#!/bin/bash
#
yum install nss-pam-ldapd pam_ldap openldap-clients -y
sed -i "/^CACHECREDENTIALS=/d;/^USESHADOW=/d;/^USELDAPAUTH=/d;/^USELDAP=/d;/^USECRACKLIB=/d;/^USELOCAUTHORIZE=/d" /etc/sysconfig/authconfig
echo "CACHECREDENTIALS=yes
USESHADOW=yes
USELDAPAUTH=yes
USELDAP=yes
USECRACKLIB=yes
USELOCAUTHORIZE=yes" >> /etc/sysconfig/authconfig
grep 'session optional pam_mkhomedir.so skel=/etc/skel umask=0022' /etc/pam.d/system-auth || echo 'session optional pam_mkhomedir.so skel=/etc/skel umask=0022' >> /etc/pam.d/system-auth
grep 'auth sufficient pam_ldap.so use_first_pass' /etc/pam.d/system-auth || echo 'auth sufficient pam_ldap.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so' >> /etc/pam.d/system-auth
grep 'auth sufficient pam_ldap.so use_first_pass' /etc/pam.d/password-auth || echo 'auth sufficient pam_ldap.so use_first_pass
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so
session optional pam_mkhomedir.so skel=/etc/skel umask=0022' >> /etc/pam.d/password-auth
echo 'base dc=sky,dc=com
uri ldap://172.18.5.105/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5' > /etc/pam_ldap.conf
grep 'uri ldap://172.18.5.105/' /etc/nslcd.conf || echo 'uid nslcd
gid ldap
uri ldap://172.18.5.105/
base dc=sky,dc=com
ssl no
tls_cacertdir /etc/openldap/cacerts' >/etc/nslcd.conf
sed -i "s/^passwd: files$/passwd: files ldap/g;s/^shadow: files$/shadow: files ldap/g;s/^group: files$/group: files ldap/g;" /etc/nsswitch.conf
echo 'TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://172.18.5.105
BASE dc=sky,dc=com' > /etc/openldap/ldap.conf
chkconfig --level 35 nslcd on
/etc/init.d/nslcd start
####sudo config
grep 'sudoers: ldap' /etc/nsswitch.conf || echo 'sudoers: ldap' >> /etc/nsswitch.conf
echo 'uri ldap://172.18.5.105
sudoers_base ou=SUDOers,dc=sky,dc=com' > /etc/sudo-ldap.conf