1 class base_installation::ldap inherits base_installation {
2 ensure_packages(["openldap"])
10 file { '/etc/openldap':
12 require => Package["openldap"],
18 file { '/etc/openldap/ldap.conf':
20 content => template("base_installation/ldap/ldap.conf.erb"),
21 require => File['/etc/openldap'],
24 $password_seed = lookup("base_installation::puppet_pass_seed")
25 $ldap_server = lookup("base_installation::ldap_server")
26 $ldap_base = lookup("base_installation::ldap_base")
27 $ldap_dn = lookup("base_installation::ldap_dn")
28 $ldap_password = generate_password(24, $password_seed, "ldap")
29 $ldap_attribute = "uid"
31 ensure_packages(["pam_ldap", "ruby-augeas"])
32 file { "/etc/pam_ldap.conf":
37 content => template("base_installation/ldap/pam_ldap.conf.erb"),
40 ["system-auth", "passwd"].each |$service| {
41 pam { "Allow to change ldap password via $service":
45 control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]",
46 module => "pam_ldap.so",
47 arguments => "ignore_unknown_user",
48 position => 'before *[type="password" and module="pam_unix.so"]',
49 require => Package["ruby-augeas"],
53 ["system-auth", "su", "su-l"].each |$service| {
54 ["auth", "account"].each |$type| {
55 pam { "Allow $service to $type with ldap password":
59 control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]",
60 module => "pam_ldap.so",
61 arguments => "ignore_unknown_user",
62 position => "before *[type=\"$type\" and module=\"pam_unix.so\"]",
63 require => Package["ruby-augeas"],