ahamilton55 · April 5, 2012 17:18 · Apr 5, 2012
diff --git a/ubuntu_ldap_auth.sh b/ubuntu_ldap_auth.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# Set environment vars for a silent install through apt-get
+export DEBIAN_FRONTEND=noninteractive
+export DEBIAN_PRIORITY=critical
+
+# Install the LDAP utilities
+apt-get -y install libpam-ldap libnss-ldap nss-updatedb libnss-db 
+
+# Reset environment vars for apt-get
+export DEBIAN_FRONTEND=dialog
+export DEBIAN_PRIORITY=high
+
+# Edit the /etc/ldap.conf file with the proper information
+sed -i 's/base.*$/base <BASE_DN>/' /etc/ldap.conf 
+sed -i 's%uri ldapi:///%uri ldap://<LDAP_SERVER_FQDN_OR_IP>/%' /etc/ldap.conf
+sed -i 's/rootbinddn.*$/rootbinddn <ROOT_BIND_DN>/' /etc/ldap.conf 
+
+# Copy config into /etc/pam_ldap.conf
+cp /etc/libnss-ldap.conf /etc/pam_ldap.conf
+
+# Change lines in /etc/nsswitch.conf
+sed -i 's/passwd:[ ]*compat/passwd:\t\tldap files/' /etc/nsswitch.conf 
+sed -i 's/group:[ ]*compat/group:\t\tldap files/' /etc/nsswitch.conf
+
+# Restart nscd if present (Debian)
+if [ -e /etc/init.d/nscd ]; then
+    /etc/init.d/nscd restart
+fi
+
+# Remove sudo and reinstall sudo-ldap.  In the end edit /etc/nsswitch.conf
+# and /etc/ldap/ldap.conf
+export SUDO_FORCE_REMOVE=yes
+
+aptitude install -y sudo-ldap
+
+echo -e "sudoers:\t\tldap files" >> /etc/nsswitch.conf
+
+sed -i 's/^#BASE.*$/BASE\t<ROOT_DN>/' /etc/ldap/ldap.conf 
+sed -i 's%^#URI.*$%URI\tldap://<LDAP_SERVER_FQDN_OR_IP>%' /etc/ldap/ldap.conf 
+
+echo -e "sudoers_base\t<SUDOERS_DN_IF_USED>" >>/etc/ldap/ldap.conf
+
+export SUDO_FORCE_REMOVE=no
+
+# Add entries to create home directory on first login by a user
+echo -e "session\trequired\tpam_mkhomedir.so\tskel=/etc/skel/" >>/etc/pam.d/common-session
+echo -e "session\toptional\tpam_foreground.so" >>/etc/pam.d/common-session