This file is indexed.

/etc/init.d/fetch-ldap-cert is in debian-edu-config 1.818+deb8u2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/sh
### BEGIN INIT INFO
# Provides:          fetch-ldap-cert
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Should-Start:      $network $syslog $named slapd
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Fetch LDAP SSL public key from the server
# Description:
#   Start before krb5-kdc to give slapd time to become operational
#   before krb5-kdc try to connect to the LDAP server as a workaround
#   for #589915.
# X-Start-Before:    isc-dhcp-server krb5-kdc nslcd
### END INIT INFO
#
# Author: Petter Reinholdtsen <pere@hungry.com>
# Date:   2007-06-09

set -e

. /lib/lsb/init-functions

CERTFILE=/etc/ldap/ssl/ldap-server-pubkey.pem

# Workaround for #585966, give pdns time to become operational
# This workaround should be removed early in the jessie+1 development
# cycle. it's probably not needed now that pdns is gone, but too
# risky to remove so close before the freeze
sleep 2

do_start() {
    # Locate LDAP server
    LDAPSERVER=$(debian-edu-ldapserver)

    ERROR=false
    if [ ! -f $CERTFILE ] && [ -f /etc/ldap/ldap.conf ] &&
       grep -q /etc/ldap/ssl/ldap-server-pubkey.pem /etc/ldap/ldap.conf ; then
	if [ -z "$LDAPSERVER" ] ; then
	    msg="Failed to locate LDAP server"
	    log_action_begin_msg "$msg"
	    log_action_end_msg 1
	    logger -t fetch-ldap-cert "$msg."
	    return 1
	fi
	[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching LDAP SSL certificate."
	ldap-server-getcert $LDAPSERVER > $CERTFILE.new
	chmod 644 $CERTFILE.new
	if test -s $CERTFILE.new ; then
	    mv $CERTFILE.new $CERTFILE
	    [ "$VERBOSE" != no ] && log_action_end_msg 0
	    logger -t fetch-ldap-cert "Fetched LDAP SSL certificate from $LDAPSERVER."
	else
	    rm $CERTFILE.new
	    log_action_end_msg 1
	    logger -t fetch-ldap-cert "Failed to fetch LDAP SSL certificate from $LDAPSERVER."
	    ERROR=true
	fi
    fi
    if [ -d /opt/ltsp ] ; then
	for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
	    if [ ! -f $ltsp_chroot$CERTFILE ] && [ -f $ltsp_chroot/etc/ldap/ldap.conf ] &&
		grep -q /etc/ldap/ssl/ldap-server-pubkey.pem $ltsp_chroot/etc/ldap/ldap.conf ; then
		[ "$VERBOSE" != no ] && 
		log_action_begin_msg "Copying LDAP SSL certificate to ltsp-chroot $ltsp_chroot "
		if test -s $CERTFILE; then
		    cp $CERTFILE $ltsp_chroot$CERTFILE
		    chmod 644 $ltsp_chroot$CERTFILE
		    [ "$VERBOSE" != no ] && log_action_end_msg 0
		else
		    log_action_end_msg 1
		    ERROR=true
		fi
	    fi
	done
    fi
    if $ERROR; then
	return 1
    fi
}

case "$1" in
    start)
	do_start
	;;
    stop)
	;;
    restart|force-reload)
	;;
    *)
	echo "Usage: $0 {start|stop|restart|force-reload}"
	exit 2
esac
exit 0