diff options
Diffstat (limited to 'files/usr/local/libexec/idm-ssh-authorized-keys.common')
| -rw-r--r-- | files/usr/local/libexec/idm-ssh-authorized-keys.common | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/files/usr/local/libexec/idm-ssh-authorized-keys.common b/files/usr/local/libexec/idm-ssh-authorized-keys.common new file mode 100644 index 0000000..d18b199 --- /dev/null +++ b/files/usr/local/libexec/idm-ssh-authorized-keys.common @@ -0,0 +1,43 @@ +#!/usr/local/bin/perl + +use strict; +use warnings; + +use Net::LDAP; +use Net::LDAP::Util qw(escape_filter_value); +use Authen::SASL; + +open my $fh, '<', '/usr/local/etc/openldap/ldap.conf' or quit($!); +my %config; +while (<$fh>) { + chomp; + next if /^#/; + my @pair = split(' ', $_, 2); + next unless (@pair == 2); + $config{$pair[0]} = $pair[1]; +} +close($fh); + +my $mech = $config{SASL_MECH} // 'GSSAPI'; +my $uri = $config{URI} // quit('URI not specified'); +my $basedn = $config{BASE} // quit('BASE not specified'); + +@ARGV == 1 or die "usage: $0 USERNAME\n"; +my $username = $ARGV[0]; + +my $conn = Net::LDAP->new($uri, version => '3') or die "$0: $@"; +my $sasl = Authen::SASL->new($mech); +my $status = $conn->bind(sasl => $sasl); +$status->code and die "$0: ".$status->error; + +my $search = $conn->search( + scope => 'sub', + base => "ou=accounts,$basedn", + filter => '(&(objectClass=posixAccount)(sshPublicKey=*)(uid=' . escape_filter_value($username) . '))', + attrs => ['sshPublicKey']); +$search->code and die "$0: ".$search->error; + +exit 0 if $search->entries == 0; +die "$0: multiple LDAP entries returned for user: $username\n" if $search->entries > 1; + +print "$_\n" foreach (($search->entries)[0]->get_value('sshPublicKey')); |