diff options
Diffstat (limited to 'modules/restrictshell')
| -rw-r--r-- | modules/restrictshell/manifests/init.pp | 3 | ||||
| -rwxr-xr-x | modules/restrictshell/templates/ldap-sshkey2file.py | 4 |
2 files changed, 4 insertions, 3 deletions
diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index f628e2b1..c4569e94 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,10 +1,11 @@ -#TODO: add support for pkgsubmit class restrictshell { $allow_svn = "0" $allow_git = "0" $allow_rsync = "0" $allow_pkgsubmit = "0" + $ldap_pwfile = "/etc/ldap.secret" + class allow_svn_git_pkgsubmit { $allow_svn = "1" $allow_git = "1" diff --git a/modules/restrictshell/templates/ldap-sshkey2file.py b/modules/restrictshell/templates/ldap-sshkey2file.py index 4384b35b..9668973d 100755 --- a/modules/restrictshell/templates/ldap-sshkey2file.py +++ b/modules/restrictshell/templates/ldap-sshkey2file.py @@ -18,8 +18,8 @@ uris=['ldap://ldap.<%= domain %>'] random.shuffle(uris) uri = " ".join(uris) timeout=5 -binddn="uid=sshkeyreader,ou=System Accounts,%s" % basedn -pwfile="/etc/sshkeyreader.pw" +binddn="cn=<%= fqdn %>,ou=Hosts," % basedn +pwfile="<%= ldap_pwfile %>" # filter out disabled accounts also # too bad uidNumber doesn't support >= filters filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*)(!(shadowExpire=*)))" |