# Setup LDAP-logon on ubuntu-servers
# 

# Install dependencies
sudo nala install sssd -y

# Download configs and scripts
mkdir -p /tmp/ldapsetup/
wget -q -O --show-progress /tmp/ldapsetup/authentik_customcert.pem https://code.strandbo.no/morten/ubuntu-ldap-integration/raw/branch/main/authentik_customcert.pem
wget -q -O --show-progress /tmp/ldapsetup/ldap.conf https://code.strandbo.no/morten/ubuntu-ldap-integration/raw/branch/main/ldap.conf
wget -q -O --show-progress /tmp/ldapsetup/nsswitch.conf https://code.strandbo.no/morten/ubuntu-ldap-integration/raw/branch/main/nsswitch.conf
wget -q -O --show-progress /tmp/ldapsetup/ssh-getkey-ldap.sh https://code.strandbo.no/morten/ubuntu-ldap-integration/raw/branch/main/ssh-getkey-ldap.sh
wget -q -O --show-progress /tmp/ldapsetup/sssd.conf https://code.strandbo.no/morten/ubuntu-ldap-integration/raw/branch/main/sssd.conf

# Move them about and rub
echo "## Placing files and rubbing 'em"
mv /tmp/ldapsetup/sssd.conf /etc/sssd/
mv /tmp/ldapsetup/authentik_customcert.pem /etc/ssl/certs/
mv -f /tmp/ldapsetup/ldap.conf /etc/ldap/
mv /tmp/ldapsetup/ssh-getkey-ldap.sh /etc/ldap
mv -f /tmp/ldapsetup/nsswitch.conf /etc/

chmod 0600 /etc/sssd/sssd.conf
pam-auth-update --enable mkhomedir

# Insert sshd_config
echo "# SS//Login specific info" >> /etc/ssh/sshd_config
echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "AuthorizedKeysCommand /etc/ldap/ssh-getkey-ldap.sh" >> /etc/ssh/sshd_config
echo "AuthorizedKeysCommandUser nobody" >> /etc/ssh/sshd_config


echo "###"
echo "And we're done. Have a quick reboot and login with your SS//Login Credentials"