Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- include_recipe "krb5"
- include_recipe "resolver"
- include_recipe "yum::epel"
- node['sssd']['packages'].each do |pkg|
- package pkg
- end
- cookbook_file "/etc/pki/tls/certs/ldap-root-ca.cer" do
- source "root-ca.cer"
- mode "0600"
- owner "root"
- group "root"
- end
- execute "kinit" do
- if node['platform_version'].to_f < 6 then
- command "echo 'mysecretpassword' | /usr/kerberos/bin/kinit Administrator"
- else
- command "echo 'mysecretpassword' | kinit Administrator"
- end
- action :run
- end
- service "sssd" do
- action [ :enable ]
- end
- template "/etc/sssd/sssd.conf" do
- source "sssd.conf.erb"
- owner "root"
- group "root"
- mode "0600"
- notifies :restart, resources(:service => "sssd")
- end
- execute "do-authconfig" do
- command node['sssd']['authconfig']
- user "root"
- action :run
- end
- execute "update-nsswitch.conf" do
- command "sed -i.bak 's/^passwd:.*/passwd: files sss/;s/^shadow:.*/shadow: files sss/;s/^group:.*/group: files sss/' /etc/nsswitch.conf"
- not_if "grep sss /etc/nsswitch.conf"
- action :run
- end
- template "/etc/hosts" do
- source "hosts.erb"
- owner "root"
- group "root"
- mode "0644"
- end
- execute "msktutil" do
- command "msktutil -c -b OU=Linux --computer-name `hostname` --server roota.ldaptest.local"
- not_if "test -f /etc/krb5.keytab"
- action :run
- end
Add Comment
Please, Sign In to add comment