|
|
|
@ -15,41 +15,8 @@ fi |
|
|
|
|
|
|
|
|
|
export DEBIAN_FRONTEND=noninteractive |
|
|
|
|
apt update |
|
|
|
|
|
|
|
|
|
# LDAP |
|
|
|
|
apt install -y --no-install-recommends libnss-ldapd |
|
|
|
|
service nslcd stop || true |
|
|
|
|
cp .drone/ldap.conf /etc/ldap/ldap.conf |
|
|
|
|
grep -Eq '^map group member uniqueMember$' /etc/nslcd.conf || \ |
|
|
|
|
echo 'map group member uniqueMember' >> /etc/nslcd.conf |
|
|
|
|
sed -E -i 's/^uri .*$/uri ldap:\/\/auth1.csclub.internal/' /etc/nslcd.conf |
|
|
|
|
sed -E -i 's/^base .*$/base dc=csclub,dc=internal/' /etc/nslcd.conf |
|
|
|
|
cp .drone/nsswitch.conf /etc/nsswitch.conf |
|
|
|
|
|
|
|
|
|
# KERBEROS |
|
|
|
|
apt install -y krb5-user libpam-krb5 libsasl2-modules-gssapi-mit |
|
|
|
|
cp .drone/krb5.conf /etc/krb5.conf |
|
|
|
|
|
|
|
|
|
apt install -y netcat-openbsd |
|
|
|
|
|
|
|
|
|
sync_with auth1 |
|
|
|
|
|
|
|
|
|
rm -f /etc/krb5.keytab |
|
|
|
|
cat <<EOF | kadmin -p sysadmin/admin |
|
|
|
|
krb5 |
|
|
|
|
addprinc -randkey host/phosphoric-acid.csclub.internal |
|
|
|
|
ktadd host/phosphoric-acid.csclub.internal |
|
|
|
|
addprinc -randkey ceod/phosphoric-acid.csclub.internal |
|
|
|
|
ktadd ceod/phosphoric-acid.csclub.internal |
|
|
|
|
addprinc -randkey ceod/admin |
|
|
|
|
ktadd ceod/admin |
|
|
|
|
EOF |
|
|
|
|
service nslcd start |
|
|
|
|
|
|
|
|
|
sync_with coffee |
|
|
|
|
if [ -z "$CI" ]; then |
|
|
|
|
sync_with mail |
|
|
|
|
fi |
|
|
|
|
auth_setup phosphoric-acid |
|
|
|
|
|
|
|
|
|
# initialize the skel directory |
|
|
|
|
shopt -s dotglob |
|
|
|
@ -62,6 +29,8 @@ for user in ctdalek regular1 exec1; do |
|
|
|
|
chown $user:$user /users/$user |
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
sync_with coffee |
|
|
|
|
if [ -z "$CI" ]; then |
|
|
|
|
sync_with mail |
|
|
|
|
sleep infinity |
|
|
|
|
fi |
|
|
|
|