From 2c2348a13a6252355716a0717bfe89de79e1f4f9 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Mon, 9 Jun 2008 15:40:26 +0000 Subject: Put the socket file, unix user and group in the conf file --- files/slapd-pivot.conf.sample | 7 +++++-- slapd-pivot.py | 35 ++++++++++++++--------------------- 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/files/slapd-pivot.conf.sample b/files/slapd-pivot.conf.sample index 6ecd263..a5d3054 100644 --- a/files/slapd-pivot.conf.sample +++ b/files/slapd-pivot.conf.sample @@ -8,10 +8,13 @@ rdn-attribute: cn ref-objectclass: group access-attribute: access -storage-file = /var/db/pivot.ldif +unix-user = ldap +unix-group = ldap +sock-file = /var/run/slapd-pivot.sock +storage-file = /var/db/slapd-pivot.ldif ldap-base: dc=fam ldap-root: cn=root,dc=fam ldap-password: barn -ldap-host: ldap://localhost:3890 +ldap-host: ldap://localhost:389 diff --git a/slapd-pivot.py b/slapd-pivot.py index 704c16e..c27ee2e 100644 --- a/slapd-pivot.py +++ b/slapd-pivot.py @@ -7,8 +7,6 @@ import pwd, grp import Backend, Pivot, Config SCRIPT = "slapd-pivot" -USER = None -GROUP = None PIDFILE = None class Log: @@ -30,12 +28,12 @@ def failure(msg, details = None): def usage(): - print >> sys.stderr, "usage: %s -f config [-d level] [-g group] [-p pidfile] [-u user]" % SCRIPT + print >> sys.stderr, "usage: %s -f config [-d level] [-p pidfile]" % SCRIPT sys.exit(2) def run_server(): - server = Backend.Server("/tmp/pivot-slapd.sock", Pivot.Database) + server = Backend.Server(Config.require("sock-file"), Pivot.Database) try: print >> sys.stderr, "%s starting up..." % SCRIPT server.serve_forever() @@ -44,27 +42,28 @@ def run_server(): def drop_privileges(): - global GROUP, USER - if GROUP: + group = Config.option("unix-group") + if group: try: - GROUP = int(GROUP) + group = int(group) except ValueError: try: - GROUP = grp.getgrgid(GROUP)[2] + group = grp.getgrgid(group)[2] except KeyError: - failure("invalid group: %s" % GROUP) - os.setegid(GROUP) + failure("invalid group: %s" % group) + os.setegid(group) - if USER: + user = Config.option("unix-user") + if user: try: - USER = int(USER) + user = int(user) except ValueError: try: - USER = pwd.getpwnam(USER)[2] + user = pwd.getpwnam(user)[2] except KeyError: - failure("invalid user: %s" % USER) - os.seteuid(USER) + failure("invalid user: %s" % user) + os.seteuid(user) def daemon(): @@ -119,15 +118,9 @@ if __name__ == '__main__': elif opt == '-f': config = oarg - elif opt == '-g': - GROUP = oarg - elif opt == '-p': PIDFILE = oarg - elif opt == '-u': - USER = oarg - # No extra arguments if args: usage() -- cgit v1.2.3