Puppet users - Mar 2012 - Fetch ldap authorized_keys from ldap, copy to puppets local filesystem for needed users

Hello,

I''m trying to set up the following environment:

Ldap containing
users as posixaccount (uid, home directory,.... and an attribute
containing their ssh public key).
machines with an attribute indicating which users or user groups are
allowed to ssh to the box

What I''d like to do is the following:

From puppetmaster, browse the ldap and

loop on each machine
Fetch the users allowed to login
Loop on each user
Fetch their uid, etc
Fetch their ssh public key
create the /home/$username/.ssh/authorized_keys file
End loop
Delete /home/$username for all users having no longer access to the
box
End loop

This is needed because ssh server on machines is configured only with
publickey auth so I need to put the authorized_keys file for them to
be able to connect to the box.

I don''t really know where to start... I can manually create the
authorized_key file on my puppet nodes but by manually specifying the
user and the public key, I have to idea how to get the information
from ldap and then loop in my script...

I''ve tried looking at the documentation but don''t really know
where to
start. I''ve found the wiki page on defining nodes inside ldap but
I''m
not sure that this is what I need.

Thanks for your time,

Best regards,
Emilien

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mar 6, 2012, at 3:24 AM, Emilien wrote:
> Hello,
> 
> I''m trying to set up the following environment:
> 
> Ldap containing
> users as posixaccount (uid, home directory,.... and an attribute
> containing their ssh public key).
> machines with an attribute indicating which users or user groups are
> allowed to ssh to the box
> 
> What I''d like to do is the following:
> 
> From puppetmaster, browse the ldap and
> 
> loop on each machine
> Fetch the users allowed to login
> Loop on each user
> Fetch their uid, etc
> Fetch their ssh public key
> create the /home/$username/.ssh/authorized_keys file
> End loop
> Delete /home/$username for all users having no longer access to the
> box
> End loop
> 
> This is needed because ssh server on machines is configured only with
> publickey auth so I need to put the authorized_keys file for them to
> be able to connect to the box.
> 
> I don''t really know where to start... I can manually create the
> authorized_key file on my puppet nodes but by manually specifying the
> user and the public key, I have to idea how to get the information
> from ldap and then loop in my script...
> 
> I''ve tried looking at the documentation but don''t really
know where to
> start. I''ve found the wiki page on defining nodes inside ldap but
I''m
> not sure that this is what I need.
> 
> Thanks for your time,
----
I don''t think that puppet is really the best tool for the job and that
you should probably reexamine the mission and you will find that there are
better implementations within LDAP (host based access).

I suppose if you were really determined to go down your path, you could write
some custom fact that gave you the output of ''ls /home'' to get
an overview of who had home directories on each server but the puppet way would
be to have each server to put everyone''s home directory (with public
keys) and allow LDAP (PAM/PADL/LDAP) to handle whether a particular user access
a particular host.

Craig

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.