#!/sbin/openrc-run
# Copyright 1999-2023 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

: ${OPENLDAP_CONFIG:=/etc/openldap/slapd.conf}
: ${OPENLDAP_USER:=ldap}
: ${OPENLDAP_GROUP:=ldap}

command="/usr/lib64/openldap/slapd"
command_args="-u ${OPENLDAP_USER} -g ${OPENLDAP_GROUP} ${OPTS}"
extra_commands="checkconfig"
pidfile="/run/${RC_SVCNAME}.pid"

depend() {
	need net
	before dbus hald
	provide ldap
}

start_pre() {
	if ! checkconfig -Q ; then
		eerror "There is a problem with your slapd.conf!"
		return 1
	fi

	[[ -n "${KRB5_KTNAME}" ]] && export KRB5_KTNAME

	return 0
}

checkconfig() {
	# checks requested by bug #502948
	# Step 1: extract the last valid config file or config dir
	set -- ${OPTS}
	while [[ -n "$*" ]]; do
		opt=${1} ; shift
		if [[ "${opt}" = "-f" ]] || [[ "${opt}" = "-F" ]]; then
			CONF=${1}
			shift
		fi
	done
	set --

	# Fallback
	CONF=${CONF-${OPENLDAP_CONFIG}}
	[[ -d ${CONF} ]] && CONF=${CONF}/*
	DBDIRS=$(eval awk '"/^(directory|olcDbDirectory:)/{print \$2}"' ${CONF})
	for d in ${DBDIRS}; do
		if [[ ! -d ${d} ]]; then
			eerror "Directory ${d} in config does not exist!"
			return 1
		fi
		/usr/bin/find ${d} ! -name DB_CONFIG ! -user ${OPENLDAP_USER} -o ! -group ${OPENLDAP_GROUP} | grep -sq .
		if [[ $? -ne 0 ]]; then
			ewarn "You have files in ${d} not owned by the ${OPENLDAP_USER} user, you must ensure they are accessible to the slapd instance!"
		fi
	done

	# now test the config fully
	/usr/sbin/slaptest -u "$@" ${OPTS_CONF}
}