diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2010-11-17 15:13:07 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2010-11-17 15:13:07 +0000 |
| commit | e3241bb3df3a21e26c077cdcbb559e038fd7388f (patch) | |
| tree | 5e3329d176fcaa0414afb30dedfd4c88e1f5dba2 /modules/restrictshell | |
| parent | d659b79d3499e7beaa8304e3f1462577c0e9fbb5 (diff) | |
| download | puppet-e3241bb3df3a21e26c077cdcbb559e038fd7388f.tar puppet-e3241bb3df3a21e26c077cdcbb559e038fd7388f.tar.gz puppet-e3241bb3df3a21e26c077cdcbb559e038fd7388f.tar.bz2 puppet-e3241bb3df3a21e26c077cdcbb559e038fd7388f.tar.xz puppet-e3241bb3df3a21e26c077cdcbb559e038fd7388f.zip | |
update binddn and password file
Diffstat (limited to 'modules/restrictshell')
| -rw-r--r-- | modules/restrictshell/manifests/init.pp | 3 | ||||
| -rwxr-xr-x | modules/restrictshell/templates/ldap-sshkey2file.py | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index f628e2b1..c4569e94 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,10 +1,11 @@ -#TODO: add support for pkgsubmit class restrictshell { $allow_svn = "0" $allow_git = "0" $allow_rsync = "0" $allow_pkgsubmit = "0" + $ldap_pwfile = "/etc/ldap.secret" + class allow_svn_git_pkgsubmit { $allow_svn = "1" $allow_git = "1" diff --git a/modules/restrictshell/templates/ldap-sshkey2file.py b/modules/restrictshell/templates/ldap-sshkey2file.py index 4384b35b..9668973d 100755 --- a/modules/restrictshell/templates/ldap-sshkey2file.py +++ b/modules/restrictshell/templates/ldap-sshkey2file.py @@ -18,8 +18,8 @@ uris=['ldap://ldap.<%= domain %>'] random.shuffle(uris) uri = " ".join(uris) timeout=5 -binddn="uid=sshkeyreader,ou=System Accounts,%s" % basedn -pwfile="/etc/sshkeyreader.pw" +binddn="cn=<%= fqdn %>,ou=Hosts," % basedn +pwfile="<%= ldap_pwfile %>" # filter out disabled accounts also # too bad uidNumber doesn't support >= filters filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*)(!(shadowExpire=*)))" |