Great info !  Thank you Robert.

Nefi M.

>>> Robert Klein <kleinrob@mpip-mainz.mpg.de> 8/16/2012 12:49 AM >>>
On 08/16/2012 12:21 AM, Nefi Munoz wrote:
>
> Hi,
>
> Is there an autoyast tag to add a sudoers line to /etc/ldap.conf file?
>
> My customer tried adding this line to<ldap>  section but this didn't work:
>
> <sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
>
> Below is the complete ldap section (I masked company name)
>
> Thanks in advance,
>
> Nefi M.
>
> ---------------------------
> <ldap>
>
>      <base_config_dn>ou=ldapconfig,dc=HPC,dc=COMPANY,dc=COM</base_config_dn>
>
>      <bind_dn></bind_dn>
>
>      <create_ldap config:type="boolean">false</create_ldap>
>
>      <file_server config:type="boolean">false</file_server>
>
>      <ldap_domain>dc=HPC,dc=COMPANY,dc=COM</ldap_domain>
>
>      <ldap_server>server.hpc.COMPANY.com server.hpc.COMPANY.com</ldap_server>
>
>      <ldap_tls config:type="boolean">false</ldap_tls>
>
>      <ldap_v2 config:type="boolean">false</ldap_v2>
>
>      <login_enabled config:type="boolean">true</login_enabled>
>
>      <member_attribute>member</member_attribute>
>
>      <nss_base_group>ou=Group,dc=HPC,dc=COMPANY,dc=COM</nss_base_group>
>
>      <nss_base_passwd>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_passwd>
>
>      <nss_base_shadow>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_shadow>
>
>      <pam_password>exop</pam_password>
>
>      <start_autofs config:type="boolean">true</start_autofs>
>
>      <start_ldap config:type="boolean">true</start_ldap>
>
>      <tls_cacertdir>/etc/ssl/certs</tls_cacertdir>
>
>      <sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
>
> </ldap>
> -----------------------------
>


Hi,

autoYaST only can use tags it knows about. You can find those in
    /usr/share/YaST2/schema/autoyast/rnc/ldap_client.rnc

I'm using a post-script to add additional nss_bases to /etc/ldap.conf, e.g.:

#+begin_src sh
!/bin/sh

cat >> /etc/ldap.conf <<END

# additional NSS Bases
nss_base_aliases  ou=Aliases,dc=example,dc=mpg,dc=com
nss_base_netgroup ou=Netgroup,dc=example,dc=mpg,dc=com

END

#+end_src


Take care to change the appropriate file(s) if you are using sssd!
(Not sure about openSuSE 12.1, but 12.2 allows for using sssd instead of
plain /etc/ldap.conf.


In my autoyast.xml file I add a post-script in the scripts section:

#+begin_example
   <scripts>
     <post-scripts config:type="list">
       <script>
         <location>ftp://192.168.0.10/autoyast/ldap.sh</location>
         <filename>ldap.sh</filename>
       </script>
     </post-scripts>
   </scripts>
#+end_example


Best regards
Robert



--
Robert Klein - Max Planck-Institut für Polymerforschung
Ackermannweg 10
55128 Mainz
--
To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org