1 files changed, 32 insertions, 0 deletions

diff --git a/modules/pam/manifests/base.pp b/modules/pam/manifests/base.pp
new file mode 100644
index 00000000..e29c8555
--- /dev/null
+++ b/modules/pam/manifests/base.pp
@@ -0,0 +1,32 @@
+class pam::base {
+    include pam::multiple_ldap_access
+    package { ['nscd', 'nss-pam-ldapd']: }
+
+    # This needs configuration or it generates an error every hour.
+    # If it's ever enabled, make sure restrict permissions on
+    # /var/db/passwd.db and /var/db/group.db at the same time.
+    package { 'nss_updatedb':
+        ensure => 'absent',
+    }
+
+    service { 'nscd':
+        require => Package['nscd'],
+    }
+
+    file {
+        '/etc/pam.d/system-auth':
+            content => template('pam/system-auth');
+        '/etc/nsswitch.conf':
+            content => template('pam/nsswitch.conf');
+        '/etc/ldap.conf':
+            content => template('pam/ldap.conf');
+        '/etc/openldap/ldap.conf':
+            content => template('pam/openldap.ldap.conf');
+    }
+
+    $ldap_password = extlookup("${::fqdn}_ldap_password",'x')
+    file { '/etc/ldap.secret':
+        mode    => '0600',
+        content => $ldap_password
+    }
+}