From c9bda43e9f60b287bc43e25e8fce946314280ecd Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Wed, 17 Nov 2010 16:25:42 +0000 Subject: - fix templates ( again ) - add ldap.conf --- modules/pam/manifests/init.pp | 9 ++++++++- modules/pam/templates/ldap.conf | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 modules/pam/templates/ldap.conf (limited to 'modules/pam') diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp index 0accd63a..a1d2d59c 100644 --- a/modules/pam/manifests/init.pp +++ b/modules/pam/manifests/init.pp @@ -18,7 +18,14 @@ class pam { owner => root, group => root, mode => 644, - content => template("pam/system-auth") + content => template("pam/nsswitch.conf") + } + file { "ldap.conf": + path => "/etc/ldap.conf", + owner => root, + group => root, + mode => 644, + content => template("pam/ldap.conf") } } diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf new file mode 100644 index 00000000..c614223e --- /dev/null +++ b/modules/pam/templates/ldap.conf @@ -0,0 +1,22 @@ +<% +dc_suffix = 'dc=' + domain.gsub('.',',dc=') +%> + +uri ldap://ldap.<%= domain %> +base <%= dc_suffix %> +pam_lookup_policy no +pam_password exop +nss_base_passwd ou=People,<%= dc_suffix %>?one +nss_base_shadow ou=People,<%= dc_suffix %>?one +nss_base_group ou=Group,<%= dc_suffix %>?one + +nss_schema rfc2307bis +nss_map_attribute uniqueMember member +sudoers_base ou=sudoers,<%= dc_suffix %> +#sudoers_debug 2 + +<% if access_class = 'commiters' %> +# for restricted access +nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl +<% end %> + -- cgit v1.2.1