[opensuse-autoinstall] xml tag to add "sudoers_base" line to /etc/ldap.conf file?
Hi, Is there an autoyast tag to add a sudoers line to /etc/ldap.conf file? My customer tried adding this line to <ldap> section but this didn't work: <sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base> Below is the complete ldap section (I masked company name) Thanks in advance, Nefi M. --------------------------- <ldap> <base_config_dn>ou=ldapconfig,dc=HPC,dc=COMPANY,dc=COM</base_config_dn> <bind_dn></bind_dn> <create_ldap config:type="boolean">false</create_ldap> <file_server config:type="boolean">false</file_server> <ldap_domain>dc=HPC,dc=COMPANY,dc=COM</ldap_domain> <ldap_server>server.hpc.COMPANY.com server.hpc.COMPANY.com</ldap_server> <ldap_tls config:type="boolean">false</ldap_tls> <ldap_v2 config:type="boolean">false</ldap_v2> <login_enabled config:type="boolean">true</login_enabled> <member_attribute>member</member_attribute> <nss_base_group>ou=Group,dc=HPC,dc=COMPANY,dc=COM</nss_base_group> <nss_base_passwd>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_passwd> <nss_base_shadow>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_shadow> <pam_password>exop</pam_password> <start_autofs config:type="boolean">true</start_autofs> <start_ldap config:type="boolean">true</start_ldap> <tls_cacertdir>/etc/ssl/certs</tls_cacertdir> <sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base> </ldap> -----------------------------
On 08/16/2012 12:21 AM, Nefi Munoz wrote:
Hi,
Is there an autoyast tag to add a sudoers line to /etc/ldap.conf file?
My customer tried adding this line to<ldap> section but this didn't work:
<sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
Below is the complete ldap section (I masked company name)
Thanks in advance,
Nefi M.
--------------------------- <ldap>
<base_config_dn>ou=ldapconfig,dc=HPC,dc=COMPANY,dc=COM</base_config_dn>
<bind_dn></bind_dn>
<create_ldap config:type="boolean">false</create_ldap>
<file_server config:type="boolean">false</file_server>
<ldap_domain>dc=HPC,dc=COMPANY,dc=COM</ldap_domain>
<ldap_server>server.hpc.COMPANY.com server.hpc.COMPANY.com</ldap_server>
<ldap_tls config:type="boolean">false</ldap_tls>
<ldap_v2 config:type="boolean">false</ldap_v2>
<login_enabled config:type="boolean">true</login_enabled>
<member_attribute>member</member_attribute>
<nss_base_group>ou=Group,dc=HPC,dc=COMPANY,dc=COM</nss_base_group>
<nss_base_passwd>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_passwd>
<nss_base_shadow>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_shadow>
<pam_password>exop</pam_password>
<start_autofs config:type="boolean">true</start_autofs>
<start_ldap config:type="boolean">true</start_ldap>
<tls_cacertdir>/etc/ssl/certs</tls_cacertdir>
<sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
</ldap> -----------------------------
Hi, autoYaST only can use tags it knows about. You can find those in /usr/share/YaST2/schema/autoyast/rnc/ldap_client.rnc I'm using a post-script to add additional nss_bases to /etc/ldap.conf, e.g.: #+begin_src sh !/bin/sh cat >> /etc/ldap.conf <<END # additional NSS Bases nss_base_aliases ou=Aliases,dc=example,dc=mpg,dc=com nss_base_netgroup ou=Netgroup,dc=example,dc=mpg,dc=com END #+end_src Take care to change the appropriate file(s) if you are using sssd! (Not sure about openSuSE 12.1, but 12.2 allows for using sssd instead of plain /etc/ldap.conf. In my autoyast.xml file I add a post-script in the scripts section: #+begin_example <scripts> <post-scripts config:type="list"> <script> <location>ftp://192.168.0.10/autoyast/ldap.sh</location> <filename>ldap.sh</filename> </script> </post-scripts> </scripts> #+end_example Best regards Robert -- Robert Klein - Max Planck-Institut für Polymerforschung Ackermannweg 10 55128 Mainz -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
Great info ! Thank you Robert. Nefi M.
Robert Klein <kleinrob@mpip-mainz.mpg.de> 8/16/2012 12:49 AM >>> On 08/16/2012 12:21 AM, Nefi Munoz wrote:
Hi,
Is there an autoyast tag to add a sudoers line to /etc/ldap.conf file?
My customer tried adding this line to<ldap> section but this didn't work:
<sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
Below is the complete ldap section (I masked company name)
Thanks in advance,
Nefi M.
--------------------------- <ldap>
<base_config_dn>ou=ldapconfig,dc=HPC,dc=COMPANY,dc=COM</base_config_dn>
<bind_dn></bind_dn>
<create_ldap config:type="boolean">false</create_ldap>
<file_server config:type="boolean">false</file_server>
<ldap_domain>dc=HPC,dc=COMPANY,dc=COM</ldap_domain>
<ldap_server>server.hpc.COMPANY.com server.hpc.COMPANY.com</ldap_server>
<ldap_tls config:type="boolean">false</ldap_tls>
<ldap_v2 config:type="boolean">false</ldap_v2>
<login_enabled config:type="boolean">true</login_enabled>
<member_attribute>member</member_attribute>
<nss_base_group>ou=Group,dc=HPC,dc=COMPANY,dc=COM</nss_base_group>
<nss_base_passwd>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_passwd>
<nss_base_shadow>ou=People,dc=HPC,dc=COMPANY,dc=COM</nss_base_shadow>
<pam_password>exop</pam_password>
<start_autofs config:type="boolean">true</start_autofs>
<start_ldap config:type="boolean">true</start_ldap>
<tls_cacertdir>/etc/ssl/certs</tls_cacertdir>
<sudoers_base>ou=sudoers,dc=HPC,dc=COMPANY,dc=COM</sudoers_base>
</ldap> -----------------------------
Hi, autoYaST only can use tags it knows about. You can find those in /usr/share/YaST2/schema/autoyast/rnc/ldap_client.rnc I'm using a post-script to add additional nss_bases to /etc/ldap.conf, e.g.: #+begin_src sh !/bin/sh cat >> /etc/ldap.conf <<END # additional NSS Bases nss_base_aliases ou=Aliases,dc=example,dc=mpg,dc=com nss_base_netgroup ou=Netgroup,dc=example,dc=mpg,dc=com END #+end_src Take care to change the appropriate file(s) if you are using sssd! (Not sure about openSuSE 12.1, but 12.2 allows for using sssd instead of plain /etc/ldap.conf. In my autoyast.xml file I add a post-script in the scripts section: #+begin_example <scripts> <post-scripts config:type="list"> <script> <location>ftp://192.168.0.10/autoyast/ldap.sh</location> <filename>ldap.sh</filename> </script> </post-scripts> </scripts> #+end_example Best regards Robert -- Robert Klein - Max Planck-Institut für Polymerforschung Ackermannweg 10 55128 Mainz -- To unsubscribe, e-mail: opensuse-autoinstall+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-autoinstall+owner@opensuse.org
participants (2)
-
Nefi Munoz
-
Robert Klein