From 1c0e5fab937282b6455cfca66e7303dbc57d86ac Mon Sep 17 00:00:00 2001 From: Bruno Oliveira Date: Tue, 29 Nov 2016 12:48:58 -0200 Subject: [PATCH] Add the whole shell script to setup SSSD --- topics/user-federation/sssd.adoc | 52 +++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/topics/user-federation/sssd.adoc b/topics/user-federation/sssd.adoc index 8d868a71da..70c944608a 100644 --- a/topics/user-federation/sssd.adoc +++ b/topics/user-federation/sssd.adoc @@ -49,10 +49,60 @@ You should be prompted for the password. After that, you may be able to add user ==== SSSD and D-Bus -As mentioned before, the federation provider gets the data from SSSD via D-BUS and authentication happens using http://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html[PAM]. All you have to is to run the provisioning script available at {{book.project.name}} distribution. +As mentioned before, the federation provider gets the data from SSSD via D-BUS and authentication happens using http://tldp.org/HOWTO/User-Authentication-HOWTO/x115.html[PAM]. + +{% if book.community %} + +All you have to is to run the provisioning script available at {{book.project.name}} distribution. $ bin/federation-sssd-setup.sh +{% endif %} + +{% if book.community %} + +All you have to is to copy and run the provisioning script below: + +[source,bash] +---- + +#!/bin/sh + +# Setup for SSSD +SSSD_FILE="/etc/sssd/sssd.conf" + +if [ -f "$SSSD_FILE" ]; +then + sed -i '/ldap_tls_cacert/a ldap_user_extra_attrs = mail:mail, sn:sn, givenname:givenname, telephoneNumber:telephoneNumber' $SSSD_FILE + sed -i 's/nss, sudo, pam/nss, sudo, pam, ifp/' $SSSD_FILE + sed -i '/\[ifp\]/a allowed_uids = root\nuser_attributes = +mail, +telephoneNumber, +givenname, +sn' $SSSD_FILE + systemctl restart sssd +else + echo "Please make sure you have $SSSD_FILE into your system! Aborting." + exit 1 +fi + +# Setup for PAM +PAM_FILE="/etc/pam.d/keycloak" + +if [ ! -f "$PAM_FILE" ]; +then +cat < $PAM_FILE + auth required pam_sss.so + account required pam_sss.so +EOF +else + echo "$PAM_FILE already exists. Skipping it..." + exit 0 +fi + + + +---- +{% endif %} + + + This script do the proper changes to `/etc/sssd/sssd.conf`: [domain/your-hostname.local]