Here's a rough hack. It follows the steps in the test script. I tested it out and it works.
BASEDN=`awk '/basedn/ {print $3}' < /etc/ipa/default.conf` 
IPASERVER=`awk '/server/ {print $3}' < /etc/ipa/default.conf` 
DOMAIN=`awk '/domain/ {print $3}' < /etc/ipa/default.conf` 


CONFDIR=`mktemp -d`
BACKUPDIR=/tmp/etcbackup

mkdir -p $CONFDIR/etc/sssd
mkdir -p $CONFDIR/etc/rc.d/
cp  /etc/sssd/sssd.conf $CONFDIR/etc/sssd 
cp  /etc/nsswitch.conf  $CONFDIR/etc
cp  /etc/rc.d/rc.local $CONFDIR/etc/rc.d/rc.local

mkdir -p $BACKUPDIR/etc/sssd
mkdir -p $BACKUPDIR/etc/rc.d/
cp  /etc/sssd/sssd.conf $BACKUPDIR/etc/sssd 
cp  /etc/nsswitch.conf  $BACKUPDIR/etc
cp  /etc/rc.d/rc.local  $BACKUPDIR/etc/rc.d/rc.local

BINDUID=$1
BINDPASS=$2


usage(){
        echo " usage $0 uid password"
}

if [ -z ""$BINDUID ] ||  [ -z ""$BINDPASS ]
then
        usage
        exit 1
fi



# this will go into /etc/nsswitch.conf
echo        sudoers:    ldap   >>  $CONFDIR/etc/nsswitch.conf



#this will go into sssd.conf

awk -v basedn=$BASEDN '{print $0 } /^ipa_server/ { print 
"ldap_netgroup_search_base = cn=ng,cn=compat,"basedn  }'  <  
$CONFDIR/etc/sssd/sssd.conf > $CONFDIR/etc/sssd/sssd.conf.new

mv $CONFDIR/etc/sssd/sssd.conf.new $CONFDIR/etc/sssd/sssd.conf

#this will go in /etc/nss_ldap.conf
cat > $CONFDIR/etc/nss_ldap.conf << END_TEXT
           sudoers_base ou=SUDOers,$BASEDN
           binddn uid=$BINDUID,cn=users,cn=accounts,$BASEDN
           bindpw $BINDPASS
           ssl start_tls
           tls_cacertfile /etc/ipa/ca.crt
           tls_checkpeer yes
           bind_timelimit 5
           timelimit 15
           uri ldap://$IPASERVER 
END_TEXT


ln -s $CONFDIR/etc/nss_ldap.conf $CONFDIR/etc/ldap.conf

echo nisdomainname $DOMAIN >> $CONFDIR/etc/rc.d/rc.local


cp  $CONFDIR/etc/sssd/sssd.conf /etc/sssd
cp  $CONFDIR/etc/nsswitch.conf  /etc
cp  $CONFDIR/etc/rc.d/rc.local  /etc/rc.d/rc.local
cp  $CONFDIR/etc/nss_ldap.conf  /etc
cp  $CONFDIR/etc/ldap.conf      /etc


rm -rf $CONFDIR 

echo execute these commands:
echo nisdomainname $DOMAIN 
echo service sssd restart

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to