Package: freedombox-setup
Version: 0.9.1
Severity: normal
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LDAP setup is being moved to Plinth. In continuation of
https://github.com/freedombox/Plinth/pull/443 and
https://github.com/freedombox/Plinth/pull/460, the corresponding pieces of LDAP
setup must be removed in freedombox-setup. Attached patches do this.
Please note that freedombox-setup including these patches must depend on Plinth
version that includes the relevant changes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJXPEIRAAoJEDbDYUQMm8lxxzoP/REzhqpTDOcfWd7oUYh+cGUR
Ei5oKC9kRSKbFn+Iif1AidKB6NXjPK0Hv0n4cQWPPk/92cnXcJ+PdsB7rdZC1ByC
tXo3gSg9OqUrwzkbwJWoNVHE1Ih60Ra1e1v59uePcI/jF15rLaj+VqoNJXZOfAX9
Bv9LuPCBkkTQoIz2eqf8dq+c0b9G7d791fBd1yQ4zlbWFhQ0DWU47rJVviWEmvWF
bN/HhRciz+/GiZgyrXG+z7zTrnpMrS3447rdWjwBlR2kI6bMPIx3eLpk99iE43Xv
coZh4glFwju1AAVxabUSdfeOpHeeNe7lLuM5vofey9Wa3oQzncU7ypvXpBduYxVa
pKqDo8rRaT3XAM3WGt47SgHOPoLIb6/E3U6L8bmcd+BKuRFZOtQpJ1T5HqaGvhmY
kyMRLUZFBk5BjavVStva0z2lcQGc3jnykiTDkpTuSSBKiBrvlEZyugYB6I6ZhUWf
+Ha2UOO//7BWCm48Lwrf4sBt/ZJXaph95ptx6bz2UK6uyE09q84BWJ/j95ssjToM
rHWRxnadjeAgMdamM5lbEEIhXavF5EM/Fz9OGJ32a62/r3eH1eVv4E2IOI05+Ut5
JmP1rPzI+WQI6sj7fnWjSzJfQm0m3B0JwVOXfqHjrwV2JvFFHyVicz/nClih1oEM
wqvwPDDmBJ0muBOkLu81
=Zg5Z
-----END PGP SIGNATURE-----
>From edafc476cf82ebd24d9d9601078097d9a239246d Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Mon, 16 May 2016 21:50:58 +0530
Subject: [PATCH 1/2] Move LDAP server setup over to Plinth
---
first-run.d/50_ldap-server | 15 ---------------
setup.d/30_ldap-server | 48 ----------------------------------------------
2 files changed, 63 deletions(-)
delete mode 100755 first-run.d/50_ldap-server
delete mode 100755 setup.d/30_ldap-server
diff --git a/first-run.d/50_ldap-server b/first-run.d/50_ldap-server
deleted file mode 100755
index 6b45da8..0000000
--- a/first-run.d/50_ldap-server
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-#
-# Remove LDAP admin password. Allow root to modify the users directory.
-
-cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-delete: olcRootPW
-
-dn: olcDatabase={1}mdb,cn=config
-changetype: modify
-replace: olcRootDN
-olcRootDN: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
-
-EOF
diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server
deleted file mode 100755
index 1350b80..0000000
--- a/setup.d/30_ldap-server
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-domain=thisbox
-
-echo slapd slapd/domain string $domain | debconf-set-selections
-
-DEBIAN_FRONTEND=noninteractive apt-get install -y slapd ldap-utils
-
-# Make sure slapd isn't running when we use slapadd
-service slapd stop
-
-cat <<EOF |slapadd
-dn: ou=users,dc=$domain
-objectClass: top
-objectClass: organizationalUnit
-ou: users
-
-dn: ou=groups,dc=$domain
-objectClass: top
-objectClass: organizationalUnit
-ou: groups
-
-EOF
-
-# Configure PAM for LDAP user logins
-echo nslcd nslcd/ldap-uris string "ldapi:///" | debconf-set-selections
-echo nslcd nslcd/ldap-base string "dc=thisbox" | debconf-set-selections
-echo nslcd nslcd/ldap-auth-type select SASL | debconf-set-selections
-echo nslcd nslcd/ldap-sasl-mech select EXTERNAL | debconf-set-selections
-echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \
- | debconf-set-selections
-DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd
-
-# Allow only users in admin group to login: /usr/share/pam-configs/access
-#
-# Create home directories for LDAP users logging in for the first time:
-# /usr/share/pam-configs/mkhomedir-freedombox
-
-pam-auth-update --package
-
-if ! grep -q -- "^-:ALL EXCEPT root fbx (admin) (sudo):ALL$" \
- /etc/security/access.conf ; then
- printf "%s\n" "-:ALL EXCEPT root fbx (admin) (sudo):ALL" \
- >> /etc/security/access.conf
-fi
-
-# Allow all user of 'admin' LDAP to run commands as root:
-# /etc/sudoers.d/freedombox
--
2.8.1
>From 0f4358b458511e0af3df40eae9cb8182c358e5fe Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <su...@medhas.org>
Date: Wed, 18 May 2016 11:56:11 +0530
Subject: [PATCH 2/2] Move PAM configuration over to Plinth
Plinth is now also taking care of updaing PAM configurations along with
LDAP.
---
data/usr/share/pam-configs/access-freedombox | 6 ------
data/usr/share/pam-configs/mkhomedir-freedombox | 6 ------
debian/freedombox-setup.install | 1 -
3 files changed, 13 deletions(-)
delete mode 100644 data/usr/share/pam-configs/access-freedombox
delete mode 100644 data/usr/share/pam-configs/mkhomedir-freedombox
diff --git a/data/usr/share/pam-configs/access-freedombox b/data/usr/share/pam-configs/access-freedombox
deleted file mode 100644
index 19e6d2c..0000000
--- a/data/usr/share/pam-configs/access-freedombox
+++ /dev/null
@@ -1,6 +0,0 @@
-Name: Restrict login using access control table file
-Default: yes
-Priority: 0
-Account-Type: Additional
-Account-Final:
- required pam_access.so
diff --git a/data/usr/share/pam-configs/mkhomedir-freedombox b/data/usr/share/pam-configs/mkhomedir-freedombox
deleted file mode 100644
index eedc8b7..0000000
--- a/data/usr/share/pam-configs/mkhomedir-freedombox
+++ /dev/null
@@ -1,6 +0,0 @@
-Name: Create home directory during login
-Default: yes
-Priority: 900
-Session-Type: Additional
-Session:
- required pam_mkhomedir.so umask=0022 skel=/etc/skel
diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install
index 25739e3..d889c0e 100644
--- a/debian/freedombox-setup.install
+++ b/debian/freedombox-setup.install
@@ -7,4 +7,3 @@ data/etc/avahi/services/*.service etc/avahi/services
data/etc/sudoers.d/freedombox etc/sudoers.d
data/etc/sysctl.d/freedombox.conf etc/sysctl.d
data/etc/update-motd.d/50-freedombox etc/update-motd.d/
-data/usr/share/pam-configs/*-freedombox usr/share/pam-configs
--
2.8.1
