ldap: Fixed supplementary group memberships for CentOS 7.

2014-10-27 15:59:31 +02:00 · 2014-10-27 15:59:31 +02:00 · 6bf17c7385
commit 6bf17c7385
parent e948ce5cfd
2 changed files with 28 additions and 4 deletions
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@ -78,6 +78,30 @@ class ldap::auth(
        }
    }
    case $::operatingsystem {
        "centos","redhat": {
            if versioncmp($::operatingsystemrelease, "7") < 0 {
                $member_attr = "uniqueMember"
            } else {
                $member_attr = "member"
            }
        }
        "fedora": {
            if versioncmp($::operatingsystemrelease, "18") < 0 {
                $member_attr = "uniqueMember"
            } else {
                $member_attr = "member"
            }
        }
        "ubuntu": {
            if versioncmp($::operatingsystemrelease, "12.04") < 0 {
                $member_attr = "uniqueMember"
            } else {
                $member_attr = "member"
            }
        }
    }
    if $::kernel == "Linux" {
        include nscd
    }
--- a/ldap/templates/nslcd.conf.erb
+++ b/ldap/templates/nslcd.conf.erb
@ -21,13 +21,13 @@ map    passwd gecos            displayName
 map    passwd loginShell       "${loginShell:-/bin/bash}"
 map    passwd homeDirectory    "${unixHomeDirectory:-/home/$sAMAccountName}"
 filter group  (&(objectClass=group)(gidNumber=*))
-<%   if @operatingsystem == "CentOS" or (@operatingsystem == "Ubuntu" and scope.function_versioncmp([@operatingsystemrelease, '12.04']) < 0) -%>
+<%   if @member_attr != "member" -%>
-map group uniqueMember member
+map group <%= @member_attr %> member
 <%   end -%>
 <% else -%>
 pagesize 500
-<%   if @operatingsystem != "CentOS" and (@operatingsystem == "Ubuntu" and scope.function_versioncmp([@operatingsystemrelease, '12.04']) >= 0) -%>
+<%   if @member_attr != "uniqueMember" -%>
-map group member uniqueMember
+map group <%= @member_attr %> uniqueMember
 <%   end -%>
 <% end -%>
 <% if @auth == 'bind' -%>