ldap van revspace, nog aanpassen
This commit is contained in:
parent
4870960b45
commit
a74ef0de9a
GPG key ID:
D8674D8FC4F69BD2
32 changed files with 964 additions and 0 deletions
28
roles/ldapclient/templates/ldap.conf.j2
Normal file
28
roles/ldapclient/templates/ldap.conf.j2
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
# {{ ansible_managed }}
|
||||
#
|
||||
# LDAP Defaults
|
||||
#
|
||||
|
||||
# See ldap.conf(5) for details
|
||||
# This file should be world readable but not world writable.
|
||||
|
||||
BASE {{ldap_base}}
|
||||
URI {{ldap_uri}}
|
||||
|
||||
#SIZELIMIT 12
|
||||
#TIMELIMIT 15
|
||||
#DEREF never
|
||||
|
||||
# TLS certificates (needed for GnuTLS)
|
||||
TLS_CACERT /etc/ldap/{{ldap_cafile}}
|
||||
#TLS_CIPHER_SUITE {{ldap_cipher_suite}}
|
||||
TLS_PROTOCOL_MIN 3.3
|
||||
TLS_REQCERT demand
|
||||
TLS_CRLCHECK none
|
||||
|
||||
# Sudo settings
|
||||
SUDOERS_BASE ou=SUDOers,{{ldap_base}}
|
||||
#SUDOERS_SEARCH_FILTER objectClass=sudoRole
|
||||
SUDOERS_TIMED yes
|
||||
#SUDOERS_DEBUG 1
|
||||
|
||||
35
roles/ldapclient/templates/nslcd.conf.j2
Normal file
35
roles/ldapclient/templates/nslcd.conf.j2
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# {{ ansible_managed }}
|
||||
# /etc/nslcd.conf
|
||||
# nslcd configuration file. See nslcd.conf(5)
|
||||
# for details.
|
||||
|
||||
# The user and group nslcd should run as.
|
||||
uid nslcd
|
||||
gid nslcd
|
||||
|
||||
# The location at which the LDAP server(s) should be reachable.
|
||||
#uri ldap://ldap.space.revspace.nl/
|
||||
uri {{ldap_uri}}
|
||||
|
||||
# The search base that will be used for all queries.
|
||||
base {{ldap_base}}
|
||||
|
||||
# The LDAP protocol version to use.
|
||||
#ldap_version 3
|
||||
|
||||
# The DN to bind with for normal lookups.
|
||||
#binddn cn=annonymous,dc=example,dc=net
|
||||
#bindpw secret
|
||||
|
||||
# The DN used for password modifications by root.
|
||||
#rootpwmoddn cn=admin,dc=example,dc=com
|
||||
|
||||
# SSL options
|
||||
ssl on
|
||||
tls_reqcert demand
|
||||
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
|
||||
#tls_ciphers {{ldap_cipher_suite}}
|
||||
|
||||
# The search scope.
|
||||
#scope sub
|
||||
|
||||
33
roles/ldapclient/templates/ssh-getkey-ldap.j2
Normal file
33
roles/ldapclient/templates/ssh-getkey-ldap.j2
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
#!/usr/bin/python3
|
||||
# {{ansible_managed}}
|
||||
|
||||
from ldap3 import Server, Connection, NONE, SUBTREE
|
||||
import sys
|
||||
|
||||
try:
|
||||
uid=str(sys.argv[1])
|
||||
except:
|
||||
print("No user specified")
|
||||
exit(1)
|
||||
|
||||
if ( uid == "root" ):
|
||||
exit(0)
|
||||
|
||||
s = Server('{{ ldap_uri }}', get_info=NONE)
|
||||
c = Connection(s)
|
||||
if not c.bind():
|
||||
print('error in bind', c.result)
|
||||
exit(1)
|
||||
|
||||
c.search(search_base = 'ou=People,{{ ldap_base }}',
|
||||
search_filter = '(uid=' + uid + ')',
|
||||
search_scope = SUBTREE,
|
||||
attributes = ['sshPublicKey'],
|
||||
time_limit = 2,
|
||||
paged_size = 5)
|
||||
|
||||
keys = c.response[0]['raw_attributes']['sshPublicKey']
|
||||
|
||||
for x in range(len(keys)):
|
||||
print( keys[x].decode('ascii') )
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue