Package: freedombox-setup Version: 0.9.1 Severity: normal Tags: patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
LDAP setup is being moved to Plinth. In continuation of https://github.com/freedombox/Plinth/pull/443 and https://github.com/freedombox/Plinth/pull/460, the corresponding pieces of LDAP setup must be removed in freedombox-setup. Attached patches do this. Please note that freedombox-setup including these patches must depend on Plinth version that includes the relevant changes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXPEIRAAoJEDbDYUQMm8lxxzoP/REzhqpTDOcfWd7oUYh+cGUR Ei5oKC9kRSKbFn+Iif1AidKB6NXjPK0Hv0n4cQWPPk/92cnXcJ+PdsB7rdZC1ByC tXo3gSg9OqUrwzkbwJWoNVHE1Ih60Ra1e1v59uePcI/jF15rLaj+VqoNJXZOfAX9 Bv9LuPCBkkTQoIz2eqf8dq+c0b9G7d791fBd1yQ4zlbWFhQ0DWU47rJVviWEmvWF bN/HhRciz+/GiZgyrXG+z7zTrnpMrS3447rdWjwBlR2kI6bMPIx3eLpk99iE43Xv coZh4glFwju1AAVxabUSdfeOpHeeNe7lLuM5vofey9Wa3oQzncU7ypvXpBduYxVa pKqDo8rRaT3XAM3WGt47SgHOPoLIb6/E3U6L8bmcd+BKuRFZOtQpJ1T5HqaGvhmY kyMRLUZFBk5BjavVStva0z2lcQGc3jnykiTDkpTuSSBKiBrvlEZyugYB6I6ZhUWf +Ha2UOO//7BWCm48Lwrf4sBt/ZJXaph95ptx6bz2UK6uyE09q84BWJ/j95ssjToM rHWRxnadjeAgMdamM5lbEEIhXavF5EM/Fz9OGJ32a62/r3eH1eVv4E2IOI05+Ut5 JmP1rPzI+WQI6sj7fnWjSzJfQm0m3B0JwVOXfqHjrwV2JvFFHyVicz/nClih1oEM wqvwPDDmBJ0muBOkLu81 =Zg5Z -----END PGP SIGNATURE-----
>From edafc476cf82ebd24d9d9601078097d9a239246d Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <[email protected]> Date: Mon, 16 May 2016 21:50:58 +0530 Subject: [PATCH 1/2] Move LDAP server setup over to Plinth --- first-run.d/50_ldap-server | 15 --------------- setup.d/30_ldap-server | 48 ---------------------------------------------- 2 files changed, 63 deletions(-) delete mode 100755 first-run.d/50_ldap-server delete mode 100755 setup.d/30_ldap-server diff --git a/first-run.d/50_ldap-server b/first-run.d/50_ldap-server deleted file mode 100755 index 6b45da8..0000000 --- a/first-run.d/50_ldap-server +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -# -# Remove LDAP admin password. Allow root to modify the users directory. - -cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:/// -dn: olcDatabase={1}mdb,cn=config -changetype: modify -delete: olcRootPW - -dn: olcDatabase={1}mdb,cn=config -changetype: modify -replace: olcRootDN -olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth - -EOF diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server deleted file mode 100755 index 1350b80..0000000 --- a/setup.d/30_ldap-server +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -domain=thisbox - -echo slapd slapd/domain string $domain | debconf-set-selections - -DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils - -# Make sure slapd isn't running when we use slapadd -service slapd stop - -cat <<EOF |slapadd -dn: ou=users,dc=$domain -objectClass: top -objectClass: organizationalUnit -ou: users - -dn: ou=groups,dc=$domain -objectClass: top -objectClass: organizationalUnit -ou: groups - -EOF - -# Configure PAM for LDAP user logins -echo nslcd nslcd/ldap-uris string "ldapi:///" | debconf-set-selections -echo nslcd nslcd/ldap-base string "dc=thisbox" | debconf-set-selections -echo nslcd nslcd/ldap-auth-type select SASL | debconf-set-selections -echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections -echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \ - | debconf-set-selections -DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd - -# Allow only users in admin group to login: /usr/share/pam-configs/access -# -# Create home directories for LDAP users logging in for the first time: -# /usr/share/pam-configs/mkhomedir-freedombox - -pam-auth-update --package - -if ! grep -q -- "^-:ALL EXCEPT root fbx (admin) (sudo):ALL$" \ - /etc/security/access.conf ; then - printf "%s\n" "-:ALL EXCEPT root fbx (admin) (sudo):ALL" \ - >> /etc/security/access.conf -fi - -# Allow all user of 'admin' LDAP to run commands as root: -# /etc/sudoers.d/freedombox -- 2.8.1
>From 0f4358b458511e0af3df40eae9cb8182c358e5fe Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <[email protected]> Date: Wed, 18 May 2016 11:56:11 +0530 Subject: [PATCH 2/2] Move PAM configuration over to Plinth Plinth is now also taking care of updaing PAM configurations along with LDAP. --- data/usr/share/pam-configs/access-freedombox | 6 ------ data/usr/share/pam-configs/mkhomedir-freedombox | 6 ------ debian/freedombox-setup.install | 1 - 3 files changed, 13 deletions(-) delete mode 100644 data/usr/share/pam-configs/access-freedombox delete mode 100644 data/usr/share/pam-configs/mkhomedir-freedombox diff --git a/data/usr/share/pam-configs/access-freedombox b/data/usr/share/pam-configs/access-freedombox deleted file mode 100644 index 19e6d2c..0000000 --- a/data/usr/share/pam-configs/access-freedombox +++ /dev/null @@ -1,6 +0,0 @@ -Name: Restrict login using access control table file -Default: yes -Priority: 0 -Account-Type: Additional -Account-Final: - required pam_access.so diff --git a/data/usr/share/pam-configs/mkhomedir-freedombox b/data/usr/share/pam-configs/mkhomedir-freedombox deleted file mode 100644 index eedc8b7..0000000 --- a/data/usr/share/pam-configs/mkhomedir-freedombox +++ /dev/null @@ -1,6 +0,0 @@ -Name: Create home directory during login -Default: yes -Priority: 900 -Session-Type: Additional -Session: - required pam_mkhomedir.so umask=0022 skel=/etc/skel diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 25739e3..d889c0e 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -7,4 +7,3 @@ data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d data/etc/update-motd.d/50-freedombox etc/update-motd.d/ -data/usr/share/pam-configs/*-freedombox usr/share/pam-configs -- 2.8.1
