add ldap

packer/ansible/playbook.yml

@@ -36,6 +36,10 @@
     auth:
       sudo:
         group: fablab
+      ldap:
+        protocol: ldap
+        server: ldap.fablab-nea.de
+        base: dc=ldap,dc=fablab-nea,dc=de
     l10n:
       keyboard:
         layout: de

packer/ansible/roles/auth/files/mkhomedir

@@ -0,0 +1,6 @@
+Name: Create home directory during login
+Default: yes
+Priority: 900
+Session-Type: Additional
+Session:
+        required        pam_mkhomedir.so umask=0027 skel=/etc/skel

packer/ansible/roles/auth/files/nsswitch.conf

@@ -0,0 +1,15 @@
+passwd:         compat ldap
+group:          compat ldap
+shadow:         compat ldap
+gshadow:        files
+
+hosts:          files dns
+networks:       files ldap
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+

packer/ansible/roles/auth/handlers/main.yml

@@ -0,0 +1,14 @@
+---
+- name: restart nslcd
+  service:
+    name: nslcd
+    state: restarted
+  notify: restart nscd
+
+- name: restart nscd
+  service:
+    name: nscd
+    state: restarted
+
+- name: update pam
+  command: pam-auth-update --package

packer/ansible/roles/auth/tasks/ldap.yml

@@ -0,0 +1,33 @@
+---
+- name: install ldap packages
+  apt:
+    name: "libnss-ldapd"
+    state: present
+
+- name: add ldap global config
+  template:
+    src: ldap.conf.j2
+    dest: /etc/ldap/ldap.conf
+
+- name: configure nsswitch
+  copy:
+    src: nsswitch.conf
+    dest: /etc/nsswitch.conf
+    owner: root
+    group: root
+    mode: '0640'
+
+- name: configure nslcd
+  template:
+    src: nslcd.conf.j2
+    dest: /etc/nslcd.conf
+    owner: root
+    group: root
+    mode: '0640'
+  notify: restart nslcd
+
+- name: add pam config for automated creation of the home directory
+  copy:
+    src: mkhomedir
+    dest: /usr/share/pam-configs/mkhomedir
+  notify: update pam

packer/ansible/roles/auth/tasks/main.yml

@@ -1,3 +1,6 @@
 ---
 - import_tasks: debug.yml
+- import_tasks: ldap.yml
+  tags:
+    - auth:ldap
 - import_tasks: sudo.yml

packer/ansible/roles/auth/templates/ldap.conf.j2

@@ -0,0 +1,6 @@
+BASE	{{ auth.ldap.base }}
+URI	{{ auth.ldap.protocol }}://{{ auth.ldap.server }}
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never

packer/ansible/roles/auth/templates/nslcd.conf.j2

@@ -0,0 +1,26 @@
+# The user and group nslcd should run as.
+uid nslcd
+gid nslcd
+
+# The location at which the LDAP server(s) should be reachable.
+uri {{ auth.ldap.protocol }}://{{ auth.ldap.server }}/
+
+# The search base that will be used for all queries.
+base {{ auth.ldap.base }}
+
+# The LDAP protocol version to use.
+#ldap_version 3
+
+# The DN to bind with for normal lookups.
+#binddn cn=annonymous,dc=example,dc=net
+#bindpw secret
+
+# The DN used for password modifications by root.
+#rootpwmoddn cn=admin,dc=example,dc=com
+
+# SSL options
+ssl start_tls
+#tls_reqcert never
+
+# The search scope.
+#scope sub