From 6e4ba3be60d7b19307da59d80596d35cdbac6cc8 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Fri, 13 Jul 2018 07:41:28 -0500
Subject: [PATCH] Fix issue when openldap user has different UID

If the deployer maps in or copies in a different /etc/passwd file that
assigns the openldap user a different UID change the ownership of
/var/run/slapd so that it has the correct owner.
---
 comanage-registry-slapd-base/comanage_ldap_utils.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
index ac8071e..22d1b85 100755
--- a/comanage-registry-slapd-base/comanage_ldap_utils.sh
+++ b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -118,6 +118,13 @@ function comanage_ldap_utils::bootstrap() {
         fold -w 32 | head -n 1`
     local olc_root_pw_tmp_hash=`/usr/sbin/slappasswd -s ${olc_root_pw_tmp}`
 
+    # Ensure that the distribution files created by Debian installation of
+    # slapd have the correct ownership and group membership for the openldap
+    # user that is running since a deployer may have changed them by
+    # injecting their own /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
+
     # Copy over the distribution files created by Debian installation of slapd
     # so that we can start slapd.
     mkdir -p /var/lib/ldap
@@ -472,6 +479,7 @@ function comanage_ldap_utils::exec_slapd() {
     # COPY in of /etc/passwd.
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
 
     exec "$@"
 }
@@ -656,6 +664,7 @@ function comanage_ldap_utils::schema_installed() {
 #   None
 ##########################################
 function comanage_ldap_utils::start_slapd_socket() {
+    chown openldap:openldap /var/run/slapd
     slapd -h ldapi:/// -u openldap -g openldap > "${OUTPUT}" 2>&1
 }