diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index 5e50240..d86ae3a 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -97,30 +97,33 @@ class ldap::auth inherits ldap::client { } } "Ubuntu": { - package { "ldap-auth-client": - ensure => installed, + package { [ "libpam-ldapd", "libnss-ldapd", "auth-client-config", ]: + ensure => installed, } - exec { "auth-client-config -t nss -p lac_ldap": + exec { "auth-client-config -t nss -p ldap_example": path => "/bin:/usr/bin:/sbin:/usr/sbin", - unless => "auth-client-config -t nss -p lac_ldap -s", - require => Package["ldap-auth-client"], - before => Augeas["pam-ldap-conf"], - notify => Exec["nssldap-update-ignoreusers"], + unless => "auth-client-config -t nss -p ldap_example -s", + require => Package["auth-client-config"], + before => Augeas["nslcd-conf"], } - exec { "nssldap-update-ignoreusers": - path => "/bin:/usr/bin:/sbin:/usr/sbin", - refreshonly => true, - } - augeas { "pam-ldap-conf": - context => "/files/etc/ldap.conf", + augeas { "nslcd-conf": changes => [ "set uri '${ldap_uri}'", "set base ${ldap_basedn}", - "set nss_paged_results yes", - "set pam_password exop", - "rm rootbinddn", + "set pagesize 500", "set ssl ${ssl}", + "set tls_reqcert never", + "set map 'group member uniqueMember'", ], + incl => "/etc/nslcd.conf", + lens => "Spacevars.simple_lns", + notify => Service["nslcd"], + before => File["/etc/openldap/ldap.conf"], + } + service { "nslcd": + ensure => running, + enable => true, + before => Class["nscd"], } } "OpenBSD": {