ldap: Converted nslcd.conf to template and added support for active directory attribute mappings.
This commit is contained in:
parent
d0a5bca536
commit
9a1964c71a
2 changed files with 55 additions and 32 deletions
|
|
@ -12,7 +12,12 @@
|
|||
# $ldap_login_umask:
|
||||
# Default umask for LDAP users in OpenBSD, defaults to 077.
|
||||
#
|
||||
class ldap::auth inherits ldap::client {
|
||||
# === Parameters
|
||||
#
|
||||
# $mapping:
|
||||
#
|
||||
#
|
||||
class ldap::auth($mapping="rfc2307") inherits ldap::client {
|
||||
|
||||
include pam::common
|
||||
|
||||
|
|
@ -22,7 +27,7 @@ class ldap::auth inherits ldap::client {
|
|||
if regsubst($ldap_uri, "^(ldaps)://.*", "\1") == "ldaps"{
|
||||
$ssl = "on"
|
||||
} else {
|
||||
$ssl = "no"
|
||||
$ssl = "off"
|
||||
}
|
||||
|
||||
if $::kernel == "Linux" {
|
||||
|
|
@ -39,29 +44,19 @@ class ldap::auth inherits ldap::client {
|
|||
exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enableforcelegacy --update":
|
||||
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
|
||||
before => [ Augeas["nslcd-conf"],
|
||||
before => [ File["/etc/nslcd.conf"],
|
||||
Augeas["pam-ldap-conf"],
|
||||
File["/etc/openldap/ldap.conf"], ],
|
||||
require => Package["authconfig", "nss-pam-ldapd"],
|
||||
}
|
||||
augeas { "nslcd-conf":
|
||||
changes => [ "set pagesize 500",
|
||||
"set ssl ${ssl}",
|
||||
"set tls_reqcert never",
|
||||
"rm tls_cacertdir", ],
|
||||
incl => "/etc/nslcd.conf",
|
||||
lens => "Spacevars.simple_lns",
|
||||
file { "/etc/nslcd.conf":
|
||||
ensure => present,
|
||||
content => template("ldap/nslcd.conf.erb"),
|
||||
mode => "0600",
|
||||
owner => "root",
|
||||
group => "root",
|
||||
notify => Service["nslcd"],
|
||||
}
|
||||
if $::operatingsystem == "Fedora" {
|
||||
augeas { "nslcd-conf-groupmap":
|
||||
changes => "set map 'group member uniqueMember'",
|
||||
incl => "/etc/nslcd.conf",
|
||||
lens => "Spacevars.simple_lns",
|
||||
require => Package["nss-pam-ldapd"],
|
||||
notify => Service["nslcd"],
|
||||
}
|
||||
}
|
||||
augeas { "pam-ldap-conf":
|
||||
changes => [ "set ssl ${ssl}",
|
||||
"set pam_password exop",
|
||||
|
|
@ -104,21 +99,15 @@ class ldap::auth inherits ldap::client {
|
|||
path => "/bin:/usr/bin:/sbin:/usr/sbin",
|
||||
unless => "auth-client-config -t nss -p ldap_example -s",
|
||||
require => Package["auth-client-config"],
|
||||
before => Augeas["nslcd-conf"],
|
||||
before => File["/etc/nslcd.conf"],
|
||||
}
|
||||
augeas { "nslcd-conf":
|
||||
changes => [
|
||||
"set uri '${ldap_uri}'",
|
||||
"set base ${ldap_basedn}",
|
||||
"set pagesize 500",
|
||||
"set ssl ${ssl}",
|
||||
"set tls_reqcert never",
|
||||
"set map 'group member uniqueMember'",
|
||||
],
|
||||
incl => "/etc/nslcd.conf",
|
||||
lens => "Spacevars.simple_lns",
|
||||
file { "/etc/nslcd.conf":
|
||||
ensure => present,
|
||||
content => template("ldap/nslcd.conf.erb"),
|
||||
mode => "0640",
|
||||
owner => "root",
|
||||
group => "nslcd",
|
||||
notify => Service["nslcd"],
|
||||
before => File["/etc/openldap/ldap.conf"],
|
||||
}
|
||||
service { "nslcd":
|
||||
ensure => running,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue