]>
git.immae.eu Git - perso/Immae/Config/Nix.git/blob - systems/eldiron/ftp_sync.sh
5 LDAP_BIND
= "cn=ssh,ou=services,dc=immae,dc=eu"
6 LDAP_PASS
= $(cat /etc/ssh/ldap_password)
7 LDAP_HOST
= "ldap://ldap.immae.eu"
8 LDAP_BASE
= "dc=immae,dc=eu"
9 LDAP_FILTER
= "(memberOf=cn=users,cn=ftp,ou=services,dc=immae,dc=eu)"
10 USER_LDAP_BASE
= "ou=users,dc=immae,dc=eu"
14 PSQL_USER
= "immae_auth_read"
15 PSQL_PASS
= $(cat /etc/ssh/psql_password)
17 mkdir -p / var
/ lib
/ proftpd
/ authorized_keys
19 allowed_logins
= $
( ldapsearch
-H " $LDAP_HOST " -ZZ -LLL -D " $LDAP_BIND " -w " $LDAP_PASS " -b " $LDAP_BASE " -x -o ldif
-wrap = no
" $LDAP_FILTER " '' \
20 | grep "^dn.* $USER_LDAP_BASE $" \
21 | sed -e "s/^dn: uid=\([^,]*\),.* $USER_LDAP_BASE $/'\1'/" \
24 PGPASSWORD
= " $PSQL_PASS " psql
-U " $PSQL_USER " -h " $PSQL_HOST " -X -A -t -d " $PSQL_BASE " -c "SELECT login, key FROM ldap_users_ssh_keys WHERE realm = 'immae' AND 'ftp' = ANY(usage) AND login IN ( $allowed_logins );" | while IFS
= '|' read user key
; do
25 touch / var
/ lib
/ proftpd
/ authorized_keys
/ $user
26 ssh -keygen -e -f <( echo " $key " ) >> / var
/ lib
/ proftpd
/ authorized_keys
/ $user