- do not let file with passwords to be world readable

    ( even if being readable by apache is not good either, but needed as the password is used by apache )
- use ldaps for sympa
- use the 2 new facter macro and remove the version copied everywhere
- remove hardcoded domain in bugzilla and others

2 files changed, 8 insertions, 6 deletions

diff --git a/modules/sympa/manifests/init.pp b/modules/sympa/manifests/init.pp
index d97560fa..3a68ddcd 100644
--- a/modules/sympa/manifests/init.pp
+++ b/modules/sympa/manifests/init.pp
@@ -11,9 +11,11 @@ class sympa {
 
     file { '/etc/sympa/sympa.conf':
         ensure => present,
-        owner => root,
-        group => root,
-        mode => 644,
+	# should be cleaner to have it root owned, but puppet do not support acl
+	# and in any case, config will be reset if it change
+        owner => sympa,
+        group => apache,
+        mode => 640,
         content => template("sympa/sympa.conf")
     }
 
diff --git a/modules/sympa/templates/auth.conf b/modules/sympa/templates/auth.conf
index d6882a47..220118b5 100644
--- a/modules/sympa/templates/auth.conf
+++ b/modules/sympa/templates/auth.conf
@@ -1,12 +1,12 @@
 ldap
-        host                            ldap.mageia.org:389
+        host                            ldap.<%= domain %>:389
         timeout                         30
-        suffix                          dc=mageia,dc=org
+        suffix                          <%= dc_suffix %>
         get_dn_by_uid_filter            (uid=[sender])
         get_dn_by_email                 (|(mail=[sender])(mailalternateaddress=[sender]))
         email_attribute                 mail
         scope                           sub
-
+	use_ssl                         1
 
 user_table
         regexp                 .*