Skip to content

Instantly share code, notes, and snippets.

@ahamilton55
Created April 5, 2012 17:18
Show Gist options
  • Save ahamilton55/2312610 to your computer and use it in GitHub Desktop.
Save ahamilton55/2312610 to your computer and use it in GitHub Desktop.
Ubuntu Client Auth over LDAP
#!/bin/bash
# Set environment vars for a silent install through apt-get
export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical
# Install the LDAP utilities
apt-get -y install libpam-ldap libnss-ldap nss-updatedb libnss-db
# Reset environment vars for apt-get
export DEBIAN_FRONTEND=dialog
export DEBIAN_PRIORITY=high
# Edit the /etc/ldap.conf file with the proper information
sed -i 's/base.*$/base <BASE_DN>/' /etc/ldap.conf
sed -i 's%uri ldapi:///%uri ldap://<LDAP_SERVER_FQDN_OR_IP>/%' /etc/ldap.conf
sed -i 's/rootbinddn.*$/rootbinddn <ROOT_BIND_DN>/' /etc/ldap.conf
# Copy config into /etc/pam_ldap.conf
cp /etc/libnss-ldap.conf /etc/pam_ldap.conf
# Change lines in /etc/nsswitch.conf
sed -i 's/passwd:[ ]*compat/passwd:\t\tldap files/' /etc/nsswitch.conf
sed -i 's/group:[ ]*compat/group:\t\tldap files/' /etc/nsswitch.conf
# Restart nscd if present (Debian)
if [ -e /etc/init.d/nscd ]; then
/etc/init.d/nscd restart
fi
# Remove sudo and reinstall sudo-ldap. In the end edit /etc/nsswitch.conf
# and /etc/ldap/ldap.conf
export SUDO_FORCE_REMOVE=yes
aptitude install -y sudo-ldap
echo -e "sudoers:\t\tldap files" >> /etc/nsswitch.conf
sed -i 's/^#BASE.*$/BASE\t<ROOT_DN>/' /etc/ldap/ldap.conf
sed -i 's%^#URI.*$%URI\tldap://<LDAP_SERVER_FQDN_OR_IP>%' /etc/ldap/ldap.conf
echo -e "sudoers_base\t<SUDOERS_DN_IF_USED>" >>/etc/ldap/ldap.conf
export SUDO_FORCE_REMOVE=no
# Add entries to create home directory on first login by a user
echo -e "session\trequired\tpam_mkhomedir.so\tskel=/etc/skel/" >>/etc/pam.d/common-session
echo -e "session\toptional\tpam_foreground.so" >>/etc/pam.d/common-session
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment