718itbiz/ldap-client
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

migration #3

Merged
wmantly merged 1 commits from sssd into master 2026-03-05 21:30:11 +00:00
Conversation 0 Commits 1 Files Changed 1 +1 -65
1 changed files with 1 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c0d3204403 - Show all commits

66
migration.sh Normal file → Executable file
View File

@@ -55,68 +55,4 @@ systemctl disable nscd || true
echo "Cleanup complete." echo "Cleanup complete."
echo "--- Installing New SSSD Configuration ---" echo "--- Installing New SSSD Configuration ---"
# Install SSSD and required tools ./index.sh
# We use sssd-ldap for the backend and libnss-sss/libpam-sss for the system hooks
DEBIAN_FRONTEND=noninteractive apt update
DEBIAN_FRONTEND=noninteractive apt install -y sudo sssd sssd-ldap libnss-sss libpam-sss ldap-utils libsss-sudo curl libsasl2-modules-gssapi-mit
# Create the SSSD configuration from template
mkdir -p /etc/sssd
echo " - Creating /etc/sssd/sssd.conf from template..."
cat files/sssd.conf.mo | mo > /etc/sssd/sssd.conf
chmod 600 /etc/sssd/sssd.conf
# Ensure nsswitch uses sss for passwd, group, and sudoers
echo " - Updating /etc/nsswitch.conf for SSSD..."
sed -i 's/^passwd:.*/passwd: files sss/' /etc/nsswitch.conf
sed -i 's/^group:.*/group: files sss/' /etc/nsswitch.conf
if ! grep -q "sudoers:" /etc/nsswitch.conf; then
echo "sudoers: files sss" >> /etc/nsswitch.conf
else
sed -i 's/^sudoers:.*/sudoers: files sss/' /etc/nsswitch.conf
fi
# Enable home directory creation (this should already be handled by pam-auth-update)
# Double-check this line if it causes issues; pam-auth-update should configure /etc/pam.d/common-session
# pam-auth-update --enable mkhomedir
# Restart SSSD
echo " - Restarting and enabling SSSD service..."
systemctl restart sssd
systemctl enable sssd
# --- Maintain Custom SSH Key Script ---
echo " - Setting up custom SSH key script..."
cat files/ldap-ssh-key.sh | mo > /usr/local/bin/ldap-ssh-key
chmod +x /usr/local/bin/ldap-ssh-key
# Update SSHD config if not already present
echo " - Configuring SSHD for LDAP SSH keys..."
if ! grep -q "AuthorizedKeysCommand /usr/local/bin/ldap-ssh-key" /etc/ssh/sshd_config; then
echo "AuthorizedKeysCommand /usr/local/bin/ldap-ssh-key" >> /etc/ssh/sshd_config
echo "AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config
systemctl restart sshd
else
# If the lines exist, just ensure sshd is restarted in case it wasn't earlier
systemctl restart sshd
fi
echo " - Enabling sssd-sudo socket..."
systemctl enable --now sssd-sudo.socket
# --- SSO Group Creation API Calls ---
if [[ -v sso_token ]]; then
echo " - Registering host groups via API..."
# (Existing curl logic remains here)
curl "${sso_url}/api/group/" \
-H "auth-token: ${sso_token}" \
-H "content-type: application/json; charset=UTF-8" \
--data-binary "{\"name\":\"host_${current_host}_access\",\"description\":\"Access for $current_host\"}"
curl "${sso_url}/api/group/" \
-H "auth-token: ${sso_token}" \
-H "content-type: application/json; charset=UTF-8" \
--data-binary "{\"name\":\"host_${current_host}_admin\",\"description\":\"sudo for $current_host\"}"
fi
echo "--- SSSD Migration Complete! ---"
echo "Please verify authentication and user access."