1 |
misc |
2702 |
class openssh::ssh_keys_from_ldap($symlink_users = [], |
2 |
|
|
$config = '') inherits server { |
3 |
|
|
# root account authorized_keys will be symlinked |
4 |
|
|
# if you want to add symlink on other accounts, use $symlink_users parameter |
5 |
|
|
|
6 |
|
|
File ['/etc/ssh/sshd_config'] { |
7 |
|
|
content => template('openssh/sshd_config','openssh/sshd_config_ldap') |
8 |
|
|
} |
9 |
|
|
|
10 |
|
|
package { 'python-ldap': } |
11 |
|
|
|
12 |
misc |
2703 |
include openssh::pubkeys_directory |
13 |
misc |
2702 |
symlink_user { $symlink_users: } |
14 |
|
|
|
15 |
|
|
$ldap_pwfile = '/etc/ldap.secret' |
16 |
|
|
$ldap_servers = get_ldap_servers() |
17 |
|
|
local_script { 'ldap-sshkey2file.py': |
18 |
|
|
content => template('openssh/ldap-sshkey2file.py'), |
19 |
|
|
require => Package['python-ldap'] |
20 |
|
|
} |
21 |
|
|
|
22 |
|
|
cron { 'sshkey2file': |
23 |
|
|
command => '/usr/local/bin/ldap-sshkey2file.py', |
24 |
|
|
hour => '*', |
25 |
|
|
minute => '*/10', |
26 |
|
|
user => 'root', |
27 |
|
|
environment => 'MAILTO=root', |
28 |
|
|
require => Local_script['ldap-sshkey2file.py'], |
29 |
|
|
} |
30 |
|
|
} |