[submodule "external_modules/patch"]
path = external_modules/patch
url = git://git.immae.eu/github/tohuwabohu/puppet-patch.git
+[submodule "external_modules/augeasproviders_pam"]
+ path = external_modules/augeasproviders_pam
+ url = git://git.immae.eu/github/hercules-team/augeasproviders_pam.git
+[submodule "external_modules/augeasproviders_core"]
+ path = external_modules/augeasproviders_core
+ url = git://git.immae.eu/github/hercules-team/augeasproviders_core.git
require => File['/etc/openldap'],
}
+ $password_seed = lookup("base_installation::puppet_pass_seed")
+ $ldap_server = lookup("base_installation::ldap_server")
+ $ldap_base = lookup("base_installation::ldap_base")
+ $ldap_dn = lookup("base_installation::ldap_dn")
+ $ldap_password = generate_password(24, $password_seed, "ldap")
+ $ldap_attribute = "uid"
+
+ ensure_packages(["pam_ldap", "ruby-augeas"])
+ file { "/etc/pam_ldap.conf":
+ ensure => "present",
+ mode => "0400",
+ owner => "root",
+ group => "root",
+ content => template("base_installation/ldap/pam_ldap.conf.erb"),
+ }
+
+ ["system-auth", "passwd"].each |$service| {
+ pam { "Allow to change ldap password via $service":
+ ensure => present,
+ service => $service,
+ type => "password",
+ control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]",
+ module => "pam_ldap.so",
+ arguments => "ignore_unknown_user",
+ position => 'before *[type="password" and module="pam_unix.so"]',
+ require => Package["ruby-augeas"],
+ }
+ }
+
+ ["system-auth", "su", "su-l"].each |$service| {
+ ["auth", "account"].each |$type| {
+ pam { "Allow $service to $type with ldap password":
+ ensure => present,
+ service => $service,
+ type => $type,
+ control => "[success=done new_authtok_reqd=ok ignore=ignore default=bad]",
+ module => "pam_ldap.so",
+ arguments => "ignore_unknown_user",
+ position => "before *[type=\"$type\" and module=\"pam_unix.so\"]",
+ require => Package["ruby-augeas"],
+ }
+ }
+ }
}
notify => Service["redis"],
}
- package { "ruby-augeas":
- ensure => installed,
- } ->
+ ensure_packages(["ruby-augeas"])
+
class { '::redis':
unixsocket => "/run/redis/redis.sock",
unixsocketperm => "777",
config_file => "/etc/redis.conf",
config_file_orig => "/etc/redis.conf.puppet",
port => 0,
- require => File["/etc/systemd/system/redis.service.d/socket_shutdown.conf"],
+ require => [
+ File["/etc/systemd/system/redis.service.d/socket_shutdown.conf"],
+ Package["ruby-augeas"]
+ ]
}
}