#!/bin/sh

# Add the ldap user in the same way that the openldap package does.
/usr/sbin/useradd -c "LDAP User" -u 55 \
  -s /bin/false -r -d /var/lib/ldap ldap 2> /dev/null || /bin/true

chkconfig --add fedora-admin
chkconfig --add fedora-ldap
chkconfig fedora-admin on
chkconfig fedora-ldap on

. /etc/profile.d/fedora-directory.sh

pushd /opt/fedora-ds/setup
  ./setup -s -f /opt/fedora-ds-setup/cfg-directory.state
popd

# Create a new instance for the primary database.
LD_LIBRARY_PATH=/opt/fedora-ds/bin/slapd/lib/:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH
/opt/fedora-ds/bin/slapd/admin/bin/ds_create -f /opt/fedora-ds-setup/master-directory.state

echo "Sending configuration updates for master db"
pushd /opt/fedora-ds-setup
  cat schema/samba3.ldif schema/directorymanager.ldif \
    config/supplier-replication-db-settings.ldif config/supplier-replication-settings.ldif \
    config/common-default-indexes.ldif config/common-default-db-indexes.ldif config/common-performance.ldif \
    config/common-replication-manager.ldif \
    config/common-vlv-aci.ldif \
    config/common-sasl-mapping.ldif \
  | ldapmodify -h localhost -p 389 -D 'cn=Directory Manager' -w "$PASSWORD"
popd

# Set kernel parameters
grep -q ip_local_port_range /etc/sysctl.conf || {
  echo "Increasing the range of local TCP ports"
  echo 'net.ipv4.ip_local_port_range = 1024 65000' >> /etc/sysctl.conf
}
grep -q tcp_keepalive_time /etc/sysctl.conf || {
  echo "Decreasing the TCP keepalive time"
  echo 'net.ipv4.tcp_keepalive_time = 600' >> /etc/sysctl.conf
}
sysctl -p /etc/sysctl.conf

# Create a Kerberos principal and keytab for the DS
kadmin.local <<EOF
addprinc -randkey ldap/$FQDN
ktadd -k /opt/fedora-ds/slapd-master1/ldap.keytab ldap/$FQDN
EOF
chown ldap:ldap /opt/fedora-ds/slapd-master1/ldap.keytab
chmod 0400 /opt/fedora-ds/slapd-master1/ldap.keytab

# Restart slapd so that it can use the new keytab
service fedora-ldap restart