From 53342677739c44305a4a4d9eda36976397595abe Mon Sep 17 00:00:00 2001
From: jaydee <jaydee@inmail.sk>
Date: Tue, 22 Aug 2023 15:22:19 +0200
Subject: [PATCH] upt playbook

---
 playbooks/00_install_ldap_client.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/playbooks/00_install_ldap_client.yml b/playbooks/00_install_ldap_client.yml
index 24c0c2d..8122a19 100644
--- a/playbooks/00_install_ldap_client.yml
+++ b/playbooks/00_install_ldap_client.yml
@@ -1,4 +1,4 @@
-- hosts: morefine
+- hosts: raspberry
   name: Install omv
   become: true
   tasks:
@@ -99,4 +99,23 @@
       ansible.builtin.service:
         name: nslcd.service
         state: restarted
+        
+    - name: Creating a file with content
+      copy:
+        dest: "/usr/local/bin/fetchSSHKeysFromLDAP"
+        content: |
+          #!/usr/bin/bash
+          ldapsearch  -x '(&(objectClass=ldapPublicKey)(cn='"$1"'))' 'sshPublicKey' |     sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'  
+
+    - name: Reconfigure sshd
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^#AuthorizedKeysCommand *"
+        line: "AuthorizedKeysCommand /usr/local/bin/fetchSSHKeysFromLDAP"
+
+    - name: Reconfigure sshd
+      ansible.builtin.lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: "^#AuthorizedKeysCommandUser *"
+        line: "AuthorizedKeysCommandUser root"
         
\ No newline at end of file