From 031eb802bd15b8c00a9ab37cddc2ef5623daf8ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Wed, 29 Dec 2010 16:30:21 +0200
Subject: [PATCH] Added Ubuntu support for ldap::auth.

---
 ldap/manifests/init.pp | 42 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 4 deletions(-)

diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index d6e2051..2e68542 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -14,9 +14,10 @@
 #
 class ldap::auth inherits ldap::client {
 
+    $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
+
     case $operatingsystem {
         CentOS: {
-            $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
             package { "nss_ldap":
                 ensure => installed,
             }
@@ -27,10 +28,43 @@ class ldap::auth inherits ldap::client {
                              File["/etc/openldap/ldap.conf"], ],
                 require => Package["nss_ldap"],
             }
-            augeas { "enable-ldap-ssl":
+            augeas { "pam-ldap-conf":
                 context  => "/files/etc/ldap.conf",
-                changes  => "set ssl on",
-                onlyif   => "get ssl != on",
+                changes  => [ "set nss_paged_results yes",
+                              "set pam_password exop",
+                              "set ssl on", ],
+                onlyif   => [ "get nss_paged_results != yes",
+                              "get pam_password != exop",
+                              "get ssl != on", ],
+            }
+        }
+	Ubuntu: {
+            package { "ldap-auth-client":
+                ensure => installed,
+            }
+            exec { "auth-client-config -t nss -p lac_ldap":
+                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+                unless  => "auth-client-config -t nss -p lac_ldap -s",
+                require => Package["ldap-auth-client"],
+                before  => Augeas["pam-ldap-conf"],
+                notify  => Exec["nssldap-update-ignoreusers"],
+            }
+            exec { "nssldap-update-ignoreusers":
+                path        => "/bin:/usr/bin:/sbin:/usr/sbin",
+                refreshonly => true,
+            }
+            augeas { "pam-ldap-conf":
+                context => "/files/etc/ldap.conf",
+                changes => [ "set uri '${ldap_uri}'",
+                             "set base ${ldap_basedn}",
+                             "set nss_paged_results yes",
+                             "set pam_password exop",
+                             "set ssl on", ],
+                onlyif  => [ "get uri != '${ldap_uri}'",
+                             "get base != ${ldap_basedn}",
+                             "get nss_paged_results != yes",
+                             "get pam_password != exop",
+                             "get ssl != on", ],
             }
         }
         OpenBSD: {