1 |
class openssh::ssh_keys_from_ldap($symlink_users = [], |
2 |
$config = '') inherits server { |
3 |
# root account authorized_keys will be symlinked |
4 |
# if you want to add symlink on other accounts, use $symlink_users parameter |
5 |
|
6 |
File ['/etc/ssh/sshd_config'] { |
7 |
content => template('openssh/sshd_config','openssh/sshd_config_ldap') |
8 |
} |
9 |
|
10 |
package { 'python-ldap': } |
11 |
|
12 |
include openssh::pubkeys_directory |
13 |
symlink_user { $symlink_users: } |
14 |
|
15 |
$ldap_pwfile = '/etc/ldap.secret' |
16 |
$ldap_servers = get_ldap_servers() |
17 |
local_script { 'ldap-sshkey2file.py': |
18 |
content => template('openssh/ldap-sshkey2file.py'), |
19 |
require => Package['python-ldap'] |
20 |
} |
21 |
|
22 |
cron { 'sshkey2file': |
23 |
command => '/usr/local/bin/ldap-sshkey2file.py', |
24 |
hour => '*', |
25 |
minute => '*/10', |
26 |
user => 'root', |
27 |
environment => 'MAILTO=root', |
28 |
require => Local_script['ldap-sshkey2file.py'], |
29 |
} |
30 |
} |