diff options
| author | Dan Fandrich <danf@mageia.org> | 2024-10-04 21:44:50 -0700 |
|---|---|---|
| committer | Dan Fandrich <danf@mageia.org> | 2024-10-04 21:48:08 -0700 |
| commit | f5b2645d869b76598c18527d388ed76719c06bdd (patch) | |
| tree | 659f3ee719b437817a02db4a31dbd37a65972412 /modules/pam | |
| parent | ae1976228660588902a904f7509a106b790531cb (diff) | |
| download | puppet-f5b2645d869b76598c18527d388ed76719c06bdd.tar puppet-f5b2645d869b76598c18527d388ed76719c06bdd.tar.gz puppet-f5b2645d869b76598c18527d388ed76719c06bdd.tar.bz2 puppet-f5b2645d869b76598c18527d388ed76719c06bdd.tar.xz puppet-f5b2645d869b76598c18527d388ed76719c06bdd.zip | |
Revert "Use @ when accessing variables in templates"
Variables defined within a template can't be accessed with @. This
change needs to be reworked to eliminate those cases.
This reverts commits 2c7da665 and ae197622.
Diffstat (limited to 'modules/pam')
| -rw-r--r-- | modules/pam/templates/ldap.conf | 14 | ||||
| -rw-r--r-- | modules/pam/templates/openldap.ldap.conf | 2 | ||||
| -rw-r--r-- | modules/pam/templates/system-auth | 2 |
3 files changed, 9 insertions, 9 deletions
diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf index 0e8495df..235a6aac 100644 --- a/modules/pam/templates/ldap.conf +++ b/modules/pam/templates/ldap.conf @@ -1,18 +1,18 @@ -rootbinddn cn=<%= @fqdn %>,ou=Hosts,<%= @dc_suffix %> +rootbinddn cn=<%= fqdn %>,ou=Hosts,<%= dc_suffix %> -uri ldaps://ldap.<%= @domain %> -base <%= @dc_suffix %> +uri ldaps://ldap.<%= domain %> +base <%= dc_suffix %> timelimit 4 bind_timelimit 4 pam_lookup_policy yes pam_password exop -nss_base_passwd ou=People,<%= @dc_suffix %>?one -nss_base_shadow ou=People,<%= @dc_suffix %>?one -nss_base_group ou=Group,<%= @dc_suffix %>?one +nss_base_passwd ou=People,<%= dc_suffix %>?one +nss_base_shadow ou=People,<%= dc_suffix %>?one +nss_base_group ou=Group,<%= dc_suffix %>?one nss_schema rfc2307bis nss_map_attribute uniqueMember member -sudoers_base ou=sudoers,<%= @dc_suffix %> +sudoers_base ou=sudoers,<%= dc_suffix %> #sudoers_debug 2 <%- diff --git a/modules/pam/templates/openldap.ldap.conf b/modules/pam/templates/openldap.ldap.conf index a2a3efab..cd6ee640 100644 --- a/modules/pam/templates/openldap.ldap.conf +++ b/modules/pam/templates/openldap.ldap.conf @@ -18,7 +18,7 @@ TLS_REQCERT allow # Use the default self-signed cert generated by openldap-server postinstall # by default #TLS_CACERT /etc/pki/tls/certs/ldap.pem -#TLS_CACERT /etc/ssl/openldap/ldap.<%= @domain %>.pem +#TLS_CACERT /etc/ssl/openldap/ldap.<%= domain %>.pem # If requiring support for certificates signed by all CAs (noting risks # pam_ldap if doing DNS-based suffix lookup etc. diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth index c6496ba8..37d1da7d 100644 --- a/modules/pam/templates/system-auth +++ b/modules/pam/templates/system-auth @@ -14,7 +14,7 @@ account required pam_ldap.so <%- allowed_access_classes = scope.lookupvar('pam::multiple_ldap_access::allowed_access_classes') -%> <%- if allowed_access_classes -%> <%- allowed_access_classes.each { |ldap_group| -%> -account sufficient pam_succeed_if.so quiet user ingroup <%= @ldap_group %> +account sufficient pam_succeed_if.so quiet user ingroup <%= ldap_group %> <%- } -%> <%- end -%> account required pam_deny.so |