diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-24 06:43:08 -0400 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-10-24 06:43:08 -0400 |
| commit | e2fc0433de38c322ce46ad250bc0f0f03e7710c8 (patch) | |
| tree | f04f079ed745f0c0350af93adf6491bbfec1cd13 /scripts/hostclass/idm_server | |
| parent | 393adb9a95913e1658afe3243e4a0498dced9090 (diff) | |
| download | infrastructure-e2fc0433de38c322ce46ad250bc0f0f03e7710c8.tar.gz | |
add icinga
Diffstat (limited to 'scripts/hostclass/idm_server')
| -rw-r--r-- | scripts/hostclass/idm_server/10-slapd | 4 | ||||
| -rw-r--r-- | scripts/hostclass/idm_server/90-idm | 19 |
2 files changed, 19 insertions, 4 deletions
diff --git a/scripts/hostclass/idm_server/10-slapd b/scripts/hostclass/idm_server/10-slapd index 12640a4..0dc7d1d 100644 --- a/scripts/hostclass/idm_server/10-slapd +++ b/scripts/hostclass/idm_server/10-slapd @@ -10,7 +10,7 @@ : ${slapd_syncrepl_session_log:='1000'} : ${slapd_syncrepl_cleanup_age:='7'} : ${slapd_syncrepl_cleanup_interval:='1'} -: ${slapd_admin_role:='role-ldap-admin'} +: ${slapd_admin_role:='ldap-admin'} slapd_user=ldap slapd_data_dir=/var/db/openldap-data @@ -173,7 +173,7 @@ objectClass: organizationalUnit ou: $(ldap_rdn_value "$roles_basedn") EOF - # cn=role-ldap-admin,ou=roles,ou=groups,ou=accounts,dc=example,dc=com + # cn=ldap-admin,ou=roles,ou=groups,ou=accounts,dc=example,dc=com ldap_add "cn=${slapd_admin_role},${roles_basedn}" <<EOF objectClass: groupOfMembers cn: ${slapd_admin_role} diff --git a/scripts/hostclass/idm_server/90-idm b/scripts/hostclass/idm_server/90-idm index 1f6920b..eadd621 100644 --- a/scripts/hostclass/idm_server/90-idm +++ b/scripts/hostclass/idm_server/90-idm @@ -64,17 +64,32 @@ pkg install -y \ pam_krb5 \ perl5 \ p5-perl-ldap \ - p5-Authen-SASL + p5-Authen-SASL \ + pam_mkhomedir # Configure PAM/NSS integration. install_file -m 0644 \ /etc/nsswitch.conf \ - /etc/pam.d/sshd + /etc/pam.d/system \ + /etc/pam.d/login \ + /etc/pam.d/sshd \ + /etc/pam.d/sudo \ + /etc/pam.d/su \ + /etc/pam.d/other + +install_template -m 0644 /etc/login.access install_template -m 0644 \ /usr/local/etc/nslcd.conf \ /etc/nscd.conf +# Ensure /home exists and configure skel files. +install_directory -m 0755 /home +install_file -m 0644 \ + /usr/share/skel/dot.login \ + /usr/share/skel/dot.profile \ + /usr/share/skel/dot.shrc + sysrc -v \ nslcd_enable=YES \ nscd_enable=YES |