added cern-wrappers cyrus-sasl-gssapi

f7ccb91b · Jarek Polok · 23db063d · f7ccb91b
Commit f7ccb91b authored Oct 13, 2016 by Jarek Polok 💬
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 2 deletions

slc6-base-docker.ks slc6-base-docker.ks +25 -2

No files found.
--- a/slc6-base-docker.ks
+++ b/slc6-base-docker.ks
@@ -20,8 +20,6 @@ clearpart --all --initlabel
 part / --fstype ext4 --size=1024 --grow
 reboot

-# note : no cern-wrappers for now .. since it pulls 22MB of perl ...
-
 %packages  --excludedocs --nobase --nocore
 bash
 bind-utils
@@ -30,7 +28,10 @@ grub
 hepix
 iproute
 iputils
+openldap-clients
+cern-wrappers
 krb5-workstation
+cyrus-sasl-gssapi
 passwd
 rootfiles
 sl-release
@@ -144,5 +145,27 @@ pam = {

 EOF

+cat > /etc/openldap/ldap.conf <<EOF
+#
+# LDAP CERN Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE DC=cern,DC=ch
+#note cerndc provides gssapi auth, xldap does not.
+#HOST cerndc.cern.ch  # or xldap.cern.ch
+#SIZELIMIT 12
+#DEREF always
+
+TLS_CACERTDIR /etc/openldap/certs
+TLS_REQCERT demand
+SSL start_tls
+
+# Turning this off breaks GSSAPI used with krb5 when rdns = false
+SASL_NOCANON	on
+
+EOF

 %end