diff options
Diffstat (limited to 'modules/openssh/manifests/ssh_keys_from_ldap.pp')
-rw-r--r-- | modules/openssh/manifests/ssh_keys_from_ldap.pp | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp new file mode 100644 index 00000000..720f4481 --- /dev/null +++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp @@ -0,0 +1,45 @@ +class openssh::ssh_keys_from_ldap($symlink_users = [], + $config = '') inherits server { + # root account authorized_keys will be symlinked + # if you want to add symlink on other accounts, use $symlink_users parameter + + File ['/etc/ssh/sshd_config'] { + content => template('openssh/sshd_config','openssh/sshd_config_ldap') + } + + package { 'python-ldap': } + + $pubkeys_directory = '/var/lib/pubkeys' + file { $pubkeys_directory: + ensure => directory, + } + + file { "$pubkeys_directory/root": + ensure => directory, + mode => '0700', + } + + file { "$pubkeys_directory/root/authorized_keys": + ensure => link, + target => '/root/.ssh/authorized_keys', + mode => '0700', + } + + symlink_user { $symlink_users: } + + $ldap_pwfile = '/etc/ldap.secret' + $ldap_servers = get_ldap_servers() + local_script { 'ldap-sshkey2file.py': + content => template('openssh/ldap-sshkey2file.py'), + require => Package['python-ldap'] + } + + cron { 'sshkey2file': + command => '/usr/local/bin/ldap-sshkey2file.py', + hour => '*', + minute => '*/10', + user => 'root', + environment => 'MAILTO=root', + require => Local_script['ldap-sshkey2file.py'], + } +} |