1 |
class openssh::ssh_keys_from_ldap($symlink_users = [], |
2 |
$config = '') inherits server { |
3 |
# root account authorized_keys will be symlinked |
4 |
# if you want to add symlink on other accounts, use $symlink_users parameter |
5 |
|
6 |
File ['/etc/ssh/sshd_config'] { |
7 |
content => template('openssh/sshd_config','openssh/sshd_config_ldap') |
8 |
} |
9 |
|
10 |
package { 'python-ldap': } |
11 |
|
12 |
include openssh::pubkeys_directory |
13 |
$pubkeys_directory = $openssh::pubkeys_directory::pubkeys_directory |
14 |
|
15 |
symlink_user { $symlink_users: } |
16 |
|
17 |
$ldap_pwfile = '/etc/ldap.secret' |
18 |
$ldap_servers = get_ldap_servers() |
19 |
local_script { 'ldap-sshkey2file.py': |
20 |
content => template('openssh/ldap-sshkey2file.py'), |
21 |
require => Package['python-ldap'] |
22 |
} |
23 |
|
24 |
cron { 'sshkey2file': |
25 |
command => '/usr/local/bin/ldap-sshkey2file.py', |
26 |
hour => '*', |
27 |
minute => '*/10', |
28 |
user => 'root', |
29 |
environment => 'MAILTO=root', |
30 |
require => Local_script['ldap-sshkey2file.py'], |
31 |
} |
32 |
} |