Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer · Wolfgang Schweer
--- a/Makefile
+++ b/Makefile
@@ -388,6 +388,7 @@ install: install-testsuite
 		share/debian-edu-config/edu-xfce4-panel.xml \
 		share/debian-edu-config/55xfce4-session-debian-edu \
 		share/debian-edu-config/lightdm-gtk-greeter.conf \
+		share/debian-edu-config/sudo-ldap.conf \
 		share/pam-configs/edu-group \
 		share/pam-configs/edu-umask \
 		share/perl5/Debian/Edu.pm \

--- a/cf3/cf.finalize
+++ b/cf3/cf.finalize
@@ -14,6 +14,13 @@ files:
    link_from => ln_s("/usr/share/debian-edu-config/lightdm-gtk-greeter.conf"),
    move_obstructions => "true";

+  # Make sure menu overrides are enabled in each case.
+
+  debian.installation::
+
+    "/etc/default/desktop-profiles"
+    edit_line => profile;
+
 commands:

  debian.server.installation::
@@ -60,3 +67,30 @@ commands:
    "/usr/sbin/pam-auth-update --package"
      contain => in_shell;
 }
+
+bundle edit_line profile
+{
+
+replace_patterns:
+
+  "PERSONALITY=polite" replace_with => value("PERSONALITY=rude");
+}
+
+bundle agent editline_finalize
+{
+
+vars:
+
+  "menu"    string => "MENUREORDER=true";
+
+files:
+
+  # Enable our menu overrides also on standalone installations
+
+  debian.standalone.installation::
+
+    "/etc/debian-edu/config"
+      create => "true",
+      edit_line => append_if_no_line("$(menu)");
+}
+
--- a/cf3/cf.homes
+++ b/cf3/cf.homes
@@ -47,7 +47,6 @@ vars:
                        "/srv/nfs4/home0 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)" };
  "ltsp_only" slist  => { "/opt/ltsp/$(default_arch) 10.0.0.0/255.0.0.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.0.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)" };
  "fstab"   string => "/skole/tjener/home0	     /srv/nfs4/home0	none	bind	0	0";
-  "menu"    string => "MENUREORDER=true";
  "autofs"  string => "LDAPURI=ldap://$(edu.ldapserver)";

 files:
@@ -76,14 +75,6 @@ files:
      create => "true",
       edit_line => append_if_no_line("$(ltsp_only)");

-  # Enable our menu overrides on standalone installations
-
-  debian.standalone.installation::
-
-    "/etc/debian-edu/config"
-      create => "true",
-      edit_line => append_if_no_line("$(menu)");
-
  # Enable autofs using LDAP unless running the server,
  # standalone or roaming workstations.


--- a/cf3/cf.ldapclient
+++ b/cf3/cf.ldapclient
@@ -19,38 +19,22 @@ vars:
  "nss_conf"   slist  => { "passwd:         files ldap",
                           "group:          files ldap",
                           "shadow:         files ldap",
-                           "netgroup:       files ldap",
+                           "netgroup:       nis   ldap",
                           "automount:      files ldap" };
-  "ldap_conf"  slist  => { "HOST $(edu.ldapserver)",
-                           "sudoers_base ou=sudoers,$(edu.ldapbase)",
-                           "BASE $(edu.ldapbase)",
-                           "TLS_REQCERT demand",
-                           "TLS_CACERT /etc/ssl/certs/debian-edu-server.crt" };
-  "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";

 files:

  debian.!standalone.!roaming.installation::

+    "/etc/sudo-ldap.conf"
+    link_from => ln_s("/usr/share/debian-edu-config/sudo-ldap.conf"),
+    move_obstructions => "true";
+
    "/etc/nsswitch.conf"
      edit_line => append_if_no_line( @(nss_conf) );

    "/etc/nsswitch.conf"
      edit_line => nsswitch_conf;
-
-  # Adjust for package sudo-ldap; also use the downloaded LDAP SSL certificate
-  # to verify the connection to the server.
-
-  debian.!standalone.installation::
-
-    "/etc/ldap/ldap.conf"
-      edit_line => append_if_no_line("$(ldap_conf)");
-
-   "/etc/nslcd.conf"
-      edit_line => nslcd_conf;
-
-   "/etc/nslcd.conf"
-      edit_line => append_if_no_line("$(nslcd_conf)");
 }

 bundle edit_line nsswitch_conf
@@ -66,14 +50,3 @@ replace_patterns:
  "^($(regexpr))$" replace_with => comment("#");
 }

-bundle edit_line nslcd_conf
-{
-
-vars:
-
-  "nslcd_conf" string => "tls_cacertfile /etc/ssl/certs/debian-edu-server.crt";
-
-replace_patterns:
-
-  "/etc/ldap/ssl/ldap-server-pubkey.pem" replace_with => value("/etc/ssl/certs/debian-edu-server.crt");
-}
--- a/cf3/cf.ntp
+++ b/cf3/cf.ntp
 bundle agent ntp
 {
-# Disable Systemd service, use custom ntp configuration.
+# Disable Systemd service for networked systems, use custom ntp configuration.
 # Respect that LTSP is prefering systemd-timesyncd.

 commands:

-  debian.!ltspclient.installation::
+  debian.!standalone.!ltspclient.installation::

    "/bin/systemctl disable systemd-timesyncd"
      contain => in_shell;

--- a/cf3/promises.cf
+++ b/cf3/promises.cf
@@ -63,6 +63,7 @@ body common control
                          tftpd,
                          pxeinstall,
                          finalize,
+                          editline_finalize,
     };

      inputs => {

--- a/debian/changelog
+++ b/debian/changelog
+debian-edu-config (2.10.54) UNRELEASED; urgency=medium
+
+  * Fix NTP setup for profile 'Standalone'.
+    - cf3/cf.ntp: Don't disable timesyncd on standalone systems.
+  * Improve the script used by the src:debian-edu autopkg test.
+    - share/debian-edu-config/tools/debian-edu-bless:
+      Add the '-I' parameter to let cf-agent output more information.
+      Prevent the script from exiting if the last etckeeper call should fail.
+      Thanks to Holger Levsen for the hint.
+  * Improve menu reorder setup.
+    - Move code for the Standalone profile from cf3/cf.homes to cf3/cf.finalize
+      as a better place.
+    - Make sure the menus are reordered in each installation scenario case.
+    - Adjust cf3/promises.cf to reflect the change.
+  * Rework LDAP client configuration now that nslcd preseeding is working.
+    - Add share/debian-edu-config/sudo-ldap.conf file to provide the last bit
+      of information for clients (besides those contained in nslcd.conf).
+    - Adjust cf3/cf.ldapclient accordingly.
+    - Adjust Makefile.
+
+ -- Wolfgang Schweer <wschweer@arcor.de>  Wed, 09 Jan 2019 10:29:06 +0100
+
 debian-edu-config (2.10.53) unstable; urgency=medium

  [ Wolfgang Schweer ]

--- a/share/debian-edu-config/sudo-ldap.conf
+++ b/share/debian-edu-config/sudo-ldap.conf
+#
+# Debian Edu specific setting needed in addition to those in /etc/nslcd.conf
+# Providing this file allows one to leave /etc/ldap/ldap.conf untouched.
+#
+sudoers_base ou=sudoers,dc=skole,dc=skolelinux,dc=no
--- a/share/debian-edu-config/tools/debian-edu-bless
+++ b/share/debian-edu-config/tools/debian-edu-bless
@@ -136,8 +136,8 @@ fi

 # 4. Run 'cf-agent -D installation' to configure everything
 #    that could not be done using preseeding.
-cf-agent -D installation
-etckeeper commit "/etc/ state after running cf-agent -D installation."
+cf-agent -I -D installation
+etckeeper commit "/etc/ state after running cf-agent -D installation." || true

 # 5. Ask for a reboot to enable all the configuration changes.
 echo "It is now time to reboot. For example by running"