19 lines
714 B
Django/Jinja
19 lines
714 B
Django/Jinja
#!/bin/bash
|
|
|
|
# This script retrieves SSH keys from LDAP for the passed username
|
|
# and prints them to stdout. Intended to be used as the
|
|
# AuthorizedKeysCommand in sshd_config.
|
|
|
|
# Usage: ldap-ssh-authorizedkeys.sh <username>
|
|
|
|
sshkey_attr="{{ sshkey_attr | default('ssh_publickey') }}"
|
|
# user_attr should probably be either 'cn' or 'spn' depending on which attribute
|
|
# is used for username mapping on the system.
|
|
user_attr="{{ user_attr | default('cn') }}"
|
|
ldap_base="{{ ldap_search_base }}"
|
|
ldap_uri="{{ ldap_uri }}"
|
|
|
|
ldap_filter="(&(objectClass=posixAccount)($user_attr=$1))"
|
|
|
|
ldapsearch -o ldif-wrap=no -x -LLL -H "$ldap_uri" -b "$ldap_base" "$ldap_filter" "$sshkey_attr" | grep "^$sshkey_attr:" | cut -d' ' -f2-
|