jonathan/infra
1
0
Fork 0
Code Actions Activity

add openssh

Browse Source
This commit is contained in:
Jonathan DeMasi
2026-01-25 00:02:38 -07:00
parent 63da7e8ae4
commit 6e2486166b
4 changed files with 24 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ansible/roles/openldap_server/tasks/files/openssh-lpk.ldif
View File

@@ -1,22 +0,0 @@
#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
# useful with PKA-LDAP also
#
# Author: Eric AUGE <eau@phear.org>
#
# Based on the proposal of : Mark Ruijter
#
# octetString SYNTAX
attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
# printableString SYNTAX yes|no
objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MUST ( sshPublicKey $ uid )
)

22
ansible/roles/openldap_server/tasks/files/openssh.ldif
View File

@@ -1,16 +1,8 @@
dn: cn=openssh,cn=schema,cn=config dn: cn=openssh-lpk-openldap,cn=schema,cn=config
objectClass: olcSchemaConfig objectClass: olcSchemaConfig
cn: openssh olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' D
ESC 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 1.4.1.1466.115.121.1.40 )
NAME 'sshPublicKey' olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DE
DESC 'OpenSSH Public key' SC 'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MUST ( sshPublicK
EQUALITY octetStringMatch ey $ uid ) )
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0
NAME 'ldapPublicKey'
DESC 'OpenSSH LPK object class'
SUP top
AUXILIARY
MAY ( sshPublicKey ) )

42
ansible/roles/openldap_server/tasks/files/sudo.ldif
View File

@@ -1,42 +0,0 @@
dn: cn=sudo,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sudo
# Attribute definitions for sudo
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.1
NAME 'sudoUser'
DESC 'SudoUser'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.2
NAME 'sudoHost'
DESC 'SudoHost'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.3
NAME 'sudoCommand'
DESC 'SudoCommand'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.4
NAME 'sudoRunAs'
DESC 'SudoRunAs'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.15953.9.1.5
NAME 'sudoOption'
DESC 'SudoOption'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# sudoRole objectClass definition
olcObjectClasses: ( 1.3.6.1.4.1.15953.9.1.6
NAME 'sudoRole'
DESC 'Sudo Role'
SUP top
AUXILIARY
MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoOption ) )

32
ansible/roles/openldap_server/tasks/schemas.yaml
View File

@@ -32,24 +32,24 @@
# group: ldap # group: ldap
# mode: '0600' # mode: '0600'
# #
#- name: Copy openssh schema into place - name: Copy openssh schema into place
# copy: copy:
# src: files/openssh.ldif src: files/openssh.ldif
# dest: /etc/openldap/schema/openssh.ldif dest: /etc/openldap/schema/openssh.ldif
# owner: ldap owner: ldap
# group: ldap group: ldap
# mode: '0600' mode: '0600'
#- name: Ensure custom LDAP schemas (sudo + openssh) are loaded - name: Ensure custom LDAP schemas (sudo + openssh) are loaded
# ansible.builtin.command: > ansible.builtin.command: >
# ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }} ldapadd -Y EXTERNAL -H ldapi:/// -f {{ item.file }}
# args: args:
# creates: "/etc/openldap/schema/.{{ item.name }}_loaded" creates: "/etc/openldap/schema/.{{ item.name }}_loaded"
# loop: loop:
#- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" } #- { name: "sudo", file: "/etc/openldap/schema/sudo.ldif" }
# - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" } - { name: "openssh", file: "/etc/openldap/schema/openssh.ldif" }
# loop_control: loop_control:
# label: "{{ item.name }}" label: "{{ item.name }}"
# Touch marker files for idempotency (optional but recommended) # Touch marker files for idempotency (optional but recommended)
- name: Ensure marker files exist - name: Ensure marker files exist