diff options
| author | Michael Scherer <misc@mageia.org> | 2010-11-17 16:25:42 +0000 |
|---|---|---|
| committer | Michael Scherer <misc@mageia.org> | 2010-11-17 16:25:42 +0000 |
| commit | c9bda43e9f60b287bc43e25e8fce946314280ecd (patch) | |
| tree | ccdff4b0948dcbf5c30ecb45e58a5380c77726dd /modules/pam | |
| parent | 602d4637e0fc7711ffb90b40f9b5467074f741c8 (diff) | |
| download | puppet-c9bda43e9f60b287bc43e25e8fce946314280ecd.tar puppet-c9bda43e9f60b287bc43e25e8fce946314280ecd.tar.gz puppet-c9bda43e9f60b287bc43e25e8fce946314280ecd.tar.bz2 puppet-c9bda43e9f60b287bc43e25e8fce946314280ecd.tar.xz puppet-c9bda43e9f60b287bc43e25e8fce946314280ecd.zip | |
- fix templates ( again )
- add ldap.conf
Diffstat (limited to 'modules/pam')
| -rw-r--r-- | modules/pam/manifests/init.pp | 9 | ||||
| -rw-r--r-- | modules/pam/templates/ldap.conf | 22 |
2 files changed, 30 insertions, 1 deletions
diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp index 0accd63a..a1d2d59c 100644 --- a/modules/pam/manifests/init.pp +++ b/modules/pam/manifests/init.pp @@ -18,7 +18,14 @@ class pam { owner => root, group => root, mode => 644, - content => template("pam/system-auth") + content => template("pam/nsswitch.conf") + } + file { "ldap.conf": + path => "/etc/ldap.conf", + owner => root, + group => root, + mode => 644, + content => template("pam/ldap.conf") } } diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf new file mode 100644 index 00000000..c614223e --- /dev/null +++ b/modules/pam/templates/ldap.conf @@ -0,0 +1,22 @@ +<% +dc_suffix = 'dc=' + domain.gsub('.',',dc=') +%> + +uri ldap://ldap.<%= domain %> +base <%= dc_suffix %> +pam_lookup_policy no +pam_password exop +nss_base_passwd ou=People,<%= dc_suffix %>?one +nss_base_shadow ou=People,<%= dc_suffix %>?one +nss_base_group ou=Group,<%= dc_suffix %>?one + +nss_schema rfc2307bis +nss_map_attribute uniqueMember member +sudoers_base ou=sudoers,<%= dc_suffix %> +#sudoers_debug 2 + +<% if access_class = 'commiters' %> +# for restricted access +nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl +<% end %> + |