From c0d3204403519cbc6296f2b834973e24f2faca4d Mon Sep 17 00:00:00 2001
From: William Mantly <wmantly@gmail.com>
Date: Thu, 5 Mar 2026 16:29:20 -0500
Subject: [PATCH] migration

---
 migration.sh | 66 +---------------------------------------------------
 1 file changed, 1 insertion(+), 65 deletions(-)
 mode change 100644 => 100755 migration.sh

diff --git a/migration.sh b/migration.sh
old mode 100644
new mode 100755
index c1b3830..50ba18e
--- a/migration.sh
+++ b/migration.sh
@@ -55,68 +55,4 @@ systemctl disable nscd || true
 echo "Cleanup complete."
 echo "--- Installing New SSSD Configuration ---"
 
-# Install SSSD and required tools
-# We use sssd-ldap for the backend and libnss-sss/libpam-sss for the system hooks
-DEBIAN_FRONTEND=noninteractive apt update
-DEBIAN_FRONTEND=noninteractive apt install -y sudo sssd sssd-ldap libnss-sss libpam-sss ldap-utils libsss-sudo curl libsasl2-modules-gssapi-mit
-
-# Create the SSSD configuration from template
-mkdir -p /etc/sssd
-echo "  - Creating /etc/sssd/sssd.conf from template..."
-cat files/sssd.conf.mo | mo > /etc/sssd/sssd.conf
-chmod 600 /etc/sssd/sssd.conf
-
-# Ensure nsswitch uses sss for passwd, group, and sudoers
-echo "  - Updating /etc/nsswitch.conf for SSSD..."
-sed -i 's/^passwd:.*/passwd:         files sss/' /etc/nsswitch.conf
-sed -i 's/^group:.*/group:          files sss/' /etc/nsswitch.conf
-if ! grep -q "sudoers:" /etc/nsswitch.conf; then
-    echo "sudoers:        files sss" >> /etc/nsswitch.conf
-else
-    sed -i 's/^sudoers:.*/sudoers:        files sss/' /etc/nsswitch.conf
-fi
-
-# Enable home directory creation (this should already be handled by pam-auth-update)
-# Double-check this line if it causes issues; pam-auth-update should configure /etc/pam.d/common-session
-# pam-auth-update --enable mkhomedir
-
-# Restart SSSD
-echo "  - Restarting and enabling SSSD service..."
-systemctl restart sssd
-systemctl enable sssd
-
-# --- Maintain Custom SSH Key Script ---
-echo "  - Setting up custom SSH key script..."
-cat files/ldap-ssh-key.sh | mo > /usr/local/bin/ldap-ssh-key
-chmod +x /usr/local/bin/ldap-ssh-key
-
-# Update SSHD config if not already present
-echo "  - Configuring SSHD for LDAP SSH keys..."
-if ! grep -q "AuthorizedKeysCommand /usr/local/bin/ldap-ssh-key" /etc/ssh/sshd_config; then
-    echo "AuthorizedKeysCommand /usr/local/bin/ldap-ssh-key" >> /etc/ssh/sshd_config
-    echo "AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config
-    systemctl restart sshd
-else
-    # If the lines exist, just ensure sshd is restarted in case it wasn't earlier
-    systemctl restart sshd
-fi
-
-echo "  - Enabling sssd-sudo socket..."
-systemctl enable --now sssd-sudo.socket
-
-# --- SSO Group Creation API Calls ---
-if [[ -v sso_token ]]; then
-    echo "  - Registering host groups via API..."
-    # (Existing curl logic remains here)
-    curl "${sso_url}/api/group/" \
-        -H "auth-token: ${sso_token}" \
-        -H "content-type: application/json; charset=UTF-8" \
-        --data-binary "{\"name\":\"host_${current_host}_access\",\"description\":\"Access for $current_host\"}"
-    curl "${sso_url}/api/group/" \
-        -H "auth-token: ${sso_token}" \
-        -H "content-type: application/json; charset=UTF-8" \
-        --data-binary "{\"name\":\"host_${current_host}_admin\",\"description\":\"sudo for $current_host\"}"
-fi
-
-echo "--- SSSD Migration Complete! ---"
-echo "Please verify authentication and user access."
+./index.sh