]>
Commit | Line | Data |
---|---|---|
54806111 IB |
1 | class base_installation::ldap inherits base_installation { |
2 | ensure_packages(["openldap"]) | |
3 | ||
4 | File { | |
5 | mode => "0644", | |
6 | owner => "root", | |
7 | group => "root", | |
8 | } | |
9 | ||
10 | file { '/etc/openldap': | |
11 | ensure => directory, | |
12 | require => Package["openldap"], | |
13 | recurse => true, | |
14 | purge => true, | |
15 | force => true, | |
16 | } | |
17 | ||
18 | file { '/etc/openldap/ldap.conf': | |
19 | ensure => present, | |
20 | content => template("base_installation/ldap/ldap.conf.erb"), | |
21 | require => File['/etc/openldap'], | |
22 | } | |
23 | ||
7b26c44a IB |
24 | $password_seed = lookup("base_installation::puppet_pass_seed") |
25 | $ldap_server = lookup("base_installation::ldap_server") | |
26 | $ldap_base = lookup("base_installation::ldap_base") | |
27 | $ldap_dn = lookup("base_installation::ldap_dn") | |
28 | $ldap_password = generate_password(24, $password_seed, "ldap") | |
29 | $ldap_attribute = "uid" | |
30 | ||
35a719cb | 31 | ensure_packages(["pam_ldap", "ruby-augeas"]) |
7b26c44a IB |
32 | file { "/etc/pam_ldap.conf": |
33 | ensure => "present", | |
34 | mode => "0400", | |
35 | owner => "root", | |
36 | group => "root", | |
37 | content => template("base_installation/ldap/pam_ldap.conf.erb"), | |
38 | } | |
39 | ||
40 | ["system-auth", "passwd"].each |$service| { | |
41 | pam { "Allow to change ldap password via $service": | |
42 | ensure => present, | |
43 | service => $service, | |
44 | type => "password", | |
45 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", | |
46 | module => "pam_ldap.so", | |
47 | arguments => "ignore_unknown_user", | |
48 | position => 'before *[type="password" and module="pam_unix.so"]', | |
35a719cb | 49 | require => Package["ruby-augeas"], |
7b26c44a IB |
50 | } |
51 | } | |
52 | ||
53 | ["system-auth", "su", "su-l"].each |$service| { | |
54 | ["auth", "account"].each |$type| { | |
55 | pam { "Allow $service to $type with ldap password": | |
56 | ensure => present, | |
57 | service => $service, | |
58 | type => $type, | |
59 | control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]", | |
60 | module => "pam_ldap.so", | |
61 | arguments => "ignore_unknown_user", | |
62 | position => "before *[type=\"$type\" and module=\"pam_unix.so\"]", | |
35a719cb | 63 | require => Package["ruby-augeas"], |
7b26c44a IB |
64 | } |
65 | } | |
66 | } | |
54806111 | 67 | } |