#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: slapd
# REQUIRE: FILESYSTEMS ldconfig netif
# BEFORE: SERVERS kdc
# KEYWORD: shutdown

#
# Add the following lines to /etc/rc.conf to enable slapd:
#
#slapd_enable="YES"
#slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
#slapd_sockets="/var/run/openldap/ldapi"
#
# See slapd(8) for more flags
#
# The `-u' and `-g' flags are automatically extracted from slapd_owner,
# by default slapd runs under the non-privileged user id `ldap'. If you
# want to run slapd as root, override this in /etc/rc.conf with
#
#slapd_owner="DEFAULT"
#
# To use the cn=config style configuration add the following
# line to /etc/rc.conf:
#
#slapd_cn_config="YES"
#
# To specify alternative Kerberos 5 Key Table, add the following
# rc.conf(5) configuration:
#
#slapd_krb5_ktname="/path/to/ldap.keytab"
#

. /etc/rc.subr

name="slapd"
rcvar=slapd_enable

# read settings, set defaults
load_rc_config ${name}

: ${slapd_enable="NO"}
if [ -n "${slapd_args+set}" ]; then
  warn "slapd_args is deprecated, use slapd_flags"
  : ${slapd_flags="$slapd_args"}
fi
: ${slapd_owner="ldap:ldap"}
: ${slapd_sockets_mode="666"}
: ${slapd_cn_config="NO"}

command="/usr/local/libexec/slapd"
pidfile="/var/run/openldap/slapd.pid"

# set required_dirs, required_files and DATABASEDIR
if checkyesno slapd_cn_config; then
  required_dirs="/usr/local/etc/openldap/slapd.d"
  required_files="/usr/local/etc/openldap/slapd.d/cn=config.ldif"
  DATABASEDIR=`grep olcDbDirectory /usr/local/etc/openldap/slapd.d/cn=config/olcDatabase=* | awk '{ print $2 }'`
else
  required_files="/usr/local/etc/openldap/slapd.conf"
  DATABASEDIR=`awk '$1 == "directory" { print $2 }' "/usr/local/etc/openldap/slapd.conf" 2>&1 /dev/null`
fi

start_precmd=start_precmd
start_postcmd=start_postcmd

# extract user and group, adjust ownership of directories and database

start_precmd()
{
  local slapd_ownername slapd_groupname

  mkdir -p /var/run/openldap

  case "$slapd_owner" in
  ""|[Nn][Oo][Nn][Ee]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt])
    ;;
  *)
    local DBDIR
    for DBDIR in ${DATABASEDIR}; do
       if [ ! -d "${DBDIR}" ]; then
          mkdir -p "${DBDIR}"
          [ -f "/usr/local/etc/openldap/DB_CONFIG.example" ] && cp "/usr/local/etc/openldap/DB_CONFIG.example" "${DBDIR}/DB_CONFIG"
       fi
       chown -RL "$slapd_owner" "${DBDIR}"
       chmod 700 "${DBDIR}"
    done
    chown "$slapd_owner" "/var/run/openldap"

    if checkyesno slapd_cn_config; then
        chown -R $slapd_owner "/usr/local/etc/openldap/slapd.d"
    else
        chown $slapd_owner "/usr/local/etc/openldap/slapd.conf"
    fi

    slapd_ownername="${slapd_owner%:*}"
    slapd_groupname="${slapd_owner#*:}"

    if [ -n "$slapd_ownername" ]; then
      rc_flags="$rc_flags -u $slapd_ownername"
    fi
    if [ -n "$slapd_groupname" ]; then
      rc_flags="$rc_flags -g $slapd_groupname"
    fi
    if [ -n "${slapd_krb5_ktname}" ]; then
      export KRB5_KTNAME=${slapd_krb5_ktname}
    fi
    ;;
  esac
  echo -n "Performing sanity check on slap configuration: "

  if ${command} -Tt -u >/dev/null 2>&1; then
    echo "OK"
  else
    echo "FAILED"
    return 1
  fi
}

# adjust ownership of created unix sockets

start_postcmd()
{
  local socket seconds

  for socket in $slapd_sockets; do
    for seconds in 1 2 3 4 5; do
      [ -e "$socket" ] && break
      sleep 1
    done
    if [ -S "$socket" ]; then
      case "$slapd_owner" in
      ""|[Nn][Oo][Nn][Ee]|[Dd][Ee][Ff][Aa][Uu][Ll][Tt])
        ;;
      *)
        chown "$slapd_owner" "$socket"
        ;;
      esac
      chmod "$slapd_sockets_mode" "$socket"
    else
      warn "slapd: Can't find socket $socket"
    fi
  done
}

run_rc_command "$1"
