Make pam::multiple_ldap_access a class instead of a define

pam::multiple_ldap_access can only be included once. If it is included
multiple time, the value of the variable $access_classes used in
templates/system-auth is random. As it can only be included once, it
should be a parameterized class and not a defined resource.

7 files changed, 7 insertions, 6 deletions

diff --git a/deployment/access_classes/manifests/admin.pp b/deployment/access_classes/manifests/admin.pp
index 4b9c8f87..73a78303 100644
--- a/deployment/access_classes/manifests/admin.pp
+++ b/deployment/access_classes/manifests/admin.pp
@@ -1,6 +1,6 @@
 # for server where only admins can connect
 class access_classes::admin {
-    pam::multiple_ldap_access { 'admin':
+    class { pam::multiple_ldap_access:
         access_classes => ['mga-sysadmin']
     }
 }
diff --git a/deployment/access_classes/manifests/committers.pp b/deployment/access_classes/manifests/committers.pp
index 81dbdb13..f57f7d50 100644
--- a/deployment/access_classes/manifests/committers.pp
+++ b/deployment/access_classes/manifests/committers.pp
@@ -7,7 +7,7 @@ class access_classes::committers {
     # so the file must exist
     # permission to use svn, git, etc must be added separatly
 
-    pam::multiple_ldap_access { 'committers':
+    class { pam::multiple_ldap_access:
         access_classes   => ['mga-shell_access'],
         restricted_shell => true,
     }
diff --git a/deployment/access_classes/manifests/iso_makers.pp b/deployment/access_classes/manifests/iso_makers.pp
index 21201587..5e716bf1 100644
--- a/deployment/access_classes/manifests/iso_makers.pp
+++ b/deployment/access_classes/manifests/iso_makers.pp
@@ -1,5 +1,5 @@
 class access_classes::iso_makers {
-    pam::multiple_ldap_access { 'iso_makers':
+    class { pam::multiple_ldap_access:
         access_classes => ['mga-iso_makers','mga-sysadmin']
     }
 }
diff --git a/deployment/access_classes/manifests/web.pp b/deployment/access_classes/manifests/web.pp
index 45a9992e..7437b52c 100644
--- a/deployment/access_classes/manifests/web.pp
+++ b/deployment/access_classes/manifests/web.pp
@@ -1,5 +1,5 @@
 class access_classes::web {
-    pam::multiple_ldap_access { 'web':
+    class { pam::multiple_ldap_access:
         access_classes => ['mga-web','mga-sysadmin']
     }
 }
diff --git a/deployment/access_classes/manifests/web_and_artwork.pp b/deployment/access_classes/manifests/web_and_artwork.pp
index 9a85bd3d..b6ac6e5b 100644
--- a/deployment/access_classes/manifests/web_and_artwork.pp
+++ b/deployment/access_classes/manifests/web_and_artwork.pp
@@ -1,5 +1,5 @@
 class access_classes::web_and_artwork {
-    pam::multiple_ldap_access { 'web_artwork':
+    class { pam::multiple_ldap_access:
         access_classes => ['mga-web','mga-sysadmin','mga-artwork']
     }
 }
diff --git a/modules/pam/manifests/base.pp b/modules/pam/manifests/base.pp
index df913101..d4143b78 100644
--- a/modules/pam/manifests/base.pp
+++ b/modules/pam/manifests/base.pp
@@ -1,4 +1,5 @@
 class pam::base {
+    include pam::multiple_ldap_access
     package { ['pam_ldap','nss_ldap','nscd']: }
 
     service { 'nscd':
diff --git a/modules/pam/manifests/multiple_ldap_access.pp b/modules/pam/manifests/multiple_ldap_access.pp
index ecda7018..d287dfb7 100644
--- a/modules/pam/manifests/multiple_ldap_access.pp
+++ b/modules/pam/manifests/multiple_ldap_access.pp
@@ -1,4 +1,4 @@
-define pam::multiple_ldap_access($access_classes, $restricted_shell = false) {
+class pam::multiple_ldap_access($access_classes, $restricted_shell = false) {
     if $restricted_shell {
         include restrictshell
     }