From 572dd5a3b0bacaae89fdebe58f769209b12c1c2f Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Fri, 13 Dec 2019 18:41:34 +0100
Subject: [PATCH] Add LDAP client config and enable pam_umask.

---
 roles/lan-client/tasks/main.yml | 17 +++++++++++++++++
 roles/ldap/tasks/main.yml       | 12 ++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/roles/lan-client/tasks/main.yml b/roles/lan-client/tasks/main.yml
index 6882fa9..24bfacc 100644
--- a/roles/lan-client/tasks/main.yml
+++ b/roles/lan-client/tasks/main.yml
@@ -33,6 +33,23 @@
       - nfs-common
     state: latest
 
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldap://ldap/"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
+- name: enable pam_umask
+  lineinfile:
+    dest: /etc/pam.d/common-session
+    line: "session optional	pam_umask.so usergroups"
+
 ## oddjob-mkhomedir works only with sec=sys for the NFSv4 share
 
 - name: install extra packages from stable
diff --git a/roles/ldap/tasks/main.yml b/roles/ldap/tasks/main.yml
index e8b9e65..d2f7afa 100644
--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@@ -69,6 +69,18 @@
     replace: '\1	ldap'
   when: not slapd.stat.exists
 
+- name: add URI to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "URI ldapi:///"
+    insertafter: "#URI.*"
+
+- name: add BASE to ldap.conf
+  lineinfile:
+    dest: /etc/ldap/ldap.conf
+    line: "BASE {{ basedn }}"
+    insertafter: "#BASE.*"
+
 #######################################################################################
 ## Use the admin password saved to file from now on (available also after installation):
 - name: slurp admin password