junaid18183/sssd_on_redhat.sh

## sssd_on_redhat.sh
#https://mapr.com/support/s/article/How-to-configure-LDAP-client-by-using-SSSD-for-authentication-on-CentOS?language=en_US
#https://gist.github.com/mazgi/3dbfe99fb2b3e8d1e50b
#http://www.ateam-oracle.com/part-3-of-4-sssd-linux-authentication-implementation-step-by-step-guideline/


yum install openldap  openldap-clients sssd sssd-client
cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig
> /etc/openldap/ldap.conf
cat << EOF > /etc/openldap/ldap.conf
BASE dc=example,dc=com
URI ldap://ldap.forumsys.com:389
tls_reqcert naver
nss_initgroups backlink
binddn cn=read-only-admin,dc=example,dc=com
bindpw password
EOF

grep -vE '^\s*($|#)' /etc/openldap/ldap.conf

authconfig --update --enablesssd --enablesssdauth

echo "No need to take backup of /etc/nsswitch.conf as it contains the files sss"
grep -vE '^\s*($|#)' /etc/nsswitch.conf

echo "No need to take backup of /etc/pam.d/system-auth as it contains the pam_sss.so"
grep -vE '^\s*($|#)' /etc/pam.d/system-auth

echo "No need to take backup of /etc/pam.d/password-auth as it contains the pam_sss.so"
grep -vE '^\s*($|#)' /etc/pam.d/password-auth

ldapsearch -LLL -H ldap://ldap.forumsys.com:389 -D "cn=read-only-admin,dc=example,dc=com" -x -w 'password'  -b 'dc=example,dc=com'

touch /etc/sssd/sssd.conf
chmod 0600 /etc/sssd/sssd.conf

cat << EOF > /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam, autofs
domains = ijuned.com
[nss]
reconnection_retries = 3
debug_level = 9
[nss]
reconnection_retries = 3
debug_level = 9
[domain/ijuned.com]
description = ijuned.com
debug_level = 9
enumerate = true
min_id = 1000
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ad_server = ldap.forumsys.com
ldap_search_base = dc=example,dc=com
ldap_uri = ldap://ldap.forumsys.com:389
ldap_default_bind_dn = cn=read-only-admin,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = password
ldap_tls_reqcert = never
ldap_id_use_start_tls = false
ldap_tls_cacertdir = /etc/openldap/certs
fallback_homedir = /home/%d/%u
default_shell = /bin/bash
ldap_user_object_class = organizationalPerson
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_group_object_class = groupOfUniqueNames
EOF

grep -vE '^\s*($|#)' /etc/sssd/sssd.conf

systemctl stop sssd
sss_cache -E
rm -f /var/lib/sss/db/*
rm -rf /var/log/sssd/*

systemctl start sssd
systemctl status sssd
tail /var/log/sssd/*.log
echo "The below command id tesla should work"
id tesla
getent passwd tesla
	#https://mapr.com/support/s/article/How-to-configure-LDAP-client-by-using-SSSD-for-authentication-on-CentOS?language=en_US
	#https://gist.github.com/mazgi/3dbfe99fb2b3e8d1e50b
	#http://www.ateam-oracle.com/part-3-of-4-sssd-linux-authentication-implementation-step-by-step-guideline/


	yum install openldap openldap-clients sssd sssd-client
	cp /etc/openldap/ldap.conf /etc/openldap/ldap.conf.orig
	> /etc/openldap/ldap.conf
	cat << EOF > /etc/openldap/ldap.conf
	BASE dc=example,dc=com
	URI ldap://ldap.forumsys.com:389
	tls_reqcert naver
	nss_initgroups backlink
	binddn cn=read-only-admin,dc=example,dc=com
	bindpw password
	EOF

	grep -vE '^\s*($\|#)' /etc/openldap/ldap.conf

	authconfig --update --enablesssd --enablesssdauth

	echo "No need to take backup of /etc/nsswitch.conf as it contains the files sss"
	grep -vE '^\s*($\|#)' /etc/nsswitch.conf

	echo "No need to take backup of /etc/pam.d/system-auth as it contains the pam_sss.so"
	grep -vE '^\s*($\|#)' /etc/pam.d/system-auth

	echo "No need to take backup of /etc/pam.d/password-auth as it contains the pam_sss.so"
	grep -vE '^\s*($\|#)' /etc/pam.d/password-auth

	ldapsearch -LLL -H ldap://ldap.forumsys.com:389 -D "cn=read-only-admin,dc=example,dc=com" -x -w 'password' -b 'dc=example,dc=com'

	touch /etc/sssd/sssd.conf
	chmod 0600 /etc/sssd/sssd.conf

	cat << EOF > /etc/sssd/sssd.conf
	[sssd]
	config_file_version = 2
	reconnection_retries = 3
	sbus_timeout = 30
	services = nss, pam, autofs
	domains = ijuned.com
	[nss]
	reconnection_retries = 3
	debug_level = 9
	[nss]
	reconnection_retries = 3
	debug_level = 9
	[domain/ijuned.com]
	description = ijuned.com
	debug_level = 9
	enumerate = true
	min_id = 1000
	id_provider = ldap
	auth_provider = ldap
	ldap_schema = rfc2307bis
	ad_server = ldap.forumsys.com
	ldap_search_base = dc=example,dc=com
	ldap_uri = ldap://ldap.forumsys.com:389
	ldap_default_bind_dn = cn=read-only-admin,dc=example,dc=com
	ldap_default_authtok_type = password
	ldap_default_authtok = password
	ldap_tls_reqcert = never
	ldap_id_use_start_tls = false
	ldap_tls_cacertdir = /etc/openldap/certs
	fallback_homedir = /home/%d/%u
	default_shell = /bin/bash
	ldap_user_object_class = organizationalPerson
	ldap_user_uid_number = uidNumber
	ldap_user_gid_number = gidNumber
	ldap_group_object_class = groupOfUniqueNames
	EOF

	grep -vE '^\s*($\|#)' /etc/sssd/sssd.conf

	systemctl stop sssd
	sss_cache -E
	rm -f /var/lib/sss/db/*
	rm -rf /var/log/sssd/*

	systemctl start sssd
	systemctl status sssd
	tail /var/log/sssd/*.log
	echo "The below command id tesla should work"
	id tesla
	getent passwd tesla