Rmoved certificate check and added support for listing all users/groups in backend for ldap::auth on Fedora.

2012-04-03 23:16:28 +03:00 · 2012-04-03 23:16:28 +03:00 · f8f19bb9aa
commit f8f19bb9aa
parent f46b5fd1bd
1 changed files with 10 additions and 1 deletions
--- a/ldap/manifests/init.pp
+++ b/ldap/manifests/init.pp
@ -97,9 +97,18 @@ class ldap::auth inherits ldap::client {
            exec { "authconfig --enableldap --enableldapauth --ldapserver='${ldap_uri}' --ldapbasedn='${ldap_basedn}' --enablesssd --update":
                path    => "/bin:/usr/bin:/sbin:/usr/sbin",
                unless  => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
-                before  => Service["sssd"],
+                before  => Augeas["sssd-conf"],
                require => [ Package["sssd"], Package["pam_ldap"], ],
            }
+            augeas { "sssd-conf":
+                changes => [
+                  "set target[1]/ldap_tls_reqcert never",
+                  "set target[1]/enumerate true",
+                ],
+                incl    => "/etc/sssd/sssd.conf",
+                lens    => "MySQL.lns",
+                before  => Service["sssd"],
+            }
            service { "sssd":
                ensure => running,
                enable => true,