From dbd124296441142bb636f4fe56e9b3846a19bc1e Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Wed, 1 Apr 2015 22:28:34 +0159
Subject: [PATCH] doing some dull work

---
 ad-auth/files/sudo/admin        |  1 +
 ad-auth/tasks/main.yml          |  1 +
 ad-auth/tasks/sudo.yml          | 10 ++++++++++
 ad-auth/templates/ldap.conf.j2  |  7 +++----
 ad-auth/templates/nslcd.conf.j2 |  7 +++----
 5 files changed, 18 insertions(+), 8 deletions(-)
 create mode 100644 ad-auth/files/sudo/admin
 create mode 100644 ad-auth/tasks/sudo.yml

diff --git a/ad-auth/files/sudo/admin b/ad-auth/files/sudo/admin
new file mode 100644
index 0000000..56838a9
--- /dev/null
+++ b/ad-auth/files/sudo/admin
@@ -0,0 +1 @@
+%admin ALL=(ALL:ALL) ALL
diff --git a/ad-auth/tasks/main.yml b/ad-auth/tasks/main.yml
index 3d4abef..3ebf584 100644
--- a/ad-auth/tasks/main.yml
+++ b/ad-auth/tasks/main.yml
@@ -6,3 +6,4 @@ tasks:
   - include: nslcd.yml
   - include: nscd.yml
   - include: kerberos.yml
+  - include: sudo.yml
diff --git a/ad-auth/tasks/sudo.yml b/ad-auth/tasks/sudo.yml
new file mode 100644
index 0000000..761d91b
--- /dev/null
+++ b/ad-auth/tasks/sudo.yml
@@ -0,0 +1,10 @@
+---
+# file: roles/ad-auth/tasks/sudo.yml
+
+- name: ensure users of group admin are in the sudoers
+  copy: src=sudo/admin dest=/etc/sudoers.d/admin owner=root group=root mode=0440
+  tags: sudo config
+
+- name: check whole sudo config
+  command: visudo -q -c -f /etc/sudoers
+  tags: sudo test
diff --git a/ad-auth/templates/ldap.conf.j2 b/ad-auth/templates/ldap.conf.j2
index 4a815c5..3ac0530 100644
--- a/ad-auth/templates/ldap.conf.j2
+++ b/ad-auth/templates/ldap.conf.j2
@@ -1,4 +1,3 @@
-## TODO
 #
 # LDAP Defaults
 #
@@ -6,11 +5,11 @@
 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.
 
-BASE	dc=fsmpi,dc=rwth-aachen,dc=de
-URI	ldaps://rumo.fsmpi.rwth-aachen.de
+BASE	{{ authbase }}
+URI	ldaps://{{ authserver }}
 
 #SIZELIMIT	12
 #TIMELIMIT	15
 #DEREF		never
 
-TLS_CACERT	/etc/ssl/certs/rwth_chain.pem
+TLS_CACERT	{{ authcacert }}
diff --git a/ad-auth/templates/nslcd.conf.j2 b/ad-auth/templates/nslcd.conf.j2
index de34bdc..5675aeb 100644
--- a/ad-auth/templates/nslcd.conf.j2
+++ b/ad-auth/templates/nslcd.conf.j2
@@ -1,4 +1,3 @@
-## TODO
 # /etc/nslcd.conf
 # nslcd configuration file. See nslcd.conf(5)
 # for details.
@@ -8,10 +7,10 @@ uid nslcd
 gid nslcd
 
 # The location at which the LDAP server(s) should be reachable.
-uri ldaps://rumo.fsmpi.rwth-aachen.de/
+uri ldaps://{{ authserver }}
 
 # The search base that will be used for all queries.
-base dc=fsmpi,dc=rwth-aachen,dc=de
+base {{ authbase }}
 
 # The LDAP protocol version to use.
 #ldap_version 3
@@ -25,7 +24,7 @@ base dc=fsmpi,dc=rwth-aachen,dc=de
 
 # SSL options
 #ssl off
-tls_cacertfile /etc/ssl/certs/rwth_chain.pem
+tls_cacertfile {{ authcacert }}
 tls_reqcert demand
 
 # The search scope.
-- 
GitLab