This file is indexed.

/usr/lib/freedombox/setup.d/30_ldap-server is in freedombox-setup 0.8ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#!/bin/sh

domain=thisbox

echo slapd slapd/domain string $domain   | debconf-set-selections

DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils

# Make sure slapd isn't running when we use slapadd
service slapd stop

cat <<EOF |slapadd
dn: ou=users,dc=$domain
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=$domain
objectClass: top
objectClass: organizationalUnit
ou: groups

EOF

# Configure PAM for LDAP user logins
echo nslcd nslcd/ldap-uris string "ldapi:///" | debconf-set-selections
echo nslcd nslcd/ldap-base string "dc=thisbox" | debconf-set-selections
echo nslcd nslcd/ldap-auth-type select SASL | debconf-set-selections
echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections
echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \
    | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd

# Allow only users in admin group to login: /usr/share/pam-configs/access
#
# Create home directories for LDAP users logging in for the first time:
# /usr/share/pam-configs/mkhomedir-freedombox

pam-auth-update --package

if ! grep -q -- "^-:ALL EXCEPT root fbx (admin):ALL$" \
     /etc/security/access.conf ; then
    printf "%s\n" "-:ALL EXCEPT root fbx (admin):ALL" \
	 >> /etc/security/access.conf
fi

# Allow all user of 'admin' LDAP to run commands as root:
# /etc/sudoers.d/freedombox