1 files changed, 49 insertions, 0 deletions

diff --git a/roles/ssh-ldap/tasks/main.yml b/roles/ssh-ldap/tasks/main.yml
new file mode 100644
index 00000000..cc1ba17f
--- /dev/null
+++ b/roles/ssh-ldap/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Install packages
+  apt: pkg={{item}} state=installed
+  with_items:
+    - libnss-db
+    - libnss-ldap
+    - libpam-ccreds
+    - nss-updatedb
+    - python-ldap
+
+- name: Copy linaro_ldap script
+  copy: src=linaro_ldap.py dest=/usr/lib/python2.7/dist-packages mode=555 owner=root
+
+- name: Copy ssh_keys.py script
+  copy: src=ssh_keys.py dest=/etc/ssh/ssh_keys.py mode=555 owner=root
+  register: ssh_keys
+
+- name: Configure ldap.conf
+  template: src=ldap.conf dest=/etc/
+
+- name: See if offline LDAP cache exists
+  stat: path=/var/lib/misc/group.db
+  register: cache
+
+- name: Generate offline LDAP cache
+  when: cache.stat.exists == False or ssh_keys.changed
+  command: /etc/ssh/ssh_keys.py --sync {{ldap_cache_url}}
+
+- name: Configure nsswitch.conf
+  copy: src=nsswitch.conf dest=/etc/
+
+- name: Configure sudoers
+  template: src=ansible_sudoers dest=/etc/sudoers.d/
+            mode=0400 owner=root
+
+- name: Enable home directory creation
+  copy: src=mkhomedir dest=/usr/share/pam-configs/
+  register: mkhomedir
+
+- name: Update pam-auth-update
+  when: mkhomedir is defined and mkhomedir.changed
+  command: pam-auth-update --force --package
+
+- name: Configure sshd (authorized keys and allowgroups)
+  template: src=sshd_config dest=/etc/ssh/
+  notify:
+    - restart-sshd
+
+- name: Add cron job for syncing with LDAP
+  template: src=cron.d dest=/etc/cron.d/ldap-sync