- ensure_packages(["pam_ldap", "ruby-augeas"])
- file { "/etc/pam_ldap.conf":
- ensure => "present",
- mode => "0400",
- owner => "root",
- group => "root",
- content => template("base_installation/ldap/pam_ldap.conf.erb"),
- }
-
- ["system-auth", "passwd"].each |$service| {
- pam { "Allow to change ldap password via $service":
- ensure => present,
- service => $service,
- type => "password",
- control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]",
- module => "pam_ldap.so",
- arguments => "ignore_unknown_user",
- position => 'before *[type="password" and module="pam_unix.so"]',
- require => Package["ruby-augeas"],
+ ensure_packages(["pam_ldap", "ruby-augeas"])
+ file { "/etc/pam_ldap.conf":
+ ensure => "present",
+ mode => "0400",
+ owner => "root",
+ group => "root",
+ content => template("base_installation/ldap/pam_ldap.conf.erb"),