-
-
Save lomas969/7421372804c63c88ccc4d8bd59bc1e89 to your computer and use it in GitHub Desktop.
Ubuntu Client Auth over LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Set environment vars for a silent install through apt-get | |
export DEBIAN_FRONTEND=noninteractive | |
export DEBIAN_PRIORITY=critical | |
# Install the LDAP utilities | |
apt-get -y install libpam-ldap libnss-ldap nss-updatedb libnss-db | |
# Reset environment vars for apt-get | |
export DEBIAN_FRONTEND=dialog | |
export DEBIAN_PRIORITY=high | |
# Edit the /etc/ldap.conf file with the proper information | |
sed -i 's/base.*$/base <BASE_DN>/' /etc/ldap.conf | |
sed -i 's%uri ldapi:///%uri ldap://<LDAP_SERVER_FQDN_OR_IP>/%' /etc/ldap.conf | |
sed -i 's/rootbinddn.*$/rootbinddn <ROOT_BIND_DN>/' /etc/ldap.conf | |
# Copy config into /etc/pam_ldap.conf | |
cp /etc/libnss-ldap.conf /etc/pam_ldap.conf | |
# Change lines in /etc/nsswitch.conf | |
sed -i 's/passwd:[ ]*compat/passwd:\t\tldap files/' /etc/nsswitch.conf | |
sed -i 's/group:[ ]*compat/group:\t\tldap files/' /etc/nsswitch.conf | |
# Restart nscd if present (Debian) | |
if [ -e /etc/init.d/nscd ]; then | |
/etc/init.d/nscd restart | |
fi | |
# Remove sudo and reinstall sudo-ldap. In the end edit /etc/nsswitch.conf | |
# and /etc/ldap/ldap.conf | |
export SUDO_FORCE_REMOVE=yes | |
aptitude install -y sudo-ldap | |
echo -e "sudoers:\t\tldap files" >> /etc/nsswitch.conf | |
sed -i 's/^#BASE.*$/BASE\t<ROOT_DN>/' /etc/ldap/ldap.conf | |
sed -i 's%^#URI.*$%URI\tldap://<LDAP_SERVER_FQDN_OR_IP>%' /etc/ldap/ldap.conf | |
echo -e "sudoers_base\t<SUDOERS_DN_IF_USED>" >>/etc/ldap/ldap.conf | |
export SUDO_FORCE_REMOVE=no | |
# Add entries to create home directory on first login by a user | |
echo -e "session\trequired\tpam_mkhomedir.so\tskel=/etc/skel/" >>/etc/pam.d/common-session | |
echo -e "session\toptional\tpam_foreground.so" >>/etc/pam.d/common-session |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment