You could make use of a /etc/skel directory, although I’m unsure how that would work for an OpenLDAP server. An
/etc/skel directory can store all the settings needed when a new user is created in a workstation.
I think this is something that can be done using Ansible for modifying the /etc/skel directory as root. However, I’m not sure if the directories and files in
/etc/skel can be pushed automatically to existing users using Ansible given that the owner and group permissions need to be set correctly.
Also, for Ansible, you can create an Ansible user in OpenLDAP or Active Directory and assign it an Administrators group. As root, you need to use the
visudo command and add the following line as follows:
## User privilege specification
root ALL=(ALL:ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL
%Administrators ALL=(ALL:ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL
And now Ansible can sudo without an issue. Of course, that’s a manual process, so you would definitely need to create an image.
Oh, I found an article about Cubic. Perhaps this will help. You can setup an LDAP authentication from there that will authenticate users to an LDAP server.
For example, to add LDAP packages along with PAM support (Pluggable Authentication Module), add the following packages like so:
Then, you can configure LDAP authentication as follows:
# The location at which the LDAP server(s) should be reachable.
# The search base that will be used for all queries.
base group ou=Groups,dc=companyname,dc=lan
base passwd ou=Users,dc=companyname,dc=lan
base shadow ou=Users,dc=companyname,dc=lan
If your company has a root certificate stored in the server, add that root certificate to /etc/ssl/certs.
Then, to configure SSL for LDAP, add or edit the following lines in
# SSL options
You can configure anything you like with Cubic.
Hope that helps!