#!/bin/bash

# Set environment vars for a silent install through apt-get
export DEBIAN_FRONTEND=noninteractive
export DEBIAN_PRIORITY=critical

# Install the LDAP utilities
apt-get -y install libpam-ldap libnss-ldap nss-updatedb libnss-db 

# Reset environment vars for apt-get
export DEBIAN_FRONTEND=dialog
export DEBIAN_PRIORITY=high

# Edit the /etc/ldap.conf file with the proper information
sed -i 's/base.*$/base <BASE_DN>/' /etc/ldap.conf 
sed -i 's%uri ldapi:///%uri ldap://<LDAP_SERVER_FQDN_OR_IP>/%' /etc/ldap.conf
sed -i 's/rootbinddn.*$/rootbinddn <ROOT_BIND_DN>/' /etc/ldap.conf 

# Copy config into /etc/pam_ldap.conf
cp /etc/libnss-ldap.conf /etc/pam_ldap.conf

# Change lines in /etc/nsswitch.conf
sed -i 's/passwd:[ ]*compat/passwd:\t\tldap files/' /etc/nsswitch.conf 
sed -i 's/group:[ ]*compat/group:\t\tldap files/' /etc/nsswitch.conf

# Restart nscd if present (Debian)
if [ -e /etc/init.d/nscd ]; then
    /etc/init.d/nscd restart
fi

# Remove sudo and reinstall sudo-ldap.  In the end edit /etc/nsswitch.conf
# and /etc/ldap/ldap.conf
export SUDO_FORCE_REMOVE=yes

aptitude install -y sudo-ldap

echo -e "sudoers:\t\tldap files" >> /etc/nsswitch.conf

sed -i 's/^#BASE.*$/BASE\t<ROOT_DN>/' /etc/ldap/ldap.conf 
sed -i 's%^#URI.*$%URI\tldap://<LDAP_SERVER_FQDN_OR_IP>%' /etc/ldap/ldap.conf 

echo -e "sudoers_base\t<SUDOERS_DN_IF_USED>" >>/etc/ldap/ldap.conf

export SUDO_FORCE_REMOVE=no

# Add entries to create home directory on first login by a user
echo -e "session\trequired\tpam_mkhomedir.so\tskel=/etc/skel/" >>/etc/pam.d/common-session
echo -e "session\toptional\tpam_foreground.so" >>/etc/pam.d/common-session