From 9a85a1217f9478a0e46ad074e2c4aa7aea9cb94f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20M=E4kinen?= Date: Tue, 8 Nov 2011 10:23:35 +0200 Subject: [PATCH] Fixed ldap password change on centos 6. --- ldap/manifests/init.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index afacf76..db8153a 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -26,11 +26,12 @@ class ldap::auth inherits ldap::client { exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --update": path => "/bin:/usr/bin:/sbin:/usr/sbin", unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', - before => [ Augeas["pam-ldap-conf"], + before => [ Augeas["nslcd-conf"], + Augeas["pam-ldap-conf"], File["/etc/openldap/ldap.conf"], ], require => Package["nss-pam-ldapd"], } - augeas { "pam-ldap-conf": + augeas { "nslcd-conf": changes => [ "set pagesize 500", "set ssl on", "set tls_reqcert never", ], @@ -41,6 +42,14 @@ class ldap::auth inherits ldap::client { lens => "Spacevars.simple_lns", notify => Service["nslcd"], } + augeas { "pam-ldap-conf": + changes => [ "set ssl on", + "set pam_password exop", ], + onlyif => [ "get ssl != on", + "get pam_password != exop", ], + incl => "/etc/pam_ldap.conf", + lens => "Spacevars.simple_lns", + } service { "nslcd": ensure => running, enable => true,