[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. 0.7-11-g693c2f3

[Andreas B. Mundt]

The following commit has been merged in the master branch:
commit 693c2f3349c36ac533e3016850dc57b4910b5e84
Author: Andreas B. Mundt <andi at debian.org>
Date:   Fri Jan 25 23:59:12 2013 +0100

    GOsa by default, cleanup.  Predefined sudo roles with member 'admin'.
    
    LDAP sudoers roles:
        * sudo access to all machines including the mainserver
        * sudo access to all workstation* and diskless* hosts

diff --git a/fai/config/class/50-host-classes b/fai/config/class/50-host-classes
index 8e6ea9a..516bb89 100755
--- a/fai/config/class/50-host-classes
+++ b/fai/config/class/50-host-classes
@@ -29,7 +29,8 @@
 ##     GERMAN     localization class
 ##
 
-FLAVOR="LVM7_A"
+## Choose your mainserver setting:
+FLAVOR="LVM7_A"  ## default for ease of testing in a vm
 #FLAVOR="LVM6BAK_A"  ## backup disk
 #FLAVOR="RAIDLVM7_A RAID"  ## RAID1
 #FLAVOR="RAIDLVM6BAK_A RAID"  ## RAID1, backup disk
@@ -38,12 +39,9 @@ FLAVOR="LVM7_A"
 #FLAVOR="RAIDLVM8_A RAID DISKLESS_SERVER"  ## diskless, RAID1
 #FLAVOR="RAIDLVM7BAK_A RAID DISKLESS_SERVER"  ## diskless, RAID1, backup disk
 
+## Setup with graphical user management tool GOsa.  Remove GOSA class if it is not needed:
 MAINSERVER_A="$FLAVOR LOG_SERVER PROXY NTP_SERVER DNS_SERVER NFS_SERVER MAIL_SERVER \
-LDAP_CLIENT LDAP_SERVER KERBEROS_CLIENT KERBEROS_KDC KDC_LDAP SERVER_A"
-
-## Use this to install a setup with GOsa:
-#MAINSERVER_A="$FLAVOR LOG_SERVER PROXY NTP_SERVER DNS_SERVER NFS_SERVER MAIL_SERVER \
-#LDAP_CLIENT LDAP_SERVER KERBEROS_CLIENT KERBEROS_KDC KDC_LDAP SERVER_A GOSA"
+LDAP_CLIENT LDAP_SERVER KERBEROS_CLIENT KERBEROS_KDC KDC_LDAP SERVER_A GOSA"
 
 WORKSTATION_A="LVM5_A LOG_CLIENT LDAP_CLIENT NFS_CLIENT KERBEROS_CLIENT CLIENT_A"
 
@@ -70,6 +68,8 @@ case $HOSTNAME in
 	# echo "FAIBASE DEBIAN DHCPC $WORKSTATION_A XORG DESKTOP GERMAN" ;;
 	echo "FAIBASE DEBIAN DHCPC $WORKSTATION_A XORG DESKTOP" ;;
     diskless)
+	## You might want to add some localization class like:
+        # echo "DEBIAN $WORKSTATION_A XORG DISKLESS_CLIENT GERMAN"
         echo "DEBIAN $WORKSTATION_A XORG DISKLESS_CLIENT"
         ## skip GRUB_PC below:
         exit 0 ;;
diff --git a/fai/config/files/etc/ldap/gosa.ldif/GOSA b/fai/config/files/etc/ldap/gosa.ldif/GOSA
index db0d1d7..a120bc9 100644
--- a/fai/config/files/etc/ldap/gosa.ldif/GOSA
+++ b/fai/config/files/etc/ldap/gosa.ldif/GOSA
@@ -89,20 +89,43 @@ ou: sudoers
 dn: cn=defaults,ou=sudoers,ou=gosa,dc=intern
 objectClass: top
 objectClass: sudoRole
+description: default sudo options
 cn: defaults
-description: Default sudo options go here
 sudoOption: env_reset
 
 dn: cn=DebianLAN,ou=sudoers,ou=gosa,dc=intern
 objectClass: top
 objectClass: sudoRole
-sudoUser: www-data
-sudoHost: mainserver
+description: propagate GOsa's changes to the system
 cn: DebianLAN
 sudoOption: !authenticate
 sudoOption: !syslog
 sudoOption: env_keep=USERPASSWORD
-description: Propagate GOsa's changes to the system
+sudoHost: mainserver
+sudoRunAs: ALL
 sudoCommand: /usr/local/sbin/gosa-sync
 sudoCommand: /usr/local/sbin/gosa-remove
 sudoCommand: /usr/local/sbin/gosa-create
+sudoUser: www-data
+
+## some admin roles: give admin(s) sudo access
+dn: cn=Admins,ou=sudoers,ou=gosa,dc=intern
+objectClass: top
+objectClass: sudoRole
+description: sudo access all machines
+cn: Admins
+sudoHost: ALL
+sudoRunAs: ALL
+sudoCommand: ALL
+sudoUser: admin
+
+dn: cn=ClientAdmins,ou=sudoers,ou=gosa,dc=intern
+objectClass: top
+objectClass: sudoRole
+description: sudo access all clients
+cn: ClientAdmins
+sudoHost: workstation*
+sudoHost: diskless*
+sudoRunAs: ALL
+sudoCommand: ALL
+sudoUser: admin

-- 
Debian-LAN development and packaging