diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-25 21:38:13 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-09-25 21:38:13 -0400 |
| commit | cd1ce69f104686bbb33e049c2c4c112e78febd36 (patch) | |
| tree | 6654eaf12145b918cd217dcdf9b95a0060a60b7b /scripts/hostclass/idm_server/90-idm | |
| parent | 93994080d976d1fd98a22422a549fe371a2bcae3 (diff) | |
| download | infrastructure-cd1ce69f104686bbb33e049c2c4c112e78febd36.tar.gz | |
finish idm client stuff
Diffstat (limited to 'scripts/hostclass/idm_server/90-idm')
| -rw-r--r-- | scripts/hostclass/idm_server/90-idm | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/scripts/hostclass/idm_server/90-idm b/scripts/hostclass/idm_server/90-idm index 0a28491..adfdf36 100644 --- a/scripts/hostclass/idm_server/90-idm +++ b/scripts/hostclass/idm_server/90-idm @@ -40,11 +40,11 @@ associatedDomain: ${rdns} EOF # Create host principal. -kadmin.local get_principal -terse "host/${fqdn}" \ +kadmin.local get_principal "host/${fqdn}" \ || kadmin.local add_principal -nokey -x "dn=cn=${BOXCONF_HOSTNAME},${hosts_basedn}" "host/${fqdn}" # Create ldap service principal. -kadmin.local get_principal -terse "ldap/${fqdn}" \ +kadmin.local get_principal "ldap/${fqdn}" \ || kadmin.local add_principal -nokey -x "containerdn=${services_basedn}" "ldap/${fqdn}" # Create state dataset to persist keytabs across OS rebuilds. @@ -89,3 +89,15 @@ ln -snfs "${slapd_conf_dir}/ldap.conf" /usr/local/etc/ldap.conf install_file -m 0555 \ /usr/local/libexec/idm-ssh-known-hosts \ /usr/local/libexec/idm-ssh-authorized-keys + +# Create the boxconf administrative user. +if is_primary_server && ! ldap_dn_exists "$boxconf_dn"; then + ldap_add "$boxconf_dn" <<EOF +objectClass: krbPrincipal +objectClass: simpleSecurityObject +krbPrincipalName: ${boxconf_username}@${realm} +userPassword: {SASL}${boxconf_username}@${realm} +EOF + + kadmin.local change_password -pw "$boxconf_password" "$boxconf_username" +fi |