From dc5548977b2bf0e31b5a730ceab8b5e49bffde91 Mon Sep 17 00:00:00 2001
From: Nicolas Vigier <boklm@mageia.org>
Date: Tue, 18 Dec 2012 12:48:30 +0000
Subject: pam: remove "dynamic lookup" warnings

---
 modules/pam/templates/ldap.conf   | 5 ++++-
 modules/pam/templates/system-auth | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules/pam/templates')

diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf
index a1d751cf..5e550661 100644
--- a/modules/pam/templates/ldap.conf
+++ b/modules/pam/templates/ldap.conf
@@ -15,7 +15,10 @@ nss_map_attribute uniqueMember member
 sudoers_base ou=sudoers,<%= dc_suffix %>
 #sudoers_debug 2
 
-<% if restricted_shell %>
+<%-
+restricted_shell = scope.lookupvar('pam::multiple_ldap_access::restricted_shell')
+if restricted_shell
+-%>
 # for restricted access
 nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl
 <% end %>
diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth
index 4df9555e..de985687 100644
--- a/modules/pam/templates/system-auth
+++ b/modules/pam/templates/system-auth
@@ -11,6 +11,7 @@ auth    required     pam_deny.so
 account sufficient  pam_localuser.so
 # not sure if the following bring something useful
 account required  pam_ldap.so
+<%- access_classes = scope.lookupvar('pam::multiple_ldap_access::access_classes') -%>
 <%- if access_classes -%>
 <%- access_classes.each { |ldap_group| -%>
 account sufficient   pam_succeed_if.so quiet user ingroup <%= ldap_group %>
-- 
cgit v1.2.1