From f8f19bb9aaa72634c65b59f7c272db9888962d35 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20M=E4kinen?= <tmakinen@foo.sh>
Date: Tue, 3 Apr 2012 23:16:28 +0300
Subject: [PATCH] Rmoved certificate check and added support for listing all
 users/groups in backend for ldap::auth on Fedora.

---
 ldap/manifests/init.pp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp
index 209b896..0a3b288 100644
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@@ -97,9 +97,18 @@ class ldap::auth inherits ldap::client {
             exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enablesssd --update":
                 path    => "/bin:/usr/bin:/sbin:/usr/sbin",
                 unless  => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
-                before  => Service["sssd"],
+                before  => Augeas["sssd-conf"],
                 require => [ Package["sssd"], Package["pam_ldap"], ],
             }
+            augeas { "sssd-conf":
+                changes => [
+                  "set target[1]/ldap_tls_reqcert never",
+                  "set target[1]/enumerate true",
+                ],
+                incl    => "/etc/sssd/sssd.conf",
+                lens    => "MySQL.lns",
+                before  => Service["sssd"],
+            }
             service { "sssd":
                 ensure => running,
                 enable => true,