Initial version of ldap::auth class.
This commit is contained in:
parent
3926e02859
commit
09d936826e
1 changed files with 56 additions and 23 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
# Install and configure ldap client
|
# Install and configure ldap authentication
|
||||||
#
|
#
|
||||||
# === Global variables
|
# === Global variables
|
||||||
#
|
#
|
||||||
|
|
@ -12,6 +12,61 @@
|
||||||
# $ldap_login_umask:
|
# $ldap_login_umask:
|
||||||
# Default umask for LDAP users in OpenBSD, defaults to 077.
|
# Default umask for LDAP users in OpenBSD, defaults to 077.
|
||||||
#
|
#
|
||||||
|
class ldap::auth inherits ldap::client {
|
||||||
|
|
||||||
|
case $operatingsystem {
|
||||||
|
CentOS: {
|
||||||
|
$ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
|
||||||
|
package { "nss_ldap":
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
exec { "authconfig --enableldap --enableldapauth --enableldapssl --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --update":
|
||||||
|
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||||
|
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
|
||||||
|
before => [ Augeas["enable-ldap-ssl"],
|
||||||
|
File["/etc/openldap/ldap.conf"], ],
|
||||||
|
require => Package["nss_ldap"],
|
||||||
|
}
|
||||||
|
augeas { "enable-ldap-ssl":
|
||||||
|
context => "/files/etc/ldap.conf",
|
||||||
|
changes => "set ssl on",
|
||||||
|
onlyif => "get ssl != on",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
OpenBSD: {
|
||||||
|
if ! $ldap_login_umask {
|
||||||
|
$ldap_login_umask = "077"
|
||||||
|
}
|
||||||
|
package { "login_ldap":
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
file { "/etc/login.conf":
|
||||||
|
ensure => present,
|
||||||
|
content => template("ldap/login.conf.erb"),
|
||||||
|
mode => 0644,
|
||||||
|
owner => root,
|
||||||
|
group => wheel,
|
||||||
|
require => [ File["/etc/openldap/ldap.conf"],
|
||||||
|
Package["login_ldap"], ]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default: {
|
||||||
|
fail("ldap::auth not supported on ${operatingsystem}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# Install and configure ldap client
|
||||||
|
#
|
||||||
|
# === Global variables
|
||||||
|
#
|
||||||
|
# $ldap_server:
|
||||||
|
# Array containing LDAP server URI's.
|
||||||
|
#
|
||||||
|
# $ldap_basedn:
|
||||||
|
# LDAP base DN.
|
||||||
|
#
|
||||||
class ldap::client {
|
class ldap::client {
|
||||||
|
|
||||||
package { "openldap-client":
|
package { "openldap-client":
|
||||||
|
|
@ -45,28 +100,6 @@ class ldap::client {
|
||||||
require => Package["openldap-client"],
|
require => Package["openldap-client"],
|
||||||
}
|
}
|
||||||
|
|
||||||
case $operatingsystem {
|
|
||||||
OpenBSD: {
|
|
||||||
if ! $ldap_login_umask {
|
|
||||||
$ldap_login_umask = "077"
|
|
||||||
}
|
|
||||||
|
|
||||||
package { "login_ldap":
|
|
||||||
ensure => installed,
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/login.conf":
|
|
||||||
ensure => present,
|
|
||||||
content => template("ldap/login.conf.erb"),
|
|
||||||
mode => 0644,
|
|
||||||
owner => root,
|
|
||||||
group => wheel,
|
|
||||||
require => [ File["/etc/openldap/ldap.conf"],
|
|
||||||
Package["login_ldap"], ]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue