diff options
| -rw-r--r-- | modules/restrictshell/manifests/init.pp | 8 | ||||
| -rwxr-xr-x | modules/restrictshell/templates/ldap-sshkey2file.py | 10 |
2 files changed, 14 insertions, 4 deletions
diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index 2618f401..f628e2b1 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -31,6 +31,14 @@ class restrictshell { ensure => installed, } + $pubkeys_directory = "/var/lib/pubkeys" + file { $pubkeys_directory: + ensure => directory, + owner => root, + group => root, + mode => 755, + } + file { '/usr/local/bin/ldap-sshkey2file.py': ensure => present, owner => root, diff --git a/modules/restrictshell/templates/ldap-sshkey2file.py b/modules/restrictshell/templates/ldap-sshkey2file.py index 3925176f..4384b35b 100755 --- a/modules/restrictshell/templates/ldap-sshkey2file.py +++ b/modules/restrictshell/templates/ldap-sshkey2file.py @@ -9,10 +9,12 @@ try: except ImportError, e: print "Please install python-ldap before running this program" sys.exit(1) - -basedn="dc=mandriva,dc=com" +<% +dc_suffix = 'dc=' + domain.gsub('.',',dc=') +%> +basedn="<%= dc_suffix %>" peopledn="ou=people,%s" % basedn -uris=['ldap://kenobi.mandriva.com','ldap://svn.mandriva.com'] +uris=['ldap://ldap.<%= domain %>'] random.shuffle(uris) uri = " ".join(uris) timeout=5 @@ -21,7 +23,7 @@ pwfile="/etc/sshkeyreader.pw" # filter out disabled accounts also # too bad uidNumber doesn't support >= filters filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*)(!(shadowExpire=*)))" -keypathprefix="/var/lib/config/pubkeys" +keypathprefix="<%= pubkeys_directory %>" def usage(): print "%s" % sys.argv[0] |