#!/bin/sh
#
# Configure machine for roaming, ie disconnected operation.

set -e

append_if_missing() {
    file="$1"
    string="$2"
    if [ -e "$file" ] ; then
        if ! grep -qxF "$string" "$file" ; then
            echo "$string" >> $file
        fi
    fi
}

aptitude install -y libpam-mklocaluser
aptitude install -y libpam-sss libnss-sss

# Avoid duplicate pam setup, remove the non-caching ldapd version
apt-get purge -y libpam-ldapd

# Avoid duplicate pam setup, remove the non-caching kerberos version too
apt-get purge -y libpam-krb5

# Avoid double caching, as sssd is already caching
apt-get purge -y nscd

# Roaming workstations are typically single user machines, so do not
# throw out the user if he is idle.
apt-get purge -y killer

# configure sssd
rm -f /etc/sssd/sssd.conf
/usr/share/debian-edu-config/tools/sssd-generate-config > /etc/sssd/sssd.conf
if [ -s /etc/sssd/sssd.conf ] ; then
    chmod 600 /etc/sssd/sssd.conf
    chown root:root /etc/sssd/sssd.conf
else # Fallback failed, link to static setup
    # sssd refuses to read the file if it has any other mode
    chmod 600 /etc/sssd/sssd-debian-edu.conf
    chown root:root /etc/sssd/sssd-debian-edu.conf
    rm -f /etc/sssd/sssd.conf
    ln -s sssd-debian-edu.conf /etc/sssd/sssd.conf
fi
invoke-rc.d sssd restart || true


# FIXME Review this when newer sssd version with netgroup support is
# available in Debian (ie wheezy++).
# libnss-sss version 1.2 do not support netgroup, so we leave that to
# libnss-ldapd.
# This code is still needed even thought sssd since version 1.2-2
# update nsswitch.conf during installation, because we want to disable
# ldap and enable sss for only some of the tables.
cat > /etc/nsswitch.conf <<EOF
passwd:         files sss
group:          files sss
shadow:         files sss
hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files ldap
protocols:      files
services:       files
ethers:         files
rpc:            files
netgroup:       files sss ldap
sudoers:        files ldap
EOF
