From 09d936826e3f000932098a844ce46bcc9f5c33bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Tue, 14 Dec 2010 14:45:19 +0200
Subject: [PATCH] Initial version of ldap::auth class.

---
 ldap/manifests/init.pp | 79 ++++++++++++++++++++++++++++++------------
 1 file changed, 56 insertions(+), 23 deletions(-)

diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index 0f827d3..d6e2051 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -1,5 +1,5 @@
 
-# Install and configure ldap client
+# Install and configure ldap authentication
 #
 # === Global variables
 #
@@ -12,6 +12,61 @@
 #   $ldap_login_umask:
 #       Default umask for LDAP users in OpenBSD, defaults to 077.
 #
+class ldap::auth inherits ldap::client {
+
+    case $operatingsystem {
+        CentOS: {
+            $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
+            package { "nss_ldap":
+                ensure => installed,
+            }
+            exec { "authconfig --enableldap --enableldapauth --enableldapssl --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --update":
+                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+                unless  => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
+                before  => [ Augeas["enable-ldap-ssl"],
+                             File["/etc/openldap/ldap.conf"], ],
+                require => Package["nss_ldap"],
+            }
+            augeas { "enable-ldap-ssl":
+                context  => "/files/etc/ldap.conf",
+                changes  => "set ssl on",
+                onlyif   => "get ssl != on",
+            }
+        }
+        OpenBSD: {
+            if ! $ldap_login_umask {
+                $ldap_login_umask = "077"
+            }
+            package { "login_ldap":
+                ensure => installed,
+            }
+            file { "/etc/login.conf":
+                ensure  => present,
+                content => template("ldap/login.conf.erb"),
+                mode    => 0644,
+                owner   => root,
+                group   => wheel,
+                require => [ File["/etc/openldap/ldap.conf"],
+                             Package["login_ldap"], ]
+            }
+        }
+        default: {
+            fail("ldap::auth not supported on ${operatingsystem}")
+        }
+    }
+
+}
+
+# Install and configure ldap client
+#
+# === Global variables
+#
+#   $ldap_server:
+#       Array containing LDAP server URI's.
+#
+#   $ldap_basedn:
+#       LDAP base DN.
+#
 class ldap::client {
 
     package { "openldap-client":
@@ -45,28 +100,6 @@ class ldap::client {
         require => Package["openldap-client"],
     }
 
-    case $operatingsystem {
-        OpenBSD: {
-            if ! $ldap_login_umask {
-                $ldap_login_umask = "077"
-            }
-
-            package { "login_ldap":
-                ensure => installed,
-            }
-
-            file { "/etc/login.conf":
-                ensure  => present,
-                content => template("ldap/login.conf.erb"),
-                mode    => 0644,
-                owner   => root,
-                group   => wheel,
-                require => [ File["/etc/openldap/ldap.conf"],
-                             Package["login_ldap"], ]
-            }
-        }
-    }
-
 }