debian-edu-config 1.702 / etc / cfengine / debian-edu / cf.ldapclient

This file is indexed.

/etc/cfengine/debian-edu/cf.ldapclient is in debian-edu-config 1.702.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#
# Configure NSS and PAM to use LDAP directory
#
editfiles:
	
    debian.installation.!standalone.!roaming::

        { /etc/nsswitch.conf

	  LocateLineMatching "# Example configuration of GNU Name Service Switch functionality."
          IncrementPointer   "3"

	  BeginGroupIfNoSuchLine "passwd:         files ldap"
	    HashCommentLinesStarting "passwd:"
            InsertLine "passwd:         files ldap"
          EndGroup

	  BeginGroupIfNoSuchLine "group:          files ldap"
	    HashCommentLinesStarting "group:"
            InsertLine "group:          files ldap"
          EndGroup

          # Fetching shadow from LDAP is useful for expiring accounts.
          BeginGroupIfNoSuchLine "shadow:         files ldap"
            HashCommentLinesStarting "shadow:"
            InsertLine "shadow:         files ldap"
          EndGroup

	  BeginGroupIfNoSuchLine "netgroup:       files ldap"
            HashCommentLinesStarting "netgroup:"
            InsertLine "netgroup:       files ldap"
          EndGroup

	  BeginGroupIfNoSuchLine "automount:      files ldap"
            HashCommentLinesStarting "automount:"
            InsertLine "automount:      files ldap"
          EndGroup

	  BeginGroupIfNoSuchLine "sudoers:        files ldap"
            HashCommentLinesStarting "sudoers:"
            InsertLine "sudoers:        files ldap"
          EndGroup
        }

    debian.installation.!standalone::

#	## Avoid showing the GOsa template as user:
#    	{ /etc/nslcd.conf
#          AppendIfNoSuchLine "filter passwd (&(objectClass=posixAccount)(!(objectClass=gosaUserTemplate)))"
#        }

	{ /etc/ldap/ldap.conf
          BeginGroupIfNoLineMatching "^HOST .*"
            AppendIfNoSuchLine "HOST $(ldapserver)"
          EndGroup

	  # needed for sudo-ldap:
          BeginGroupIfNoLineMatching "^sudoers_base .*"
            AppendIfNoSuchLine "sudoers_base ou=sudoers,$(ldapbase)"
          EndGroup

          # Insert the base-dn, to simplify searching the LDAP and reduce
          # typing :-) [barbarossa 2004-07-01]
          BeginGroupIfNoLineMatching "^BASE .*"
            AppendIfNoSuchLine "BASE $(ldapbase)"
          EndGroup

          # We want to use the downloaded LDAP SSL certificate to verify the
          # connection to the server, and disable the code to not check
          # certificates, see bug #1211.
          BeginGroupIfNoLineMatching "^TLS_REQCERT .*"
            AppendIfNoSuchLine "TLS_REQCERT demand"
          EndGroup
          AppendIfNoSuchLine "TLS_CACERT /etc/ldap/ssl/ldap-server-pubkey.pem"
	}

	{ /etc/nslcd.conf
          AppendIfNoSuchLine "tls_cacertfile /etc/ldap/ssl/ldap-server-pubkey.pem"
	}

shellcommands:
    debian.installation.roaming::
        "/usr/share/debian-edu-config/tools/setup-roaming"

    # Workaround for bug #591773 in nslcd
    debian.installation.!standalone::
        "/usr/bin/apt-get purge -y libpam-ldapd"

    # Avoid multicast dns on stationary machines
    debian.installation.!standalone.!roaming::
        "/usr/bin/apt-get purge -y libnss-mdns"

APT Browse - Built by Thomas Orozco.