESC: $NAME: "
>> + killall -HUP $(basename ${DAEMON})
> I think it's better to use the pid file here, no?
>
> kill -HUP $(cat /var/run/slapd/slapd.pid)
>
>> + echo "done."
>> + ;;
>> + *)
>> + echo "Usage: $0 {start|stop|restart|reload}"
>> + exit 1
>> + ;;
>> +esac
>> +
>> +exit 0
>> +
>> +
>> diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
>> index 17bf991..bcb285a 100644
>> --- a/package/openldap/openldap.mk
>> +++ b/package/openldap/openldap.mk
>> @@ -12,6 +12,17 @@ OPENLDAP_LICENSE_FILES = LICENSE
>> OPENLDAP_INSTALL_STAGING = YES
>> OPENLDAP_DEPENDENCIES = host-pkgconf
>>
>> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
>> +define OPENLDAP_USERS
>> + ldap -1 ldap -1 * /var/run/openldap - - OpenLDAP server user
>> +endef
>> +
>> +define OPENLDAP_COPY_INITSCRIPT
>> + $(INSTALL) -D -m 755 $(@D)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
> $(@D)/S75slapd does not exist. So this means you never rebuilt your
> package :-)
>
> $(@D) is the source directory of openldap. You want to replace this
> with: $(OPENLDAP_PKGDIR)/S75slapd
>
>> +endef
>> +OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_COPY_INITSCRIPT
> Shouldn't be a post install target hook. Instead, do this:
>
> define OPENLDAP_INIT_SYSV
> $(INSTALL) -D -m 755 $(OPENLDAP_PKGDIR)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
> endef
>
> and it will automatically install the init script of the chosen init
> system is sysV compatible.
>
>> +endif
>> +
>> ifeq ($(BR2_PACKAGE_OPENSSL),y)
>> OPENLDAP_TLS = openssl
>> OPENLDAP_DEPENDENCIES += openssl
>> @@ -44,7 +55,6 @@ OPENLDAP_CONF_ENV += ac_cv_func_memcmp_working=yes
>> OPENLDAP_CONF_OPTS += \
>> --enable-syslog \
>> --disable-proctitle \
>> - --disable-slapd \
>> --with-yielding-select \
>> --sysconfdir=/etc \
>> --enable-dynamic=$(if $(BR2_STATIC_LIBS),no,yes) \
>> @@ -52,6 +62,11 @@ OPENLDAP_CONF_OPTS += \
>> --with-mp=$(OPENLDAP_MP) \
>> CPPFLAGS="$(TARGET_CPPFLAGS) $(OPENLDAP_CPPFLAGS)"
>>
>> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),)
>> +OPENLDAP_CONF_OPTS += \
>> + --disable-slapd
>> +endif
> Please do:
>
> ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
> OPENLDAP_CONF_OPTS += --enable-slapd
> else
> OPENLDAP_CONF_OPTS += --disable-slapd
> endif
>
> Which is a bit more explicit.
>
> Could you rework your patch to solve those different issues, and send
> an updated version?
>
> Thanks!
>
> Thomas
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2015-12-29 11:19 ` Thomas Petazzoni
2016-01-03 14:07 ` Andreas Ehmanns
@ 2016-01-12 21:02 ` Andreas Ehmanns
2016-01-12 21:09 ` Thomas Petazzoni
1 sibling, 1 reply; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-12 21:02 UTC (permalink / raw)
To: buildroot
Thomas,
I reworked the patch and incorporated your findings. Please have a look
at my comments below and let me know what you think.
Am 29.12.2015 um 12:19 schrieb Thomas Petazzoni:
> Andreas,
>
> Thanks for this patch. I tried it, but there are a number of remaining
> issues to be resolved I believe.
>
> First, if you disable BR2_PACKAGE_OPENLDAP_CLIENTS,
> the /etc/openldap/slapd.conf file gets removed in a post installation
> hook, so slapd cannot start.
>
> If you fix this, then the path to the pidfile (and argsfile) in
> slapd.conf are wrong, because they point to /var/run/, to which the
> ldap user has not write access.
>
> If you fix this again, when you start slapd, it complains:
>
> bdb_db_open: warning - no DB_CONFIG file found in
> directory /var/openldap-data: (2). Expect poor performance for suffix
> "dc=my-domain,dc=com".
>
> It should probably be fixed by using DB_CONFIG.example as DB_CONFIG
> in /var/openldap-data/.
My aim was to add the OpenLDAP server as provided by the package and
only make the changes necessary to allow the server to start up without
terminating.
slapd.conf is the default configuration provided by the package which is
a good starting point for people to setup their own configuration and
database. Of course everyone using the LDAP server has to make its own
configuration and database setup but this can't be provided or
preconfigured by buildroot.
> Some more comments below.
>
> On Thu, 17 Dec 2015 21:41:19 +0100, Andreas Ehmanns wrote:
>
>> +case "$1" in
>> + start)
>> + if [ ! -d /var/run/openldap ]; then
>> + install -d -o ldap -g ldap -m 755 /var/run/openldappackage
>> + fi
>> +
>> + if [ ! -d /var/openldap-data ]; then
>> + install -d -o ldap -g ldap -m 755 /var/openldap-data
> This directory should be 700 according to the slapd documentation:
O.k., changed it.
>
> ==
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory %LOCALSTATEDIR%/openldap-data
> ==
>
>> + else
>> + chown -R ldap:ldap /var/openldap-data
>> + fi
> It is not clear why you need this. /var is a persistent directory, so I
> believe all you need here is an unconditional:
o.k., changed it.
>
> chown -R ldap:ldap /var/openldap-data
>
> Setting the permission to 700 can be done by a OPENLDAP_PERMISSIONS
> variable in the .mk file. Ideally, we would also be able to define the
> user/group, but we currently can't do this by referencing symbolic
> user/groups, only by explicit UID/GID, and we don't know the UID/GID
> that will be allocated to the ldap user/group. So I think we should:
>
> 1/ Set the permission in OPENLDAP_PERMISSIONS
> 2/ Set the owner/group in the S75slapd script
>
>> +
>> + printf "Starting $DESC: $NAME: "
>> + start-stop-daemon -S -b -n $NAME -a $DAEMON -- $ARGS
> You can add:
>
> -p /var/run/slapd/slapd.pid
Slapd manages its own pid file. Why should start-stop-daemon create an
additional pid file
>
> Why do you pass -n ? And why do you use -a instead of -x ?
O.k., changed -a to -x
I thought that I need -n to be able to do a kill when shutting down the
server when NOT using pid file from start-stop-daemon. This was my
understanding from other init scripts. Am I wrong?
>
> See S50dropbear in the Buildroot sources for a good example of an init
> script.
>
>> + echo "done."
>> + ;;
>> + stop)
>> + printf "Stopping $DESC: $NAME: "
>> + start-stop-daemon -K -n $NAME
> Same here.
>
> Also add the "-q" option
O.k., added -q option
>
>> + echo "done."
>> + ;;
>> + restart)
>> + printf "Restarting $DESC: $NAME: "
>> + $0 stop
>> + $0 start
>> + echo "done."
>> + ;;
>> + reload)
>> + printf "Reloading $DESC: $NAME: "
>> + killall -HUP $(basename ${DAEMON})
> I think it's better to use the pid file here, no?
>
> kill -HUP $(cat /var/run/slapd/slapd.pid)
See comment above. Slapd is managing its own pid file.
>
>> + echo "done."
>> + ;;
>> + *)
>> + echo "Usage: $0 {start|stop|restart|reload}"
>> + exit 1
>> + ;;
>> +esac
>> +
>> +exit 0
>> +
>> +
>> diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
>> index 17bf991..bcb285a 100644
>> --- a/package/openldap/openldap.mk
>> +++ b/package/openldap/openldap.mk
>> @@ -12,6 +12,17 @@ OPENLDAP_LICENSE_FILES = LICENSE
>> OPENLDAP_INSTALL_STAGING = YES
>> OPENLDAP_DEPENDENCIES = host-pkgconf
>>
>> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
>> +define OPENLDAP_USERS
>> + ldap -1 ldap -1 * /var/run/openldap - - OpenLDAP server user
>> +endef
>> +
>> +define OPENLDAP_COPY_INITSCRIPT
>> + $(INSTALL) -D -m 755 $(@D)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
> $(@D)/S75slapd does not exist. So this means you never rebuilt your
> package :-)
>
> $(@D) is the source directory of openldap. You want to replace this
> with: $(OPENLDAP_PKGDIR)/S75slapd
Fixed an re-tested.
>
>> +endef
>> +OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_COPY_INITSCRIPT
> Shouldn't be a post install target hook. Instead, do this:
>
> define OPENLDAP_INIT_SYSV
> $(INSTALL) -D -m 755 $(OPENLDAP_PKGDIR)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
> endef
O.k., changed it.
>
> and it will automatically install the init script of the chosen init
> system is sysV compatible.
>
>> +endif
>> +
>> ifeq ($(BR2_PACKAGE_OPENSSL),y)
>> OPENLDAP_TLS = openssl
>> OPENLDAP_DEPENDENCIES += openssl
>> @@ -44,7 +55,6 @@ OPENLDAP_CONF_ENV += ac_cv_func_memcmp_working=yes
>> OPENLDAP_CONF_OPTS += \
>> --enable-syslog \
>> --disable-proctitle \
>> - --disable-slapd \
>> --with-yielding-select \
>> --sysconfdir=/etc \
>> --enable-dynamic=$(if $(BR2_STATIC_LIBS),no,yes) \
>> @@ -52,6 +62,11 @@ OPENLDAP_CONF_OPTS += \
>> --with-mp=$(OPENLDAP_MP) \
>> CPPFLAGS="$(TARGET_CPPFLAGS) $(OPENLDAP_CPPFLAGS)"
>>
>> +ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),)
>> +OPENLDAP_CONF_OPTS += \
>> + --disable-slapd
>> +endif
> Please do:
>
> ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
> OPENLDAP_CONF_OPTS += --enable-slapd
> else
> OPENLDAP_CONF_OPTS += --disable-slapd
> endif
>
> Which is a bit more explicit.
Agree. Changed it.
>
> Could you rework your patch to solve those different issues, and send
> an updated version?
>
> Thanks!
>
> Thomas
Instead of a patch I attached you the two files under discussion
(openldap.mk and S75slapd) to make review easier. If you agree with the
changes I will send a full patch using git.
Regards,
Andreas
-------------- next part --------------
#!/bin/sh
DAEMON=/usr/libexec/slapd
NAME=slapd
DESC="OpenLDAP server"
CONF=/etc/openldap/slapd.conf
ARGS="-u ldap -g ldap"
set -e
case "$1" in
start)
if [ ! -d /var/run/openldap ]; then
install -d -o ldap -g ldap -m 755 /var/run/openldap
fi
chown -R ldap:ldap /var/openldap-data
printf "Starting $DESC: $NAME: "
start-stop-daemon -S -q -n $NAME -x $DAEMON -- $ARGS
echo "done."
;;
stop)
printf "Stopping $DESC: $NAME: "
start-stop-daemon -K -n $NAME
echo "done."
;;
restart)
printf "Restarting $DESC: $NAME: "
$0 stop
$0 start
echo "done."
;;
reload)
printf "Reloading $DESC: $NAME: "
killall -HUP $(basename ${DAEMON})
echo "done."
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
;;
esac
exit 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openldap.mk
Type: text/x-makefile
Size: 2618 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20160112/b34f7114/attachment.bin>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-12 21:02 ` Andreas Ehmanns
@ 2016-01-12 21:09 ` Thomas Petazzoni
2016-01-13 17:31 ` Andreas Ehmanns
0 siblings, 1 reply; 13+ messages in thread
From: Thomas Petazzoni @ 2016-01-12 21:09 UTC (permalink / raw)
To: buildroot
Andreas,
On Tue, 12 Jan 2016 22:02:28 +0100, Andreas Ehmanns wrote:
> I reworked the patch and incorporated your findings. Please have a look
> at my comments below and let me know what you think.
Thanks! See below my comments.
> > If you fix this, then the path to the pidfile (and argsfile) in
> > slapd.conf are wrong, because they point to /var/run/, to which the
> > ldap user has not write access.
> >
> > If you fix this again, when you start slapd, it complains:
> >
> > bdb_db_open: warning - no DB_CONFIG file found in
> > directory /var/openldap-data: (2). Expect poor performance for suffix
> > "dc=my-domain,dc=com".
> >
> > It should probably be fixed by using DB_CONFIG.example as DB_CONFIG
> > in /var/openldap-data/.
> My aim was to add the OpenLDAP server as provided by the package and
> only make the changes necessary to allow the server to start up without
> terminating.
> slapd.conf is the default configuration provided by the package which is
> a good starting point for people to setup their own configuration and
> database. Of course everyone using the LDAP server has to make its own
> configuration and database setup but this can't be provided or
> preconfigured by buildroot.
Right, but in general we try in Buildroot to provide a sane/minimal
default configuration that "works" out of the box. It is a bit weird to
have such a warning when the slapd daemon starts. But OK, it's not a
very big issue either, we can always leave it as it is for now for this
aspect.
> > -p /var/run/slapd/slapd.pid
> Slapd manages its own pid file. Why should start-stop-daemon create an
> additional pid file
start-stop-daemon will not create an additional pid file with just the
-p option. Only if you pass the -m option in addition to -p. With -p,
start-stop-daemon will only verify that the process has created the pid
file. From the start-stop-daemon manpage:
-p, --pidfile pid-file
Check whether a process has created the file pid-file. Note:
using this matching option alone might cause unintended pro?
cesses to be acted on, if the old process terminated without
being able to remove the pid-file.
-m, --make-pidfile
Used when starting a program that does not create its own pid
file. This option will make start-stop-daemon create the file
referenced with --pidfile and place the pid into it just before
executing the process. Note, the file will only be removed when
stopping the program if --remove-pidfile is used. Note: This
feature may not work in all cases. Most notably when the program
being executed forks from its main process. Because of this, it
is usually only useful when combined with the --background
option.
> > Why do you pass -n ? And why do you use -a instead of -x ?
> O.k., changed -a to -x
> I thought that I need -n to be able to do a kill when shutting down the
> server when NOT using pid file from start-stop-daemon. This was my
> understanding from other init scripts. Am I wrong?
If you specify -p, I think doing the name-based check with -n is useless.
> >> + killall -HUP $(basename ${DAEMON})
> > I think it's better to use the pid file here, no?
> >
> > kill -HUP $(cat /var/run/slapd/slapd.pid)
> See comment above. Slapd is managing its own pid file.
And? It doesn't prevent us from using it, right?
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-12 21:09 ` Thomas Petazzoni
@ 2016-01-13 17:31 ` Andreas Ehmanns
0 siblings, 0 replies; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-13 17:31 UTC (permalink / raw)
To: buildroot
Thomas,
thanks for your comments. I will incorporate them, test it and send the
patch in the next two days.
Regards,
Andreas
Am 12.01.2016 um 22:09 schrieb Thomas Petazzoni:
> Andreas,
>
> On Tue, 12 Jan 2016 22:02:28 +0100, Andreas Ehmanns wrote:
>
>> I reworked the patch and incorporated your findings. Please have a look
>> at my comments below and let me know what you think.
> Thanks! See below my comments.
>
>
>>> If you fix this, then the path to the pidfile (and argsfile) in
>>> slapd.conf are wrong, because they point to /var/run/, to which the
>>> ldap user has not write access.
>>>
>>> If you fix this again, when you start slapd, it complains:
>>>
>>> bdb_db_open: warning - no DB_CONFIG file found in
>>> directory /var/openldap-data: (2). Expect poor performance for suffix
>>> "dc=my-domain,dc=com".
>>>
>>> It should probably be fixed by using DB_CONFIG.example as DB_CONFIG
>>> in /var/openldap-data/.
>> My aim was to add the OpenLDAP server as provided by the package and
>> only make the changes necessary to allow the server to start up without
>> terminating.
>> slapd.conf is the default configuration provided by the package which is
>> a good starting point for people to setup their own configuration and
>> database. Of course everyone using the LDAP server has to make its own
>> configuration and database setup but this can't be provided or
>> preconfigured by buildroot.
> Right, but in general we try in Buildroot to provide a sane/minimal
> default configuration that "works" out of the box. It is a bit weird to
> have such a warning when the slapd daemon starts. But OK, it's not a
> very big issue either, we can always leave it as it is for now for this
> aspect.
>
>>> -p /var/run/slapd/slapd.pid
>> Slapd manages its own pid file. Why should start-stop-daemon create an
>> additional pid file
> start-stop-daemon will not create an additional pid file with just the
> -p option. Only if you pass the -m option in addition to -p. With -p,
> start-stop-daemon will only verify that the process has created the pid
> file. From the start-stop-daemon manpage:
>
> -p, --pidfile pid-file
> Check whether a process has created the file pid-file. Note:
> using this matching option alone might cause unintended pro?
> cesses to be acted on, if the old process terminated without
> being able to remove the pid-file.
>
> -m, --make-pidfile
> Used when starting a program that does not create its own pid
> file. This option will make start-stop-daemon create the file
> referenced with --pidfile and place the pid into it just before
> executing the process. Note, the file will only be removed when
> stopping the program if --remove-pidfile is used. Note: This
> feature may not work in all cases. Most notably when the program
> being executed forks from its main process. Because of this, it
> is usually only useful when combined with the --background
> option.
>
>>> Why do you pass -n ? And why do you use -a instead of -x ?
>> O.k., changed -a to -x
>> I thought that I need -n to be able to do a kill when shutting down the
>> server when NOT using pid file from start-stop-daemon. This was my
>> understanding from other init scripts. Am I wrong?
> If you specify -p, I think doing the name-based check with -n is useless.
>
>
>>>> + killall -HUP $(basename ${DAEMON})
>>> I think it's better to use the pid file here, no?
>>>
>>> kill -HUP $(cat /var/run/slapd/slapd.pid)
>> See comment above. Slapd is managing its own pid file.
> And? It doesn't prevent us from using it, right?
>
> Thanks!
>
> Thomas
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-22 10:58 ` Andreas Ehmanns
2016-02-12 9:26 ` Andreas Ehmanns
@ 2016-02-25 20:39 ` Andreas Ehmanns
1 sibling, 0 replies; 13+ messages in thread
From: Andreas Ehmanns @ 2016-02-25 20:39 UTC (permalink / raw)
To: buildroot
Thomas,
what shall I do? Is that patch o.k.? Are there further things I should do?
Please let me know, how to process to finalize this patch.
Thanks,
Andreas
Am 22.01.2016 um 11:58 schrieb Andreas Ehmanns:
> Thomas,
> slapd writes the PID file to the location defined in
> /etc/openldap/slapd.conf
>
> The configuration file defines "pidfile" as
> /var/run/openldap/slapd.pid. Maybe we have different conf files when
> we build the rootfs?
> I had a look at a previous build without the new patch of the
> openldap.mk (where we delete unused files now).
> Without this new feature you find two files in /etc/openldap:
> - slapd.conf with 644 permissions and pidfile defined as
> /var/run/openldap/slapd.pid
> - slapd.conf.default with 600 permission and pidfile defined as
> /var/run/slapd.pid
> It seems that in your builds you have slapd.conf.default as conf file
> and in my builds I have slapd.conf used by slapd.
>
> How could that happen?
>
> Regards,
> Andreas
>
>
> Am 22.01.2016 um 11:03 schrieb Thomas Petazzoni:
>> Andreas,
>>
>> On Fri, 22 Jan 2016 10:50:59 +0100, Andreas Ehmanns wrote:
>>
>>> this is very weird. Did you really use the latest patch? On my target
>>> the LDAP server is starting without any problems. It seems that we use
>>> different init scripts or something else is wrong. Please have a
>>> look at
>>> my answers below:
>> I think I used the latest version, i.e
>> http://patchwork.ozlabs.org/patch/567988/. But of course I can't be
>> sure since I've removed the commit from my Git tree.
>>
>>
>>>> 1/ The /etc/openldap/slapd.conf file doesn't exist. This happens
>>>> when
>>>> you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
>>>> already mentioned this problem in a previous review of this
>>>> patch.
>>>> I fixed this problem by doing:
>>> Yes, you're right. I've overseen this comment in your previous email.
>>> Sorry for the inconvenience and thanks for patch.
>>> I'll fix this.
>> Thanks!
>>
>>>> 2/ The /etc/openldap/slapd.conf file has permissions that do not
>>>> allow
>>>> the slapd daemon to read it. I fixed this problem by:
>>> When I build the rootfs this file has 644 permissions on the target and
>>> the ldap server starts without problems. Strange that it's different
>>> when I build the target rootfs and when you do it. Could it be that
>>> there is a unknown dependency to other packages?
>> Hum, weird. I'll retest again.
>>
>>> Nevertheless I think it is a good idea to change the owner of this file
>>> to ldap:ldap.
>>> I changed the init script as you proposed.
>> Well, if the permissions are sufficient for the daemon to read the
>> configuration file, then there's no need to add stuff in the init
>> script to change the ownership of the file.
>>
>>>> 3/ The sldap daemon doesn't start because it tries to write its PID
>>>> file to /var/run/, where it doesn't have write permissions,
>>>> while it
>>>> should create it in /var/run/openldap. Here is the message I
>>>> get in
>>>> the logs:
>>> That's not correct. Looking at the init script you can see that the PID
>>> file is:
>>> PIDFILE=/var/run/openldap/slapd.pid
>> Yes, but this is only passed to start-stop-daemon, and
>> start-stop-daemon does *not* create the PID file. This -p $PIDFILE
>> option only allows start-stop-daemon to verify that the PID file has
>> been created by the daemon.
>>
>> Where is openldap told that its init script should be
>> in /var/run/openldap/ ?
>>
>>>> Also, there is something weird: when the daemon fails to start, it
>>>> doesn't show "done." (with your code) or "FAIL" (with my suggestion).
>>>> Can you have a look ?
>>> Yes. The reason was a "set -e" in the init script. I removed it and the
>>> logging is fine now.
>> Ah, yes, indeed. Thanks for the explanation!
>>
>> Thomas
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-22 10:58 ` Andreas Ehmanns
@ 2016-02-12 9:26 ` Andreas Ehmanns
2016-02-25 20:39 ` Andreas Ehmanns
1 sibling, 0 replies; 13+ messages in thread
From: Andreas Ehmanns @ 2016-02-12 9:26 UTC (permalink / raw)
To: buildroot
Dear all,
can someone please advise me how to continue with this patch?
Regards,
Andreas
Am 22.01.2016 um 11:58 schrieb Andreas Ehmanns:
> Thomas,
> slapd writes the PID file to the location defined in
> /etc/openldap/slapd.conf
>
> The configuration file defines "pidfile" as
> /var/run/openldap/slapd.pid. Maybe we have different conf files when
> we build the rootfs?
> I had a look at a previous build without the new patch of the
> openldap.mk (where we delete unused files now).
> Without this new feature you find two files in /etc/openldap:
> - slapd.conf with 644 permissions and pidfile defined as
> /var/run/openldap/slapd.pid
> - slapd.conf.default with 600 permission and pidfile defined as
> /var/run/slapd.pid
> It seems that in your builds you have slapd.conf.default as conf file
> and in my builds I have slapd.conf used by slapd.
>
> How could that happen?
>
> Regards,
> Andreas
>
>
> Am 22.01.2016 um 11:03 schrieb Thomas Petazzoni:
>> Andreas,
>>
>> On Fri, 22 Jan 2016 10:50:59 +0100, Andreas Ehmanns wrote:
>>
>>> this is very weird. Did you really use the latest patch? On my target
>>> the LDAP server is starting without any problems. It seems that we use
>>> different init scripts or something else is wrong. Please have a
>>> look at
>>> my answers below:
>> I think I used the latest version, i.e
>> http://patchwork.ozlabs.org/patch/567988/. But of course I can't be
>> sure since I've removed the commit from my Git tree.
>>
>>
>>>> 1/ The /etc/openldap/slapd.conf file doesn't exist. This happens
>>>> when
>>>> you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
>>>> already mentioned this problem in a previous review of this
>>>> patch.
>>>> I fixed this problem by doing:
>>> Yes, you're right. I've overseen this comment in your previous email.
>>> Sorry for the inconvenience and thanks for patch.
>>> I'll fix this.
>> Thanks!
>>
>>>> 2/ The /etc/openldap/slapd.conf file has permissions that do not
>>>> allow
>>>> the slapd daemon to read it. I fixed this problem by:
>>> When I build the rootfs this file has 644 permissions on the target and
>>> the ldap server starts without problems. Strange that it's different
>>> when I build the target rootfs and when you do it. Could it be that
>>> there is a unknown dependency to other packages?
>> Hum, weird. I'll retest again.
>>
>>> Nevertheless I think it is a good idea to change the owner of this file
>>> to ldap:ldap.
>>> I changed the init script as you proposed.
>> Well, if the permissions are sufficient for the daemon to read the
>> configuration file, then there's no need to add stuff in the init
>> script to change the ownership of the file.
>>
>>>> 3/ The sldap daemon doesn't start because it tries to write its PID
>>>> file to /var/run/, where it doesn't have write permissions,
>>>> while it
>>>> should create it in /var/run/openldap. Here is the message I
>>>> get in
>>>> the logs:
>>> That's not correct. Looking at the init script you can see that the PID
>>> file is:
>>> PIDFILE=/var/run/openldap/slapd.pid
>> Yes, but this is only passed to start-stop-daemon, and
>> start-stop-daemon does *not* create the PID file. This -p $PIDFILE
>> option only allows start-stop-daemon to verify that the PID file has
>> been created by the daemon.
>>
>> Where is openldap told that its init script should be
>> in /var/run/openldap/ ?
>>
>>>> Also, there is something weird: when the daemon fails to start, it
>>>> doesn't show "done." (with your code) or "FAIL" (with my suggestion).
>>>> Can you have a look ?
>>> Yes. The reason was a "set -e" in the init script. I removed it and the
>>> logging is fine now.
>> Ah, yes, indeed. Thanks for the explanation!
>>
>> Thomas
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-22 10:03 ` Thomas Petazzoni
@ 2016-01-22 10:58 ` Andreas Ehmanns
2016-02-12 9:26 ` Andreas Ehmanns
2016-02-25 20:39 ` Andreas Ehmanns
0 siblings, 2 replies; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-22 10:58 UTC (permalink / raw)
To: buildroot
Thomas,
slapd writes the PID file to the location defined in
/etc/openldap/slapd.conf
The configuration file defines "pidfile" as /var/run/openldap/slapd.pid.
Maybe we have different conf files when we build the rootfs?
I had a look at a previous build without the new patch of the
openldap.mk (where we delete unused files now).
Without this new feature you find two files in /etc/openldap:
- slapd.conf with 644 permissions and pidfile defined as
/var/run/openldap/slapd.pid
- slapd.conf.default with 600 permission and pidfile defined as
/var/run/slapd.pid
It seems that in your builds you have slapd.conf.default as conf file
and in my builds I have slapd.conf used by slapd.
How could that happen?
Regards,
Andreas
Am 22.01.2016 um 11:03 schrieb Thomas Petazzoni:
> Andreas,
>
> On Fri, 22 Jan 2016 10:50:59 +0100, Andreas Ehmanns wrote:
>
>> this is very weird. Did you really use the latest patch? On my target
>> the LDAP server is starting without any problems. It seems that we use
>> different init scripts or something else is wrong. Please have a look at
>> my answers below:
> I think I used the latest version, i.e
> http://patchwork.ozlabs.org/patch/567988/. But of course I can't be
> sure since I've removed the commit from my Git tree.
>
>
>>> 1/ The /etc/openldap/slapd.conf file doesn't exist. This happens when
>>> you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
>>> already mentioned this problem in a previous review of this patch.
>>> I fixed this problem by doing:
>> Yes, you're right. I've overseen this comment in your previous email.
>> Sorry for the inconvenience and thanks for patch.
>> I'll fix this.
> Thanks!
>
>>> 2/ The /etc/openldap/slapd.conf file has permissions that do not allow
>>> the slapd daemon to read it. I fixed this problem by:
>> When I build the rootfs this file has 644 permissions on the target and
>> the ldap server starts without problems. Strange that it's different
>> when I build the target rootfs and when you do it. Could it be that
>> there is a unknown dependency to other packages?
> Hum, weird. I'll retest again.
>
>> Nevertheless I think it is a good idea to change the owner of this file
>> to ldap:ldap.
>> I changed the init script as you proposed.
> Well, if the permissions are sufficient for the daemon to read the
> configuration file, then there's no need to add stuff in the init
> script to change the ownership of the file.
>
>>> 3/ The sldap daemon doesn't start because it tries to write its PID
>>> file to /var/run/, where it doesn't have write permissions, while it
>>> should create it in /var/run/openldap. Here is the message I get in
>>> the logs:
>> That's not correct. Looking at the init script you can see that the PID
>> file is:
>> PIDFILE=/var/run/openldap/slapd.pid
> Yes, but this is only passed to start-stop-daemon, and
> start-stop-daemon does *not* create the PID file. This -p $PIDFILE
> option only allows start-stop-daemon to verify that the PID file has
> been created by the daemon.
>
> Where is openldap told that its init script should be
> in /var/run/openldap/ ?
>
>>> Also, there is something weird: when the daemon fails to start, it
>>> doesn't show "done." (with your code) or "FAIL" (with my suggestion).
>>> Can you have a look ?
>> Yes. The reason was a "set -e" in the init script. I removed it and the
>> logging is fine now.
> Ah, yes, indeed. Thanks for the explanation!
>
> Thomas
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-22 9:50 ` Andreas Ehmanns
@ 2016-01-22 10:03 ` Thomas Petazzoni
2016-01-22 10:58 ` Andreas Ehmanns
0 siblings, 1 reply; 13+ messages in thread
From: Thomas Petazzoni @ 2016-01-22 10:03 UTC (permalink / raw)
To: buildroot
Andreas,
On Fri, 22 Jan 2016 10:50:59 +0100, Andreas Ehmanns wrote:
> this is very weird. Did you really use the latest patch? On my target
> the LDAP server is starting without any problems. It seems that we use
> different init scripts or something else is wrong. Please have a look at
> my answers below:
I think I used the latest version, i.e
http://patchwork.ozlabs.org/patch/567988/. But of course I can't be
sure since I've removed the commit from my Git tree.
> > 1/ The /etc/openldap/slapd.conf file doesn't exist. This happens when
> > you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
> > already mentioned this problem in a previous review of this patch.
> > I fixed this problem by doing:
> Yes, you're right. I've overseen this comment in your previous email.
> Sorry for the inconvenience and thanks for patch.
> I'll fix this.
Thanks!
> > 2/ The /etc/openldap/slapd.conf file has permissions that do not allow
> > the slapd daemon to read it. I fixed this problem by:
> When I build the rootfs this file has 644 permissions on the target and
> the ldap server starts without problems. Strange that it's different
> when I build the target rootfs and when you do it. Could it be that
> there is a unknown dependency to other packages?
Hum, weird. I'll retest again.
> Nevertheless I think it is a good idea to change the owner of this file
> to ldap:ldap.
> I changed the init script as you proposed.
Well, if the permissions are sufficient for the daemon to read the
configuration file, then there's no need to add stuff in the init
script to change the ownership of the file.
> > 3/ The sldap daemon doesn't start because it tries to write its PID
> > file to /var/run/, where it doesn't have write permissions, while it
> > should create it in /var/run/openldap. Here is the message I get in
> > the logs:
> That's not correct. Looking at the init script you can see that the PID
> file is:
> PIDFILE=/var/run/openldap/slapd.pid
Yes, but this is only passed to start-stop-daemon, and
start-stop-daemon does *not* create the PID file. This -p $PIDFILE
option only allows start-stop-daemon to verify that the PID file has
been created by the daemon.
Where is openldap told that its init script should be
in /var/run/openldap/ ?
> > Also, there is something weird: when the daemon fails to start, it
> > doesn't show "done." (with your code) or "FAIL" (with my suggestion).
> > Can you have a look ?
> Yes. The reason was a "set -e" in the init script. I removed it and the
> logging is fine now.
Ah, yes, indeed. Thanks for the explanation!
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-20 22:59 ` Thomas Petazzoni
@ 2016-01-22 9:50 ` Andreas Ehmanns
2016-01-22 10:03 ` Thomas Petazzoni
0 siblings, 1 reply; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-22 9:50 UTC (permalink / raw)
To: buildroot
Dear Thomas,
this is very weird. Did you really use the latest patch? On my target
the LDAP server is starting without any problems. It seems that we use
different init scripts or something else is wrong. Please have a look at
my answers below:
Am 20.01.2016 um 23:59 schrieb Thomas Petazzoni:
> Dear Andreas Ehmanns,
>
> On Fri, 15 Jan 2016 10:40:09 +0100, Andreas Ehmanns wrote:
>> Signed-off-by: Andreas Ehmanns <universeII@gmx.de>
>> ---
>> package/Config.in | 2 +-
>> package/openldap/Config.in | 8 +++++++-
>> package/openldap/S75slapd | 47 ++++++++++++++++++++++++++++++++++++++++++++
>> package/openldap/openldap.mk | 29 ++++++++++++++++++++++++++-
>> 4 files changed, 83 insertions(+), 3 deletions(-)
>> create mode 100644 package/openldap/S75slapd
> Thanks for respining. However, I am sorry, but it still doesn't work.
> Problems encountered:
>
> 1/ The /etc/openldap/slapd.conf file doesn't exist. This happens when
> you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
> already mentioned this problem in a previous review of this patch.
> I fixed this problem by doing:
Yes, you're right. I've overseen this comment in your previous email.
Sorry for the inconvenience and thanks for patch.
I'll fix this.
> diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
> index 18509cc..fdf8c88 100644
> --- a/package/openldap/openldap.mk
> +++ b/package/openldap/openldap.mk
> @@ -91,9 +91,15 @@ OPENLDAP_CLIENTS = \
> ldapsearch
> define OPENLDAP_REMOVE_CLIENTS
> $(RM) -f $(foreach p,$(OPENLDAP_CLIENTS),$(TARGET_DIR)/usr/bin/$(p))
> - $(RM) -rf $(TARGET_DIR)/etc/openldap
> endef
> OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_REMOVE_CLIENTS
> endif
>
> +define OPENLDAP_REMOVE_UNNEEDED_FILES
> + $(RM) -f $(TARGET_DIR)/etc/openldap/*.default
> + $(RM) -f $(TARGET_DIR)/etc/openldap/DB_CONFIG.example
> +endef
> +
> +OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_REMOVE_UNNEEDED_FILES
> +
> $(eval $(autotools-package))
>
> 2/ The /etc/openldap/slapd.conf file has permissions that do not allow
> the slapd daemon to read it. I fixed this problem by:
When I build the rootfs this file has 644 permissions on the target and
the ldap server starts without problems. Strange that it's different
when I build the target rootfs and when you do it. Could it be that
there is a unknown dependency to other packages?
Nevertheless I think it is a good idea to change the owner of this file
to ldap:ldap.
I changed the init script as you proposed.
>
> diff --git a/package/openldap/S75slapd b/package/openldap/S75slapd
> index 0a5ff8e..8b8cf30 100644
> --- a/package/openldap/S75slapd
> +++ b/package/openldap/S75slapd
> @@ -15,6 +15,7 @@ case "$1" in
> fi
>
> chown -R ldap:ldap /var/openldap-data
> + chown ldap:ldap /etc/openldap/slapd.conf
>
> printf "Starting $DESC: $NAME: "
> start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -- $ARGS
>
> 3/ The sldap daemon doesn't start because it tries to write its PID
> file to /var/run/, where it doesn't have write permissions, while it
> should create it in /var/run/openldap. Here is the message I get in
> the logs:
That's not correct. Looking at the init script you can see that the PID
file is:
PIDFILE=/var/run/openldap/slapd.pid
and /var/run/openldap is owned by ldap:ldap. So the pid file can be
created. I'm wondering why in your test the daemon tried to write to
/var/run directly. Do you have a different init script?
>
> Jan 20 22:55:48 buildroot local4.debug slapd[728]: unable to open pid file "/var/run/slapd.pid": 13 (Permission denied)
> Jan 20 22:55:48 buildroot local4.debug slapd[728]: slapd stopped.
>
> Also, your init script logging is not consistent with what we do in
> other packages. You do:
>
> printf "Starting $DESC: $NAME: "
> start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -- $ARGS
> echo "done."
>
> While we normally do:
>
> printf "Starting dropbear sshd: "
> start-stop-daemon -S -q -p /var/run/dropbear.pid \
> --exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
> [ $? = 0 ] && echo "OK" || echo "FAIL"
You're right. I fixed this.
>
> Also, there is something weird: when the daemon fails to start, it
> doesn't show "done." (with your code) or "FAIL" (with my suggestion).
> Can you have a look ?
Yes. The reason was a "set -e" in the init script. I removed it and the
logging is fine now.
>
> Thanks,
>
> Thomas
Please review my comments and let me know, what you think. Especially
the different behavior with the init script and the config file seems
strange to me.
Regards,
Andreas
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
2016-01-15 9:40 Andreas Ehmanns
@ 2016-01-20 22:59 ` Thomas Petazzoni
2016-01-22 9:50 ` Andreas Ehmanns
0 siblings, 1 reply; 13+ messages in thread
From: Thomas Petazzoni @ 2016-01-20 22:59 UTC (permalink / raw)
To: buildroot
Dear Andreas Ehmanns,
On Fri, 15 Jan 2016 10:40:09 +0100, Andreas Ehmanns wrote:
> Signed-off-by: Andreas Ehmanns <universeII@gmx.de>
> ---
> package/Config.in | 2 +-
> package/openldap/Config.in | 8 +++++++-
> package/openldap/S75slapd | 47 ++++++++++++++++++++++++++++++++++++++++++++
> package/openldap/openldap.mk | 29 ++++++++++++++++++++++++++-
> 4 files changed, 83 insertions(+), 3 deletions(-)
> create mode 100644 package/openldap/S75slapd
Thanks for respining. However, I am sorry, but it still doesn't work.
Problems encountered:
1/ The /etc/openldap/slapd.conf file doesn't exist. This happens when
you build with BR2_PACKAGE_OPENLDAP_CLIENTS disabled. I think I
already mentioned this problem in a previous review of this patch.
I fixed this problem by doing:
diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
index 18509cc..fdf8c88 100644
--- a/package/openldap/openldap.mk
+++ b/package/openldap/openldap.mk
@@ -91,9 +91,15 @@ OPENLDAP_CLIENTS = \
ldapsearch
define OPENLDAP_REMOVE_CLIENTS
$(RM) -f $(foreach p,$(OPENLDAP_CLIENTS),$(TARGET_DIR)/usr/bin/$(p))
- $(RM) -rf $(TARGET_DIR)/etc/openldap
endef
OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_REMOVE_CLIENTS
endif
+define OPENLDAP_REMOVE_UNNEEDED_FILES
+ $(RM) -f $(TARGET_DIR)/etc/openldap/*.default
+ $(RM) -f $(TARGET_DIR)/etc/openldap/DB_CONFIG.example
+endef
+
+OPENLDAP_POST_INSTALL_TARGET_HOOKS += OPENLDAP_REMOVE_UNNEEDED_FILES
+
$(eval $(autotools-package))
2/ The /etc/openldap/slapd.conf file has permissions that do not allow
the slapd daemon to read it. I fixed this problem by:
diff --git a/package/openldap/S75slapd b/package/openldap/S75slapd
index 0a5ff8e..8b8cf30 100644
--- a/package/openldap/S75slapd
+++ b/package/openldap/S75slapd
@@ -15,6 +15,7 @@ case "$1" in
fi
chown -R ldap:ldap /var/openldap-data
+ chown ldap:ldap /etc/openldap/slapd.conf
printf "Starting $DESC: $NAME: "
start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -- $ARGS
3/ The sldap daemon doesn't start because it tries to write its PID
file to /var/run/, where it doesn't have write permissions, while it
should create it in /var/run/openldap. Here is the message I get in
the logs:
Jan 20 22:55:48 buildroot local4.debug slapd[728]: unable to open pid file "/var/run/slapd.pid": 13 (Permission denied)
Jan 20 22:55:48 buildroot local4.debug slapd[728]: slapd stopped.
Also, your init script logging is not consistent with what we do in
other packages. You do:
printf "Starting $DESC: $NAME: "
start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -- $ARGS
echo "done."
While we normally do:
printf "Starting dropbear sshd: "
start-stop-daemon -S -q -p /var/run/dropbear.pid \
--exec /usr/sbin/dropbear -- $DROPBEAR_ARGS
[ $? = 0 ] && echo "OK" || echo "FAIL"
Also, there is something weird: when the daemon fails to start, it
doesn't show "done." (with your code) or "FAIL" (with my suggestion).
Can you have a look ?
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [Buildroot] [PATCH 1/1] openldap: add support to build the server
@ 2016-01-15 9:40 Andreas Ehmanns
2016-01-20 22:59 ` Thomas Petazzoni
0 siblings, 1 reply; 13+ messages in thread
From: Andreas Ehmanns @ 2016-01-15 9:40 UTC (permalink / raw)
To: buildroot
Signed-off-by: Andreas Ehmanns <universeII@gmx.de>
---
package/Config.in | 2 +-
package/openldap/Config.in | 8 +++++++-
package/openldap/S75slapd | 47 ++++++++++++++++++++++++++++++++++++++++++++
package/openldap/openldap.mk | 29 ++++++++++++++++++++++++++-
4 files changed, 83 insertions(+), 3 deletions(-)
create mode 100644 package/openldap/S75slapd
diff --git a/package/Config.in b/package/Config.in
index 89b23db..5df8960 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1115,7 +1115,6 @@ menu "Networking"
source "package/nss-mdns/Config.in"
source "package/nss-pam-ldapd/Config.in"
source "package/omniorb/Config.in"
- source "package/openldap/Config.in"
source "package/openpgm/Config.in"
source "package/ortp/Config.in"
source "package/qdecoder/Config.in"
@@ -1405,6 +1404,7 @@ endif
source "package/odhcploc/Config.in"
source "package/olsr/Config.in"
source "package/open-plc-utils/Config.in"
+ source "package/openldap/Config.in"
source "package/openntpd/Config.in"
source "package/openobex/Config.in"
source "package/openssh/Config.in"
diff --git a/package/openldap/Config.in b/package/openldap/Config.in
index 3085a5c..30c0f65 100644
--- a/package/openldap/Config.in
+++ b/package/openldap/Config.in
@@ -6,12 +6,18 @@ config BR2_PACKAGE_OPENLDAP
OpenLDAP Software is an open source implementation of
the Lightweight Directory Access Protocol.
- This only installs client-side support.
+ This only installs library support.
http://www.openldap.org/
if BR2_PACKAGE_OPENLDAP
+config BR2_PACKAGE_OPENLDAP_SERVER
+ bool "openldap server binary"
+ select BR2_PACKAGE_BERKELEYDB
+ help
+ Installs the OpenLDAP server slapd
+
config BR2_PACKAGE_OPENLDAP_CLIENTS
bool "openldap client binaries"
default y
diff --git a/package/openldap/S75slapd b/package/openldap/S75slapd
new file mode 100644
index 0000000..0a5ff8e
--- /dev/null
+++ b/package/openldap/S75slapd
@@ -0,0 +1,47 @@
+#!/bin/sh
+DAEMON=/usr/libexec/slapd
+NAME=slapd
+DESC="OpenLDAP server"
+CONF=/etc/openldap/slapd.conf
+PIDFILE=/var/run/openldap/slapd.pid
+ARGS="-u ldap -g ldap"
+
+set -e
+
+case "$1" in
+ start)
+ if [ ! -d /var/run/openldap ]; then
+ install -d -o ldap -g ldap -m 755 /var/run/openldap
+ fi
+
+ chown -R ldap:ldap /var/openldap-data
+
+ printf "Starting $DESC: $NAME: "
+ start-stop-daemon -S -q -p $PIDFILE -x $DAEMON -- $ARGS
+ echo "done."
+ ;;
+ stop)
+ printf "Stopping $DESC: $NAME: "
+ start-stop-daemon -K -q -p $PIDFILE
+ echo "done."
+ ;;
+ restart)
+ printf "Restarting $DESC: $NAME: "
+ $0 stop
+ $0 start
+ echo "done."
+ ;;
+ reload)
+ printf "Reloading $DESC: $NAME: "
+ kill -HUP $(cat $PIDFILE)
+ echo "done."
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload}"
+ exit 1
+ ;;
+esac
+
+exit 0
+
+
diff --git a/package/openldap/openldap.mk b/package/openldap/openldap.mk
index 17bf991..b2ea4c2 100644
--- a/package/openldap/openldap.mk
+++ b/package/openldap/openldap.mk
@@ -12,6 +12,27 @@ OPENLDAP_LICENSE_FILES = LICENSE
OPENLDAP_INSTALL_STAGING = YES
OPENLDAP_DEPENDENCIES = host-pkgconf
+ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
+define OPENLDAP_USERS
+ ldap -1 ldap -1 * /var/run/openldap - - OpenLDAP server user
+endef
+
+define OPENLDAP_PERMISSIONS
+ /var/openldap-data d 700 0 0 - - - - -
+endef
+
+# Use example database as default to let LADP server start smoothly
+define OPENLDAP_INSTALL_INIT_SYSV
+ $(INSTALL) -D -m 755 $(OPENLDAP_PKGDIR)/S75slapd $(TARGET_DIR)/etc/init.d/S75slapd
+endef
+
+define RENAME_DB
+ mv $(TARGET_DIR)/var/openldap-data/DB_CONFIG.example $(TARGET_DIR)/var/openldap-data/DB_CONFIG
+endef
+
+OPENLDAP_POST_INSTALL_TARGET_HOOKS += RENAME_DB
+endif
+
ifeq ($(BR2_PACKAGE_OPENSSL),y)
OPENLDAP_TLS = openssl
OPENLDAP_DEPENDENCIES += openssl
@@ -44,7 +65,6 @@ OPENLDAP_CONF_ENV += ac_cv_func_memcmp_working=yes
OPENLDAP_CONF_OPTS += \
--enable-syslog \
--disable-proctitle \
- --disable-slapd \
--with-yielding-select \
--sysconfdir=/etc \
--enable-dynamic=$(if $(BR2_STATIC_LIBS),no,yes) \
@@ -52,6 +72,13 @@ OPENLDAP_CONF_OPTS += \
--with-mp=$(OPENLDAP_MP) \
CPPFLAGS="$(TARGET_CPPFLAGS) $(OPENLDAP_CPPFLAGS)"
+ifeq ($(BR2_PACKAGE_OPENLDAP_SERVER),y)
+OPENLDAP_CONF_OPTS += --enable-slapd
+else
+OPENLDAP_CONF_OPTS += --disable-slapd
+endif
+
+
# Somehow, ${STRIP} does not percolates through to the shtool script
# used to install the executables; thus, that script tries to run the
# executable it is supposed to install, resulting in an error.
--
2.1.4
^ permalink raw reply related [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-02-25 20:39 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-17 20:41 [Buildroot] [PATCH 1/1] openldap: add support to build the server Andreas Ehmanns
2015-12-29 11:19 ` Thomas Petazzoni
2016-01-03 14:07 ` Andreas Ehmanns
2016-01-12 21:02 ` Andreas Ehmanns
2016-01-12 21:09 ` Thomas Petazzoni
2016-01-13 17:31 ` Andreas Ehmanns
2016-01-15 9:40 Andreas Ehmanns
2016-01-20 22:59 ` Thomas Petazzoni
2016-01-22 9:50 ` Andreas Ehmanns
2016-01-22 10:03 ` Thomas Petazzoni
2016-01-22 10:58 ` Andreas Ehmanns
2016-02-12 9:26 ` Andreas Ehmanns
2016-02-25 20:39 ` Andreas Ehmanns
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.