Update

4794be5e · Jupiter Hu · 561352ea · 4794be5e · 4794be5e · 4794be5e
Commit 4794be5e authored 10 years ago by Jupiter Hu
--- a/roles/openLdapClient/defaults/main.yml
+++ b/roles/openLdapClient/defaults/main.yml
 ---
 ldapDomain: "monash.edu.au" 
+ldapUri: "ldaps://ldapserver.com/"
 ldapDn: "cn=ldapbind,cn=users,dc=monash,dc=edu,dc=au" 
 ldapPassword: "secret"
 ldapBase: "cn=users,dc=monash,dc=edu,dc=au"
@@ -9,6 +10,9 @@ ldapUserPricipal: "userPrincipalName"
 ldapGroupBase: "ou=groups,dc=monash,dc=edu,dc=au"
 tlsCaCertDirectory: "/etc/openldap/certs"
 tlsCaCertFile: "/etc/openldap/certs/ca.pem"
-ldapCaCertFileSource: "/etc/openldap"
+ldapCaCertFileSource: "/etc/openldap/certs"
 cacertFile: "ca.pem"
+ldapRfc2307: ""
+ldapRfc2307Pam: ""
+

--- a/roles/openLdapClient/templates/ldap.conf.j2
+++ b/roles/openLdapClient/templates/ldap.conf.j2
@@ -9,17 +9,4 @@ idle_timelimit 3600

 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

-# RFC 2307 (AD) mappings
-nss_base_group         ou=Groups,dc=massive,dc=org,dc=au?one
-nss_map_objectclass posixAccount user
-nss_map_objectclass shadowAccount user
-nss_map_attribute uid sAMAccountName
-nss_map_attribute homeDirectory unixHomeDirectory
-nss_map_attribute shadowLastChange pwdLastSet
-nss_map_objectclass posixGroup group
-nss_map_attribute uniqueMember member
-pam_login_attribute sAMAccountName
-pam_filter objectclass=User
-pam_password ad
-
-ssl no
+{{ ldapRfc2307Pam }}
--- a/roles/openLdapClient/templates/pam_ldap.conf.j2
+++ b/roles/openLdapClient/templates/pam_ldap.conf.j2
@@ -302,3 +302,5 @@ ssl no
 #pam_password md5
 tls_cacertdir {{ tlsCaCertDirectory }} 
 tls_cacertfile {{ tlsCaCertFile }}
+
+{{ ldapRfc2307Pam }}
--- a/roles/openLdapClient/templates/sssd.j2
+++ b/roles/openLdapClient/templates/sssd.j2
@@ -34,21 +34,7 @@ ldap_default_bind_dn = {{ ldapDn }}
 ldap_default_authtok_type = password
 ldap_default_authtok = {{ ldapPassword }} 

-ldap_schema = rfc2307
-
-ldap_search_base = {{ ldapBase }}
-
-ldap_user_search_base = {{ ldapBase }} 
-ldap_user_object_class = {{ ldapUserClass }} 
-ldap_user_home_directory = {{ ldapUserHomeDirectory }} 
-ldap_user_principal = {{ ldapUserPricipal }} 
-
-ldap_user_name = uid
-
-ldap_group_search_base = {{ ldapGroupBase }} 
-ldap_group_object_class = group
-
-ldap_access_order = expire
+{{ ldapRfc2307 }}

 [ssh]


--- a/scripts/makehosts.py
+++ b/scripts/makehosts.py
@@ -8,20 +8,15 @@ s=f.read()
 d=json.loads(s)
 f.close()
 hosts={}
+
 for group in d['groups'].keys():
    i=0
    for h in d['groups'][group]:
-        if hosts.has_key(h):
-            hosts[h].append('%s-%s.%s'%(group,i,domain))
-            hosts[h].append('%s-%s'%(group,i))
-            pass
-        else:
-            hosts[h] = ['%s.%s'%(h,domain),'%s-%s.%s'%(group,i,domain),'%s'%h,'%s-%s'%(group,i)]
-        i=i+1
+        hosts[h] = ['%s %s.%s'%(h, h, domain)]

 for h in hosts.keys():
    if d['hostvars'].has_key(h):
        string="%s"%(d['hostvars'][h]['ansible_eth0']['ipv4']['address'])
        for name in hosts[h]:
-            string=string+" %s"%name
+            string=string+" %s"%(name)
        print string