This file is indexed.

/usr/bin/mkslapdcert is in debian-edu-config 1.818+deb8u2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/sh
#
# Author: Rune Nordbøe Skillingstad <rune@skillingtad.no>
# Date: 2003-02-12
#
# Create a TLS certificate for slapd. To change default settings,
# edit /etc/ldap/ssl/slapd-cert.cnf
#

#set -x

opensslbin=/usr/bin/openssl

umask 077

certconf=/etc/ldap/ssl/slapd-cert.cnf
privkey=/etc/ldap/ssl/slapd.pem
pubkey=/etc/ldap/ssl/ldap-server-pubkey.pem

if test -x $opensslbin ; then
    :
else
    echo "error: can't find openssl." 1>&2
    exit 1
fi

if [ ! -f $certconf ] ; then
    echo "warning: missing certificate configuration file $certconf." 1>&2
fi

## Somtimes the installer stops when creating the certificate (#630970).
if [ ! -f /var/lib/urandom/random-seed ] ; then
    echo "/var/lib/urandom/random-seed not found, invoking /etc/init.d/urandom." 1>&2
    mkdir -p /var/lib/urandom
    /etc/init.d/urandom start
fi

mkdir -p /etc/ldap/ssl
chmod 751 /etc/ldap/ssl

if [ -f $privkey ] ; then
    echo "warning: private key $privkey already exist.  Exiting." 1>&2
    exit 1;
fi

TMPFILE=`mktemp`

# lifetime 10 years
$opensslbin req -new -x509 -nodes -sha1 \
      -config $certconf -days 3650 \
      -out $privkey -keyout $privkey >> $TMPFILE 2>&1 \
  || echo "error: problems running openssl." 1>&2

sedextract='/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'
sed -n "$sedextract" < $privkey > $pubkey

rm $TMPFILE

# Make sure the private key is only readable by user openldap
chown openldap:openldap $privkey
chmod 600 $privkey

# And the public key is readable by everyone
chmod 644 $pubkey