#!/bin/bash

set -e

. /usr/share/debconf/confmodule

# stores ldap bindpw in $RET
db_get alice-auth/ldap-bind-password

SSSD_CONFIG=/etc/sssd/sssd.conf
SSHD_CONFIG=/etc/ssh/sshd_config

# sets bindpw in sssd config
sed -i "s/ldap_default_authtok =.*/ldap_default_authtok = $RET/" $SSSD_CONFIG

# sets auth keys script in sshd config
sed -i "s/#AuthorizedKeysCommand/AuthorizedKeysCommand/" $SSHD_CONFIG
sed -i "/AuthorizedKeysCommand\( \|$\)/s/AuthorizedKeysCommand.*/AuthorizedKeysCommand \/usr\/bin\/sss_ssh_authorizedkeys/" $SSHD_CONFIG

# change permissions and owner of sssd config
chmod 600 $SSSD_CONFIG
chown root:root $SSSD_CONFIG

# check if sss is set on hosts in /etc/nsswitch.conf
if ! grep -q '^hosts:.*sss' /etc/nsswitch.conf; then
    sed -i 's/files/files sss/' /etc/nsswitch.conf
fi

systemctl restart sssd autofs ssh