From 54e5712716dd9e1470d0a2d3b40f56c16d76b1c8 Mon Sep 17 00:00:00 2001
From: Ossi Herrala <ossi.herrala@codenomicon.com>
Date: Wed, 3 Oct 2012 09:30:13 +0000
Subject: [PATCH 1/2] Add LDAP authentication support for saslauthd.

---
 sasl/manifests/init.pp            | 18 ++++++++++++++++++
 sasl/templates/saslauthd.conf.erb |  4 ++++
 2 files changed, 22 insertions(+)
 create mode 100644 sasl/templates/saslauthd.conf.erb

diff --git a/sasl/manifests/init.pp b/sasl/manifests/init.pp
index b8d60b6..f2c904a 100644
--- a/sasl/manifests/init.pp
+++ b/sasl/manifests/init.pp
@@ -28,6 +28,24 @@ class sasl::saslauthd {
 
     case $saslauthd_mech {
         "","pam": { }
+        "ldap": {
+            include ldap::client
+            
+            augeas { "set-saslauthd-mech":
+                context => "/files/etc/sysconfig/saslauthd",
+                changes => "set MECH ldap",
+                notify  => Service["saslauthd"],
+            }
+            
+            file { "/etc/saslauthd.conf":
+                ensure => present,
+                mode => 0644,
+                owner => "root",
+                group => "root",
+                content => template("sasl/saslauthd.conf.erb"),
+                notify  => Service["saslauthd"],                
+            }
+        }
         "kerberos5": {
             augeas { "set-saslauthd-mech":
                 context => "/files/etc/sysconfig/saslauthd",
diff --git a/sasl/templates/saslauthd.conf.erb b/sasl/templates/saslauthd.conf.erb
new file mode 100644
index 0000000..272bec7
--- /dev/null
+++ b/sasl/templates/saslauthd.conf.erb
@@ -0,0 +1,4 @@
+<% if has_variable=('saslauthd_mech') && saslauthd_mech == "ldap" -%>
+ldap_servers: <% ldap_server.each do |uri| %><%= uri %> <% end %>
+ldap_search_base: <%= ldap_basedn %>
+<% end -%>

From 895eb0e6a1a11c6dcfc27d7c09e1b559d6006eef Mon Sep 17 00:00:00 2001
From: Ossi Herrala <ossi.herrala@codenomicon.com>
Date: Thu, 4 Oct 2012 13:11:44 +0000
Subject: [PATCH 2/2] Improve documentation a bit and rename saslauthd.conf.erb
 to saslauthd.conf.ldap.erb since ldap is the only auth method with such
 config file (so far).

---
 sasl/manifests/init.pp                                     | 7 +++++--
 .../{saslauthd.conf.erb => saslauthd.conf.ldap.erb}        | 2 --
 2 files changed, 5 insertions(+), 4 deletions(-)
 rename sasl/templates/{saslauthd.conf.erb => saslauthd.conf.ldap.erb} (55%)

diff --git a/sasl/manifests/init.pp b/sasl/manifests/init.pp
index f2c904a..a1a236e 100644
--- a/sasl/manifests/init.pp
+++ b/sasl/manifests/init.pp
@@ -20,8 +20,11 @@ class sasl::client {
 # === Global variables
 #
 #   $saslauthd_mech:
-#       Authentication mechanism to use. Defaults to system default.
+#       Authentication mechanism to use. Defaults to system
+#       default. Supported mechanisms include pam, ldap and kerberos5.
 #
+#       For ldap authentication, see ldap::client for required global variables.
+#  
 class sasl::saslauthd {
 
     require sasl::client
@@ -42,7 +45,7 @@ class sasl::saslauthd {
                 mode => 0644,
                 owner => "root",
                 group => "root",
-                content => template("sasl/saslauthd.conf.erb"),
+                content => template("sasl/saslauthd.conf.ldap.erb"),
                 notify  => Service["saslauthd"],                
             }
         }
diff --git a/sasl/templates/saslauthd.conf.erb b/sasl/templates/saslauthd.conf.ldap.erb
similarity index 55%
rename from sasl/templates/saslauthd.conf.erb
rename to sasl/templates/saslauthd.conf.ldap.erb
index 272bec7..75a16b8 100644
--- a/sasl/templates/saslauthd.conf.erb
+++ b/sasl/templates/saslauthd.conf.ldap.erb
@@ -1,4 +1,2 @@
-<% if has_variable=('saslauthd_mech') && saslauthd_mech == "ldap" -%>
 ldap_servers: <% ldap_server.each do |uri| %><%= uri %> <% end %>
 ldap_search_base: <%= ldap_basedn %>
-<% end -%>