/usr/lib/freedombox/setup.d/30_ldap-server is in freedombox-setup 0.8ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | #!/bin/sh
domain=thisbox
echo slapd slapd/domain string $domain | debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
# Make sure slapd isn't running when we use slapadd
service slapd stop
cat <<EOF |slapadd
dn: ou=users,dc=$domain
objectClass: top
objectClass: organizationalUnit
ou: users
dn: ou=groups,dc=$domain
objectClass: top
objectClass: organizationalUnit
ou: groups
EOF
# Configure PAM for LDAP user logins
echo nslcd nslcd/ldap-uris string "ldapi:///" | debconf-set-selections
echo nslcd nslcd/ldap-base string "dc=thisbox" | debconf-set-selections
echo nslcd nslcd/ldap-auth-type select SASL | debconf-set-selections
echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections
echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \
| debconf-set-selections
DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd
# Allow only users in admin group to login: /usr/share/pam-configs/access
#
# Create home directories for LDAP users logging in for the first time:
# /usr/share/pam-configs/mkhomedir-freedombox
pam-auth-update --package
if ! grep -q -- "^-:ALL EXCEPT root fbx (admin):ALL$" \
/etc/security/access.conf ; then
printf "%s\n" "-:ALL EXCEPT root fbx (admin):ALL" \
>> /etc/security/access.conf
fi
# Allow all user of 'admin' LDAP to run commands as root:
# /etc/sudoers.d/freedombox
|