Improve documentation a little.
Improve init scripts.
Add basic systemv support.
============
This assumes that the /programs/ paths are being used.
-Compile the source code:
- gcc -g -lldap -lpq source/c/autocreate_ldap_accounts_in_postgresql.c -o /programs/bin/autocreate_ldap_accounts_in_postgresql
-
Add and enable the init script:
- cp -v source/bash/autocreate_ldap_accounts_in_postgresql.sh /etc/init.d/autocreate_ldap_accounts_in_postgresql
- chkconfig --add autocreate_ldap_accounts_in_postgresql
- chkconfig autocreate_ldap_accounts_in_postgresql on
+ Usng common sysvinit tools:
+ cp -v source/bash/autocreate_ldap_accounts_in_postgresql.sh /etc/init.d/autocreate_ldap_accounts_in_postgresql
+ chkconfig --add autocreate_ldap_accounts_in_postgresql
+ chkconfig autocreate_ldap_accounts_in_postgresql on
+
+ Using common systemd tools:
+ Using sysvinit inside of systemd:
+ cp -v source/bash/autocreate_ldap_accounts_in_postgresql.sh /etc/init.d/autocreate_ldap_accounts_in_postgresql
+ systemctl enable autocreate_ldap_accounts_in_postgresql
+
+ Using systemd native tools:
+ @todo
Configure the settings (assuming system called "example"):
mkdir -vp /programs/settings/autocreate_ldap_accounts_in_postgresql/
Note: rename 'example.settings' to the name of the system as defined in 'systems.settings'.
+Postgresql needs to have the database created and setup (see appropriate project).
+Once the database is setup, an account needs to exist in the database with account creation access.
+This is the account that needs to be defined in the example.settings file.
+Using the example.settings file provided, this user would be '@todo'.
+ @todo: describe process for creating and setting up postgresql account information.
+
+The example.settings file has an alap_connect_user and an alap_connect_password for assigning user name and password for connection.
+This user and password is for connecting to postgresql and should be assigned the appropriate create_ldap_users role as described below in postgresql.
+
+
+Create the role in the postgresql (replace example_database with appropriate database name).
+The "create_ldap_users" role can be assigned to the account that will login and create the roles (or used directly).
+Example commands (will likely need to be run as postgresql admin user):
+ psql example_database -c "create role create_ldap_users createrole"
+ psql example_database -c "alter role create_ldap_users login"
+
+The source code has a hard-coded port of 5433, be sure to open up appropriate firewall access and/or change that port number.
+The source code has a hardcoded ldap server and search dn, be sure to update that as well where appropriate.
+Compile the source code:
+ gcc -g -lldap -lpq source/c/autocreate_ldap_accounts_in_postgresql.c -o /programs/bin/autocreate_ldap_accounts_in_postgresql
+
Start the service
service autocreate_ldap_accounts_in_postgresql start
# Description: Provide a per-database/per-role way to auto-create ldap accounts and auto assign a single role.
### END INIT INFO
-# Source function library.
-. /etc/rc.d/init.d/functions
+# Source function library, found on some sysvinit systems.
+load_sysvinit() {
+ if [[ -e /etc/rc.d/init.d/functions ]] ; then
+ . /etc/rc.d/init.d/functions
+ fi
+}
+
+# Source function library, found on some systemd systems.
+load_systemd() {
+ if [[ -e /lib/lsb/init-functions ]] ; then
+ . /lib/lsb/init-functions
+ fi
+}
main() {
local process_owner="alap"
case "$1" in
start)
- start
+ do_start
;;
stop)
- stop
+ do_stop
;;
restart)
- restart
+ do_restart
;;
status)
- status
+ do_status
;;
*)
echo "Usage: autocreate_ldap_accounts_in_postgresql {start|stop|restart|status}"
return $?
}
-start() {
+do_start() {
local alap_name_system=
local alap_name_group=
local alap_name_database=
return 0
}
-stop() {
+do_stop() {
local alap_name_system=
local alap_name_group=
local alap_name_database=
return 0
}
-restart() {
+do_restart() {
local alap_name_system=
local alap_name_group=
local alap_name_database=
return 0
}
-status() {
+do_status() {
local alap_name_system=
local alap_name_group=
local alap_name_database=
return 0
}
+load_sysvinit
+load_systemd
main "$1" "$2"
*
* This was written originally using sockets, but it makes more sense to run this on the database server (for security reasons).
* - The original socket code is left alone, but is not used.
+ * - The socket code is designed to run on the same system as the PHP client making the requests.
+ * - The network code allows for the PHP client to connect to this via an ip address and port number.
*
* The program expects the following parameters: [user_name] [group_name] [database_name] [listen_port].
*
gcc -g source/c/sessionize_ldap_accounts_in_postgresql.c -o /programs/bin/sessionize_ldap_accounts_in_postgresql
Add and enable the init script:
- cp -v source/bash/sessionize_accounts.sh /etc/init.d/sessionize_accounts
- chkconfig --add sessionize_accounts
- chkconfig sessionize_accounts on
+ Usng common sysvinit tools:
+ cp -v source/bash/sessionize_accounts.sh /etc/init.d/sessionize_accounts
+ chkconfig --add sessionize_accounts
+ chkconfig sessionize_accounts on
+
+ Using common systemd tools:
+ Using sysvinit inside of systemd:
+ cp -v source/bash/sessionize_accounts.sh /etc/init.d/sessionize_accounts
+ systemctl enable sessionize_accounts
+
+ Using systemd native tools:
+ @todo
Configure the settings (assuming system called "example"):
mkdir -vp /programs/settings/sessionize_ldap_accounts_in_postgresql/
# Description: Provides session storage of usernames and passwords on a per ip-address basis.
### END INIT INFO
-# Source function library.
-if [[ -f /etc/rc.d/init.d/functions ]] ; then
- . /etc/rc.d/init.d/functions
-fi
+# Source function library, found on some sysvinit systems.
+load_sysvinit() {
+ if [[ -e /etc/rc.d/init.d/functions ]] ; then
+ . /etc/rc.d/init.d/functions
+ fi
+}
+
+# Source function library, found on some systemd systems.
+load_systemd() {
+ if [[ -e /lib/lsb/init-functions ]] ; then
+ . /lib/lsb/init-functions
+ fi
+}
main() {
local process_owner=
- local process_group="apache"
+ local process_group=
local path_programs="/programs/"
local path_service="/usr/local/bin/php ${path_programs}bin/sessionize_accounts-server.php"
local path_settings="${path_programs}settings/sessionize_accounts/"
local path_pids="/programs/run/sessionize_accounts/"
local path_socket_directory="/programs/sockets/sessionize_accounts/"
local path_socket_name="sessions.socket"
- local path_socket_directory_mask="u+rwx,g+rx,o-rwx"
- local path_socket_name_mask="ugo+rw-x"
+ local path_socket_mask_directory="u+rwx,g+rx,o-rwx"
+ local path_socket_mask_name="ugo+rw-x"
local parameter_system=$2
local sa_systems=
local i=
case "$1" in
start)
- start
+ do_start
;;
stop)
- stop
+ do_stop
;;
restart)
- restart
+ do_restart
;;
status)
- status
+ do_status
;;
*)
echo "Usage: sessionize_accounts {start|stop|restart|status}"
return $?
}
-start() {
+do_start() {
local sa_system=
local result=
local any_success=0
return 0
}
-stop() {
+do_stop() {
local sa_system=
local result=
local any_success=0
return 0
}
-restart() {
+do_restart() {
local sa_system=
local result=
local any_success=0
return 0
}
-status() {
+do_status() {
local sa_system=
local pid_file=
local pid=
# guarantee that all directories in the socket file's path exist.
if [[ ! -d $path_socket_directory/$sa_system/ ]] ; then
mkdir -p $path_socket_directory/$sa_system/
- chown $process_owner $path_socket_directory/$sa_system/
+
+ if [[ $process_owner != "" ]] ; then
+ chown $process_owner $path_socket_directory/$sa_system/
+ fi
fi
# guarantee that the '$process_group' has read and execute only access to the directory, deny world access.
- chgrp $process_group $path_socket_directory/$sa_system/
- chmod $path_socket_directory_mask $path_socket_directory/$sa_system/
+ if [[ $process_group != "" ]] ; then
+ chgrp $process_group $path_socket_directory/$sa_system/
+ fi
+
+ if [[ $path_socket_mask_directory != "" ]] ; then
+ chmod $path_socket_mask_directory $path_socket_directory/$sa_system/
+ fi
# make sure no session socket already exists before starting.
# this assumes that the pid file has already been checked and therefore no existing process is using the socket file (aka: assume this is a stale socket file).
fi
# make sure the socket has the desired permissions.
- if [[ -e $path_socket_directory/$sa_system/$path_socket_name ]] ; then
- chmod $path_socket_name_mask $path_socket_directory/$sa_system/$path_socket_name
+ if [[ -e $path_socket_directory/$sa_system/$path_socket_name && $path_socket_mask_name != "" ]] ; then
+ chmod $path_socket_mask_name $path_socket_directory/$sa_system/$path_socket_name
fi
if [[ $result -ne 0 ]] ; then