3 files changed, 9 insertions, 9 deletions

diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf
index 235a6aac..0e8495df 100644
--- a/modules/pam/templates/ldap.conf
+++ b/modules/pam/templates/ldap.conf
@@ -1,18 +1,18 @@
-rootbinddn cn=<%= fqdn %>,ou=Hosts,<%= dc_suffix %>
+rootbinddn cn=<%= @fqdn %>,ou=Hosts,<%= @dc_suffix %>
 
-uri ldaps://ldap.<%= domain %>
-base <%= dc_suffix %>
+uri ldaps://ldap.<%= @domain %>
+base <%= @dc_suffix %>
 timelimit 4
 bind_timelimit 4
 pam_lookup_policy yes
 pam_password exop
-nss_base_passwd ou=People,<%= dc_suffix %>?one
-nss_base_shadow ou=People,<%= dc_suffix %>?one
-nss_base_group  ou=Group,<%= dc_suffix %>?one
+nss_base_passwd ou=People,<%= @dc_suffix %>?one
+nss_base_shadow ou=People,<%= @dc_suffix %>?one
+nss_base_group  ou=Group,<%= @dc_suffix %>?one
 
 nss_schema rfc2307bis
 nss_map_attribute uniqueMember member
-sudoers_base ou=sudoers,<%= dc_suffix %>
+sudoers_base ou=sudoers,<%= @dc_suffix %>
 #sudoers_debug 2
 
 <%-
diff --git a/modules/pam/templates/openldap.ldap.conf b/modules/pam/templates/openldap.ldap.conf
index cd6ee640..a2a3efab 100644
--- a/modules/pam/templates/openldap.ldap.conf
+++ b/modules/pam/templates/openldap.ldap.conf
@@ -18,7 +18,7 @@ TLS_REQCERT     allow
 # Use the default self-signed cert generated by openldap-server postinstall
 # by default 
 #TLS_CACERT      /etc/pki/tls/certs/ldap.pem
-#TLS_CACERT     /etc/ssl/openldap/ldap.<%= domain %>.pem
+#TLS_CACERT     /etc/ssl/openldap/ldap.<%= @domain %>.pem
 
 # If requiring support for certificates signed by all CAs (noting risks
 # pam_ldap if doing DNS-based suffix lookup etc.
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth
index 37d1da7d..c6496ba8 100644
--- a/modules/pam/templates/system-auth
+++ b/modules/pam/templates/system-auth
@@ -14,7 +14,7 @@ account required  pam_ldap.so
 <%- allowed_access_classes = scope.lookupvar('pam::multiple_ldap_access::allowed_access_classes') -%>
 <%- if allowed_access_classes -%>
 <%- allowed_access_classes.each { |ldap_group| -%>
-account sufficient   pam_succeed_if.so quiet user ingroup <%= ldap_group %>
+account sufficient   pam_succeed_if.so quiet user ingroup <%= @ldap_group %>
 <%- } -%>
 <%- end -%>
 account required    pam_deny.so