aboutsummaryrefslogtreecommitdiffstats
path: root/modules/openssh/manifests/ssh_keys_from_ldap.pp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/openssh/manifests/ssh_keys_from_ldap.pp')
-rw-r--r--modules/openssh/manifests/ssh_keys_from_ldap.pp45
1 files changed, 45 insertions, 0 deletions
diff --git a/modules/openssh/manifests/ssh_keys_from_ldap.pp b/modules/openssh/manifests/ssh_keys_from_ldap.pp
new file mode 100644
index 00000000..720f4481
--- /dev/null
+++ b/modules/openssh/manifests/ssh_keys_from_ldap.pp
@@ -0,0 +1,45 @@
+class openssh::ssh_keys_from_ldap($symlink_users = [],
+ $config = '') inherits server {
+ # root account authorized_keys will be symlinked
+ # if you want to add symlink on other accounts, use $symlink_users parameter
+
+ File ['/etc/ssh/sshd_config'] {
+ content => template('openssh/sshd_config','openssh/sshd_config_ldap')
+ }
+
+ package { 'python-ldap': }
+
+ $pubkeys_directory = '/var/lib/pubkeys'
+ file { $pubkeys_directory:
+ ensure => directory,
+ }
+
+ file { "$pubkeys_directory/root":
+ ensure => directory,
+ mode => '0700',
+ }
+
+ file { "$pubkeys_directory/root/authorized_keys":
+ ensure => link,
+ target => '/root/.ssh/authorized_keys',
+ mode => '0700',
+ }
+
+ symlink_user { $symlink_users: }
+
+ $ldap_pwfile = '/etc/ldap.secret'
+ $ldap_servers = get_ldap_servers()
+ local_script { 'ldap-sshkey2file.py':
+ content => template('openssh/ldap-sshkey2file.py'),
+ require => Package['python-ldap']
+ }
+
+ cron { 'sshkey2file':
+ command => '/usr/local/bin/ldap-sshkey2file.py',
+ hour => '*',
+ minute => '*/10',
+ user => 'root',
+ environment => 'MAILTO=root',
+ require => Local_script['ldap-sshkey2file.py'],
+ }
+}
generated by cgit v1.2.1 (git 2.21.0) at 2024-07-07 15:24:32 +0000