#!/bin/bash

# set up defaults for using ldap (pre-answering ldap-auth-config)
echo "ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://192.168.2.2" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/ldapns/base-dn string  dc=depaoli,dc=id,dc=au" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/dbrootlogin boolean true" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/dblogin boolean false" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=depaoli,dc=id,dc=au" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc=depaoli,dc=id,dc=au" | debconf-set-selections
echo "ldap-auth-config ldap-auth-config/rootbindpw string a_real_admin_pass_word_for_2o20" | debconf-set-selections

sudo apt install libnss-ldap libpam-ldap ldap-utils nscd

# make system use ldap for users / groups
sed -i -e s"/passwd:         files/passwd: files systemd ldap/" /etc/nsswitch.conf
sed -i -e s"/group:          files/group: files systemd ldap/" /etc/nsswitch.conf

# test this
echo 'pam-auth-update pam-auth-update/enable_mkhomedir boolean true' | sudo debconf-set-selections
sudo DEBIAN_FRONTEND=noninteractive pam-auth-update ; # tick on home dir creation

# add bind_policy soft to /etc/ldap.conf (as root)
echo "bind_policy soft" >> /etc/ldap.conf

# OLD WAY: answer:
#1) ldap://192.168.2.2
#2) dc=depaoli,dc=id,dc=au
#3) 3
#4) Yes
#5) No
#6) cn=admin,dc=depaoli,dc=id,dc=au
#7) a_real_admin_pass_word_for_2o20