add real life template example

Signed-off-by: Nico Schottelius <nico@brief.schottelius.org>
This commit is contained in:
Nico Schottelius 2012-01-05 13:41:32 +01:00
parent 0f768040c2
commit 9909916257
6 changed files with 110 additions and 0 deletions

View File

@ -0,0 +1,2 @@
This type is used in production in the ETH and utilises a template to generate
the config file.

View File

@ -0,0 +1,46 @@
#!/bin/sh
cat << DONE
#
# D-INFK SANS MANAGED FILE
# ========================
#
# Do not change this file. Changes will be overwritten.
#
# /etc/nslcd.conf
# nslcd configuration file. See nslcd.conf(5)
# for details.
# The user and group nslcd should run as.
uid nslcd
gid nslcd
# The location at which the LDAP server(s) should be reachable.
uri ldaps://ldaps01.ethz.ch
uri ldaps://ldaps02.ethz.ch
uri ldaps://ldaps03.ethz.ch
# The search base
base ou=${ou},ou=inf,ou=auth,o=ethz,c=ch
base passwd ou=users,ou=${ou},ou=inf,ou=auth,o=ethz,c=ch
base group ou=Group,ou=inf,ou=auth,o=ethz,c=ch
base netgroup ou=netgroup,ou=inf,ou=auth,o=ethz,c=ch
binddn cn=REPLACE,ou=ME,ou=WITH,ou=YOUR,o=DETAILS,c=ch
bindpw VERYSECRETPASSWORD
# The LDAP protocol version to use.
#ldap_version 3
# The DN to bind with for normal lookups.
#binddn cn=annonymous,dc=example,dc=net
#bindpw secret
# SSL options
ssl on
tls_reqcert never
# The search scope.
#scope sub
DONE

View File

@ -0,0 +1,22 @@
#
# D-INFK SANS MANAGED FILE
# ========================
#
# Do not change this file. Changes will be overwritten.
#
# /etc/nsswitch.conf
#
passwd: files ldap
group: files ldap
shadow: files ldap
hosts: files dns
networks: files
services: db files
protocols: db files
rpc: db files
ethers: db files
netgroup: files ldap

View File

@ -0,0 +1,39 @@
#!/bin/sh
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Configure nss_ldap for a machine at DINFK.
#
ou="$(cat "$__object/parameter/ou")"
ldap_config="/etc/nslcd.conf"
ldap_package="libnss-ldapd"
# Install required packages
__package "$ldap_package" --state installed
# Generate nss-ldap config file from template
mkdir "$__object/files"
. "$__type/files/nslcd.conf.template" > "$__object/files/nslcd.conf"
__file "$ldap_config" --source "$__object/files/nslcd.conf"
# Configure nsswitch to use ldap
require="__package/$ldap_package __file/$ldap_config" \
__file /etc/nsswitch.conf --source "$__type/files/nsswitch.conf"

View File

@ -0,0 +1 @@
ou