- adapt the script to our infrastructure ( ie, use our domain, and create the directory holding the key )

2 files changed, 14 insertions, 4 deletions

diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp
index 2618f401..f628e2b1 100644
--- a/modules/restrictshell/manifests/init.pp
+++ b/modules/restrictshell/manifests/init.pp
@@ -31,6 +31,14 @@ class restrictshell {
     ensure => installed,
   }
 
+  $pubkeys_directory = "/var/lib/pubkeys"
+  file { $pubkeys_directory:
+    ensure => directory,
+    owner => root,
+    group => root,
+    mode => 755,
+  }
+
   file { '/usr/local/bin/ldap-sshkey2file.py':
     ensure => present,
     owner => root,
diff --git a/modules/restrictshell/templates/ldap-sshkey2file.py b/modules/restrictshell/templates/ldap-sshkey2file.py
index 3925176f..4384b35b 100755
--- a/modules/restrictshell/templates/ldap-sshkey2file.py
+++ b/modules/restrictshell/templates/ldap-sshkey2file.py
@@ -9,10 +9,12 @@ try:
 except ImportError, e:
     print "Please install python-ldap before running this program"
     sys.exit(1)
-
-basedn="dc=mandriva,dc=com"
+<%
+dc_suffix = 'dc=' + domain.gsub('.',',dc=')
+%>
+basedn="<%= dc_suffix %>"
 peopledn="ou=people,%s" % basedn
-uris=['ldap://kenobi.mandriva.com','ldap://svn.mandriva.com']
+uris=['ldap://ldap.<%= domain %>']
 random.shuffle(uris)
 uri = " ".join(uris)
 timeout=5
@@ -21,7 +23,7 @@ pwfile="/etc/sshkeyreader.pw"
 # filter out disabled accounts also
 # too bad uidNumber doesn't support >= filters
 filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*)(!(shadowExpire=*)))"
-keypathprefix="/var/lib/config/pubkeys"
+keypathprefix="<%= pubkeys_directory %>"
 
 def usage():
     print "%s" % sys.argv[0]