From cc8ebfab4261fce0df6fa212bde98efd90869e74 Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Wed, 1 Aug 2018 15:00:43 -0500
Subject: [PATCH] Set ownership on distribution LDAP files

Add logic to perform a chown openldap:openldap on the directory
files from the Debian distribution so that slapd always may start
even when the numeric uid has changed, for example when /etc/passwd
is mounted in. This was previously done for the directory files being
used (database with n 2) but not for those that are not being
used (database with n 1).
---
 .../comanage_ldap_utils.sh                        | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/comanage-registry-slapd-base/comanage_ldap_utils.sh b/comanage-registry-slapd-base/comanage_ldap_utils.sh
index 4bac4c9..46e9e42 100755
--- a/comanage-registry-slapd-base/comanage_ldap_utils.sh
+++ b/comanage-registry-slapd-base/comanage_ldap_utils.sh
@@ -483,6 +483,8 @@ function comanage_ldap_utils::exec_slapd() {
     # Always set user and group in case external source of user and
     # group mappings to numeric UID and GID is being used, such as
     # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
     chown openldap:openldap /var/run/slapd
@@ -527,8 +529,11 @@ function comanage_ldap_utils::exec_slapd_proxy() {
     # Always set user and group in case external source of user and
     # group mappings to numeric UID and GID is being used, such as
     # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
     chown -R openldap:openldap /var/lib/ldap
     chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
 
     exec "$@"
 }
@@ -671,6 +676,16 @@ function comanage_ldap_utils::schema_installed() {
 ##########################################
 function comanage_ldap_utils::start_slapd_socket() {
     chown openldap:openldap /var/run/slapd
+
+    # Always set user and group in case external source of user and
+    # group mappings to numeric UID and GID is being used, such as
+    # COPY in of /etc/passwd.
+    chown -R openldap:openldap /var/lib/ldap.dist
+    chown -R openldap:openldap /etc/ldap/slapd.d.dist
+    chown -R openldap:openldap /var/lib/ldap
+    chown -R openldap:openldap /etc/ldap/slapd.d
+    chown openldap:openldap /var/run/slapd
+
     slapd -h ldapi:/// -u openldap -g openldap > "${OUTPUT}" 2>&1
 }