#!/bin/bash

# Standardwerte setzen
DOM=""

# Optionen mit getopts parsen
while getopts "d:" opt; do
  case $opt in
    d) DOM="$OPTARG" ;;
    *) echo "Ungültige Option" >&2; exit 1 ;;
  esac
done

# Gültigkeit prüfen
if [[ -z "$DOM" ]]; then
    echo "Fehlende Argumente für statische Konfiguration! Nutzung:"
    echo "$0 -d <DOM>"
    exit 1
fi


echo Installation
apt update
apt install -y sssd libnss-sss libpam-sss libsss-sudo sssd-tools oddjob-mkhomedir
echo Konfiguration
cat<<HERE > /etc/sssd/sssd.conf
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = $DOM.int

[domain/$DOM.int]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
access_provider = permit
sudo_provider = ldap
ldap_uri = ldaps://ldap.$DOM.int
ldap_search_base = dc=$DOM,dc=int
ldap_sudo_search_base = ou=sudo,dc=$DOM,dc=int
ldap_default_bind_dn = cn=admin,dc=$DOM,dc=int
ldap_default_authtok = 123Start$
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
ldap_tls_reqcert = hard
cache_credentials = True

[nss]
filter_users = root,daemon,bin,sys,sync,games,man,lp,mail,news,uucp,proxy,www-data,backup,list,irc,gnats,nobody,systemd-network,systemd-resolve,messagebus,_apt,uuidd,nslcd
filter_groups = root,daemon,bin,sys,adm,tty,disk,lp,mail,news,uucp,man,proxy,kmem,dialout,fax,voice,cdrom,floppy,tape,sudo,audio,dip,www-data,backup,operator,list,irc,src,gnats,shadow,utmp,video,sasl,plugdev,staff,games,users,nogroup,systemd-journal,systemd-network,systemd-resolve,input,kvm,render,crontab,netdev,messagebus,_apt,uuidd,ssh,nslcd

[pam]
offline_credentials_expiration = 2
HERE
echo "Rechte anpassen"
chmod 600 /etc/sssd/sssd.conf
echo Pam Modul mkhomdir akivieren
pam-auth-update --enable sss mkhomedir