ldapifying an ubuntu server
By Jesse Morgan
I recently wrote a nice little script in ruby for ldapifying new ubuntu servers- all the server needs is a ssh key set up for root, the rest is cake…
jmorg@util3:~/base_configs# ./ldapify -h
Usage: ldapify --install hostname [$options]
ldapify --check hostname
ldapify --uninstall hostname
--install hostname hostname to ldapify(foo.pub.local)
--uninstall hostname removes ldapification from hostname
-a, --access_group access_group access_group that has access to hostname
--no_group_dn No access_group limitations- use with caution.
-c, --clusters x,y,z clusters in which hostname belongs
--aliases x,y,z other aliased hostnames for the host
--ignore-home don't mount/unmount home
-v, --verbose enable verbosity
-q, --quiet silence all unneeded messages
-h, --help Show this message
jmorg@util3:~/base_configs# ./ldapify --install log1.pub.local -a devboxes
backing up sources.list...
updating sources.list...
updating package list...
adding nfs entry to /etc/fstab...
Complete.
Mounting home, please wait...
complete.
installing debconf-utils...
patching debconf selections...
installing libnss-ldap ...
symlinking ldap.conf...
copy ssl cert and ldap.conf...
complete.
No Access group was given, using admin_only by default.
backup nsswitch.conf and pam.d files...
complete.
install nsswitch.conf and pam.d files...
complete.
ldap requires the manager password:
please verify the manager password:
store manpass...
installing sudo-ldap...
jmorg@util3:~/base_configs# ./ldapify --uninstall log1.pub.local
restore nsswitch.conf and pam.d files...
complete.
remove ssl cert and ldap.conf...
complete.
removing nfs entry...
complete.
unmounting home...
complete.
removing debconf-utils, libnss-ldap and libpam-ldap ...
removing ldap.conf symlinks...
removing sudo-ldap, restoring sudo...
retore sources.list...
updating package list...
ldap requires the manager password:
please verify the manager password:
jmorg@util3:~/base_configs#
So what all does it do?
- Sets up ldap authentication of user accounts
- mounts the nfs-based home directory
- Sets up ldap-based sudo rules
- Creates a host entry in the ldap server
- Adds an entry in the ldap server for the distro’s cluster and ldapified hosts cluster
- Can completely revert back to the original state
This script takes about 2:45 to run (mostly due to the 120 seconds of waiting for the /home dir to mount), and saves roughly half an hours worth of work. It’s not very stable (pre-ldapified boxes cause it to freak out when trying to re-install/remove) , but it will be a lot of help as we move towards ubuntu as our standard distro.