move the ldap key from ssh logic to openssh module ( more logical ), and add the hook in openssh config file

1 files changed, 39 insertions, 0 deletions

diff --git a/modules/openssh/manifests/init.pp b/modules/openssh/manifests/init.pp
index e55660fd..d3d0c78c 100644
--- a/modules/openssh/manifests/init.pp
+++ b/modules/openssh/manifests/init.pp
@@ -22,4 +22,43 @@ class openssh {
         require => Package["openssh-server"],
         content => template("openssh/sshd_config")
     }
+
+ 
+    class ssh_keys_from_ldap {
+
+        package { 'python-ldap':
+            ensure => installed,
+        }
+
+        $pubkeys_directory = "/var/lib/pubkeys"
+        file { $pubkeys_directory:
+            ensure => directory,
+            owner => root,
+            group => root,
+            mode => 755,
+        #    before => Class["openssh"] 
+        }
+
+        file { "$pubkeys_directory/root":
+            ensure => directory,
+            owner => root,
+            group => root,
+            mode => 700,
+        }
+
+        file { "$pubkeys_directory/root/authorized_keys":
+            ensure => "/root/.ssh/authorized_keys",
+            mode => 700,
+        }
+
+        $ldap_pwfile = "/etc/ldap.secret"
+        file { '/usr/local/bin/ldap-sshkey2file.py':
+            ensure => present,
+            owner => root,
+            group => root,
+            mode => 755,
+            content => template("restrictshell/ldap-sshkey2file.py"),
+            require => Package['python-ldap']
+        }
+    } 
 }